Hi there one more time.
A have a new log, can anyone helpme?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:57:25, on 27-04-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\DWRCS.EXE
C:\WINDOWS\twain_32\fjscan32\FJTWMKSV.exe
C:\Programas\Java\jre6\bin\jqs.exe
C:\Programas\McAfee\Common Framework\FrameworkService.exe
C:\Programas\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Programas\Ficheiros comuns\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programas\Ficheiros comuns\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Programas\McAfee\VirusScan Enterprise\Mcshield.exe
C:\WINDOWS\system32\DWRCST.exe
C:\WINDOWS\Explorer.EXE
C:\Programas\CyberLink\PowerDVD\PDVDServ.exe
C:\Programas\Intel\NCS\PROSet\PRONoMgr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Programas\Java\jre6\bin\jusched.exe
C:\Programas\McAfee\Common Framework\UdaterUI.exe
C:\WINDOWS\Twain_32\fjscan32\FjtwMkup.exe
C:\windows\Media\AvMsUpd.exe
C:\Programas\McAfee\Common Framework\McTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programas\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\SearchProtocolHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.1.24.5:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = intranet.ring*;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programas\McAfee\VirusScan Enterprise\Scriptcl.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [RemoteControl] C:\Programas\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Programas\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programas\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [bit4id csp store register] RUNDLL32.EXE "C:\WINDOWS\system32\csp-certstore.dll",RegisterMyPhysicalStore
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Programas\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [FJTWAIN Setup] C:\WINDOWS\Twain_32\fjscan32\FjtwMkup.exe /Station
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickShock] c:\windows\Media\AvMsUpd.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Programas\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [DameWare MRC Agent] C:\WINDOWS\system32\DWRCST.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Serviço de rede')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programas\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Windows Search.lnk = C:\Programas\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Converter destino de link em Adobe PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converter destino de link em PDF existente - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converter em Adobe PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converter em PDF existente - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converter links selecionados em Adobe PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Converter links selecionados em PDF existente - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Converter seleção em Adobe PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converter seleção em PDF existente - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=intranet.ring.gov.pt
O15 - Trusted IP range: http://192.168.202.16 (HKLM)
O15 - ESC Trusted Zone: http://*.exch02 (HKLM)
O15 - ESC Trusted Zone: http://crls.ecce.gov.pt (HKLM)
O15 - ESC Trusted Zone: http://crls.ecee.gov.pt (HKLM)
O16 - DPF: smdScanner - http://omicron/SmartDocsPCM/smdScanner.CAB
O16 - DPF: smdViewer - http://ceger-teamserv1/smartdocsweb/smdViewer.cab
O16 - DPF: {2D8F103B-ED53-4517-A14C-FE53B6B81EB7} (FujitsuWebLib.Web) - http://omicron/SmartDocsPCM/FujitsuWEBLib.CAB
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase4009.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1240837331397
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://games.bigfishgames.com/en_cinematyc...inematycoon.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ring.gov.local
O17 - HKLM\Software\..\Telephony: DomainName = ring.gov.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ring.gov.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ring.gov.local
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = ring.gov.local
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINDOWS\system32\DWRCS.EXE
O23 - Service: FJTWMKSV - PFU LIMITED - C:\WINDOWS\twain_32\fjscan32\FJTWMKSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programas\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Programas\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Programas\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Programas\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Programas\Intel\NCS\Sync\NetSvc.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Programas\Ficheiros comuns\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 10043 bytes

Hello and welcome to Malwarebytes forum!

What sort of problem are you experiencing - please describe fully the symptoms and whether you used any scanners prior to posting. If so did, did the scanners detect any threats, and if so, did you save the logs?

Let's run some more tools.

Please download ATF Cleaner by Atribune

• Close Internet Explorer and any other open browsers
• Double-click ATF-Cleaner.exe to run the program.
• Under Main choose: Select All
• Click the Empty Selected button.

If you use Firefox browser

• Click Firefox at the top and choose: Select All
• Click the Empty Selected button.
• NOTE: If you would like to keep your saved passwords, please click
• No at the prompt.

If you use Opera browser

• Click Opera at the top and choose: Select All
• Click the Empty Selected button.
• NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

_____________________________________________

Please download Malwarebytes' Anti-Malware (MBAM) to your desktop from:

BestTechie.net
http://www.besttechie.net/tools/mbam-setup.exe
or
MajorGeeks.com:
http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.html

Double-click mbam-setup.exe and follow the prompts to install the program. At the end of the install, place a checkmark next to the following two options:

• Update Malwarebytes' Anti-Malware
• Launch Malwarebytes' Anti-Malware

• Click Finish.
• MBAM will automatically update, if the above options are checked.
• Once the program launches, select Perform quick scan, then click Scan.
• When the scan is complete, click OK -> Show Results to view the scan results.
• Check all items found, and then choose the 'Remove Selected' option to move the selected items to the quarantine.
• When the scan is done, a log will open in Notepad with the scan results. Please post the results in your next reply.

____________
NOTE: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
____________

Download DDS and save it to your desktop from here



Disable any script blocking programs you may have installed (such as Norton script blocking), and then double-click dss.scr to run the tool.

• When done, DDS will open two (2) logs:
  • DDS.txt
  • Attach.txt
• Save both reports to your desktop
• Please copy and paste both logs into your next reply - do NOT attach them.

===============================================================

Please post the MBAM log, the DDS scan reports (do NOT attach), and a new HJT log.

Ok thanks for your replay. Here is what you have asked:

- ATF Cleaner OK
- MalwareBytes Log:
Malwarebytes' Anti-Malware 1.36
Versão do banco de dados: 2051
Windows 5.1.2600 Service Pack 3

28-04-2009 07:31:54
mbam-log-2009-04-28 (07-31-54).txt

Tipo de Verificação: Rápida
Objetos verificados: 80841
Tempo decorrido: 2 minute(s), 53 second(s)

Processos da Memória infectados: 0
Módulos de Memória Infectados: 0
Chaves do Registo infectadas: 0
Valores do Registo infectados: 0
Ítens do Registo infectados: 0
Pastas infectadas: 0
Ficheiros infectados: 0

Processos da Memória infectados:
(Nenhum item malicioso foi detectado)

Módulos de Memória Infectados:
(Nenhum item malicioso foi detectado)

Chaves do Registo infectadas:
(Nenhum item malicioso foi detectado)

Valores do Registo infectados:
(Nenhum item malicioso foi detectado)

Ítens do Registo infectados:
(Nenhum item malicioso foi detectado)

Pastas infectadas:
(Nenhum item malicioso foi detectado)

Ficheiros infectados:
(Nenhum item malicioso foi detectado)

- DDS
DDS Log:
DDS (Ver_09-03-16.01) - NTFSx86
Run by Administrador at 7:34:48,61 on 28-04-2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.351.2070.18.2031.1549 [GMT 1:00]

AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\DWRCS.EXE
C:\WINDOWS\twain_32\fjscan32\FJTWMKSV.exe
C:\Programas\Java\jre6\bin\jqs.exe
C:\Programas\McAfee\Common Framework\FrameworkService.exe
C:\Programas\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Programas\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Programas\Ficheiros comuns\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Programas\Ficheiros comuns\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\DWRCST.exe
C:\WINDOWS\Explorer.EXE
C:\Programas\CyberLink\PowerDVD\PDVDServ.exe
C:\Programas\Intel\NCS\PROSet\PRONoMgr.exe
C:\Programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Programas\Java\jre6\bin\jusched.exe
C:\Programas\McAfee\Common Framework\UdaterUI.exe
C:\WINDOWS\Twain_32\fjscan32\FjtwMkup.exe
C:\windows\Media\AvMsUpd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programas\McAfee\Common Framework\McTray.exe
C:\WINDOWS\system32\wuauclt.exe
\\omega\usbento\CEGER\marcoa\Utils\Ferramentas Para Remoção de Virus\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.pt/
uInternet Settings,ProxyServer = 10.1.24.5:8080
uInternet Settings,ProxyOverride = intranet.ring*;<local>
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\programas\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\programas\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\programas\mcafee\virusscan enterprise\Scriptcl.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\programas\ficheiros comuns\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\programas\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programas\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\programas\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\programas\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\programas\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
mRun: [RemoteControl] c:\programas\cyberlink\powerdvd\PDVDServ.exe
mRun: [PRONoMgr.exe] c:\programas\intel\ncs\proset\PRONoMgr.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Acrobat Assistant 7.0] "c:\programas\adobe\acrobat 7.0\distillr\Acrotray.exe"
mRun: [SunJavaUpdateSched] "c:\programas\java\jre6\bin\jusched.exe"
mRun: [bit4id csp store register] RUNDLL32.EXE "c:\windows\system32\csp-certstore.dll",RegisterMyPhysicalStore
mRun: [McAfeeUpdaterUI] "c:\programas\mcafee\common framework\UdaterUI.exe" /StartedFromRunKey
mRun: [FJTWAIN Setup] c:\windows\twain_32\fjscan32\FjtwMkup.exe /Station
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [QuickShock] c:\windows\media\AvMsUpd.exe
mRun: [ShStatEXE] "c:\programas\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [DameWare MRC Agent] c:\windows\system32\DWRCST.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\arranque\adobea~1.lnk - c:\windows\installer\{ac76ba86-1034-4700-7760-100000000002}\SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\arranque\micros~1.lnk - c:\programas\microsoft office\office10\OSA.EXE
IE: Converter destino de link em Adobe PDF - c:\programas\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Converter destino de link em PDF existente - c:\programas\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Converter em Adobe PDF - c:\programas\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Converter em PDF existente - c:\programas\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Converter links selecionados em Adobe PDF - c:\programas\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Converter links selecionados em PDF existente - c:\programas\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Converter seleção em Adobe PDF - c:\programas\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Converter seleção em PDF existente - c:\programas\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xportar para o Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programas\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: smdScanner - hxxp://omicron/SmartDocsPCM/smdScanner.CAB
DPF: smdViewer - hxxp://ceger-teamserv1/smartdocsweb/smdViewer.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {2D8F103B-ED53-4517-A14C-FE53B6B81EB7} - hxxp://omicron/SmartDocsPCM/FujitsuWEBLib.CAB
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1240837331397
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} - hxxp://games.bigfishgames.com/en_cinematycoon/online/cinematycoon.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\programas\ficheiros comuns\microsoft shared\web folders\PKMCDO.DLL
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\programas\windows desktop search\MSNLNamespaceMgr.dll

============= SERVICES / DRIVERS ===============

R1 dwvkbd;DameWare Virtual Keyboard 32 bit Driver;c:\windows\system32\drivers\dwvkbd.sys [2007-2-15 26624]
R1 nxtdrv;NEXThink Collector;c:\windows\system32\drivers\nxtdrv.sys [2009-2-18 150528]
R2 FJTWMKSV;FJTWMKSV;c:\windows\twain_32\fjscan32\FJTWMKSV.exe [2008-1-16 45056]
R2 McAfeeFramework;McAfee Framework Service;c:\programas\mcafee\common framework\FrameworkService.exe [2007-1-16 103744]
R2 McShield;McAfee McShield;c:\programas\mcafee\virusscan enterprise\Mcshield.exe [2006-11-30 144960]
R2 McTaskManager;McAfee Task Manager;c:\programas\mcafee\virusscan enterprise\VsTskMgr.exe [2006-11-30 54872]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-4-27 603904]
R3 DwMirror;DwMirror;c:\windows\system32\drivers\DamewareMini.sys [2007-2-7 2944]
R3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2009-4-27 72264]
R3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2009-4-27 34152]
R3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2009-4-27 168776]
S2 rlgcvqcbe;Image Boot;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\drivers\a38usbxp.sys [2007-4-3 24832]

=============== Created Last 30 ================

2009-04-28 07:19 203,136 -c------ c:\windows\system32\dllcache\rmcast.sys
2009-04-28 06:57 1,089,883 -c------ c:\windows\system32\dllcache\ntprint.cat
2009-04-27 15:58 <DIR> --d----- c:\docume~1\admini~1\applic~1\Malwarebytes
2009-04-27 15:58 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-04-27 15:58 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-27 15:58 <DIR> --d----- c:\programas\Malwarebytes' Anti-Malware
2009-04-27 15:58 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-04-27 15:57 <DIR> --d----- c:\programas\Trend Micro
2009-04-27 15:51 <DIR> --d----- c:\docume~1\admini~1\applic~1\Windows Search
2009-04-27 15:33 14,048 -------- c:\windows\system32\spmsg2.dll
2009-04-27 15:24 <DIR> --d----- c:\windows\system32\XPSViewer
2009-04-27 15:23 117,760 -------- c:\windows\system32\prntvpt.dll
2009-04-27 15:23 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-04-27 15:23 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll
2009-04-27 15:23 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-04-27 15:23 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-04-27 15:23 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll
2009-04-27 15:23 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-04-27 15:14 <DIR> --d----- c:\docume~1\admini~1\applic~1\Windows Desktop Search
2009-04-27 15:14 <DIR> --d----- c:\programas\Windows Desktop Search
2009-04-27 15:14 <DIR> --d----- c:\windows\system32\GroupPolicy
2009-04-27 15:13 192,000 -c------ c:\windows\system32\dllcache\offfilt.dll
2009-04-27 15:13 98,304 -c------ c:\windows\system32\dllcache\nlhtml.dll
2009-04-27 15:13 29,696 -c------ c:\windows\system32\dllcache\mimefilt.dll
2009-04-27 15:12 6,066,176 -c------ c:\windows\system32\dllcache\ieframe.dll
2009-04-27 15:12 2,455,488 -c------ c:\windows\system32\dllcache\ieapfltr.dat
2009-04-27 15:12 1,036,288 -c------ c:\windows\system32\dllcache\ieframe.dll.mui
2009-04-27 15:12 459,264 -c------ c:\windows\system32\dllcache\msfeeds.dll
2009-04-27 15:12 383,488 -c------ c:\windows\system32\dllcache\ieapfltr.dll
2009-04-27 15:12 268,288 -c------ c:\windows\system32\dllcache\iertutil.dll
2009-04-27 15:12 63,488 -c------ c:\windows\system32\dllcache\icardie.dll
2009-04-27 15:12 52,224 -c------ c:\windows\system32\dllcache\msfeedsbs.dll
2009-04-27 15:12 13,824 -c------ c:\windows\system32\dllcache\ieudinit.exe
2009-04-27 15:07 <DIR> --d----- c:\programas\Windows Media Connect 2
2009-04-27 15:06 <DIR> --d----- c:\windows\system32\LogFiles
2009-04-27 15:03 <DIR> --d----- c:\windows\system32\URTTemp
2009-04-27 14:55 227,840 -c------ c:\windows\system32\dllcache\wmiprvse.exe
2009-04-27 14:55 2,192,896 -c------ c:\windows\system32\dllcache\ntoskrnl.exe
2009-04-27 14:55 401,408 -c------ c:\windows\system32\dllcache\rpcss.dll
2009-04-27 14:55 286,720 -c------ c:\windows\system32\dllcache\pdh.dll
2009-04-27 14:55 111,104 -c------ c:\windows\system32\dllcache\services.exe
2009-04-27 14:55 732,672 -c------ c:\windows\system32\dllcache\lsasrv.dll
2009-04-27 14:55 684,032 -c------ c:\windows\system32\dllcache\advapi32.dll
2009-04-27 14:55 473,600 -c------ c:\windows\system32\dllcache\fastprox.dll
2009-04-27 14:55 737,792 -c------ c:\windows\system32\dllcache\ntdll.dll
2009-04-27 14:55 453,120 -c------ c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-27 14:55 2,149,376 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe
2009-04-27 14:55 2,028,032 -c------ c:\windows\system32\dllcache\ntkrpamp.exe
2009-04-27 14:52 1,203,922 -c------ c:\windows\system32\dllcache\sysmain.sdb
2009-04-27 14:52 219,136 -c------ c:\windows\system32\dllcache\wordpad.exe
2009-04-27 14:41 333,952 -c------ c:\windows\system32\dllcache\srv.sys
2009-04-27 14:34 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2009-04-27 14:31 1,106,944 -c------ c:\windows\system32\dllcache\msxml3.dll
2009-04-27 14:30 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll
2009-04-27 14:29 331,776 -c------ c:\windows\system32\dllcache\msadce.dll
2009-04-27 14:24 691,712 -c------ c:\windows\system32\dllcache\inetcomm.dll
2009-04-27 14:19 272,640 -c------ c:\windows\system32\dllcache\bthport.sys
2009-04-27 14:09 <DIR> --d----- c:\windows\system32\PreInstall
2009-04-27 14:09 <DIR> --d-h--- c:\windows\$hf_mig$
2009-04-27 14:02 35,864 a------- c:\windows\system32\wucltui.dll.mui
2009-04-27 14:02 27,672 a------- c:\windows\system32\wuaucpl.cpl.mui
2009-04-27 14:02 27,672 a------- c:\windows\system32\wuapi.dll.mui
2009-04-27 14:02 19,480 a------- c:\windows\system32\wuaueng.dll.mui
2009-04-27 14:02 <DIR> --d----- c:\windows\system32\SoftwareDistribution
2009-04-27 14:02 <DIR> --dsh--- c:\documents and settings\administrador\UserData
2009-04-27 13:59 72,264 a------- c:\windows\system32\drivers\mfeavfk.sys
2009-04-27 13:59 64,360 a------- c:\windows\system32\drivers\mfeapfk.sys
2009-04-27 13:59 52,136 a------- c:\windows\system32\drivers\mfetdik.sys
2009-04-27 13:59 34,152 a------- c:\windows\system32\drivers\mfebopk.sys
2009-04-27 13:59 168,776 a------- c:\windows\system32\drivers\mfehidk.sys
2009-04-27 13:58 <DIR> --d----- c:\programas\ficheiros comuns\McAfee
2009-04-27 13:35 <DIR> --d----- c:\windows\ServicePackFiles
2009-04-27 13:35 294,912 -c------ c:\windows\system32\dllcache\dlimport.exe
2009-04-27 13:30 19,569 a------- c:\windows\002720_.tmp
2009-04-27 13:30 26,488 a------- c:\windows\system32\spupdsvc.exe
2009-04-27 13:18 <DIR> --d----- c:\docume~1\admini~1\applic~1\TuneUp Software
2009-04-27 13:11 <DIR> --d----- c:\windows\pss
2009-04-27 13:09 54,156 a---h--- c:\windows\QTFont.qfn
2009-04-27 13:09 1,409 a------- c:\windows\QTFont.for
2009-04-27 12:58 603,904 a------- c:\windows\system32\TUProgSt.exe
2009-04-27 12:58 27,904 a------- c:\windows\system32\uxtuneup.dll
2009-04-27 12:58 360,192 a------- c:\windows\system32\TuneUpDefragService.exe
2009-04-27 12:58 <DIR> --d----- c:\docume~1\alluse~1\applic~1\TuneUp Software
2009-04-27 12:58 <DIR> --d----- c:\programas\TuneUp Utilities 2009
2009-04-27 12:58 <DIR> --dsh--- c:\docume~1\alluse~1\applic~1\{55A29068-F2CE-456C-9148-C869879E2357}
2009-04-27 12:52 <DIR> --d----- c:\programas\CCleaner
2009-04-27 12:43 12,160 ac------ c:\windows\system32\dllcache\mouhid.sys
2009-04-27 12:43 12,160 a------- c:\windows\system32\drivers\mouhid.sys
2009-04-27 12:43 10,368 a------- c:\windows\system32\drivers\hidusb.sys
2009-04-17 15:25 3 a------- c:\windows\wnetsock08.dll

==================== Find3M ====================

2009-04-28 06:59 494,382 a------- c:\windows\system32\perfh016.dat
2009-04-28 06:59 85,938 a------- c:\windows\system32\perfc016.dat
2009-04-27 13:43 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-04-17 15:45 1,716,224 a------- c:\windows\media\AvMsUpd.exe
2009-03-06 15:20 286,720 a------- c:\windows\system32\pdh.dll
2009-03-03 01:07 826,368 a------- c:\windows\system32\wininet.dll
2009-02-20 18:09 78,336 a------- c:\windows\system32\ieencode.dll
2009-02-09 15:05 1,846,912 a------- c:\windows\system32\win32k.sys
2009-02-09 12:23 2,028,032 a------- c:\windows\system32\ntkrnlpa.exe
2009-02-09 12:23 2,149,376 a------- c:\windows\system32\ntoskrnl.exe
2009-02-09 12:23 111,104 a------- c:\windows\system32\services.exe
2009-02-09 11:53 737,792 a------- c:\windows\system32\ntdll.dll
2009-02-09 11:53 732,672 a------- c:\windows\system32\lsasrv.dll
2009-02-09 11:53 684,032 a------- c:\windows\system32\advapi32.dll
2009-02-09 11:53 401,408 a------- c:\windows\system32\rpcss.dll
2009-02-06 11:39 35,328 a------- c:\windows\system32\sc.exe
2009-02-03 20:57 56,832 a------- c:\windows\system32\secur32.dll
2008-03-04 16:09 5,852,248 a------- c:\programas\copernicdesktopsearch2.exe
2005-11-17 20:10 2,715,531 a------- c:\programas\MPS-Sudoku_Setup.exe
2005-05-11 23:14 774,144 a------- c:\programas\RngInterstitial.dll
1997-04-29 17:17 1,460,561 a------- c:\programas\patagon.exe

============= FINISH: 7:35:22,04 ===============

DDS Attach Log:
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 04-04-2005 13:24:17
System Uptime: 28-04-2009 07:21:36 (0 hours ago)

Motherboard: Intel Corporation | | D865GLC
Processor: Intel® Pentium® 4 CPU 2.80GHz | J2E1 | 2793/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 75 GiB total, 50,181 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

32 Bit HP CIO Components Installer
Actualização Crítica para o Windows Media Player 11 (KB959772)
Actualização de Segurança para o Windows Media Player (KB952069)
Actualização de Segurança para o Windows Media Player 11 (KB936782)
Actualização de Segurança para o Windows Media Player 11 (KB954154)
Actualização de segurança para Windows Internet Explorer 7 (KB938127-v2)
Actualização de segurança para Windows Internet Explorer 7 (KB963027)
Actualização de segurança para Windows XP (KB923561)
Actualização de segurança para Windows XP (KB938464-v2)
Actualização de Segurança para Windows XP (KB941569)
Actualização de segurança para Windows XP (KB946648)
Actualização de segurança para Windows XP (KB950760)
Actualização de segurança para Windows XP (KB950762)
Actualização de segurança para Windows XP (KB950974)
Actualização de segurança para Windows XP (KB951066)
Actualização de segurança para Windows XP (KB951376-v2)
Actualização de segurança para Windows XP (KB951748)
Actualização de segurança para Windows XP (KB952004)
Actualização de segurança para Windows XP (KB952954)
Actualização de segurança para Windows XP (KB954459)
Actualização de segurança para Windows XP (KB954600)
Actualização de segurança para Windows XP (KB955069)
Actualização de segurança para Windows XP (KB956572)
Actualização de segurança para Windows XP (KB956802)
Actualização de segurança para Windows XP (KB956803)
Actualização de segurança para Windows XP (KB957097)
Actualização de segurança para Windows XP (KB958644)
Actualização de segurança para Windows XP (KB958687)
Actualização de segurança para Windows XP (KB958690)
Actualização de segurança para Windows XP (KB959426)
Actualização de segurança para Windows XP (KB960225)
Actualização de segurança para Windows XP (KB960715)
Actualização de segurança para Windows XP (KB960803)
Actualização de segurança para Windows XP (KB961373)
Actualização de segurança para Windows XP (KB963027)
Actualização para o Windows XP (KB943729)
Actualização para Windows XP (KB898461)
Actualização para Windows XP (KB951978)
Actualização para Windows XP (KB955839)
Actualização para Windows XP (KB967715)
Adobe Acrobat 7.0 Professional - Español, Italiano, Português
Adobe Acrobat 7.1.0 Professional - Español, Italiano, Português
Adobe Flash Player 10 ActiveX
Adobe Shockwave Player
Bit4Id - miniLector
Card Manager 1.0.0
CCleaner (remove only)
Compatibility Pack for Office system de 2007
Correcção para o Windows Media Player 11 (KB939683)
FileMaker Pro 6
Fujitsu ScandAll PRO
Fujitsu ScandAll PRO V1.5
Gateway Drivers and Applications Recovery
Gateway IE Customizations
Google Earth
GPL Ghostscript 8.63
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB954550-v5)
Hotfix para Windows XP (KB952287)
Hotfix para Windows XP (KB961118)
Intel® Extreme Graphics 2 Driver
Intel® PRO Network Adapters and Drivers
Intel® PROSet
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
Java 2 Runtime Environment, SE v1.4.2
Java™ 6 Update 10
Java™ 6 Update 2
Java™ 6 Update 3
Java™ 6 Update 5
Java™ 6 Update 7
Java™ SE Runtime Environment 6 Update 1
Malwarebytes' Anti-Malware
McAfee VirusScan Enterprise
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 1.1 Portuguese Language Pack
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - PTG
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - PTG
Microsoft .NET Framework 3.5 Language Pack SP1 - PTG
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Portuguese (Portugal) User Interface Pack
Microsoft Office Professional Edition 2003
Microsoft Office XP Professional com FrontPage
Microsoft User-Mode Driver Framework Feature Pack 1.0
Nero 7 Demo
NEXThink® Collector V3
Pacote do Fornecedor de Serviço Criptográfico para Cartão Inteligente Base da Microsoft
PowerDVD
QFolder
Scanner Utility for Microsoft Windows
TuneUp Utilities 2009
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Live OneCare safety scanner
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
Windows XP Service Pack 3
WinZip
XML Paper Specification Shared Components Language Pack 1.0

==== End Of File ===========================

- HijackThis
Hijackthis Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:38:08, on 28-04-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\DWRCS.EXE
C:\WINDOWS\twain_32\fjscan32\FJTWMKSV.exe
C:\Programas\Java\jre6\bin\jqs.exe
C:\Programas\McAfee\Common Framework\FrameworkService.exe
C:\Programas\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Programas\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Programas\Ficheiros comuns\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programas\Ficheiros comuns\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\DWRCST.exe
C:\WINDOWS\Explorer.EXE
C:\Programas\CyberLink\PowerDVD\PDVDServ.exe
C:\Programas\Intel\NCS\PROSet\PRONoMgr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Programas\Java\jre6\bin\jusched.exe
C:\Programas\McAfee\Common Framework\UdaterUI.exe
C:\WINDOWS\Twain_32\fjscan32\FjtwMkup.exe
C:\windows\Media\AvMsUpd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programas\McAfee\Common Framework\McTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programas\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.1.24.5:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = intranet.ring*;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programas\McAfee\VirusScan Enterprise\Scriptcl.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [RemoteControl] C:\Programas\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Programas\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programas\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [bit4id csp store register] RUNDLL32.EXE "C:\WINDOWS\system32\csp-certstore.dll",RegisterMyPhysicalStore
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Programas\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [FJTWAIN Setup] C:\WINDOWS\Twain_32\fjscan32\FjtwMkup.exe /Station
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickShock] c:\windows\Media\AvMsUpd.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Programas\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [DameWare MRC Agent] C:\WINDOWS\system32\DWRCST.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Serviço de rede')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programas\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Converter destino de link em Adobe PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converter destino de link em PDF existente - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converter em Adobe PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converter em PDF existente - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converter links selecionados em Adobe PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Converter links selecionados em PDF existente - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Converter seleção em Adobe PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converter seleção em PDF existente - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=intranet.ring.gov.pt
O15 - Trusted IP range: http://192.168.202.16 (HKLM)
O15 - ESC Trusted Zone: http://*.exch02 (HKLM)
O15 - ESC Trusted Zone: http://crls.ecce.gov.pt (HKLM)
O15 - ESC Trusted Zone: http://crls.ecee.gov.pt (HKLM)
O16 - DPF: smdScanner - http://omicron/SmartDocsPCM/smdScanner.CAB
O16 - DPF: smdViewer - http://ceger-teamserv1/smartdocsweb/smdViewer.cab
O16 - DPF: {2D8F103B-ED53-4517-A14C-FE53B6B81EB7} (FujitsuWebLib.Web) - http://omicron/SmartDocsPCM/FujitsuWEBLib.CAB
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase4009.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1240837331397
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://games.bigfishgames.com/en_cinematyc...inematycoon.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ring.gov.local
O17 - HKLM\Software\..\Telephony: DomainName = ring.gov.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ring.gov.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ring.gov.local
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = ring.gov.local
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINDOWS\system32\DWRCS.EXE
O23 - Service: FJTWMKSV - PFU LIMITED - C:\WINDOWS\twain_32\fjscan32\FJTWMKSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programas\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Programas\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Programas\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Programas\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Programas\Intel\NCS\Sync\NetSvc.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Programas\Ficheiros comuns\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 9935 bytes

I hope it's not confusing
Thanks

You're welcome, but I am not seeing anything wrong in your logs.

You didn't answer this question I asked that would perhaps shed more light on your problems:


You should update your version of the Sun Java Platform (JRE) to the newest version which is Java Runtime Environment (JRE) 6 Update 13:

1. Download the latest JRE version at the http://java.sun.com/javase/downloads/index.jsp Sun Microsystem's website
2. Select the option that says: Java SE Runtime Environment (JRE) 6 Update 13 - "This release includes several key security updates, the highly anticipated 64-bit Java Plug-In (for 64-bit browsers only), Windows Server 2008 support, and performance improvements of Java and JavaFX applications", and click Download button.
3. Select your platform: Windows, in the pull down menu.
4. Check the box that says: "I agree to the Java SE Runtime Environment 6 with JavaFX License Agreement."
5. Click Continue.
6. Under the Windows Platform - Java ™ SE Runtime Environment 6 Update 13 section, click on the link to download the Windows Offline Installation and save the installer to your desktop.
7. Close any programs you may have running - especially your web browser.
8. Next, remove all older versions of the Sun Java Platform using the Control Panel's Add/Remove Program feature (as they may contain security vulnerabilities).

9. Reboot your system
10. Then from your desktop double-click on jre-6u13-windows-i586-p.exe to install the newest version of the Sun Java Platform
12. The Yahoo Toolbar is prechecked for installation with this version of Java. Make sure to UNCHECK it, if you do not care to have it, or already have it installed - it is not part of the JRE install and totally unnecessary.
13. You may verify that the current version installed properly by clicking http://java.com/en/download/installed.jsp here.

I am not familiar with this program , but that doesn't mean it is bad:
997-04-29 17:17 1,460,561 a------- c:\programas\patagon.exe

Please perform a scan with the ESET online virus scanner:
http://www.eset.com/onlinescan/index.php

• ESET recommends disabling your resident antivirus's auto-protection feature before beginning the scan to avoid conflicts and system hangs. Please disable your antivirus's Guard (McAfee) and any antispyware or HIPS programs you are running.
• Use Internet Explorer to navigate to the scanner website because you must approve install an ActiveX add-on to complete the scan.
• Check the "Yes, I accept the terms of use" box.
• Click "Start"
• Check the boxes the following two boxes:
  • enable "Remove found threats"
  • Scan unwanted applications
• Click the Scan button to begin scanning.
• When the scan is done the log is automatically saved. To retrieve it
  • Close the ESET scan Window.
  • Now open a run line by clicking Start >> Run...
  • Copy/paste "C:\Program Files\EsetOnlineScanner\log.txt" ino the Open box:
  • The Scan results will now display in Notepad
• Please copy and paste the ESET scan report that can be found in this location
  C:\Program Files\EsetOnlineScanner\log.txt into your next reply

Note to Vista users and anyone with restrictive IE security settings: Depending on your security settings, you may have to allow cookies and put the ESET website, www.eset.com, into the trusted zone of Internet Explorer if the scan has problems starting (in Vista this is a necessity as IE runs in Protected mode).

To do that, on the Internet Explorer menu click Tools => Internet Options => Security => Trusted Sites => Sites. Then uncheck "Require server verification for all sites in this zone" checkbox at the bottom of the dialog. Add the above www.eset.com url to the list of trusted sites, by inserting it in the blank box and clicking the Add button, then click Close. For cookies, choose the IE7 Privacy tab and add the above eset.com url to the exceptions list for cookie blocking.

negster22, thanks a lot for your help. I have runned Malwarebytes again and the other tools and nothing more was found

You're welcome, jonasthern!

Good job! I am glad that things worked out well for you.

Please take the following measures to keep you system in good working order:

Flush your system restore points so you have a suitable backup should you need to restore your system files:

Turn off System Restore:
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

Reboot

Turn System Restore back on:
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.

=================================
Here are some additional measures you should take to keep your system in good working order and ensure your continued security.

1. Scan your system for outdated versions of commonly used software applications that may also cause your PC be vulnerable, using the Secunia Online Software Inspector (OSI)

Just click the "Start Scanner" button to get a listing of all outdated and possibly insecure resident programs.

Note: If your firewall prompts you about access, allow it.

2. Keep MBAM as an on demand scanner because I highly recommend it, and the quick scan will find most all active malware in minutes.

3. You can reduce your startups by downloading Malwarebyte's StartUp Lite and saving it to a convenient location. Just double-click StartUpLite.exe. The check the options you would like based on the descriptions provided, then select continue. This will free up system resources because nonessential background programs will no longer be running when you start up your computer.

Finally, please follow the suggestions offered by Tony Klein in How did I get infected in the first place. so you can maintain a safe and secure computing environment.