1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
  2. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

ntload.sys trojan horse

Discussion in 'Malware and Virus Removal Archive' started by riqued, 2008/02/03.

  1. 2008/02/03
    riqued

    riqued Inactive Thread Starter

    Joined:
    2008/02/03
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    76
    Computer Experience:
    Beginner
    Every time I star my pc Avast shows this virus:

    C:\WINDOWS\system32\ntload.sys
    Win32:NTRootKit-B [Trj]
    Trojan Horse

    I always move it to the quarentene, but it keeps showing up.

    After Avast I get a message that winupdate.exe found a problem and needs to be closed and after that another error message:

    "Exception EAccessViolation in module winupdate.exe at 0001B6BB
    Access violation at address 0041B6BB in module 'winupdate.exe'. Read of address FFFFFFFF. "

    I have Windows XP SP2, what should I do?
     
  2. 2008/02/03
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Trophy Points:
    608
    Location:
    Washington State
    Computer Experience:
    Often it's like Taz
    Hi riqued
    Welcome to Windowsbbs :)

    Please download and install HijackThis and Run a scan then close HJT, then run Deckard's System Scanner and post the main.txt log here. Links and instructions here.

    Thanks
    Geri
     
    Geri,
    #2

  3. to hide this advert.

  4. 2008/02/03
    riqued

    riqued Inactive Thread Starter

    Joined:
    2008/02/03
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    76
    Computer Experience:
    Beginner
    Deckard's System Scanner v20071014.68
    Run by HENRIQUE on 2008-02-03 17:53:38
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------

    -- System Restore --------------------------------------------------------------

    Successfully created a Deckard's System Scanner Restore Point.


    -- Last 5 Restore Point(s) --
    27: 2008-02-03 19:53:49 UTC - RP723 - Deckard's System Scanner Restore Point
    26: 2008-02-02 20:34:43 UTC - RP722 - Ponto de verificação do sistema
    25: 2008-02-01 16:29:18 UTC - RP721 - Ponto de verificação do sistema
    24: 2008-01-29 19:35:04 UTC - RP720 - Ponto de verificação do sistema
    23: 2008-01-28 17:47:06 UTC - RP719 - Ponto de verificação do sistema


    -- First Restore Point --
    1: 2007-12-26 17:51:07 UTC - RP697 - Ponto de verificação do sistema


    Backed up registry hives.
    Performed disk cleanup.



    -- HijackThis (run as HENRIQUE.exe) --------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 06:00:56, on 3/2/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
    C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe
    C:\Arquivos de programas\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\svcd\svchost.exe
    C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\Explorer.EXE
    C:\Arquivos de programas\Java\jre1.5.0_05\bin\jusched.exe
    C:\WINDOWS\vsnpstd.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\tlntsvr.exe
    C:\Arquivos de programas\TVersity\Media Server\MediaServer.exe
    C:\Arquivos de programas\MicroStar\WLANUtility\WlanUtility.exe
    C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
    C:\Arquivos de programas\MicroStar\WLANUtility\WLAN_Service.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Documents and Settings\HENRIQUE\Desktop\dss.exe
    C:\DOCUME~1\HENRIQUE\Desktop\HENRIQUE.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com.br/0SEPTBR/SAOS01
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 65.124.89.209:2487
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    F3 - REG:win.ini: run= "C:\WINDOWS\system32\winupdate.exe "
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_05\bin\jusched.exe
    O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
    O4 - HKLM\..\Run: [NetMeter] C:\Arquivos de programas\HooTech\NetMeter\NetMeter.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe "
    O4 - HKCU\..\Run: [updateMgr] "C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [AdobeUpdater] C:\Arquivos de programas\Arquivos comuns\Adobe\Updater5\AdobeUpdater.exe
    O4 - HKCU\..\Run: [uTorrent] "C:\Arquivos de programas\uTorrent\utorrent.exe "
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: WlanUtility.lnk = C:\Arquivos de programas\MicroStar\WLANUtility\WlanUtility.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_05\bin\npjpi150_05.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_05\bin\npjpi150_05.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
    O23 - Service: Abel - Unknown owner - C:\Documents and Settings\HENRIQUE\Desktop\h\Cain\Abel.exe (file missing)
    O23 - Service: Adobe LM Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Security Service (KRBT) - Unknown owner - C:\WINDOWS\system32\svcd\svchost.exe
    O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Arquivos de programas\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
    O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Arquivos de programas\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe (file missing)
    O23 - Service: MSI_WLAN_Service - Unknown owner - C:\Arquivos de programas\MicroStar\WLANUtility\WLAN_Service.exe
    O23 - Service: NMIndexingService - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Registry Management Service (RegManServ) - Unknown owner - C:\Arquivos de programas\Registry Defragmentation\RegManServ.exe (file missing)
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: TVersityMediaServer - Unknown owner - C:\Arquivos de programas\TVersity\Media Server\MediaServer.exe

    --
    End of file - 7725 bytes

    -- File Associations -----------------------------------------------------------

    .js - JSFile - DefaultIcon - unable to read value
    .js - JSFile - shell\open\command - unable to read value


    -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

    R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System>
    R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
    R0 sfvfs02 (StarForce Protection VFS Driver (version 2.x)) - c:\windows\system32\drivers\sfvfs02.sys <Not Verified; Protection Technology; StarForce Protection System>
    R3 mcdbus (Driver for MagicISO SCSI Host Controller) - c:\windows\system32\drivers\mcdbus.sys <Not Verified; MagicISO, Inc.; MagicISO SCSI Host Controller>
    R3 PCANDIS5 (PCANDIS5 NDIS Protocol Driver) - c:\windows\system32\pcandis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>

    S3 Bcim (Bandwidth Controller kernel component) - c:\windows\system32\drivers\bcim.sys (file missing)
    S3 EagleNT - c:\windows\system32\drivers\eaglent.sys (file missing)
    S3 ENTECH - c:\windows\system32\drivers\entech.sys <Not Verified; EnTech Taiwan; PowerStrip>
    S3 hamachi_oem (PlayLinc Adapter) - c:\windows\system32\drivers\gan_adapter.sys <Not Verified; Applied Networking Inc.; Hamachi Virtual Network Interface Driver, OEM>
    S3 libusb0 (LibUsb-Win32 - Kernel Driver 11/20/2005, 20051120) - c:\windows\system32\drivers\libusb0.sys <Not Verified; http://libusb-win32.sourceforge.net; LibUSB-Win32 - Kernel Driver>
    S3 npkcrypt - c:\arquivos de programas\gravity\ro\npkcrypt.sys (file missing)
    S3 ntload (ntload v0.1) - c:\windows\system32\ntload.sys (file missing)
    S3 PalmUSBD - c:\windows\system32\drivers\palmusbd.sys (file missing)
    S3 snpstd (LG Webpro_Camera) - c:\windows\system32\drivers\snpstd.sys <Not Verified; ; PC Camera driver>
    S3 usbbus (LGE CDMA Composite USB Device) - c:\windows\system32\drivers\lgusbbus.sys <Not Verified; LG Electronics Inc.; LG CDMA USB Multi function Driver>
    S3 XPADFL02 (XPAD Filter Service 02) - c:\windows\system32\drivers\xpadfl02.sys <Not Verified; Compuware Corporation; DriverStudio>


    -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

    R2 Autodesk Licensing Service - "c:\arquivos de programas\arquivos comuns\autodesk shared\service\adskscsrv.exe" <Not Verified; Autodesk; Autodesk Licensing Service>
    R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\arquivos de programas\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
    R2 KRBT (Security Service) - c:\windows\system32\svcd\svchost.exe
    R2 TVersityMediaServer - "c:\arquivos de programas\tversity\media server\mediaserver.exe "

    S2 MSI_WLAN_Service - "c:\arquivos de programas\microstar\wlanutility\wlan_service.exe" <Not Verified; ; APUtility Application>
    S2 RegManServ (Registry Management Service) - c:\arquivos de programas\registry defragmentation\regmanserv.exe (file missing)
    S3 Abel - c:\documents and settings\henrique\desktop\h\cain\abel.exe (file missing)
    S3 FLEXnet Licensing Service - "c:\arquivos de programas\arquivos comuns\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
    S3 mi-raysat_3dsmax8 (RaySat_3dsmax8 Server) - "c:\arquivos de programas\autodesk\3dsmax8\mentalray\satellite\raysat_3dsmax8server.exe "
    S3 mi-raysat_3dsmax9_32 (mental ray 3.5 Satellite (32-bit)) - "c:\arquivos de programas\autodesk\3ds max 9\mentalray\satellite\raysat_3dsmax9_32server.exe" (file missing)
    S3 NMIndexingService - "c:\arquivos de programas\arquivos comuns\ahead\lib\nmindexingservice.exe" (file missing)


    -- Device Manager: Disabled ----------------------------------------------------

    Class GUID:
    Description: Controlador de comunicação PCI simples
    Device ID: PCI\VEN_1106&DEV_3068&SUBSYS_4C211543&REV_80\3&61AAA01&0&8E
    Manufacturer:
    Name: Controlador de comunicação PCI simples
    PNP Device ID: PCI\VEN_1106&DEV_3068&SUBSYS_4C211543&REV_80\3&61AAA01&0&8E
    Service:

    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: VIA Rhine II Fast Ethernet Adapter
    Device ID: PCI\VEN_1106&DEV_3065&SUBSYS_30651106&REV_74\3&61AAA01&0&90
    Manufacturer: VIA Technologies, Inc.
    Name: VIA Rhine II Fast Ethernet Adapter #2
    PNP Device ID: PCI\VEN_1106&DEV_3065&SUBSYS_30651106&REV_74\3&61AAA01&0&90
    Service: FET5X86V


    -- Files created between 2008-01-03 and 2008-02-03 -----------------------------

    2008-01-29 20:42:10 87552 --a------ C:\WINDOWS\system32\winupdate.exe
    2008-01-29 20:41:50 87552 --a------ C:\WINDOWS\system32\TmpX.exe
    2008-01-29 20:41:43 114 --a------ C:\WINDOWS\system32\url3
    2008-01-29 20:41:43 102 --a------ C:\WINDOWS\system32\url2
    2008-01-29 20:41:43 102 --a------ C:\WINDOWS\system32\url1
    2008-01-29 20:41:43 8 --a------ C:\WINDOWS\system32\CID
    2008-01-29 20:41:37 4 --a------ C:\WINDOWS\system32\SvcNm
    2008-01-29 20:41:37 0 d-------- C:\WINDOWS\system32\svcd
    2008-01-26 14:41:08 0 d-------- C:\Arquivos de programas\Gabest
    2008-01-11 14:07:19 0 d-------- C:\Arquivos de programas\blueMSX
    2008-01-06 21:33:08 0 d-------- C:\Arquivos de programas\Microsoft Silverlight


    -- Find3M Report ---------------------------------------------------------------

    2008-02-03 17:53:44 0 d-------- C:\Documents and Settings\HENRIQUE\Dados de aplicativos\uTorrent
    2008-02-03 17:39:21 0 d-------- C:\Arquivos de programas\Mozilla Firefox 2 Beta 2
    2008-02-02 17:39:47 0 d-------- C:\Documents and Settings\HENRIQUE\Dados de aplicativos\Adobe
    2008-01-20 16:27:07 0 d-------- C:\Arquivos de programas\mIRC
    2007-12-27 15:23:25 0 d-------- C:\Documents and Settings\HENRIQUE\Dados de aplicativos\Dev-Cpp
    2007-12-20 23:33:28 0 d-------- C:\Arquivos de programas\Project64 1.6
    2007-12-20 23:16:18 0 d-------- C:\Arquivos de programas\Microsoft.NET
    2007-12-20 23:12:43 452722 --a----c- C:\WINDOWS\system32\perfh016.dat
    2007-12-20 23:12:43 79216 --a----c- C:\WINDOWS\system32\perfc016.dat
    2007-12-20 23:01:07 0 d-------- C:\Arquivos de programas\WinAVIVideoConverter
    2007-12-20 22:46:22 0 d-------- C:\Arquivos de programas\LeechGet 2005
    2007-12-20 02:05:36 0 d-------- C:\Documents and Settings\HENRIQUE\Dados de aplicativos\RapidCRC
    2007-12-20 02:05:05 0 d-------- C:\Arquivos de programas\RapidCRC
    2007-12-19 20:00:43 0 d-------- C:\Arquivos de programas\Xvid
    2007-12-18 17:18:36 0 d-------- C:\Arquivos de programas\Red Kawa
    2007-12-18 17:05:49 0 d-------- C:\Arquivos de programas\Windows Media Connect 2
    2007-12-18 15:51:31 0 d-------- C:\Arquivos de programas\TVersity Codec Pack
    2007-12-15 00:58:42 0 d-------- C:\Arquivos de programas\LibUSB-Win32
    2007-12-15 00:45:15 0 d-------- C:\Documents and Settings\HENRIQUE\Dados de aplicativos\fltk.org
    2007-11-29 20:40:43 0 -ra------ C:\logwmemory.bin
    2007-11-16 18:41:50 4490 --a----c- C:\WINDOWS\mozver.dat


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched "= "C:\Arquivos de programas\Java\jre1.5.0_05\bin\jusched.exe" [26/08/2005 06:14]
    "snpstd "= "C:\WINDOWS\vsnpstd.exe" [10/06/2004 01:48]
    "NetMeter "= "C:\Arquivos de programas\HooTech\NetMeter\NetMeter.exe" [14/02/2006 08:19]
    "NvCplDaemon "= "C:\WINDOWS\system32\NvCpl.dll" [22/10/2006 12:22]
    "nwiz "= "nwiz.exe" [22/10/2006 12:22 C:\WINDOWS\system32\nwiz.exe]
    "ISUSPM Startup "= "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" [11/08/2005 05:30]
    "NvMediaCenter "= "C:\WINDOWS\system32\NvMcTray.dll" [22/10/2006 12:22]
    "QuickTime Task "= "C:\Arquivos de programas\QuickTime\qttask.exe" [05/12/2005 03:14]
    "ISUSScheduler "= "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" [11/08/2005 05:30]
    "avast! "= "C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [04/12/2007 11:00]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} "= "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" []
    "updateMgr "= "C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [30/03/2006 05:45]
    "ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 12:45]
    "AdobeUpdater "= "C:\Arquivos de programas\Arquivos comuns\Adobe\Updater5\AdobeUpdater.exe" [01/03/2007 12:06]
    "uTorrent "= "C:\Arquivos de programas\uTorrent\utorrent.exe" [18/01/2008 09:30]

    C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\
    Adobe Gamma Loader.lnk - C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [30/3/2006 10:31:23]
    Adobe Reader Speed Launch.lnk - C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23/9/2005 11:05:26]
    WlanUtility.lnk - C:\Arquivos de programas\MicroStar\WLANUtility\WlanUtility.exe [26/3/2004 04:51:30]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoChangeStartMenu "=0 (0x0)
    "NoLogOff "=1 (0x1)
    "NoRun "=0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
    "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
    "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "SQLWriter "=2 (0x2)
    "SQLBrowser "=2 (0x2)
    "SQLAgent$SONY_MEDIAMGR "=3 (0x3)
    "NMIndexingService "=3 (0x3)
    "MSSQLServerADHelper "=3 (0x3)
    "MSSQL$SQLEXPRESS "=2 (0x2)
    "mi-raysat_3dsmax9_32 "=2 (0x2)
    "mi-raysat_3dsmax8 "=2 (0x2)




    -- End of Deckard's System Scanner: finished at 2008-02-03 18:01:56 ------------


    Thanks for the help
     
  5. 2008/02/03
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Trophy Points:
    608
    Location:
    Washington State
    Computer Experience:
    Often it's like Taz
    Hi riqued

    Having any p2p file sharing apps such as Limewire, BitTorrent uTorrent etc.. is almost like inviting malware into your computer. There is absolutely no way for you to know which of the hundreds of thousands of users you are sharing files with are infected or not.
    I strongly recommend removing any P2P applications.


    Download ComboFix from [color= "Red"]Here[/color] to your Desktop.
    It's best to disable realtime protection applications as they sometimes interfere with the tool. Check this link for any applicable programs you may have.
    • Close all open programs and windows
    • Double click combofix.exe and follow the prompts.
    • Vista users right click Combofix.exe and select Run As Administrator.
    • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
    Note: Do not mouseclick combofix's window while its running. That may cause it to stall

    Please post the Combofix log.

    Thanks
    Geri
     
    Geri,
    #4
  6. 2008/02/04
    riqued

    riqued Inactive Thread Starter

    Joined:
    2008/02/03
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    76
    Computer Experience:
    Beginner
    ComboFix 08-02.03.1 - HENRIQUE 2008-02-04 4:28:44.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.692 [GMT -2:00]
    Executando de: C:\Documents and Settings\HENRIQUE\Desktop\ComboFix.exe
    * Criado um novo ponto de restauro

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((((((((((((((( Outras Exclusäes )))))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\winupdate.exe
    C:\WINDOWS\system32\wl.exe

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    -------\ntload


    ((((((((((((((((((((((( Ficheiros criados de 2008-01-04 to 2008-02-04 ))))))))))))))))))))))))))))))))
    .

    2008-02-03 20:31 . 2008-02-03 20:31 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-02-03 20:31 . 2008-02-03 20:31 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-02-03 17:52 . 2008-02-03 17:52 <DIR> d-------- C:\Deckard
    2008-01-29 20:41 . 2008-01-29 20:41 <DIR> d-------- C:\WINDOWS\system32\svcd
    2008-01-29 20:41 . 2008-01-29 20:41 87,552 --a------ C:\WINDOWS\system32\TmpX.exe
    2008-01-29 20:41 . 2008-02-04 04:25 114 --a------ C:\WINDOWS\system32\url3
    2008-01-29 20:41 . 2008-02-04 04:25 102 --a------ C:\WINDOWS\system32\url2
    2008-01-29 20:41 . 2008-02-04 04:25 102 --a------ C:\WINDOWS\system32\url1
    2008-01-29 20:41 . 2008-02-04 04:25 8 --a------ C:\WINDOWS\system32\CID
    2008-01-29 20:41 . 2008-01-29 20:41 4 --a------ C:\WINDOWS\system32\SvcNm
    2008-01-26 14:41 . 2008-01-26 14:41 <DIR> d-------- C:\Arquivos de programas\Gabest
    2008-01-25 16:36 . 2004-08-04 00:45 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
    2008-01-25 16:36 . 2004-08-04 00:45 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
    2008-01-25 16:36 . 2001-09-05 23:20 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
    2008-01-25 16:36 . 2001-09-05 23:20 12,288 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
    2008-01-11 14:07 . 2008-01-11 14:08 <DIR> d-------- C:\Arquivos de programas\blueMSX
    2008-01-06 21:33 . 2008-01-06 21:33 <DIR> d-------- C:\Arquivos de programas\Microsoft Silverlight

    .
    ((((((((((((((((((((((((((((((((((((( Relat¢rio Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-02-04 06:27 --------- d-----w C:\Documents and Settings\HENRIQUE\Dados de aplicativos\uTorrent
    2008-02-04 06:21 --------- d-----w C:\Arquivos de programas\Mozilla Firefox 2 Beta 2
    2008-02-04 03:45 --------- d-----w C:\Arquivos de programas\mIRC
    2007-12-27 17:23 --------- d-----w C:\Documents and Settings\HENRIQUE\Dados de aplicativos\Dev-Cpp
    2007-12-21 01:33 --------- d-----w C:\Arquivos de programas\Project64 1.6
    2007-12-21 01:16 --------- d-----w C:\Arquivos de programas\Microsoft.NET
    2007-12-21 01:04 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help
    2007-12-21 01:01 --------- d-----w C:\Arquivos de programas\WinAVIVideoConverter
    2007-12-21 00:46 --------- d-----w C:\Arquivos de programas\LeechGet 2005
    2007-12-20 04:05 --------- d-----w C:\Documents and Settings\HENRIQUE\Dados de aplicativos\RapidCRC
    2007-12-20 04:05 --------- d-----w C:\Arquivos de programas\RapidCRC
    2007-12-19 22:00 --------- d-----w C:\Arquivos de programas\Xvid
    2007-12-18 19:18 --------- d-----w C:\Arquivos de programas\Red Kawa
    2007-12-18 19:05 --------- d-----w C:\Arquivos de programas\Windows Media Connect 2
    2007-12-18 17:51 --------- d-----w C:\Arquivos de programas\TVersity Codec Pack
    2007-12-15 02:58 --------- d-----w C:\Arquivos de programas\LibUSB-Win32
    2007-12-15 02:45 --------- d-----w C:\Documents and Settings\HENRIQUE\Dados de aplicativos\fltk.org
    2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
    2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
    2007-12-04 14:53 23,152 -c--a-w C:\WINDOWS\system32\drivers\aswRdr.sys
    2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
    2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
    2007-11-29 22:40 0 ----a-r C:\logwmemory.bin
    2007-10-04 15:57 32 ----a-r C:\Documents and Settings\All Users\hash.dat
    2007-09-01 01:41 56,096 -c--a-w C:\Documents and Settings\HENRIQUE\Dados de aplicativos\GDIPFONTCACHEV1.DAT
    2006-12-18 16:57 365 ----a-w C:\Arquivos de programas\INSTALL.LOG
    2003-12-18 13:33 20,102 ----a-w C:\Arquivos de programas\Readme.txt
    2003-09-03 09:46 10,960 ----a-w C:\Arquivos de programas\EULA.txt
    2005-05-13 20:12 217,073 -csha-w C:\WINDOWS\meta4.exe
    2005-10-24 14:13 66,560 -csha-w C:\WINDOWS\MOTA113.exe
    2005-10-14 00:27 422,400 -csha-w C:\WINDOWS\x2.64.exe
    2005-10-07 22:14 308,224 -csha-w C:\WINDOWS\system32\avisynth.dll
    2005-07-14 15:31 27,648 -csha-w C:\WINDOWS\system32\AVSredirect.dll
    2005-06-22 01:37 45,568 -csha-w C:\WINDOWS\system32\cygz.dll
    2004-01-25 03:00 70,656 -csha-w C:\WINDOWS\system32\i420vfw.dll
    2006-04-27 13:24 2,945,024 -csha-w C:\WINDOWS\system32\Smab.dll
    2005-02-28 16:16 240,128 -csha-w C:\WINDOWS\system32\x.264.exe
    2004-01-25 03:00 70,656 -csha-w C:\WINDOWS\system32\yv12vfw.dll
    .

    (((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Nota* entradas vazias & leg¡timas por defeito nÆo sÆo mostradas.

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} "= "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" [ ]
    "updateMgr "= "C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45 313472]
    "ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360]
    "AdobeUpdater "= "C:\Arquivos de programas\Arquivos comuns\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 00:06 2321600]
    "uTorrent "= "C:\Arquivos de programas\uTorrent\utorrent.exe" [2008-01-18 21:30 219952]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched "= "C:\Arquivos de programas\Java\jre1.5.0_05\bin\jusched.exe" [2005-08-26 18:14 36975]
    "snpstd "= "C:\WINDOWS\vsnpstd.exe" [2004-06-10 13:48 286720]
    "NetMeter "= "C:\Arquivos de programas\HooTech\NetMeter\NetMeter.exe" [2006-02-14 20:19 183296]
    "NvCplDaemon "= "C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22 7700480]
    "nwiz "= "nwiz.exe" [2006-10-22 12:22 1622016 C:\WINDOWS\system32\nwiz.exe]
    "ISUSPM Startup "= "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" [2005-08-11 17:30 249856]
    "NvMediaCenter "= "C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 12:22 86016]
    "QuickTime Task "= "C:\Arquivos de programas\QuickTime\qttask.exe" [2005-12-05 15:14 155648]
    "ISUSScheduler "= "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" [2005-08-11 17:30 81920]
    "avast! "= "C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 11:00 79224]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE "= "C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 15360]

    C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\
    Adobe Gamma Loader.lnk - C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2006-03-30 22:31:23 113664]
    Adobe Reader Speed Launch.lnk - C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]
    WlanUtility.lnk - C:\Arquivos de programas\MicroStar\WLANUtility\WlanUtility.exe [2004-03-26 16:51:30 143360]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoLogOff "= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
    C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
    --------- 2004-11-02 21:24 32768 C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "SQLWriter "=2 (0x2)
    "SQLBrowser "=2 (0x2)
    "SQLAgent$SONY_MEDIAMGR "=3 (0x3)
    "NMIndexingService "=3 (0x3)
    "MSSQLServerADHelper "=3 (0x3)
    "MSSQL$SQLEXPRESS "=2 (0x2)
    "mi-raysat_3dsmax9_32 "=2 (0x2)
    "mi-raysat_3dsmax8 "=2 (0x2)

    R0 viasraid;viasraid;C:\WINDOWS\system32\DRIVERS\viasraid.sys [2003-10-31 01:22]
    R2 KRBT;Security Service;C:\WINDOWS\system32\svcd\svchost.exe [2008-01-29 20:41]
    R3 M2500;802.11g Wireless Network Driver;C:\WINDOWS\system32\DRIVERS\M2500.sys [2004-02-17 09:24]
    S3 Abel;Abel;C:\Documents and Settings\HENRIQUE\Desktop\h\Cain\Abel.exe []
    S3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2007-02-27 09:14]
    S3 hamachi_oem;PlayLinc Adapter;C:\WINDOWS\system32\DRIVERS\gan_adapter.sys [2006-10-19 12:11]
    S3 libusb0;LibUsb-Win32 - Kernel Driver 11/20/2005, 20051120;C:\WINDOWS\system32\drivers\libusb0.sys [2006-04-23 04:34]
    S3 XPADFL02;XPAD Filter Service 02;C:\WINDOWS\system32\DRIVERS\xpadfl02.sys [2006-12-24 06:15]

    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-04 04:35:06
    Windows 5.1.2600 Service Pack 2 NTFS

    Procurando processos ocultos ...

    Procurando entradas auto inicializ veis ocultas ...

    Procurando ficheiros ocultos ...

    Varredura completada com sucesso
    Ficheiros ocultos: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
    C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
    C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe
    C:\Arquivos de programas\Bonjour\mDNSResponder.exe
    C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\tlntsvr.exe
    C:\Arquivos de programas\TVersity\Media Server\MediaServer.exe
    C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
    C:\Arquivos de programas\MicroStar\WLANUtility\WLAN_Service.exe
    .
    **************************************************************************
    .
    Tempo para conclusÆo: 2008-02-04 4:42:02 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-02-04 06:41:57
    .
    2008-01-23 16:45:43 --- E O F ---
     
  7. 2008/02/04
    riqued

    riqued Inactive Thread Starter

    Joined:
    2008/02/03
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    76
    Computer Experience:
    Beginner
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 04:48:24, on 4/2/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
    C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe
    C:\Arquivos de programas\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\svcd\svchost.exe
    C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe
    C:\Arquivos de programas\Java\jre1.5.0_05\bin\jusched.exe
    C:\WINDOWS\vsnpstd.exe
    C:\Arquivos de programas\HooTech\NetMeter\NetMeter.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Arquivos de programas\uTorrent\utorrent.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Arquivos de programas\MicroStar\WLANUtility\WlanUtility.exe
    C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\tlntsvr.exe
    C:\Arquivos de programas\TVersity\Media Server\MediaServer.exe
    C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
    C:\Arquivos de programas\MicroStar\WLANUtility\WLAN_Service.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Documents and Settings\HENRIQUE\Desktop\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 65.124.89.209:2487
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_05\bin\jusched.exe
    O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
    O4 - HKLM\..\Run: [NetMeter] C:\Arquivos de programas\HooTech\NetMeter\NetMeter.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe "
    O4 - HKCU\..\Run: [updateMgr] "C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [AdobeUpdater] C:\Arquivos de programas\Arquivos comuns\Adobe\Updater5\AdobeUpdater.exe
    O4 - HKCU\..\Run: [uTorrent] "C:\Arquivos de programas\uTorrent\utorrent.exe "
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: WlanUtility.lnk = C:\Arquivos de programas\MicroStar\WLANUtility\WlanUtility.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_05\bin\npjpi150_05.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_05\bin\npjpi150_05.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
    O23 - Service: Abel - Unknown owner - C:\Documents and Settings\HENRIQUE\Desktop\h\Cain\Abel.exe (file missing)
    O23 - Service: Adobe LM Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Security Service (KRBT) - Unknown owner - C:\WINDOWS\system32\svcd\svchost.exe
    O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Arquivos de programas\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
    O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Arquivos de programas\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe (file missing)
    O23 - Service: MSI_WLAN_Service - Unknown owner - C:\Arquivos de programas\MicroStar\WLANUtility\WLAN_Service.exe
    O23 - Service: NMIndexingService - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Registry Management Service (RegManServ) - Unknown owner - C:\Arquivos de programas\Registry Defragmentation\RegManServ.exe (file missing)
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: TVersityMediaServer - Unknown owner - C:\Arquivos de programas\TVersity\Media Server\MediaServer.exe

    --
    End of file - 7633 bytes
     
  8. 2008/02/04
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Trophy Points:
    608
    Location:
    Washington State
    Computer Experience:
    Often it's like Taz
    Hi riqued

    Download SDFix and save it to your Desktop.

    Double click SDFix.exe and it will extract the files to %systemdrive%
    (Drive that contains the Windows Directory, typically C:\SDFix)

    Please then reboot your computer in Safe Mode by doing the following :
    • Restart your computer
    • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
    • Instead of Windows loading as normal, the Advanced Options Menu should appear;
    • Select the first option, to run Windows in Safe Mode, then press Enter.
    • Choose your usual account.
    • Open the extracted SDFix folder and double click RunThis.bat to start the script.
    • Type Y to begin the cleanup process.
    • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
    • Press any Key and it will restart the PC.
    • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
    • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
      (Report.txt will also be copied to Clipboard ready for posting back on the forum).
    • Finally paste the contents of the Report.txt

    Please post the SDFix log.

    Thanks
    Geri
     
    Geri,
    #7
  9. 2008/02/05
    riqued

    riqued Inactive Thread Starter

    Joined:
    2008/02/03
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    76
    Computer Experience:
    Beginner
    SDFix: Version 1.136

    Run by HENRIQUE on ter 05/02/2008 at 02:42

    Microsoft Windows XP [versão 5.1.2600]

    Running From: C:\SDFix

    Safe Mode:
    Checking Services:


    Restoring Windows Registry Values
    Restoring Windows Default Hosts File

    Rebooting...


    Normal Mode:
    Checking Files:

    Trojan Files Found:

    C:\WINDOWS\system32\CID - Deleted
    C:\WINDOWS\system32\svcd\svchost.exe - Deleted
    C:\WINDOWS\system32\SvcNm - Deleted
    C:\WINDOWS\system32\TmpX.exe - Deleted
    C:\WINDOWS\system32\upds.log - Deleted
    C:\WINDOWS\system32\url1 - Deleted
    C:\WINDOWS\system32\url2 - Deleted
    C:\WINDOWS\system32\url3 - Deleted



    Folder C:\WINDOWS\system32\svcd - Removed


    Removing Temp Files...

    ADS Check:



    Final Check:

    catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-05 14:57:45
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "p0 "= "C:\Arquivos de programas\DAEMON Tools\ "
    "h0 "=dword:00000000
    "khjeh "=hex:ae,9a,b8,83,f9,70,6b,ed,6f,62,6a,ec,ce,3b,e2,d5,e8,7b,9e,5a,0d,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0 "=hex:20,01,00,00,e7,25,c0,9c,2c,0a,43,06,eb,72,f8,39,39,4c,61,1a,f9,..
    "khjeh "=hex:25,d9,42,1c,9e,e5,5a,53,d3,2e,6c,43,1c,e7,82,f8,fd,0a,88,e3,5e,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh "=hex:c3,f2,5d,c4,ce,43,fd,e1,d8,d1,26,8c,31,a1,04,7c,58,90,7f,f9,32,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "p0 "= "C:\Arquivos de programas\DAEMON Tools\ "
    "h0 "=dword:00000000
    "khjeh "=hex:ae,9a,b8,83,f9,70,6b,ed,6f,62,6a,ec,ce,3b,e2,d5,e8,7b,9e,5a,0d,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0 "=hex:20,01,00,00,e7,25,c0,9c,2c,0a,43,06,eb,72,f8,39,39,4c,61,1a,f9,..
    "khjeh "=hex:25,d9,42,1c,9e,e5,5a,53,d3,2e,6c,43,1c,e7,82,f8,fd,0a,88,e3,5e,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh "=hex:c3,f2,5d,c4,ce,43,fd,e1,d8,d1,26,8c,31,a1,04,7c,58,90,7f,f9,32,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "p0 "= "C:\Arquivos de programas\DAEMON Tools\ "
    "h0 "=dword:00000000
    "khjeh "=hex:ae,9a,b8,83,f9,70,6b,ed,6f,62,6a,ec,ce,3b,e2,d5,e8,7b,9e,5a,0d,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0 "=hex:20,01,00,00,e7,25,c0,9c,2c,0a,43,06,eb,72,f8,39,39,4c,61,1a,f9,..
    "khjeh "=hex:25,d9,42,1c,9e,e5,5a,53,d3,2e,6c,43,1c,e7,82,f8,fd,0a,88,e3,5e,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh "=hex:c3,f2,5d,c4,ce,43,fd,e1,d8,d1,26,8c,31,a1,04,7c,58,90,7f,f9,32,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "p0 "= "C:\Arquivos de programas\DAEMON Tools\ "
    "h0 "=dword:00000000
    "khjeh "=hex:ae,9a,b8,83,f9,70,6b,ed,6f,62,6a,ec,ce,3b,e2,d5,e8,7b,9e,5a,0d,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0 "=hex:20,01,00,00,e7,25,c0,9c,2c,0a,43,06,eb,72,f8,39,39,4c,61,1a,f9,..
    "khjeh "=hex:25,d9,42,1c,9e,e5,5a,53,d3,2e,6c,43,1c,e7,82,f8,fd,0a,88,e3,5e,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh "=hex:c3,f2,5d,c4,ce,43,fd,e1,d8,d1,26,8c,31,a1,04,7c,58,90,7f,f9,32,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "p0 "= "C:\Arquivos de programas\DAEMON Tools\ "
    "h0 "=dword:00000000
    "khjeh "=hex:ae,9a,b8,83,f9,70,6b,ed,6f,62,6a,ec,ce,3b,e2,d5,e8,7b,9e,5a,0d,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0 "=hex:20,01,00,00,e7,25,c0,9c,2c,0a,43,06,eb,72,f8,39,39,4c,61,1a,f9,..
    "khjeh "=hex:25,d9,42,1c,9e,e5,5a,53,d3,2e,6c,43,1c,e7,82,f8,fd,0a,88,e3,5e,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh "=hex:71,4c,c4,76,1b,fa,53,3b,4e,7d,28,77,08,c8,7b,72,7a,62,b9,bd,43,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "p0 "= "C:\Arquivos de programas\DAEMON Tools\ "
    "h0 "=dword:00000000
    "khjeh "=hex:ae,9a,b8,83,f9,70,6b,ed,6f,62,6a,ec,ce,3b,e2,d5,e8,7b,9e,5a,0d,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0 "=hex:20,01,00,00,e7,25,c0,9c,2c,0a,43,06,eb,72,f8,39,39,4c,61,1a,f9,..
    "khjeh "=hex:25,d9,42,1c,9e,e5,5a,53,d3,2e,6c,43,1c,e7,82,f8,fd,0a,88,e3,5e,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh "=hex:c3,f2,5d,c4,ce,43,fd,e1,d8,d1,26,8c,31,a1,04,7c,58,90,7f,f9,32,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "p0 "= "C:\Arquivos de programas\DAEMON Tools\ "
    "h0 "=dword:00000000
    "khjeh "=hex:ae,9a,b8,83,f9,70,6b,ed,6f,62,6a,ec,ce,3b,e2,d5,e8,7b,9e,5a,0d,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0 "=hex:20,01,00,00,e7,25,c0,9c,2c,0a,43,06,eb,72,f8,39,39,4c,61,1a,f9,..
    "khjeh "=hex:25,d9,42,1c,9e,e5,5a,53,d3,2e,6c,43,1c,e7,82,f8,fd,0a,88,e3,5e,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh "=hex:c3,f2,5d,c4,ce,43,fd,e1,d8,d1,26,8c,31,a1,04,7c,58,90,7f,f9,32,..
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
    "s0 "=dword:fbabb362
    "s1 "=dword:84fe3737
    "s2 "=dword:535a55b7
    "h0 "=dword:00000001

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "h0 "=dword:00000000
    "khjeh "=hex:fc,5d,ad,21,0e,7b,b0,2f,48,60,e7,df,ae,75,b3,59,7d,e5,f9,e8,7b,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet009\Services\RemoteAccess\Accounting]
    "AccountSessionIdStart "=dword:00000102
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet009\Services\SharedAccess\Epoch]
    "Epoch "=dword:00002cf4
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "h0 "=dword:00000000
    "khjeh "=hex:fc,5d,ad,21,0e,7b,b0,2f,48,60,e7,df,ae,75,b3,59,7d,e5,f9,e8,7b,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet009\Services\Tcpip\Parameters\Interfaces\{81E7FD41-6D12-46A3-B13A-6A6A37AA116A}]
    "DhcpServer "= "255.255.255.255 "
    "Lease "=dword:00000e10
    "LeaseObtainedTime "=dword:47a88e20
    "T1 "=dword:47a89528
    "T2 "=dword:47a89a6e
    "LeaseTerminatesTime "=dword:47a89c30
    "DhcpIPAddress "= "0.0.0.0 "
    "DhcpSubnetMask "= "255.0.0.0 "
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet009\Services\{81E7FD41-6D12-46A3-B13A-6A6A37AA116A}\Parameters\Tcpip]
    "DhcpIPAddress "= "0.0.0.0 "
    "DhcpSubnetMask "= "255.0.0.0 "
    "DhcpServer "= "255.255.255.255 "
    "Lease "=dword:00000e10
    "LeaseObtainedTime "=dword:47a88e20
    "T1 "=dword:47a89528
    "T2 "=dword:47a89a6e
    "LeaseTerminatesTime "=dword:47a89c30

    scanning hidden registry entries ...

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19]
    "RefCount "=dword:00000001
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3915BDE5-722A-DB0D-DC24-7E8E276BBC44}]
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DEE45668-624F-C574-9905-989FB377EE69}]
    "jahkkhnmgdmpngodfcff "=hex:6a,61,6d,6c,62,65,69,67,64,67,6a,62,6e,65,6e,64,68,69,63,6e,00,..
    "iankakclonkkdcmfdf "=hex:6a,61,6d,6c,62,65,69,67,64,67,6a,62,6e,65,6e,64,68,69,63,6e,00,..

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0


    Remaining Services:
    ------------------



    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "C:\\Arquivos de programas\\uTorrent\\utorrent.exe "= "C:\\Arquivos de programas\\uTorrent\\utorrent.exe:*:Enabled:µTorrent "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

    Remaining Files:
    ---------------

    File Backups: - C:\SDFix\backups\backups.zip

    Files with Hidden Attributes:

    Fri 13 May 2005 217,073 A.SH. --- "C:\WINDOWS\meta4.exe "
    Mon 24 Oct 2005 66,560 A.SH. --- "C:\WINDOWS\MOTA113.exe "
    Thu 13 Oct 2005 422,400 A.SH. --- "C:\WINDOWS\x2.64.exe "
    Wed 13 Oct 2004 1,694,208 A.SH. --- "C:\Arquivos de programas\Messenger\msmsgs.exe "
    Fri 7 Oct 2005 308,224 A.SH. --- "C:\WINDOWS\system32\avisynth.dll "
    Thu 14 Jul 2005 27,648 A.SH. --- "C:\WINDOWS\system32\AVSredirect.dll "
    Tue 21 Jun 2005 45,568 A.SH. --- "C:\WINDOWS\system32\cygz.dll "
    Tue 6 Feb 2007 660,480 A..H. --- "C:\WINDOWS\system32\d3dinf.dll "
    Sun 25 Jan 2004 70,656 A.SH. --- "C:\WINDOWS\system32\i420vfw.dll "
    Thu 27 Apr 2006 2,945,024 A.SH. --- "C:\WINDOWS\system32\Smab.dll "
    Mon 28 Feb 2005 240,128 A.SH. --- "C:\WINDOWS\system32\x.264.exe "
    Sun 25 Jan 2004 70,656 A.SH. --- "C:\WINDOWS\system32\yv12vfw.dll "
    Wed 22 Dec 2004 76,568 ..SHR --- "C:\Arquivos de programas\Autodesk\Autodesk DWF Viewer\Setup.exe "
    Thu 13 Jan 2005 11,360 A.SHR --- "C:\Arquivos de programas\Autodesk\Autodesk DWF Viewer\_Setupx.dll "
    Sun 28 Oct 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp "
    Tue 20 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\958f6198e7b74c8bd1180a14e6def2c1\BIT3.tmp "
    Thu 24 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f7db876e78b88fd8276fd7d29cb7e4eb\BIT8.tmp "
    Mon 12 Nov 2007 175,104 A..H. --- "C:\Documents and Settings\HENRIQUE\Desktop\RAC\Finished\3Gal\tut2\~WRL0001.tmp "
    Thu 15 Nov 2007 184,320 A..H. --- "C:\Documents and Settings\HENRIQUE\Desktop\RAC\Finished\3Gal\tut2\~WRL1835.tmp "
    Thu 15 Nov 2007 201,728 A..H. --- "C:\Documents and Settings\HENRIQUE\Desktop\RAC\Finished\3Gal\tut2\~WRL2462.tmp "
    Thu 15 Nov 2007 223,232 A..H. --- "C:\Documents and Settings\HENRIQUE\Desktop\RAC\Finished\3Gal\tut2\~WRL3107.tmp "
    Thu 15 Nov 2007 176,128 A..H. --- "C:\Documents and Settings\HENRIQUE\Desktop\RAC\Finished\3Gal\tut2\~WRL3391.tmp "
    Thu 15 Nov 2007 227,840 A..H. --- "C:\Documents and Settings\HENRIQUE\Desktop\RAC\Finished\3Gal\tut2\~WRL4000.tmp "

    Finished!


    Thanks Geri. The problem I had is gone, if you I don't need to do anything else can I delete the programs now?
     
  10. 2008/02/05
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Trophy Points:
    608
    Location:
    Washington State
    Computer Experience:
    Often it's like Taz
    Hi riqued
    This is kind of hard, I don't know Spanish so I'm doing the best I can here.

    OK These have to go.

    Using Windows Explorer (to get there right-click your Start button and go to "Explore "), please delete these files (if present):

    C:\WINDOWS\QTFont.for
    C:\WINDOWS\QTFont.qfn


    Please delete these and we'll get a on-line scan.

    First do this.
    Click Start>Run in the run box copy and paste or type ComboFix /u then hit Enter to uninstall ComboFix and remove the files/folders it created.

    Now delete these.
    SDFix.exe

    This folder.
    C:\SDFix


    Download ATF Cleaner by Atribune and save it to your Desktop.
    This is a good tool to get rid of the temporary garbage you pick up while surfing the net.
    Double click ATF-Cleaner.exe to run the program.
    Check the boxes to the left of:

    Windows Temp
    Current User Temp
    All Users Temp
    Temporary Internet Files
    Prefetch
    Java Cache
    Recycle bin


    The rest are optional - if you want it to remove everything check "Select All ".
    Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK.


    Now lets get a on-line scan.

    Please do an online scan with Kaspersky WebScanner

    Click on "Accept" If your pop "“up blocker blocks the ActiveX download, allow it, click on "Accept" again

    You will be promted to install an ActiveX component from Kaspersky, Click Yes or Install.
    • The program will launch and then begin downloading the latest definition files:
    • Once the files have been downloaded click on NEXT
    • Now click on Scan Settings
    • In the scan settings make that the following are selected:
      • Scan using the following Anti-Virus database:
      • Extended (if available otherwise Standard)
      • Scan Options:
      • Scan Archives
        Scan Mail Bases
    • Click OK
    • Now under select a target to scan:
      • Select My Computer
    • This will start the program and scan your system.
    • The scan will take a while so be patient and let it run.
    • Once the scan is complete it will display if your system has been infected.
      • Now click on the Save as Text button:
    • Save the file to your desktop.
    • Copy and paste that information in your next post.


    Please post the Kaspersky log.

    Thanks
    Geri
     
    Geri,
    #9
  11. 2008/02/17
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Trophy Points:
    608
    Location:
    Washington State
    Computer Experience:
    Often it's like Taz
    Hi clarabelle
    Welcome to Windowsbbs.
    I have moved your post to a thread of its own to avoid confusion , please look for it and make all replies there.

    Thanks
    Geri
     

Share This Page