I´ve done all the steps explained to remove a problem in my computer, the required steps before posting this log. I´ve Norton Firewall e Norton Antivirus updated and active, i´ve scanned my computer with Ad-Aware SE, Spybot S&D, Ewido Security Suite, Trend Housecall, TrojanHunter, Hijack This... Couldn´t run CWShredder, cause it causes an error saying it´s not a valid Win32 application...
But the problem still remains: a kind of annoying pop-up warnings that appear frequently. Some examples of what they say:
"Message from SYSTEM for ALERT in 23-10-2005 13:31:41
Windows has encountered an Internal Error
Your Windows registry is corrupted.
We recommend a complete system scan.
Visit
http://FixTheReg.com
To repair now!"
or
"Message from SYSTEM for ALERT in 23-10-05 17:22:51
Microsoft Windows has encountered an Internal Error
Your Windows registry is corrupted.
We recommend a complete system scan.
Visit
http://CleanRegNow.com
To repair now!"
Next, i post the logfiles required.
>> From AD-Aware:
ArchiveData(auto-quarantine- 2005-10-22 22-06-33.bckp)
Referencefile : SE1R70 12.10.2005
======================================================
MRU LIST
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[0]=MRU FileReference : C:\Documents and Settings\vl\recent\Adobe Type Library.lnk
obj[1]=MRU FileReference : C:\Documents and Settings\vl\recent\cnpi.lnk
obj[2]=MRU FileReference : C:\Documents and Settings\vl\recent\CocasFinal_1_.0001.lnk
obj[3]=MRU FileReference : C:\Documents and Settings\vl\recent\compact_REEL.lnk
obj[4]=MRU FileReference : C:\Documents and Settings\vl\recent\Desert-Meteor.lnk
obj[5]=MRU FileReference : C:\Documents and Settings\vl\recent\dinamarqueses.lnk
obj[6]=MRU FileReference : C:\Documents and Settings\vl\recent\holandeses.lnk
obj[7]=MRU FileReference : C:\Documents and Settings\vl\recent\Humor.lnk
obj[8]=MRU FileReference : C:\Documents and Settings\vl\recent\menteurb(logo)1.lnk
obj[9]=MRU FileReference : C:\Documents and Settings\vl\recent\menteurb(logo1).lnk
obj[10]=MRU FileReference : C:\Documents and Settings\vl\recent\menteurb(logo2).lnk
obj[11]=MRU RegReference : S-1-5-21-583907252-2146915963-839522115-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru\*
obj[12]=MRU RegReference : S-1-5-21-583907252-2146915963-839522115-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.ini
obj[13]=MRU RegReference : S-1-5-21-583907252-2146915963-839522115-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.jpg
obj[14]=MRU RegReference : S-1-5-21-583907252-2146915963-839522115-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.mov
obj[15]=MRU RegReference : S-1-5-21-583907252-2146915963-839522115-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.mpg
obj[16]=MRU RegReference : S-1-5-21-583907252-2146915963-839522115-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.pdf
obj[17]=MRU RegReference : S-1-5-21-583907252-2146915963-839522115-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.pict
obj[18]=MRU RegReference : S-1-5-21-583907252-2146915963-839522115-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.psd
obj[19]=MRU RegReference : S-1-5-21-583907252-2146915963-839522115-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.TTF
obj[20]=MRU RegReference : S-1-5-21-583907252-2146915963-839522115-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.wmv
obj[21]=MRU RegReference : S-1-5-21-583907252-2146915963-839522115-1003\software\microsoft\windows\currentversion\explorer\recentdocs\Folder
obj[22]=MRU FileReference : C:\Documents and Settings\vl\recent\Utilitários.lnk
obj[23]=MRU RegReference : S-1-5-21-583907252-2146915963-839522115-1003\software\microsoft\windows media\wmsdk\general computername
obj[24]=MRU FileReference : C:\Documents and Settings\vl\recent\vodafone.lnk
obj[26]=MRU RegReference : software\microsoft\direct3d\mostrecentapplication name
obj[27]=MRU RegReference : software\microsoft\direct3d\mostrecentapplication name
obj[28]=MRU RegReference : software\microsoft\directdraw\mostrecentapplication name
obj[29]=MRU RegReference : S-1-5-21-583907252-2146915963-839522115-1003\software\microsoft\internet explorer download directory
obj[30]=MRU RegReference : S-1-5-21-583907252-2146915963-839522115-1003\software\microsoft\internet explorer\typedurls
obj[31]=MRU RegReference : S-1-5-21-583907252-2146915963-839522115-1003\software\microsoft\mediaplayer\player\settings saveasdir
obj[32]=MRU RegReference : S-1-5-21-583907252-2146915963-839522115-1003\software\microsoft\mediaplayer\player\settings opendir
obj[33]=MRU RegReference : S-1-5-21-583907252-2146915963-839522115-1003\software\microsoft\mediaplayer\preferences lastplaylistindex
obj[34]=MRU RegReference : S-1-5-21-583907252-2146915963-839522115-1003\software\microsoft\mediaplayer\preferences lastplaylist
obj[35]=MRU RegReference : S-1-5-21-583907252-2146915963-839522115-1003\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
TRACKING COOKIE
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[14]=IECache Entry : Cookie:[email protected]/
obj[15]=IECache Entry : Cookie:[email protected]/
obj[16]=IECache Entry : Cookie:[email protected]/
obj[17]=IECache Entry : Cookie:[email protected]/
obj[18]=IECache Entry : Cookie:[email protected]/
obj[19]=IECache Entry : Cookie:[email protected]/
obj[20]=IECache Entry : Cookie:[email protected]/
obj[21]=IECache Entry : Cookie:[email protected]/
obj[22]=IECache Entry : Cookie:[email protected]/
obj[23]=IECache Entry : Cookie:[email protected]/
obj[24]=IECache Entry : Cookie:[email protected]/
obj[25]=IECache Entry : Cookie:[email protected]/
obj[26]=IECache Entry : Cookie:[email protected]/
obj[27]=IECache Entry : Cookie:[email protected]/
obj[28]=IECache Entry : Cookie:[email protected]/
obj[29]=IECache Entry : Cookie:[email protected]/
>> From Ewido:
---------------------------------------------------------
ewido security suite - Relatório de verificação
---------------------------------------------------------
+ Criado em: 23:00:50, 22-10-2005
+ Relatório-Checksum: 80342A57
+ Resultado da verificação:
C:\Documents and Settings\vl\Cookies\vl@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\vl\Cookies\[email protected][2].txt -> Spyware.Cookie.Itrack : Cleaned with backup
C:\WINDOWS\system32\TFTP1704 -> Backdoor.Rbot : Cleaned with backup
::Fim do Relatório
>> From HiJackThis:
Logfile of HijackThis v1.99.1
Scan saved at 13:04:26, on 23-10-2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programas\Ficheiros comuns\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programas\ewido\security suite\ewidoctrl.exe
C:\Programas\ewido\security suite\ewidoguard.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programas\Norton AntiVirus\navapsvc.exe
C:\Programas\Norton Personal Firewall\NISUM.EXE
C:\Programas\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Programas\Ficheiros comuns\Symantec Shared\ccApp.exe
C:\Programas\Norton Personal Firewall\SymProxySvc.exe
C:\Programas\Norton Personal Firewall\IAMAPP.EXE
C:\Programas\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Gmailnotifier\Gmail Notifier\gnotify.exe
C:\Programas\Norton Personal Firewall\NISSERV.EXE
C:\Programas\Microsoft AntiSpyware\gcasDtServ.exe
C:\Programas\iPod\bin\iPodService.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programas\MSN Messenger\MsnMsgr.Exe
C:\Programas\Norton Personal Firewall\ATRACK.EXE
C:\Programas\Messenger\msmsgs.exe
C:\Programas\Internet Explorer\IEXPLORE.EXE
C:\Programas\Internet Explorer\IEXPLORE.EXE
C:\Programas\Internet Explorer\IEXPLORE.EXE
C:\Programas\Adobe\Photoshop CS\Photoshop.exe
C:\WINDOWS\System32\svchost.exe
C:\Programas\Internet Explorer\IEXPLORE.EXE
C:\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programas\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programas\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programas\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programas\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ccApp] C:\Programas\Ficheiros comuns\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Programas\Ficheiros comuns\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [iamapp] C:\Programas\Norton Personal Firewall\IAMAPP.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [MBpatch] C:\program files\Creative\MBsetup\RemoveKey.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Programas\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programas\Ficheiros comuns\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programas\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Gmailnotifier\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [THGuard] "C:\Programas\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programas\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programas\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SVCH Service] svch32.pif
O4 - HKCU\..\RunServices: [SVCH Service] svch32.pif
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programas\Ficheiros comuns\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://C:\Programas\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Programas\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Programas\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Programas\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Programas\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Programas\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\MSMSGS.EXE
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programas\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programas\ewido\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programas\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programas\Ficheiros comuns\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Programas\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Personal Firewall Service (NISSERV) - Symantec Corporation - C:\Programas\Norton Personal Firewall\NISSERV.EXE
O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - C:\Programas\Norton Personal Firewall\NISUM.EXE
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Programas\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHEI~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\SNDSrvc.exe
O23 - Service: Norton Personal Firewall Proxy Service (SymProxySvc) - Symantec Corporation - C:\Programas\Norton Personal Firewall\SymProxySvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\Security Center\SymWSC.exe