Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows xp (pt) duplicates punctuation (accents) 创 ~~ ^^ ``


  • This topic is locked This topic is locked
12 replies to this topic

#1 civil3

civil3

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:01:46 AM

Posted 25 July 2011 - 02:57 AM

Hi!

when im writing the virus duplicates all the punctuation like these: 创 ~~ ^^ ``
I already used malwarebytes and other two tools from symantec and i couldn't fix this.

maybe its bugbear virus but the anti-virus and the other tools didn't find anything

This is my HijackThis log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:50:03, on 25-07-2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Programas\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Programas\Java\jre6\bin\jqs.exe
C:\Programas\LogMeIn\x86\LMIGuardianSvc.exe
C:\Programas\LogMeIn\x86\RaMaint.exe
C:\Programas\LogMeIn\x86\LogMeIn.exe
C:\Programas\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programas\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\Programas\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Programas\Ficheiros comuns\Java\Java Update\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programas\CyberLink\PowerDVD\PDVDServ.exe
C:\Programas\ScanSoft\PaperPort\pptd40nt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programas\LogMeIn\x86\LogMeInSystray.exe
C:\Programas\Brother\ControlCenter3\brccMCtl.exe
C:\Programas\Brother\Brmfcmon\BrMfcWnd.exe
C:\Programas\Ficheiros comuns\Adobe\ARM\1.0\AdobeARM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programas\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Programas\Windows Live\Messenger\msnmsgr.exe
C:\Programas\Ficheiros comuns\Ahead\Lib\NMBgMonitor.exe
C:\Programas\Windows Desktop Search\WindowsSearch.exe
C:\Programas\Ficheiros comuns\Ahead\Lib\NMIndexingService.exe
C:\Programas\Ficheiros comuns\Ahead\Lib\NMIndexStoreSvr.exe
C:\Programas\PC Connectivity Solution\ServiceLayer.exe
C:\Programas\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Programas\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Programas\Brother\Brmfcmon\BrMfimon.exe
C:\Programas\Ficheiros comuns\Java\Java Update\jucheck.exe
C:\Programas\Microsoft Office\Office12\OUTLOOK.EXE
C:\Programas\Internet Explorer\iexplore.exe
C:\Programas\Internet Explorer\iexplore.exe
C:\Programas\Internet Explorer\iexplore.exe
C:\Programas\Internet Explorer\iexplore.exe
C:\Programas\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperliga珲es
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programa Auxiliar de In韈io de Sess鉶 do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [PPort11reminder] "C:\Programas\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Programas\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\System32\sw24.exe
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\System32\sw20.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programas\Ficheiros comuns\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programas\Ficheiros comuns\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] C:\Programas\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Programas\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programas\Ficheiros comuns\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [MSC] "c:\Programas\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Programas\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [LanguageShortcut] C:\Programas\CyberLink\PowerDVD\Language\Language.exe
O4 - HKLM\..\Run: [IndexSearch] "C:\Programas\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [ControlCenter3] C:\Programas\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [BrStsWnd] C:\Programas\Brownie\BrstsWnd.exe Autorun
O4 - HKLM\..\Run: [BrMfcWnd] C:\Programas\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programas\Ficheiros comuns\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [{F39328B1-A678-D1D6-E791-404C6706AF3E}] "C:\Documents and Settings\Filipe\Zyuro\ritol.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programas\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [msnmsgr] "C:\Programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programas\Ficheiros comuns\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVI荗 LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Servi鏾 de rede')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.2.lnk = C:\Programas\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Windows Search.lnk = C:\Programas\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O16 - DPF: {22945A69-1191-4DCF-9E6F-409BDE94D101} (EModelNonVersionSpecificViewControl Class) - http://louk.solidworks.com/htdocs/pdownload/edrawings/e2011sp02/cab//eModelsStandard.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5389B4E5-274B-4556-958D-27E5A50466F4}: NameServer = 192.168.2.1,192.168.2.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{5389B4E5-274B-4556-958D-27E5A50466F4}: NameServer = 192.168.2.1,192.168.2.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{5389B4E5-274B-4556-958D-27E5A50466F4}: NameServer = 192.168.2.1,192.168.2.254
O22 - SharedTaskScheduler: Pr-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Daemon da cache de categorias dos componentes - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Eticadata Software ERP Pausas Autom醫icas no Recolha de Tarefas (ERP.e.RTServico) - eticadata software, lda - C:\Programas\eticadata software\ERP eticadata\bin\erp.e.RTServico.exe
O23 - Service: Eticadata Software ERP - Integrador Autom醫ico (IntePlatinum) - eticadata software, lda - C:\Programas\eticadata software\ERP eticadata\bin\IntePlatinum.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programas\Java\jre6\bin\jqs.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Programas\LogMeIn\x86\LMIGuardianSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Programas\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Programas\LogMeIn\x86\LogMeIn.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Programas\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NBService - Nero AG - C:\Programas\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programas\Ficheiros comuns\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programas\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia - C:\Programas\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Programas\Ficheiros comuns\SolidWorks Shared\Service\SolidWorksLicensing.exe

--
End of file - 10120 bytes


------------------------------------------------------------

This is my dds log:.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Filipe at 8:42:26 on 2011-07-25
Microsoft Windows XP Professional 5.1.2600.3.1252.351.2070.18.2047.985 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Programas\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Programas\Java\jre6\bin\jqs.exe
C:\Programas\LogMeIn\x86\LMIGuardianSvc.exe
C:\Programas\LogMeIn\x86\RaMaint.exe
C:\Programas\LogMeIn\x86\LogMeIn.exe
C:\Programas\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Programas\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\Programas\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Programas\Ficheiros comuns\Java\Java Update\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programas\CyberLink\PowerDVD\PDVDServ.exe
C:\Programas\ScanSoft\PaperPort\pptd40nt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programas\LogMeIn\x86\LogMeInSystray.exe
C:\Programas\Brother\ControlCenter3\brccMCtl.exe
C:\Programas\Brother\Brmfcmon\BrMfcWnd.exe
C:\Programas\Ficheiros comuns\Adobe\ARM\1.0\AdobeARM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programas\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Programas\Windows Live\Messenger\msnmsgr.exe
C:\Programas\Ficheiros comuns\Ahead\Lib\NMBgMonitor.exe
C:\Programas\Windows Desktop Search\WindowsSearch.exe
C:\Programas\Ficheiros comuns\Ahead\Lib\NMIndexingService.exe
C:\Programas\Ficheiros comuns\Ahead\Lib\NMIndexStoreSvr.exe
C:\Programas\PC Connectivity Solution\ServiceLayer.exe
C:\Programas\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Programas\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Programas\Brother\Brmfcmon\BrMfimon.exe
C:\Programas\Ficheiros comuns\Java\Java Update\jucheck.exe
C:\Programas\Microsoft Office\Office12\OUTLOOK.EXE
C:\Programas\Internet Explorer\iexplore.exe
C:\Programas\Internet Explorer\iexplore.exe
C:\Programas\Internet Explorer\iexplore.exe
C:\Programas\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.pt/
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\programas\ficheiros comuns\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Programa Auxiliar de In韈io de Sess鉶 do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\programas\ficheiros comuns\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programas\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\programas\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [{F39328B1-A678-D1D6-E791-404C6706AF3E}] "c:\documents and settings\filipe\zyuro\ritol.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [PC Suite Tray] "c:\programas\nokia\nokia pc suite 7\PCSuite.exe" -onlytray
uRun: [msnmsgr] "c:\programas\windows live\messenger\msnmsgr.exe" /background
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\programas\ficheiros comuns\ahead\lib\NMBgMonitor.exe"
mRun: [PPort11reminder] "c:\programas\scansoft\paperport\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\scansoft\paperport\11\config\ereg\Ereg.ini"
mRun: [Malwarebytes' Anti-Malware] "c:\programas\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [SW24] c:\windows\system32\sw24.exe
mRun: [SW20] c:\windows\system32\sw20.exe
mRun: [SunJavaUpdateSched] "c:\programas\ficheiros comuns\java\java update\jusched.exe"
mRun: [SSBkgdUpdate] "c:\programas\ficheiros comuns\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [RemoteControl] c:\programas\cyberlink\powerdvd\PDVDServ.exe
mRun: [PaperPort PTD] "c:\programas\scansoft\paperport\pptd40nt.exe"
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NeroFilterCheck] c:\programas\ficheiros comuns\ahead\lib\NeroCheck.exe
mRun: [MSC] "c:\programas\microsoft security client\msseces.exe" -hide -runkey
mRun: [LogMeIn GUI] "c:\programas\logmein\x86\LogMeInSystray.exe"
mRun: [LanguageShortcut] c:\programas\cyberlink\powerdvd\language\Language.exe
mRun: [IndexSearch] "c:\programas\scansoft\paperport\IndexSearch.exe"
mRun: [ControlCenter3] c:\programas\brother\controlcenter3\brctrcen.exe /autorun
mRun: [BrStsWnd] c:\programas\brownie\BrstsWnd.exe Autorun
mRun: [BrMfcWnd] c:\programas\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [Adobe Reader Speed Launcher] "c:\programas\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\programas\ficheiros comuns\adobe\arm\1.0\AdobeARM.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\filipe\menuin~1\progra~1\arranque\openof~1.lnk - c:\programas\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\arranque\window~1.lnk - c:\programas\windows desktop search\WindowsSearch.exe
IE: E&xportar para o Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programas\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
DPF: {22945A69-1191-4DCF-9E6F-409BDE94D101} - hxxp://louk.solidworks.com/htdocs/pdownload/edrawings/e2011sp02/cab//eModelsStandard.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TCP: Interfaces\{5389B4E5-274B-4556-958D-27E5A50466F4} : NameServer = 192.168.2.1,192.168.2.254
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\programas\windows desktop search\MSNLNamespaceMgr.dll
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 165264]
R1 MpKsl69580a1a;MpKsl69580a1a;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5d897f7b-debb-4987-92c1-1fb6bdc01aa2}\MpKsl69580a1a.sys [2011-7-24 28752]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\programas\logmein\x86\LMIGuardianSvc.exe [2010-10-6 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\programas\logmein\x86\rainfo.sys [2008-8-11 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-8-19 47640]
R2 MBAMService;MBAMService;c:\programas\malwarebytes' anti-malware\mbamservice.exe [2011-7-21 366640]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-7-21 22712]
S3 ERP.e.RTServico;Eticadata Software ERP Pausas Autom醫icas no Recolha de Tarefas;c:\programas\eticadata software\erp eticadata\bin\erp.e.RTServico.exe [2011-6-21 85504]
S3 IntePlatinum;Eticadata Software ERP - Integrador Autom醫ico;c:\programas\eticadata software\erp eticadata\bin\IntePlatinum.exe [2011-6-21 22016]
S3 SMCWGU(SMC);SMCWUSB-G 802.11g Wireless USB 2.0 Adapter(SMC);c:\windows\system32\drivers\smcwgu.sys --> c:\windows\system32\drivers\SMCWGU.sys [?]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
=============== File Associations ===============
.
.scr=AutoCADScriptFile
.
=============== Created Last 30 ================
.
2011-07-24 10:59:25 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5d897f7b-debb-4987-92c1-1fb6bdc01aa2}\MpKsl69580a1a.sys
2011-07-24 10:59:00 6881616 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5d897f7b-debb-4987-92c1-1fb6bdc01aa2}\mpengine.dll
2011-07-23 09:00:25 -------- d-----w- c:\windows\system32\Fonts
2011-07-23 09:00:14 -------- d-----w- c:\programas\ficheiros comuns\eticadata software
2011-07-23 09:00:05 -------- d-----w- c:\programas\MapInfo MapX
2011-07-23 09:00:00 -------- d-----w- c:\windows\Crystal
2011-07-23 09:00:00 -------- d-----w- c:\programas\Seagate Software
2011-07-23 09:00:00 -------- d-----w- c:\programas\ficheiros comuns\Crystal Decisions
2011-07-21 14:32:14 -------- d-----w- c:\documents and settings\filipe\application data\Malwarebytes
2011-07-21 14:32:03 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-21 14:32:02 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-07-21 14:31:58 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-21 14:31:58 -------- d-----w- c:\programas\Malwarebytes' Anti-Malware
2011-07-21 13:49:00 388096 ----a-r- c:\documents and settings\filipe\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-07-21 13:48:59 -------- d-----w- c:\programas\Trend Micro
2011-07-19 11:06:10 -------- d-----w- c:\programas\ficheiros comuns\Macrovision Shared
2011-07-19 11:06:09 12464 ----a-w- c:\windows\system32\drivers\CDAC15BA.SYS
2011-07-19 11:06:06 54784 ----a-w- c:\windows\system32\drivers\CDAC11BA.EXE
2011-07-19 11:05:27 -------- d-----w- c:\programas\AnswerWorks 4.0
2011-07-19 11:04:23 -------- d-----w- c:\programas\AutoCAD 2004
2011-07-19 11:04:23 -------- d-----w- c:\documents and settings\filipe\application data\Autodesk
2011-07-15 08:05:11 77824 ----a-w- c:\programas\ficheiros comuns\installshield\engine\6\intel 32\ctor.dll
2011-07-15 08:05:11 32768 ----a-w- c:\programas\ficheiros comuns\installshield\engine\6\intel 32\objectps.dll
2011-07-15 08:05:11 225280 ----a-w- c:\programas\ficheiros comuns\installshield\iscript\IScript.dll
2011-07-15 08:05:11 212992 ----a-w- c:\programas\ficheiros comuns\installshield\engine\6\intel 32\ILog.dll
2011-07-15 08:05:11 176128 ----a-w- c:\programas\ficheiros comuns\installshield\engine\6\intel 32\iuser.dll
2011-07-15 08:04:41 -------- d-----w- C:\OmniCADD
2011-07-04 16:30:59 -------- d-----w- c:\programas\ficheiros comuns\Autodesk Shared
2011-07-04 16:30:59 -------- d-----w- c:\programas\Autodesk
2011-07-04 08:32:59 -------- d-----w- c:\programas\Blue Label Soft
2011-06-29 11:00:00 1030897 ----a-w- c:\documents and settings\all users\application data\tmp5B.tmp
.
==================== Find3M ====================
.
2011-07-19 07:34:24 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2011-07-19 07:34:24 53632 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2011-07-19 07:34:22 87424 ----a-w- c:\windows\system32\LMIinit.dll
2011-07-19 07:34:22 29568 ----a-w- c:\windows\system32\LMIport.dll
2011-06-22 14:31:35 490610 ----a-w- c:\documents and settings\all users\application data\tmp8A.tmp
2011-06-21 08:44:06 846 ----a-w- c:\documents and settings\all users\application data\tmp39.tmp
2011-06-21 08:43:41 846 ----a-w- c:\documents and settings\all users\application data\tmp2E.tmp
2011-06-15 07:35:26 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-06 11:35:33 1859072 ----a-w- c:\windows\system32\win32k.sys
2011-05-17 13:56:46 853 ----a-w- c:\documents and settings\all users\application data\tmp7B.tmp
2011-05-17 10:11:29 853 ----a-w- c:\documents and settings\all users\application data\tmp41.tmp
2011-05-17 10:11:03 853 ----a-w- c:\documents and settings\all users\application data\tmp3C.tmp
2011-05-02 15:32:14 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25:26 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-28 17:01:38 3685793 ----a-w- c:\documents and settings\all users\application data\tmpD5.tmp
2011-04-26 11:07:49 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-04-26 11:07:49 293888 ----a-w- c:\windows\system32\winsrv.dll
.
============= FINISH: 8:44:06,18 ===============

EDIT: Please be patient. There are over 440 unanswered topics in this forum at present and the current average wait time to receive help is 18 days. ~Budapest

Attached Files


Edited by Budapest, 26 July 2011 - 04:46 PM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,665 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:46 PM

Posted 04 August 2011 - 03:00 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you!

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

First, I need to know if you still need help! To tell me this, please click on http://www.bleepingcomputer.com/logreply/411113 and follow the instructions there. If you no longer need help, this is all you need to do. If you do need help please continue below.

***************************************************

If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,112 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:46 AM

Posted 10 August 2011 - 03:45 AM

Hello, if you still need help, please see the previous post for instructions on running DDS and GMER and post me the required logs. If you encounter any problem, just let me know.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#4 civil3

civil3
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:01:46 AM

Posted 11 August 2011 - 05:54 AM

Hello,

Here are the logs from DDS and GMER.

Thanks for the help

Attached Files



#5 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,112 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:46 AM

Posted 11 August 2011 - 06:54 AM

Hi again,

COMBOFIX
---------------
Please download ComboFix from one of these locations:
Bleepingcomputer
ForoSpyware
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#6 civil3

civil3
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:01:46 AM

Posted 11 August 2011 - 01:49 PM

Hello,

Here is the combofix log.

But the problem remains...

Thanks for you help

Attached Files

  • Attached File  log.txt   15.56KB   1 downloads


#7 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,112 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:46 AM

Posted 11 August 2011 - 02:11 PM

Is it possible to create a screenshot and post it so I can see what exactly is happening?

CF-SCRIPT
-------------
We need to execute a CF-script.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click Start > Run and in the box that opens type notepad and press enter. Copy/paste the text in the codebox below into it:
File::
c:\windows\System32\sw20.exe
c:\windows\System32\sw24.exe

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SW24"=-
"SW20"=-

Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#8 civil3

civil3
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:01:46 AM

Posted 12 August 2011 - 02:37 AM

Hello,

When i push this buttons to insert punctuation on the leters it duplicates and cant put it on the letter. like the virus bugbear does.

example:
i want write:
and it does:~~a 创a

Heres the new combofix log

Thanks

Attached Files



#9 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,112 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:46 AM

Posted 12 August 2011 - 04:59 AM

example:
i want write:
and it does:~~a 创a

Click Start > Control Panel. Double click on Regional and Language settings. Click the Languages tab and then the Details button.

Make sure the options English (United States) and keyboard US are set, click Apply/OK and let me know if the issue is fixed.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#10 civil3

civil3
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:01:46 AM

Posted 12 August 2011 - 10:00 AM

Hello,

No the problem remains :wacko:

Attached Files

  • Attached File  001.JPG   43.86KB   1 downloads


#11 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,112 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:46 AM

Posted 12 August 2011 - 10:04 AM

Yes, thats because you have set default to Portuguese, not English. :) You need to click (highlight) the first option in the list, then click OK.

However, I know this may be buggy. If you do not use the Portuguese keyboard lay out, better is to delete that option altogether, otherwise it will switch automatically when it sees something Portuguese (highlight the second option and click Remove).

You can also switch using the Language icon in the taskbar.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#12 civil3

civil3
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:01:46 AM

Posted 12 August 2011 - 11:39 AM

yes im using the Portuguese Keyboard!

Im gonna take it to format and install windows again.

Thanks for all the help

#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,112 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:46 AM

Posted 12 August 2011 - 12:19 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users