Archived from groups: microsoft.public.windowsxp.help_and_support (
More info?)
Just to update
I´ve manage to remove the abrtcp.dll from the system, after using the
Windows installation disk (the dll was loaded so early that even in safe
mode with prompt I couldn't remove it). And, when I was about to do that, I
noticed that the IE was redirecting me to the web page www.winantivirus.com
and search42.com web site every time I typed on google, via the adress bar,
words like virus, spyware, etc... So be aware of this web page and this soft
and the .dll. And also, NOD32, Trend House Call Beta, MicrosoftAntiSpyware,
Ad-aware and Spybot, NONE could remove or identify the infection.
"Rogerito" wrote:
> hello again
> This is my Hijackthis log file:
>
>
> Logfile of HijackThis v1.99.1
> Scan saved at 21:25:06, on 2/5/2005
> Platform: Windows XP SP2 (WinNT 5.01.2600)
> MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
>
> Running processes:
> C:\WINDOWS\System32\smss.exe
> C:\WINDOWS\system32\winlogon.exe
> C:\WINDOWS\system32\services.exe
> C:\WINDOWS\system32\lsass.exe
> C:\WINDOWS\system32\svchost.exe
> C:\WINDOWS\System32\svchost.exe
> C:\WINDOWS\system32\spoolsv.exe
> C:\WINDOWS\Explorer.EXE
> C:\WINDOWS\System32\svchost.exe
> C:\Arquivos de programas\KYE\Genius NetScroll Optical Mouse\mouseElf.exe
> C:\Arquivos de programas\Internet Explorer\iexplore.exe
> C:\WINDOWS\system32\wuauclt.exe
> C:\Documents and Settings\Rogerio\Meus documentos\Download\HijackThis.exe
>
> R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
> http://ww1.sao.terra.com.br/
> R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
> http://ww1.sao.terra.com.br/
> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title =
>
> O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
> C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
> O2 - BHO: MSEvents Object - {44240BB5-BD7D-4D49-A1AA-8AB0F3D3CB44} -
> C:\WINDOWS\AppPatch\abrtcp.dll
> O4 - HKLM\..\Run: [mouseElf] C:\Arquivos de programas\KYE\Genius NetScroll
> Optical Mouse\mouseElf.exe
> O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
> O8 - Extra context menu item: E&xportar para o Microsoft Excel -
> res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000
> O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
> C:\WINDOWS\System32\msjava.dll
> O9 - Extra 'Tools' menuitem: Sun Java Console -
> {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
> O9 - Extra button: Criar 'Favorito móvel' -
> {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MI3AA1~1\inetrepl.dll
> O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} -
> C:\ARQUIV~1\MI3AA1~1\inetrepl.dll
> O9 - Extra 'Tools' menuitem: Criar 'Favorito móvel'... -
> {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MI3AA1~1\inetrepl.dll
> O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
> C:\Arquivos de programas\Messenger\msmsgs.exe
> O9 - Extra 'Tools' menuitem: Windows Messenger -
> {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de
> programas\Messenger\msmsgs.exe
> O14 - IERESET.INF:
> SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
> O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) -
>
https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://www.viewpoint.com/cgi-bin/installer.v4/vet_install_popup.pl?1&4&04.00.08.43&unknown&unknown&http://www.toyota.com/vehicles/2005/prius/key_features/pc/index.html
> O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) -
>
http://housecall-beta.trendmicro.com/housecall/xscan60.cab
> O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) -
>
http://www.cult3d.com/download/cult.cab
> O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) -
>
http://simcity.ea.com/update/EARTPX.cab
> O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
>
http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1101236142125
> O20 - Winlogon Notify: abrtcp - C:\WINDOWS\AppPatch\abrtcp.dll
> O23 - Service: ATM Service (ATMsrvc) - Adobe Systems Incorporated -
> C:\WINDOWS\System32\ATMsrvc.exe
> O23 - Service: Diskeeper - Executive Software International, Inc. -
> C:\Arquivos de programas\Executive Software\DiskeeperLite\DKService.exe
>
>
> As you can see on entries 02 and 020 there's that dll I mentioned before,
> abrtcp.dll, that nobody knows what is it. I'm sure that's the bug responsible
> for the problem (as it shows up in the explorer.exe task) but I just can't
> get rid of it. No anti-spyware or anti-virus seems recognize this as a bug,
> there're no mentions on google and I just can't delete from my system
> (hijackthis couldn't and if I start windows in safe mode, I can't either). So
> the prize question is: how can I remove this dll? Are thre any programs good
> for that? Should I look for any other software in my machine linked to this
> dll? Thank You all very much?
>
>
>
>