gurulook

Hi everybody,
Since a few days i'm waiting for a kind-hearted person who perhaps once had the same bad experience like i'm having now and sets value on being helped, so if someone can help me come out of this devil of a row, because meanwhile it´s also my 2k OS getting the same symptoms as the Me, I would be glad.
here's my KJT log file:Logfile of HijackThis v1.98.2
Scan saved at 23:53:55, on 23-09-2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)

Running processes:
C:\WINDOWS.001\SYSTEM\KERNEL32.DLL
C:\WINDOWS.001\SYSTEM\MSGSRV32.EXE
C:\WINDOWS.001\SYSTEM\SPOOL32.EXE
C:\WINDOWS.001\SYSTEM\MPREXE.EXE
C:\WINDOWS.001\SYSTEM\MSTASK.EXE
C:\PROGRAMAS\SYGATE\SPF\SMC.EXE
C:\WINDOWS.001\SYSTEM\SSDPSRV.EXE
C:\WINDOWS.001\EXPLORER.EXE
C:\WINDOWS.001\TASKMON.EXE
C:\WINDOWS.001\SYSTEM\SYSTRAY.EXE
C:\WINDOWS.001\SYSTEM\RESTORE\STMGR.EXE
C:\PROGRAMAS\ALCATEL\SPEEDTOUCH USB\DRAGDIAG.EXE
C:\WINDOWS.001\SYSTEM\HPOOPM07.EXE
C:\WINDOWS.001\RUNDLL32.EXE
C:\WINDOWS.001\SYSTEM\NWIZ.EXE
C:\WINDOWS.001\SYSTEM\DDHELP.EXE
C:\PROGRAMAS\MEAYA\POPUP AD FILTER\POPFILTER.EXE
C:\WINDOWS.001\SYSTEM\WMIEXE.EXE
C:\WINDOWS.001\SYSTEM\STIMON.EXE
C:\WINDOWS.001\SYSTEM\RNAAPP.EXE
C:\WINDOWS.001\SYSTEM\TAPISRV.EXE
C:\PROGRAMAS\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS.001\AMBIENTE DE TRABALHO\HIJACKTHIS.EXE
C:\PROGRAMAS\WINZIP\WINZIP32.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMAS\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS.001\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Programas\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\SYGATE\SPF\SMC.EXE -startgui
O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] C:\WINDOWS.001\SYSTEM\hpoopm07.exe
O4 - HKLM\..\Run: [SDaemon] C:\WINDOWS.001\sdaemon.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS.001\SYSTEM\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SWd] C:\WINDOWS.001\winwd.exe
O4 - HKLM\..\Run: [AVGCtrl] C:\PROGRAMAS\AVPERSONAL\AVGCTRL.EXE /min
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS.001\SYSTEM\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS.001\scanregw.exe /autorun
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SmcService] C:\PROGRAMAS\SYGATE\SPF\SMC.EXE
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS.001\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS.001\SYSTEM\ssdpsrv.exe
O4 - HKCU\..\Run: [Popup Ad Filter] C:\Programas\Meaya\Popup Ad Filter\PopFilter.exe
O4 - HKCU\..\Run: [SpySweeper] C:\Programas\Webroot\Spy Sweeper\SpySweeper.exe /0
O9 - Extra button: Copernic - {2A465936-E5F0-11D2-91B5-00104B9C4765} - C:\Programas\Copernic 2001 Pro\Copernic.exe
O9 - Extra button: (no name) - {2A465934-E5F0-11D2-91B5-00104B9C4765} - C:\Programas\Copernic 2001 Pro\Copernic.exe
O9 - Extra 'Tools' menuitem: Launch Copernic 2001 - {2A465934-E5F0-11D2-91B5-00104B9C4765} - C:\Programas\Copernic 2001 Pro\Copernic.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS.001\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS.001\SYSTEM\MSJAVA.DLL
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab

batty_professor

I noticed your HJT logfile indicates Internet Explorer is in running processes. You can't fix processes that are open/running. See this thread IMPORTANT - Read This Before Posting For Malware Removal Help [Old]

__________________
It's better to know me and not need me than to need me and not know me. B.

While users are never under any obligation, if you feel the urge please feel free to visit our donation page. Every little bit helps.
And we thank you for your support.

Microsoft free Registered Linux user 397458

jgvernonco

Greetings,

I don't see anything in your log which alarms me. What does alarm me is that you are out on the web with IE5.0; that's cyber-suicide.

Make sure to update Windows and Internet Explorer at http://windowsupdate.microsoft.com.

If you are having symptoms that cannot be explained, please let us know.

__________________




Donations keep TSF moving forward. Please help.

http://www.myspace.com/speedbumpthecelt

gurulook

Hi,
You're right about security bugs and permeability in IE5, however if you install a few applications and follow same safety proceedings it´s much the same like the other Ibrowsers.
For instance, yesterday i upgrade to service pack3 and added ie-spyad runned my old AV mcafee 7 and found another trojan: vbs/inor in temporary internet folder, a few days ago i had tr/dldr.small.qz and tr/winad.A, which i removed with trend micro on-line scan and now it comes the weird coincidence:since i've runned AV Guard(german) and principally after updated AV dat files started to be infected with all kind of malware;do you know something about this? or someone who have experienced the same?
By my Me OS also disappear a few applications and their shortcuts became unuseful...couldn´t use the system restore because Rstrui.exe didn´t run and it had ram memory.
Thanx