0

Can't access my own website (others can). One or two other sites as well. Here is the readout form HiJackthis. I'd really appreciate some help on this.
Paul Woolcock

Logfile of HijackThis v1.97.7
Scan saved at 12:41:16, on 29/05/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.50 (5.50.4134.0600)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\OFFICE51\SOINTGR.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\PROGRAM FILES\EXECUTIVE SOFTWARE\DISKEEPERLITE\DKSERVICE.EXE
C:\PROGRAM FILES\COMMON FILES\EPSON\EBAPI\SAGENT2.EXE
C:\WINDOWS\CPQDIAG\CPQDFWAG.EXE
C:\COMPAQ\INTERNET\CISRVR.EXE
C:\WINDOWS\DUNRMS.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\IGV6\SYSBRAND.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPENH.EXE
C:\CPQS\BWTOOLS\SCCENTER.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\HIDEFOLDERS\HF.EXE
C:\PROGRAM FILES\CYBERLAT\CYBERLAT RAM CLEANER 1.1\CYBERLAT RAM CLEANER 1,1.EXE
C:\PROGRAM FILES\FORCESHUTDOWN\FSD.EXE
C:\WINDOWS\SYSTEM\E_S10IC1.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\MSBB.EXE
C:\PROGRAM FILES\ERASER\ERASER.EXE
C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE
C:\PROGRAM FILES\IGV6\SYSBRAND.EXE
C:\PROGRAM FILES\JIBREEL INC\ANTICRASH\ANTICRASH.EXE
C:\PROGRAM FILES\YAHOO! ACESSO GRATIS\NEWDIALER.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.br/
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Compaq Internet Setup] C:\Compaq\Internet\InetWizard.exe /RUN
O4 - HKLM\..\Run: [CISrvr Program] C:\COMPAQ\INTERNET\CISRVR.EXE
O4 - HKLM\..\Run: [Service Connection] c:\cpqs\bwtools\sccenter.exe
O4 - HKLM\..\Run: [SO5 Integrator Pass Two] C:\OFFICE51\SOINTGR.EXE
O4 - HKLM\..\Run: [DUNRMS] C:\WINDOWS\dunrms.exe
O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [hf] C:\PROGRAM FILES\HIDEFOLDERS\HF.EXE /s
O4 - HKLM\..\Run: [CyberLat RAM Cleaner] C:\PROGRAM FILES\CYBERLAT\CYBERLAT RAM CLEANER 1.1\CyberLat Ram Cleaner 1,1.exe
O4 - HKLM\..\Run: [sureshotpopupkiller] "C:\PROGRAM FILES\STOP-THE-POP\STOPTHEPOP.EXE" -minimized
O4 - HKLM\..\Run: [Force Shutdown] C:\PROGRAM FILES\FORCESHUTDOWN\FSD.EXE
O4 - HKLM\..\Run: [EPSON Stylus C42 Series] C:\WINDOWS\SYSTEM\E_S10IC1.EXE /P23 "EPSON Stylus C42 Series" /O5 "LPT1:" /M "Stylus C42"
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [BEIL] C:\WINDOWS\BEIL.exe
O4 - HKLM\..\Run: [System Sentry] C:\PROGRA~1\EASYDE~1\SYSTEM~1\Protect.exe protect
O4 - HKLM\..\Run: [DEFSCAN_INSTALL.EXE] C:\WINDOWS\TEMP\EACDOWNLOAD\DEFSCAN_INSTALL.EXE -k
O4 - HKLM\..\Run: [msbb] c:\windows\msbb.exe
O4 - HKLM\..\Run: [ponap] C:\WINDOWS\ponap.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SO5 Integrator Pass One] C:\OFFICE51\SOINTGR.EXE
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKLM\..\RunServices: [DkService] C:\Program Files\Executive Software\DiskeeperLite\DkService.exe
O4 - HKLM\..\RunServices: [SAgent2ExePath] C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O4 - HKLM\..\RunServices: [CPQDFWAG] C:\WINDOWS\cpqdiag\CpqDfwAg.exe
O4 - HKCU\..\Run: [LangPort Startup] "C:\PROGRAM FILES\LANGPAD PORT\LANGPORT.TMP0"
O4 - HKCU\..\Run: [Eraser] C:\PROGRAM FILES\ERASER\ERASER.EXE -hide
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE"
O4 - HKCU\..\Run: [Yahoo! Acesso Gratis] "C:\Program Files\Yahoo! Acesso Gratis\autoupdate.exe"
O4 - HKCU\..\Run: [SysBrand] C:\Program Files\iGv6\sysbrand.exe
O4 - Startup: AntiCrash 5.0.lnk = C:\Program Files\Jibreel Inc\AntiCrash\AntiCrash.exe
O8 - Extra context menu item: &Look It Up - http://www.rent-right.com/_private/lookitup/LookItUp.htm
O8 - Extra context menu item: Add to filterlist (WebWasher) - http://-Web.Washer-/ie_add
O8 - Extra context menu item: Download with &FD - C:\PROGRAM FILES\FRESHDEVICES\FRESHDOWNLOAD\fdiectx.htm
O8 - Extra context menu item: Download &All by FD - C:\PROGRAM FILES\FRESHDEVICES\FRESHDOWNLOAD\fdiectx2.htm
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Free History Cleaner (HKLM)
O9 - Extra 'Tools' menuitem: Free History Cleaner (HKLM)
O9 - Extra button: Barra do iG (HKLM)
O9 - Extra button: Big Pond (HKCU)
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .mdx: C:\PROGRA~1\INTERN~1\PLUGINS\NPMDXJF.DLL
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com.au/
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38038.3012731482
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft.com/security/controls/SassCln.CAB

3
Contributors
8
Replies
9
Views
13 Years
Discussion Span
Last Post by Paul Woolcock
0

Logfile of HijackThis v1.97.7
Scan saved at 10:41:18, on 31/05/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.50 (5.50.4134.0600)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\OFFICE51\SOINTGR.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\PROGRAM FILES\EXECUTIVE SOFTWARE\DISKEEPERLITE\DKSERVICE.EXE
C:\PROGRAM FILES\COMMON FILES\EPSON\EBAPI\SAGENT2.EXE
C:\WINDOWS\CPQDIAG\CPQDFWAG.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\COMPAQ\INTERNET\CISRVR.EXE
C:\CPQS\BWTOOLS\SCCENTER.EXE
C:\WINDOWS\DUNRMS.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\HIDEFOLDERS\HF.EXE
C:\PROGRAM FILES\CYBERLAT\CYBERLAT RAM CLEANER 1.1\CYBERLAT RAM CLEANER 1,1.EXE
C:\PROGRAM FILES\FORCESHUTDOWN\FSD.EXE
C:\WINDOWS\SYSTEM\E_S10IC1.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\MSBB.EXE
C:\PROGRAM FILES\ERASER\ERASER.EXE
C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE
C:\PROGRAM FILES\IGV6\SYSBRAND.EXE
C:\PROGRAM FILES\JIBREEL INC\ANTICRASH\ANTICRASH.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=2c99&lc=0C09&s=search&i=enu
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=2c99&lc=0C09&s=search&i=enu
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=2c99&lc=0C09&s=search&i=enu
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Compaq Internet Setup] C:\Compaq\Internet\InetWizard.exe /RUN
O4 - HKLM\..\Run: [CISrvr Program] C:\COMPAQ\INTERNET\CISRVR.EXE
O4 - HKLM\..\Run: [Service Connection] c:\cpqs\bwtools\sccenter.exe
O4 - HKLM\..\Run: [SO5 Integrator Pass Two] C:\OFFICE51\SOINTGR.EXE
O4 - HKLM\..\Run: [DUNRMS] C:\WINDOWS\dunrms.exe
O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [hf] C:\PROGRAM FILES\HIDEFOLDERS\HF.EXE /s
O4 - HKLM\..\Run: [CyberLat RAM Cleaner] C:\PROGRAM FILES\CYBERLAT\CYBERLAT RAM CLEANER 1.1\CyberLat Ram Cleaner 1,1.exe
O4 - HKLM\..\Run: [sureshotpopupkiller] "C:\PROGRAM FILES\STOP-THE-POP\STOPTHEPOP.EXE" -minimized
O4 - HKLM\..\Run: [Force Shutdown] C:\PROGRAM FILES\FORCESHUTDOWN\FSD.EXE
O4 - HKLM\..\Run: [EPSON Stylus C42 Series] C:\WINDOWS\SYSTEM\E_S10IC1.EXE /P23 "EPSON Stylus C42 Series" /O5 "LPT1:" /M "Stylus C42"
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [BEIL] C:\WINDOWS\BEIL.exe
O4 - HKLM\..\Run: [System Sentry] C:\PROGRA~1\EASYDE~1\SYSTEM~1\Protect.exe protect
O4 - HKLM\..\Run: [DEFSCAN_INSTALL.EXE] C:\WINDOWS\TEMP\EACDOWNLOAD\DEFSCAN_INSTALL.EXE -k
O4 - HKLM\..\Run: [msbb] c:\windows\msbb.exe
O4 - HKLM\..\Run: [ponap] C:\WINDOWS\ponap.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SO5 Integrator Pass One] C:\OFFICE51\SOINTGR.EXE
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKLM\..\RunServices: [DkService] C:\Program Files\Executive Software\DiskeeperLite\DkService.exe
O4 - HKLM\..\RunServices: [SAgent2ExePath] C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O4 - HKLM\..\RunServices: [CPQDFWAG] C:\WINDOWS\cpqdiag\CpqDfwAg.exe
O4 - HKCU\..\Run: [LangPort Startup] "C:\PROGRAM FILES\LANGPAD PORT\LANGPORT.TMP0"
O4 - HKCU\..\Run: [Eraser] C:\PROGRAM FILES\ERASER\ERASER.EXE -hide
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE"
O4 - HKCU\..\Run: [Yahoo! Acesso Gratis] "C:\Program Files\Yahoo! Acesso Gratis\autoupdate.exe"
O4 - HKCU\..\Run: [SysBrand] C:\Program Files\iGv6\sysbrand.exe
O4 - Startup: AntiCrash 5.0.lnk = C:\Program Files\Jibreel Inc\AntiCrash\AntiCrash.exe
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Free History Cleaner (HKLM)
O9 - Extra 'Tools' menuitem: Free History Cleaner (HKLM)
O9 - Extra button: Barra do iG (HKLM)
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .mdx: C:\PROGRA~1\INTERN~1\PLUGINS\NPMDXJF.DLL
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38038.3012731482
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft.com/security/controls/SassCln.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2e529727a6ef04/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

0

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

O4 - HKLM\..\Run: [DUNRMS] C:\WINDOWS\dunrms.exe


O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe

O4 - HKLM\..\Run: [BEIL] C:\WINDOWS\BEIL.exe

O4 - HKLM\..\Run: [msbb] c:\windows\msbb.exe

O4 - HKLM\..\Run: [ponap] C:\WINDOWS\ponap.exe

Now reboot into safe mode and delete the following files and ders if found .

C:\WINDOWS\dunrms.exe...... delete file


C:\WINDOWS\BEIL.exe ...... delete file


c:\windows\msbb.exe ...... delete file


C:\WINDOWS\ponap.exe ...... delete file


to delete the above files and folder you will need to do the following
go to
Show hidden files & folders

"Fix Checked"...Reboot to SAFE mode to delete files
How to start computer in safe mode

reboot computer and post a new log

0

I'm moving this to our Security forum; that's where we concentrate on HijackThis log analysis and other "malware"-related problems.

:)

0

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

O4 - HKLM\..\Run: [DUNRMS] C:\WINDOWS\dunrms.exe


O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe

O4 - HKLM\..\Run: [BEIL] C:\WINDOWS\BEIL.exe

O4 - HKLM\..\Run: [msbb] c:\windows\msbb.exe

O4 - HKLM\..\Run: [ponap] C:\WINDOWS\ponap.exe

Now reboot into safe mode and delete the following files and ders if found .

C:\WINDOWS\dunrms.exe...... delete file


C:\WINDOWS\BEIL.exe ...... delete file


c:\windows\msbb.exe ...... delete file


C:\WINDOWS\ponap.exe ...... delete file


to delete the above files and folder you will need to do the following
go to
Show hidden files & folders

"Fix Checked"...Reboot to SAFE mode to delete files
How to start computer in safe mode

reboot computer and post a new log

After doing the first part the site was back. I just happened to check. I then went ahead and deleted the relevant files and folders (all of which were present). However now the damn things gone again. Suppose I just couldn't leave well alone. New HiJack log:

Logfile of HijackThis v1.97.7
Scan saved at 08:05:59, on 02/06/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.50 (5.50.4134.0600)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\OFFICE51\SOINTGR.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\PROGRAM FILES\EXECUTIVE SOFTWARE\DISKEEPERLITE\DKSERVICE.EXE
C:\PROGRAM FILES\COMMON FILES\EPSON\EBAPI\SAGENT2.EXE
C:\WINDOWS\CPQDIAG\CPQDFWAG.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\COMPAQ\INTERNET\CISRVR.EXE
C:\CPQS\BWTOOLS\SCCENTER.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\HIDEFOLDERS\HF.EXE
C:\PROGRAM FILES\CYBERLAT\CYBERLAT RAM CLEANER 1.1\CYBERLAT RAM CLEANER 1,1.EXE
C:\PROGRAM FILES\FORCESHUTDOWN\FSD.EXE
C:\WINDOWS\SYSTEM\E_S10IC1.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\PROGRAM FILES\ERASER\ERASER.EXE
C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE
C:\PROGRAM FILES\IGV6\SYSBRAND.EXE
C:\PROGRAM FILES\JIBREEL INC\ANTICRASH\ANTICRASH.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\YAHOO! ACESSO GRATIS\NEWDIALER.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=2c99&lc=0C09&s=search&i=enu
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.br/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=2c99&lc=0C09&s=search&i=enu
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=2c99&lc=0C09&s=search&i=enu
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Compaq Internet Setup] C:\Compaq\Internet\InetWizard.exe /RUN
O4 - HKLM\..\Run: [CISrvr Program] C:\COMPAQ\INTERNET\CISRVR.EXE
O4 - HKLM\..\Run: [Service Connection] c:\cpqs\bwtools\sccenter.exe
O4 - HKLM\..\Run: [SO5 Integrator Pass Two] C:\OFFICE51\SOINTGR.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [hf] C:\PROGRAM FILES\HIDEFOLDERS\HF.EXE /s
O4 - HKLM\..\Run: [CyberLat RAM Cleaner] C:\PROGRAM FILES\CYBERLAT\CYBERLAT RAM CLEANER 1.1\CyberLat Ram Cleaner 1,1.exe
O4 - HKLM\..\Run: [sureshotpopupkiller] "C:\PROGRAM FILES\STOP-THE-POP\STOPTHEPOP.EXE" -minimized
O4 - HKLM\..\Run: [Force Shutdown] C:\PROGRAM FILES\FORCESHUTDOWN\FSD.EXE
O4 - HKLM\..\Run: [EPSON Stylus C42 Series] C:\WINDOWS\SYSTEM\E_S10IC1.EXE /P23 "EPSON Stylus C42 Series" /O5 "LPT1:" /M "Stylus C42"
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [System Sentry] C:\PROGRA~1\EASYDE~1\SYSTEM~1\Protect.exe protect
O4 - HKLM\..\Run: [DEFSCAN_INSTALL.EXE] C:\WINDOWS\TEMP\EACDOWNLOAD\DEFSCAN_INSTALL.EXE -k
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SO5 Integrator Pass One] C:\OFFICE51\SOINTGR.EXE
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKLM\..\RunServices: [DkService] C:\Program Files\Executive Software\DiskeeperLite\DkService.exe
O4 - HKLM\..\RunServices: [SAgent2ExePath] C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O4 - HKLM\..\RunServices: [CPQDFWAG] C:\WINDOWS\cpqdiag\CpqDfwAg.exe
O4 - HKCU\..\Run: [LangPort Startup] "C:\PROGRAM FILES\LANGPAD PORT\LANGPORT.TMP0"
O4 - HKCU\..\Run: [Eraser] C:\PROGRAM FILES\ERASER\ERASER.EXE -hide
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE"
O4 - HKCU\..\Run: [Yahoo! Acesso Gratis] "C:\Program Files\Yahoo! Acesso Gratis\autoupdate.exe"
O4 - HKCU\..\Run: [SysBrand] C:\Program Files\iGv6\sysbrand.exe
O4 - Startup: AntiCrash 5.0.lnk = C:\Program Files\Jibreel Inc\AntiCrash\AntiCrash.exe
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Free History Cleaner (HKLM)
O9 - Extra 'Tools' menuitem: Free History Cleaner (HKLM)
O9 - Extra button: Barra do iG (HKLM)
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .mdx: C:\PROGRA~1\INTERN~1\PLUGINS\NPMDXJF.DLL
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38038.3012731482
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft.com/security/controls/SassCln.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2e529727a6ef04/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

0

I'm moving this to our Security forum; that's where we concentrate on HijackThis log analysis and other "malware"-related problems.

:)

Logfile of HijackThis v1.97.7
Scan saved at 08:05:59, on 02/06/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.50 (5.50.4134.0600)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\OFFICE51\SOINTGR.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\PROGRAM FILES\EXECUTIVE SOFTWARE\DISKEEPERLITE\DKSERVICE.EXE
C:\PROGRAM FILES\COMMON FILES\EPSON\EBAPI\SAGENT2.EXE
C:\WINDOWS\CPQDIAG\CPQDFWAG.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\COMPAQ\INTERNET\CISRVR.EXE
C:\CPQS\BWTOOLS\SCCENTER.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\HIDEFOLDERS\HF.EXE
C:\PROGRAM FILES\CYBERLAT\CYBERLAT RAM CLEANER 1.1\CYBERLAT RAM CLEANER 1,1.EXE
C:\PROGRAM FILES\FORCESHUTDOWN\FSD.EXE
C:\WINDOWS\SYSTEM\E_S10IC1.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\PROGRAM FILES\ERASER\ERASER.EXE
C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE
C:\PROGRAM FILES\IGV6\SYSBRAND.EXE
C:\PROGRAM FILES\JIBREEL INC\ANTICRASH\ANTICRASH.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\YAHOO! ACESSO GRATIS\NEWDIALER.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=2c99&lc=0C09&s=search&i=enu
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.br/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=2c99&lc=0C09&s=search&i=enu
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=2c99&lc=0C09&s=search&i=enu
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Compaq Internet Setup] C:\Compaq\Internet\InetWizard.exe /RUN
O4 - HKLM\..\Run: [CISrvr Program] C:\COMPAQ\INTERNET\CISRVR.EXE
O4 - HKLM\..\Run: [Service Connection] c:\cpqs\bwtools\sccenter.exe
O4 - HKLM\..\Run: [SO5 Integrator Pass Two] C:\OFFICE51\SOINTGR.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [hf] C:\PROGRAM FILES\HIDEFOLDERS\HF.EXE /s
O4 - HKLM\..\Run: [CyberLat RAM Cleaner] C:\PROGRAM FILES\CYBERLAT\CYBERLAT RAM CLEANER 1.1\CyberLat Ram Cleaner 1,1.exe
O4 - HKLM\..\Run: [sureshotpopupkiller] "C:\PROGRAM FILES\STOP-THE-POP\STOPTHEPOP.EXE" -minimized
O4 - HKLM\..\Run: [Force Shutdown] C:\PROGRAM FILES\FORCESHUTDOWN\FSD.EXE
O4 - HKLM\..\Run: [EPSON Stylus C42 Series] C:\WINDOWS\SYSTEM\E_S10IC1.EXE /P23 "EPSON Stylus C42 Series" /O5 "LPT1:" /M "Stylus C42"
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [System Sentry] C:\PROGRA~1\EASYDE~1\SYSTEM~1\Protect.exe protect
O4 - HKLM\..\Run: [DEFSCAN_INSTALL.EXE] C:\WINDOWS\TEMP\EACDOWNLOAD\DEFSCAN_INSTALL.EXE -k
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SO5 Integrator Pass One] C:\OFFICE51\SOINTGR.EXE
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKLM\..\RunServices: [DkService] C:\Program Files\Executive Software\DiskeeperLite\DkService.exe
O4 - HKLM\..\RunServices: [SAgent2ExePath] C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O4 - HKLM\..\RunServices: [CPQDFWAG] C:\WINDOWS\cpqdiag\CpqDfwAg.exe
O4 - HKCU\..\Run: [LangPort Startup] "C:\PROGRAM FILES\LANGPAD PORT\LANGPORT.TMP0"
O4 - HKCU\..\Run: [Eraser] C:\PROGRAM FILES\ERASER\ERASER.EXE -hide
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE"
O4 - HKCU\..\Run: [Yahoo! Acesso Gratis] "C:\Program Files\Yahoo! Acesso Gratis\autoupdate.exe"
O4 - HKCU\..\Run: [SysBrand] C:\Program Files\iGv6\sysbrand.exe
O4 - Startup: AntiCrash 5.0.lnk = C:\Program Files\Jibreel Inc\AntiCrash\AntiCrash.exe
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Free History Cleaner (HKLM)
O9 - Extra 'Tools' menuitem: Free History Cleaner (HKLM)
O9 - Extra button: Barra do iG (HKLM)
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .mdx: C:\PROGRA~1\INTERN~1\PLUGINS\NPMDXJF.DLL
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38038.3012731482
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft.com/security/controls/SassCln.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2e529727a6ef04/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.