superquestions
asked on
hijackthis.log
Anything wrong? Take a look...
Logfile of HijackThis v1.97.6
Scan saved at 18:04:04, on 17/10/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32
C:\WINDOWS\SYSTEM\MSGSRV32
C:\WINDOWS\SYSTEM\SPOOL32.
C:\WINDOWS\SYSTEM\MPREXE.E
C:\WINDOWS\SYSTEM\SSDPSRV.
C:\WINDOWS\SYSTEM\MDM.EXE
C:\ARQUIVOS DE PROGRAMAS\GRISOFT\AVG6\AVG
C:\WINDOWS\SYSTEM\mmtask.t
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.
C:\WINDOWS\SYSTEM\RESTORE\
C:\WINDOWS\SM56HLPR.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\S4TSR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.E
C:\WINDOWS\SYSTEM\ICSMGR.E
C:\WINDOWS\SYSTEM\DDHELP.E
C:\ARQUIVOS DE PROGRAMAS\GRISOFT\AVG6\AVG
C:\WINDOWS\LOADQM.EXE
C:\ARQUIVOS DE PROGRAMAS\MSN APPS\UPDATER\01.02.3000.10
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\PSTORES.
C:\WINDOWS\TEMP\TD_0001.DI
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-7
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-6
O2 - BHO: (no name) - {9394EDE7-C8B5-483E-8773-4
O3 - Toolbar: @msdxmLC.dll,-1@1046,&Rádi
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-6
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Suppor
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPw
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SiSAudio] C:\WINDOWS\SYSTEM\MP_S3.ex
O4 - HKLM\..\Run: [DisableEHCI] C:\WINDOWS\S4TSR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dl
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ICSMGR] ICSMGR.EXE
O4 - HKLM\..\Run: [AVG_CC] C:\ARQUIV~1\GRISOFT\AVG6\a
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [msnappau] "C:\Arquivos de programas\MSN Apps\Updater\01.02.3000.10
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPw
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\ARQUIV~1\GRISOFT\AVG6\A
O4 - Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE
O4 - Startup: MRU-Blaster Scheduler.lnk = C:\Programas\MRU-Blaster\s
O4 - Startup: MRU-Blaster Silent Clean.lnk = C:\Programas\MRU-Blaster\m
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-4
Logfile of HijackThis v1.97.6
Scan saved at 18:04:04, on 17/10/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32
C:\WINDOWS\SYSTEM\MSGSRV32
C:\WINDOWS\SYSTEM\SPOOL32.
C:\WINDOWS\SYSTEM\MPREXE.E
C:\WINDOWS\SYSTEM\SSDPSRV.
C:\WINDOWS\SYSTEM\MDM.EXE
C:\ARQUIVOS DE PROGRAMAS\GRISOFT\AVG6\AVG
C:\WINDOWS\SYSTEM\mmtask.t
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.
C:\WINDOWS\SYSTEM\RESTORE\
C:\WINDOWS\SM56HLPR.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\S4TSR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.E
C:\WINDOWS\SYSTEM\ICSMGR.E
C:\WINDOWS\SYSTEM\DDHELP.E
C:\ARQUIVOS DE PROGRAMAS\GRISOFT\AVG6\AVG
C:\WINDOWS\LOADQM.EXE
C:\ARQUIVOS DE PROGRAMAS\MSN APPS\UPDATER\01.02.3000.10
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\PSTORES.
C:\WINDOWS\TEMP\TD_0001.DI
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-7
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-6
O2 - BHO: (no name) - {9394EDE7-C8B5-483E-8773-4
O3 - Toolbar: @msdxmLC.dll,-1@1046,&Rádi
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-6
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Suppor
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPw
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SiSAudio] C:\WINDOWS\SYSTEM\MP_S3.ex
O4 - HKLM\..\Run: [DisableEHCI] C:\WINDOWS\S4TSR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dl
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ICSMGR] ICSMGR.EXE
O4 - HKLM\..\Run: [AVG_CC] C:\ARQUIV~1\GRISOFT\AVG6\a
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [msnappau] "C:\Arquivos de programas\MSN Apps\Updater\01.02.3000.10
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPw
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\ARQUIV~1\GRISOFT\AVG6\A
O4 - Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE
O4 - Startup: MRU-Blaster Scheduler.lnk = C:\Programas\MRU-Blaster\s
O4 - Startup: MRU-Blaster Silent Clean.lnk = C:\Programas\MRU-Blaster\m
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-4
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I am sorry. 3 unknown running processes and 1 unknown application.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
C:\WINDOWS\SM56HLPR.EXE
Unknown running process. (SM56HLPR.EXE)
This is a unknown process.
C:\WINDOWS\S4TSR.EXE
Unknown running process. (S4TSR.EXE)
This is a unknown process.
C:\WINDOWS\SYSTEM\ICSMGR.E
Unknown running process. (ICSMGR.EXE)
This is a unknown process.
O4 - HKLM\..\Run: [DisableEHCI] C:\WINDOWS\S4TSR.EXE
Unknown The entered application DisableEHCI was identified: None. Hit rate: 5 % (result) Unknown application.