My friend just got this virus and unfortunately she knows very little about this, so I’m just trying to help her out…
NOD32 detected the virus but couldn’t remove it…
Any help would of course be greatly appreciated!
------------
Logfile of HijackThis v1.99.1
Scan saved at 01:31:36, on 12/5/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\ARQUIVOS DE PROGRAMAS\ARQUIVOS COMUNS\SYSTEM\MOSEARCH\BIN\MOSEARCH.EXE
C:\ARQUIVOS DE PROGRAMAS\ARQUIVOS COMUNS\MICROSOFT SHARED\VS7DEBUG\MDM.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\ARQUIVOS DE PROGRAMAS\ESET\NOD32KRN.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\ptsnoop.exe
C:\ARQUIVOS DE PROGRAMAS\HEWLETT-PACKARD\HP SOFTWARE UPDATE\HPWUSCHD.EXE
C:\ARQUIVOS DE PROGRAMAS\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOTDD01.EXE
C:\ARQUIVOS DE PROGRAMAS\HP\HPCORETECH\HPCMPMGR.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\ARQUIVOS DE PROGRAMAS\ESET\NOD32KUI.EXE
C:\WINDOWS\SYSTEM\CTFMON.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\ARQUIVOS DE PROGRAMAS\DISCADOR TELEFONICA\DDT.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\ARQUIVOS DE PROGRAMAS\INTERNET EXPLORER\IEXPLORE.EXE
C:\MEUS DOCUMENTOS\DOWNLOAD\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/spage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/spage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.itelefonica.terra.com.br/
O2 - BHO: (no name) - {24BACB06-675A-4F30-92E9-33A34B0A9063} - C:\WINDOWS\SYSTEM\LIJE.DLL
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [OEMCleanup] C:\WINDOWS\OPTIONS\OEMRESET.EXE /O
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [HP Software Update] "C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\ARQUIVOS DE PROGRAMAS\HP\HPCORETECH\HPCMPMGR.EXE"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb09.exe
O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
O4 - HKLM\..\Run: [nod32kui] "C:\Arquivos de programas\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [MOSearch] C:\ARQUIV~1\ARQUIV~1\SYSTEM\MOSEARCH\BIN\MOSEARCH.EXE
O4 - HKLM\..\RunServices: [MDM7] "C:\ARQUIVOS DE PROGRAMAS\ARQUIVOS COMUNS\MICROSOFT SHARED\VS7DEBUG\MDM.EXE"
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [NOD32kernel] "C:\Arquivos de programas\Eset\nod32krn.exe"
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE
O4 - Startup: Reboot.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\ARQUIV~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\ARQUIV~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: Microsoft AntiSpyware helper - {0E495699-4920-4FDA-8755-DFD4CD3199D3} - C:\WINDOWS\SYSTEM\WLDR.DLL (file missing)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {0E495699-4920-4FDA-8755-DFD4CD3199D3} - C:\WINDOWS\SYSTEM\WLDR.DLL (file missing)
O9 - Extra button: Microsoft AntiSpyware helper - {0E495699-4920-4FDA-8755-DFD4CD3199D3} - C:\WINDOWS\SYSTEM\WLDR.DLL (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {0E495699-4920-4FDA-8755-DFD4CD3199D3} - C:\WINDOWS\SYSTEM\WLDR.DLL (file missing) (HKCU)
O18 - Filter: text/html - {3A63BF42-4C52-4142-BFD1-0A011872F170} - C:\WINDOWS\SYSTEM\LIJE.DLL
O18 - Filter: text/plain - {3A63BF42-4C52-4142-BFD1-0A011872F170} - C:\WINDOWS\SYSTEM\LIJE.DLL