winipd/wincore problema.

Folks, i am from Brasil and unfortunatelly i've got this WINUPD/WINCORE problem. This is really a performance bug. I am tired off hitting enter. PLESE HELP ME OUT!!!

Thanks in advance.

I've already got my highjack log, as follows:
Logfile of HijackThis v1.97.7
Scan saved at 00:33:15, on 21/9/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe
C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Arquivos de programas\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\System32\RegSrvc.exe
C:\Arquivos de programas\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\tp4serv.exe
C:\ARQUIV~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Arquivos de programas\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Arquivos de programas\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\WINDOWS\System32\RunDll32.exe
C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\1XConfig.exe
C:\Arquivos de programas\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Arquivos de programas\Messenger\msmsgs.exe
C:\Arquivos de programas\Avant Browser\iexplore.exe
C:\Arquivos de programas\Miranda IM\miranda32.exe
C:\Arquivos de programas\Outlook Express\MSIMN.EXE
C:\Arquivos de programas\Yahoo! Acesso Gratis\newdialer.exe
C:\Nova pasta\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://spiderman

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {1433F750-E53F-11D8-9669-0800200C9A66} - c:\windows\system32\STRAd32.dll

O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:\ARQUIV~1\FRESHD~1\FRESHD~2\fdcatch.dll

O2 - BHO: (no name) - {7E6CDC1C-3B90-47D7-B2A8-24438CA96075} - C:\Arquivos de programas\Yahoo! Acesso Gratis\bho.dll

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Arquivos de programas\Norton SystemWorks\Norton Antivirus\NavShExt.dll

O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Arquivos de programas\Norton SystemWorks\Norton Antivirus\NavShExt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe

O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [TPHOTKEY] C:\ARQUIV~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe

O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE

O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Arquivos de programas\ThinkPad\Utilities\TpKmapAp.exe -helper

O4 - HKLM\..\Run: [TP4EX] tp4ex.exe

O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Arquivos de programas\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [UC_Start] C:\IBMTools\Updater\ucstartup.exe

O4 - HKLM\..\Run: [ibmmessages] C:\Arquivos de programas\IBM\Messages By IBM\ibmmessages.exe

O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE

O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor

O4 - HKLM\..\Run: [ccApp] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe "

O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon

O4 - HKCU\..\Run: [Yahoo! Acesso Gratis] "C:\Arquivos de programas\Yahoo! Acesso Gratis\autoupdate.exe "

O4 - Startup: HotSync Manager.lnk = C:\Arquivos de programas\palmOne\HOTSYNC.EXE

O8 - Extra context menu item: Abrir Todos os Links Desta Página... - C:\Arquivos de programas\Avant Browser\OpenAllLinks.htm

O8 - Extra context menu item: Adicionar à Lista Negra de Anúncios - C:\Arquivos de programas\Avant Browser\AddToADBlackList.htm

O8 - Extra context menu item: Bloquear Todas as Imagens do Mesmo Servidor - C:\Arquivos de programas\Avant Browser\AddAllToADBlackList.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Marcar - C:\Arquivos de programas\Avant Browser\Highlight.htm

O8 - Extra context menu item: Pesquisar - C:\Arquivos de programas\Avant Browser\Search.htm

O9 - Extra 'Tools' menuitem: Console Java da IBM (HKLM)

O9 - Extra button: Pesquisar (HKLM)

O9 - Extra button: Related (HKLM)

O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)

O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll

O11 - Options group: [JAVA_IBM] Java (IBM)

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38178.3514583333

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = krypton.metatron.com.br

O17 - HKLM\Software\..\Telephony: DomainName = krypton.metatron.com.br

O17 - HKLM\System\CCS\Services\Tcpip\..\{35759E11-AEDA-4609-AA22-ACA0EE2F7E9D}: NameServer = 200.222.0.34 200.202.193.75

O17 - HKLM\System\CCS\Services\Tcpip\..\{47F42723-AF1F-4147-BD4E-95836CCEF267}: Domain = krypton.metatron.com.br

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = krypton.metatron.com.br

O17 - HKLM\System\CS1\Services\Tcpip\..\{35759E11-AEDA-4609-AA22-ACA0EE2F7E9D}: NameServer = 200.222.0.34 200.202.193.75

 

You should go to this link,
http://www.majorgeeks.com/download3155.html
and get the latest version of HijackThis.
While you are at it, get LSPfix.Exe, you are going to need it. Go ahead and run it, and let it remove 'inetadpt.dll', reboot and delete the file 'c:\windows\system32\inetadpt.dll'. Then post a new HJT log from the latest version above.
When you are clean, you should update your XP to SP2.

 

Main problem solved, I think.

Dear Mark, after I posted this yesterday, I started reading again the other posts and decided to do some of the recommendations mentioned in another post with a similar problem. I manually removed inetadpt and deleted some entries that were clearly wrong with HJT.

After I run LSPfix and reboot, the winupd annoying popups stopped!!! I'am not sure everything is OK but the major problem is solved. I will get the new HJT and post it here but many many many many thanks for your quick response. People like you (interested in others problems) really make the world better. Thanks again, regards (abraços), Alex.

 

It would be good to post your log, and see if anything was missed, glad you are happy with the results so far.