Options

Asking for help (Hijack This Log)

Unknown
edited May 2006 in Spyware & Virus Removal
Hi, I'd like to ask for a help. Need to clear my friends computer full of spyware. Unfortunately I don't know how to do it exactly. So if somebody can help me, I'll be really glad. Thanks a lot.

Uluk@centrum.cz

Hijack This report..

Logfile of HijackThis v1.99.1
Scan saved at 18:58:51, on 20/05/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\ARCHIVOS DE PROGRAMA\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\MSN APPS\UPDATER\01.03.0000.1005\ES\MSNAPPAU.EXE
C:\PROGRAM FILES\HIJACK THIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer proporcionado por Telefónica Net
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\ARCHIVOS DE PROGRAMA\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - C:\ARCHIVOS DE PROGRAMA\MYWAY\SRCHASTT\1.BIN\MYSRCHAS.DLL (file missing)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.5000.1021\ES\MSNTB.DLL
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\PROGRAM FILES\MSN APPS\ST\01.03.0000.1005\EN-XU\STMAIN.DLL
O2 - BHO: (no name) - {196B9CB5-4C83-46F7-9B06-9672ECD9D99B} - C:\WINDOWS\SYSTEM\winbrume.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.5000.1021\ES\MSNTB.DLL
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Winkkne] C:\WINDOWS\SYSTEM\Winkkne.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb03.exe
O4 - HKLM\..\Run: [PSDrvCheck] "C:\Archivos de programa\Pinnacle\Instant PhotoAlbum\programs\PSDrvCheck.exe" -CheckReg
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [Ulead Memory Card Detector] C:\Archivos de programa\Ulead Systems\Ulead Photo Explorer 7.0\Monitor.exe
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [Gene USB Monitor] C:\WINDOWS\SYSTEM\USBMonit.exe
O4 - HKLM\..\Run: [VERBATIM STORE 'N' G] c:\archivos de programa\verbatim store n go\verbatim store 'n' go.exe sys_auto_run C:\ARCHIVOS DE PROGRAMA\VERBATIM STORE N GO
O4 - HKLM\..\Run: [msnappau] "c:\program files\MSN Apps\Updater\01.03.0000.1005\es\msnappau.exe"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [shell] "C:\WINDOWS\SYSTEM\ibm00001.exe"
O4 - HKCU\..\Run: [0mcamcap] C:\WINDOWS\SYSTEM\0mcamcap.exe
O4 - Startup: CAMEDIA Master.lnk = C:\Archivos de programa\OLYMPUS\CAMEDIA Master 4.1\CM_camera.exe
O4 - Startup: NkvMon.exe.lnk = C:\Archivos de programa\Nikon\NkView6\NkvMon.exe
O4 - Startup: Adobe Gamma Loader.lnk = C:\Archivos de programa\Archivos comunes\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - User Startup: CAMEDIA Master.lnk = C:\Archivos de programa\OLYMPUS\CAMEDIA Master 4.1\CM_camera.exe
O4 - User Startup: NkvMon.exe.lnk = C:\Archivos de programa\Nikon\NkView6\NkvMon.exe
O4 - User Startup: Adobe Gamma Loader.lnk = C:\Archivos de programa\Archivos comunes\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Search - http://speedbar.myway.com/menusearch.html?p=MG1
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O12 - Plugin for .mpg: C:\ARCHIV~1\INTERN~1\PLUGINS\npqtplugin3.dll
O15 - Trusted Zone: www.1987324.com
O15 - Trusted Zone: www.sgrunt.biz
O15 - Trusted Zone: www.powersoft.name
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O21 - SSODL: Internet Explorer - {F28A40D7-AD0E-034A-C651-5F0ED76232E6} - C:\WINDOWS\SYSTEM\Maljol32.dll (file missing)

Comments

  • CrunchieCrunchie Mandurah. Western Australia. Member
    edited May 2006
    Can you please do the following.

    ===============

    Scan with HiJackThis, then check(tick) the following, if present:


    O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - C:\ARCHIVOS DE PROGRAMA\MYWAY\SRCHASTT\1.BIN\MYSRCHAS.DLL (file missing)
    O2 - BHO: (no name) - {196B9CB5-4C83-46F7-9B06-9672ECD9D99B} - C:\WINDOWS\SYSTEM\winbrume.dll

    O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
    O4 - HKCU\..\Run: [shell] "C:\WINDOWS\SYSTEM\ibm00001.exe"
    O4 - HKCU\..\Run: [0mcamcap] C:\WINDOWS\SYSTEM\0mcamcap.exe

    O8 - Extra context menu item: &Search - http://speedbar.myway.com/menusearch.html?p=MG1

    O15 - Trusted Zone: www.1987324.com
    O15 - Trusted Zone: www.sgrunt.biz
    O15 - Trusted Zone: www.powersoft.name

    O21 - SSODL: Internet Explorer - {F28A40D7-AD0E-034A-C651-5F0ED76232E6} - C:\WINDOWS\SYSTEM\Maljol32.dll


    Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".

    ===============

    Locate and delete the following item(s), if present. Make sure you are able to view system and hidden files/ folders:

    files...

    C:\WINDOWS\SYSTEM\winbrume.dll
    C:\winstall.exe
    C:\WINDOWS\SYSTEM\ibm00001.exe
    C:\WINDOWS\SYSTEM\0mcamcap.exe
    C:\WINDOWS\SYSTEM\Maljol32.dll

    -

    Note that some of these file(s)/folder(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them in "Safe Mode".

    -

    Reboot.

    ===============

    After rebooting, rescan with hijackthis and post back a new log. Please let me know how your pc is now.
  • ulukan
    edited May 2006
    Hi Crunchie, thanks a lot for your time and help. I did exactly what you have told me and here is the result of the scan after reboot.

    Logfile of HijackThis v1.99.1
    Scan saved at 0:30:15, on 22/05/06
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MDM.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\WINDOWS\SYSTEM\HPZTSB03.EXE
    C:\WINDOWS\SYSTEM\QTTASK.EXE
    C:\ARCHIVOS DE PROGRAMA\ULEAD SYSTEMS\ULEAD PHOTO EXPLORER 7.0\MONITOR.EXE
    C:\WINDOWS\DIT.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\USBMONIT.EXE
    C:\PROGRAM FILES\MSN APPS\UPDATER\01.03.0000.1005\ES\MSNAPPAU.EXE
    C:\ARCHIVOS DE PROGRAMA\OLYMPUS\CAMEDIA MASTER 4.1\CM_CAMERA.EXE
    C:\ARCHIVOS DE PROGRAMA\NIKON\NKVIEW6\NKVMON.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\HIJACK THIS\HIJACKTHIS.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer proporcionado por Telefónica Net
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\ARCHIVOS DE PROGRAMA\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.5000.1021\ES\MSNTB.DLL
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\PROGRAM FILES\MSN APPS\ST\01.03.0000.1005\EN-XU\STMAIN.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.5000.1021\ES\MSNTB.DLL
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [Winkkne] C:\WINDOWS\SYSTEM\Winkkne.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb03.exe
    O4 - HKLM\..\Run: [PSDrvCheck] "C:\Archivos de programa\Pinnacle\Instant PhotoAlbum\programs\PSDrvCheck.exe" -CheckReg
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    O4 - HKLM\..\Run: [Ulead Memory Card Detector] C:\Archivos de programa\Ulead Systems\Ulead Photo Explorer 7.0\Monitor.exe
    O4 - HKLM\..\Run: [Dit] Dit.exe
    O4 - HKLM\..\Run: [Gene USB Monitor] C:\WINDOWS\SYSTEM\USBMonit.exe
    O4 - HKLM\..\Run: [VERBATIM STORE 'N' G] c:\archivos de programa\verbatim store n go\verbatim store 'n' go.exe sys_auto_run C:\ARCHIVOS DE PROGRAMA\VERBATIM STORE N GO
    O4 - HKLM\..\Run: [msnappau] "c:\program files\MSN Apps\Updater\01.03.0000.1005\es\msnappau.exe"
    O4 - HKLM\..\Run: [ZPoint] C:\WINDOWS\SYSTEM\winmuse.exe
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
    O4 - Startup: CAMEDIA Master.lnk = C:\Archivos de programa\OLYMPUS\CAMEDIA Master 4.1\CM_camera.exe
    O4 - Startup: NkvMon.exe.lnk = C:\Archivos de programa\Nikon\NkView6\NkvMon.exe
    O4 - Startup: Adobe Gamma Loader.lnk = C:\Archivos de programa\Archivos comunes\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - User Startup: CAMEDIA Master.lnk = C:\Archivos de programa\OLYMPUS\CAMEDIA Master 4.1\CM_camera.exe
    O4 - User Startup: NkvMon.exe.lnk = C:\Archivos de programa\Nikon\NkView6\NkvMon.exe
    O4 - User Startup: Adobe Gamma Loader.lnk = C:\Archivos de programa\Archivos comunes\Adobe\Calibration\Adobe Gamma Loader.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
    O12 - Plugin for .mpg: C:\ARCHIV~1\INTERN~1\PLUGINS\npqtplugin3.dll
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab

    PD: After reboot it shows me the message that the program ibm00001 could not find some library or same part which is necessary to start the program..
  • CrunchieCrunchie Mandurah. Western Australia. Member
    edited May 2006
    Can you please do the following.


    ===============

    Go to Add/Remove programs and remove(uninstall) the following, if present:

    EZula Toptext

    The above could appear anywhere within the entry. Be careful not to remove any personal or system software.

    ===============

    Scan with HiJackThis, then check(tick) the following, if present:


    O4 - HKLM\..\Run: [Winkkne] C:\WINDOWS\SYSTEM\Winkkne.exe
    O4 - HKLM\..\Run: [ZPoint] C:\WINDOWS\SYSTEM\winmuse.exe


    Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".

    ===============

    Locate and delete the following item(s), if present. Make sure you are able to view system and hidden files/ folders:

    files...

    C:\WINDOWS\SYSTEM\Winkkne.exe
    C:\WINDOWS\SYSTEM\winmuse.exe

    -

    Note that some of these file(s)/folder(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them in "Safe Mode".

    -

    Reboot.

    ===============

    1. Download and install Ad-Aware SE, keeping the default options. However, some of the settings will need to be changed before your first scan

    2.Close ALL windows except Ad-Aware SE

    3. Click on the‘world’ icon at the top right of the Ad-Aware SE window and let AdAware SE update the reference list for the adware and malware.

    4. Once the update is finished click on the ‘Gear’ icon (second from the left at the top of the window) to access the preferences/settings window

    1) In the ‘General’ window make sure the following are selected in green:
    *Automatically save log-file
    *Automatically quarantine objects prior to removal
    *Safe Mode (always request confirmation)

    Under Definitions:
    *Prompt to udate outdated definitions - set the number of days


    2) Click on the ‘Scanning’ button on the left and select in green :

    Under Driver, Folders & Files:
    *Scan Within Archives

    Under Select drives & folders to scan -
    *choose all hard drives

    Under Memory & Registry: all green
    *Scan Active Processes
    *Scan Registry
    *Deep Scan Registry
    *Scan my IE favorites for banned URL’s
    *Scan my Hosts file


    3) Click on the ‘Advanced’ button on the left and select in green:

    Under Shell Integration:
    *Move deleted files to recycle bin

    Under Logfile Detail Level: (all green)
    *include addtional object information
    *DESELECT - include negligible objects information
    *include environment information

    Under Alternate Data Streams:
    *Don't log streams smaller than 0 bytes
    *Don't log ADS with the following names: CA_INOCULATEIT


    4) Click the ‘Tweak’ button and select in green:

    Under the ‘Scanning Engine’:
    *Unload recognized processes during scanning
    *Scan registry for all users instead of current user only


    Under the ‘Cleaning Engine’:
    *Let Windows remove files in use at next reboot


    Under the Log Files:
    *Include basic Ad-aware SE settings in logfile
    *Include additional Ad-aware SE settings in logfile
    *Please do not check or make green: Include Module list in logfile


    5. Click on ‘Proceed’ to save the settings.

    6. Click ‘Start’

    *Choose:'Perform Full System Scan'
    *DESELECT "Search for negligible risk entries", as negligible risk entries (MRU's) are not considered to be a threat.

    7. Click ‘Next’ and Ad-Aware SE will scan your hard drive(s) with the options you have selected and clean automatically.

    8. If Ad-Aware SE finds bad entries, you will receive a list of what it found in the window

    9. Save the log file when it asks and then click ‘finish’

    10. REBOOT to complete the removal of what Ad-Aware SE found

    Download & instal Spybot S&D 1.3 from here. Update it before scanning.
    After the scan is complete, have spybot fix everything marked RED.
    On the page that first opens when you start Spybot there is an option to immunise, you should do this. In the immunise section there is also a link to download Spywareblaster. This program will prevent the install of bad activex controls that it has knowledge of. Download that & you can keep it updated by selecting the same link that you use to download it. Reboot

    ==

    After rebooting, rescan with hijackthis and post back a new log. Please let me know how your pc is now.
  • ulukan
    edited May 2006
    Hi Crunchie,
    thanks a lot again. I did what you have written. I did not find the Ezula Toptext in my computer (Don't if it is important). The next steps I did completely. Here is the result after the last scan with Hijack This:

    Logfile of HijackThis v1.99.1
    Scan saved at 17:52:57, on 22/05/06
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\HIJACK THIS\HIJACKTHIS.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer proporcionado por Telefónica Net
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\ARCHIVOS DE PROGRAMA\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.5000.1021\ES\MSNTB.DLL
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\PROGRAM FILES\MSN APPS\ST\01.03.0000.1005\EN-XU\STMAIN.DLL
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARCHIV~1\SPYBOT~1\SDHELPER.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.5000.1021\ES\MSNTB.DLL
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb03.exe
    O4 - HKLM\..\Run: [PSDrvCheck] "C:\Archivos de programa\Pinnacle\Instant PhotoAlbum\programs\PSDrvCheck.exe" -CheckReg
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    O4 - HKLM\..\Run: [Ulead Memory Card Detector] C:\Archivos de programa\Ulead Systems\Ulead Photo Explorer 7.0\Monitor.exe
    O4 - HKLM\..\Run: [Dit] Dit.exe
    O4 - HKLM\..\Run: [Gene USB Monitor] C:\WINDOWS\SYSTEM\USBMonit.exe
    O4 - HKLM\..\Run: [VERBATIM STORE 'N' G] c:\archivos de programa\verbatim store n go\verbatim store 'n' go.exe sys_auto_run C:\ARCHIVOS DE PROGRAMA\VERBATIM STORE N GO
    O4 - HKLM\..\Run: [msnappau] "c:\program files\MSN Apps\Updater\01.03.0000.1005\es\msnappau.exe"
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
    O4 - Startup: CAMEDIA Master.lnk = C:\Archivos de programa\OLYMPUS\CAMEDIA Master 4.1\CM_camera.exe
    O4 - Startup: NkvMon.exe.lnk = C:\Archivos de programa\Nikon\NkView6\NkvMon.exe
    O4 - Startup: Adobe Gamma Loader.lnk = C:\Archivos de programa\Archivos comunes\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - User Startup: CAMEDIA Master.lnk = C:\Archivos de programa\OLYMPUS\CAMEDIA Master 4.1\CM_camera.exe
    O4 - User Startup: NkvMon.exe.lnk = C:\Archivos de programa\Nikon\NkView6\NkvMon.exe
    O4 - User Startup: Adobe Gamma Loader.lnk = C:\Archivos de programa\Archivos comunes\Adobe\Calibration\Adobe Gamma Loader.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
    O12 - Plugin for .mpg: C:\ARCHIV~1\INTERN~1\PLUGINS\npqtplugin3.dll
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab

    Unfortunately it still shows the same window at the beginning (could not find the archieve ibm00001 or some part of this).. But in fact this is the smallest problem of my friends PC.. .o)
  • CrunchieCrunchie Mandurah. Western Australia. Member
    edited May 2006
    That log is clean now. Other than the error message, how is the PC?

    Go here and download then run Silent Runners.vbs. It generates a log. Please post the information back in this thread.
    If you have a script blocking program, please allow the file to run. It is not malicious.
Sign In or Register to comment.