Pop-up problems - hijack this log included

Discussion in 'Computer Security' started by Yue, Aug 15, 2006.

  1. Yue

    Yue New Member

    Messages:
    363
    Heya guys, got a few problems on my dads laptop.

    He be getting pop-up and general 'your system is full of spyware' messages.
    I checked the running processes and iexplorer.exe is open all the time dispite have no IE windows open. i checked the startup tab under msconfig.exe and right at the top was a single symbol, kinda like japanese, i unticked that but when i went back into msconfig, it had gone completely, anyway i have run adaware SE and Ewido anti-spyware to no avail.

    Any help is greatly appreciated :D

    Here is my hijack this log:

    Logfile of HijackThis v1.99.1
    Scan saved at 20:28:19, on 15/08/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Sygate\SPF\smc.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\Security

    Center\SymWSC.exe
    C:\Program Files\Launch Manager\LaunchAp.exe
    C:\Program Files\Launch Manager\HotkeyApp.exe
    C:\Program Files\Launch Manager\OSD.exe
    C:\Program Files\Launch Manager\Wbutton.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\PRISMSTA.EXE
    C:\PROGRA~1\NORTON~1\navapw32.exe
    C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
    C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
    C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
    C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
    C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Arovax AntiSpyware\arovaxantispyware.exe
    c:\progra~1\intern~1\iexplore.exe
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\Program Files\Messenger\MSMSGS.EXE
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\ntl\broadband medic\bin\mpbtn.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Google\Google Desktop

    Search\GoogleDesktopIndex.exe
    C:\Program Files\Google\Google Desktop

    Search\GoogleDesktopCrawl.exe
    C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
    C:\Program Files\WinRAR\WinRAR.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\DOCUME~1\Rob\LOCALS~1\Temp\Rar$EX13.328\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

    http://www.ebay.co.uk/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

    http://www.ebay.co.uk/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

    Settings,ProxyOverride = 127.0.0.1
    O2 - BHO: (no name) - {058B09AB-18BE-3880-528C-96DBE7154D16} -

    C:\DOCUME~1\Rob\APPLIC~1\COOLGR~1\Idol Meow.exe (file missing)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-

    784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0

    \Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-

    AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-

    D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-

    CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-

    64B5B4FF55D0} - C:\Program Files\MSN Toolbar

    Suite\TB\02.05.0000.1082\en-gb\msntb.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} -

    C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-

    7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-

    B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
    O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-

    64B5B4FF55D0} - C:\Program Files\MSN Toolbar

    Suite\TB\02.05.0000.1082\en-gb\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -

    c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [OemReset] %systemroot%\OPTIONS\OEMRESET.EXE

    /AUDIT
    O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
    O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch

    Manager\LaunchAp.exe
    O4 - HKLM\..\Run: [HotkeyApp] C:\Program Files\Launch

    Manager\HotkeyApp.exe
    O4 - HKLM\..\Run: [OSD] C:\Program Files\Launch Manager\OSD.exe
    O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch

    Manager\Wbutton.exe"
    O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch

    Manager\CtrlVol.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program

    Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program

    Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32

    \NeroCheck.exe
    O4 - HKLM\..\Run: [PRISMSTA.EXE] PRISMSTA.EXE START
    O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1

    \SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program

    Files\Lexmark X5100 Series\lxbabmgr.exe"
    O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay

    Toolbar2\eBayTBDaemon.exe
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ntl\BROADB~1

    \SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [SS1HelperStartUp] C:\PROGRA~1\SEASID~1

    \SS1HEL~1.EXE /partner SS1
    O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
    O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser

    Mouse\Browser Mouse\1.0\lwbwheel.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program

    Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [Itch Scr Support Web] C:\Documents and

    Settings\All Users\Application Data\LICENSE RDR ITCH SCR\Eggs

    Flap.exe
    O4 - HKLM\..\Run: [Arovax AntiSpyware] C:\Program Files\Arovax

    AntiSpyware\arovaxantispyware.exe /s
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware

    4.0\ewido.exe" /minimized
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -

    startgui
    O4 - HKLM\..\Run: [MSConfig]

    C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program

    Files\Messenger\MSMSGS.EXE" /background
    O4 - HKCU\..\Run: [MessengerPlus3] "\" /WinStart
    O4 - HKCU\..\Run: [Skype] "C:\Program

    Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program

    Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKCU\..\Run: [CompDoes] C:\DOCUME~1\Rob\APPLIC~1

    \htmaim\Amokbags.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN

    Messenger\msnmsgr.exe" /background
    O4 - Global Startup: broadband medic.lnk = C:\Program

    Files\ntl\broadband medic\bin\matcli.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program

    Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Add animation to IncrediMail Style

    Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
    O8 - Extra context menu item: &eBay Search - res://C:\Program

    Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
    O8 - Extra context menu item: &MSN Search - res://C:\Program

    Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-

    gb\msntb.dll/search.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel -

    res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-

    00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-

    11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06

    \bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-

    3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-

    00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-

    11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet

    Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows

    Genuine Advantage Validation Tool) -

    http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {266B9238-31A5-4B53-9039-272FE846DF9D}

    (DiameterTransfer Control) -

    http://www.sis.com/download/SISTransfer.cab
    O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader

    Object) -

    http://www.miniclip.com/puzzlepirates/miniclipGameLoader.dll
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo

    Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl

    Class) -

    http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/cl

    ient/wuweb_site.cab?1124569655281
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -

    "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32

    \WgaLogon.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. -

    C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32

    \ati2sgag.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec

    Corporation - C:\Program

    Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Diskeeper - Executive Software International, Inc.

    - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware

    Development a.s. - C:\Program Files\ewido anti-spyware 4.0

    \guard.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International,

    Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1

    \Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) -

    Symantec Corporation - C:\Program Files\Norton

    AntiVirus\navapsvc.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec

    Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Sygate Personal Firewall (SmcService) - Sygate

    Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) -

    Symantec Corporation - C:\Program Files\Common Files\Symantec

    Shared\SNDSrvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation -

    C:\Program Files\Common Files\Symantec Shared\Security

    Center\SymWSC.exe
     
  2. Platinum

    Platinum New Member

    Messages:
    809
    We'll need to move HiJackThis.exe out of a temporary directory and into a directory of its own, preferably C:\HJT (creating the folder if necessary). The reason behind this is that HJT creates backups of every "fix" we do in the folder it's running in. If we happen to "fix" something and need it later on, there is a very good chance that, by that time, that TEMP directory could be purged and our backups would be lost. If you need a detailed tutorial or just a better explanation as to why, please click here.
    Please move HJT to its own directory and post a new log.

    Also please make sure any startups you disabled in msconfig are enabled again. HijackThis cannot see startup processes that are disabled in msconfig, this could cause problems with the fix, and could also prevent your computer from being properly cleaned.
     
  3. Yue

    Yue New Member

    Messages:
    363
    ok, done, done and done:

    Logfile of HijackThis v1.99.1
    Scan saved at 21:46:08, on 15/08/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Sygate\SPF\smc.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\Program Files\Launch Manager\LaunchAp.exe
    C:\Program Files\Launch Manager\HotkeyApp.exe
    C:\Program Files\Launch Manager\OSD.exe
    C:\Program Files\Launch Manager\Wbutton.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\PRISMSTA.EXE
    C:\PROGRA~1\NORTON~1\navapw32.exe
    C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
    C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
    C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
    C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
    C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Arovax AntiSpyware\arovaxantispyware.exe
    c:\progra~1\intern~1\iexplore.exe
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\Program Files\Messenger\MSMSGS.EXE
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\ntl\broadband medic\bin\mpbtn.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\INCRED~1\bin\IMApp.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\HJT\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.co.uk/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.co.uk/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    O2 - BHO: (no name) - {058B09AB-18BE-3880-528C-96DBE7154D16} - C:\DOCUME~1\Rob\APPLIC~1\COOLGR~1\Idol Meow.exe (file missing)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
    O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [OemReset] %systemroot%\OPTIONS\OEMRESET.EXE /AUDIT
    O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
    O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe
    O4 - HKLM\..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe
    O4 - HKLM\..\Run: [OSD] C:\Program Files\Launch Manager\OSD.exe
    O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
    O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [PRISMSTA.EXE] PRISMSTA.EXE START
    O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
    O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [SS1HelperStartUp] C:\PROGRA~1\SEASID~1\SS1HEL~1.EXE /partner SS1
    O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
    O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [Itch Scr Support Web] C:\Documents and Settings\All Users\Application Data\LICENSE RDR ITCH SCR\Eggs Flap.exe
    O4 - HKLM\..\Run: [Arovax AntiSpyware] C:\Program Files\Arovax AntiSpyware\arovaxantispyware.exe /s
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
    O4 - HKCU\..\Run: [MessengerPlus3] "\" /WinStart
    O4 - HKCU\..\Run: [CompDoes] C:\DOCUME~1\Rob\APPLIC~1\htmaim\Amokbags.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - Global Startup: broadband medic.lnk = C:\Program Files\ntl\broadband medic\bin\matcli.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
    O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
    O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll/search.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {266B9238-31A5-4B53-9039-272FE846DF9D} (DiameterTransfer Control) - http://www.sis.com/download/SISTransfer.cab
    O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/puzzlepirates/miniclipGameLoader.dll
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1124569655281
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

    Thnx for your help in this :)
     
  4. Platinum

    Platinum New Member

    Messages:
    809
    Download Findlop by Metallica. Unzip it to your desktop. Double click findlop.bat. It will open a notepad file. Copy the content of that file and paste it here in your reply.
     
  5. Yue

    Yue New Member

    Messages:
    363
    [TRACE] Enumerating jobs and queues
    [TRACE] Activating job 'AA16843D91DD3481.job'
    [TRACE] Printing all job properties

    ApplicationName: 'c:\docume~1\rob\applic~1\htmaim\ANTIACTIVEBONE.exe'
    Parameters: ''
    WorkingDirectory: ''
    Comment: ''
    Creator: 'Rob'
    Priority: NORMAL
    MaxRunTime: 259200000 (3d 0:00:00)
    IdleWait: 10
    IdleDeadline: 60
    MostRecentRun: 08/15/2006 22:00:00
    NextRun: 08/17/2006 1:00:00
    StartError: 0x80070002
    ExitCode: 0
    Status: SCHED_S_TASK_READY
    ScheduledWorkItem Flags:
    DeleteWhenDone = 0
    Suspend = 0
    StartOnlyIfIdle = 0
    KillOnIdleEnd = 0
    RestartOnIdleResume = 0
    DontStartIfOnBatteries = 0
    KillIfGoingOnBatteries = 0
    RunOnlyIfLoggedOn = 1
    SystemRequired = 0
    Hidden = 1
    TaskFlags: 0

    1 Trigger

    Trigger 0:
    Type: Daily
    DaysInterval: 1
    StartDate: 06/23/1997
    EndDate: 00/00/0000
    StartTime: 00:00
    MinutesDuration: 1440
    MinutesInterval: 60
    Flags:
    HasEndDate = 0
    KillAtDuration = 0
    Disabled = 0


    [TRACE] Activating job 'Disk Cleanup.job'
    [TRACE] Printing all job properties

    ApplicationName: 'C:\WINDOWS\system32\cleanmgr.exe'
    Parameters: ''
    WorkingDirectory: 'C:\WINDOWS\system32'
    Comment: ''
    Creator: 'Rob'
    Priority: NORMAL
    MaxRunTime: 259200000 (3d 0:00:00)
    IdleWait: 10
    IdleDeadline: 60
    MostRecentRun: 00/00/0000 0:00:00
    NextRun: 08/17/2006 2:00:00
    StartError: 0x8007052f
    ExitCode: 0
    Status: SCHED_S_TASK_HAS_NOT_RUN
    ScheduledWorkItem Flags:
    DeleteWhenDone = 0
    Suspend = 0
    StartOnlyIfIdle = 0
    KillOnIdleEnd = 0
    RestartOnIdleResume = 0
    DontStartIfOnBatteries = 1
    KillIfGoingOnBatteries = 1
    RunOnlyIfLoggedOn = 0
    SystemRequired = 0
    Hidden = 0
    TaskFlags: 0

    1 Trigger

    Trigger 0:
    Type: Daily
    DaysInterval: 1
    StartDate: 03/23/2006
    EndDate: 00/00/0000
    StartTime: 02:00
    MinutesDuration: 0
    MinutesInterval: 0
    Flags:
    HasEndDate = 0
    KillAtDuration = 0
    Disabled = 0


    [TRACE] Activating job 'Norton AntiVirus - Scan my computer.job'
    [TRACE] Printing all job properties

    ApplicationName: 'C:\PROGRA~1\NORTON~1\NAVW32.exe'
    Parameters: '/task:C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec\NORTON~1\Tasks\mycomp.sca'
    WorkingDirectory: ''
    Comment: 'This is a schedule scan task from Norton AntiVirus.'
    Creator: 'Rob'
    Priority: NORMAL
    MaxRunTime: 259200000 (3d 0:00:00)
    IdleWait: 10
    IdleDeadline: 60
    MostRecentRun: 08/16/2006 3:00:07
    NextRun: 08/17/2006 3:00:00
    StartError: S_OK
    ExitCode: 0
    Status: SCHED_S_TASK_READY
    ScheduledWorkItem Flags:
    DeleteWhenDone = 0
    Suspend = 0
    StartOnlyIfIdle = 0
    KillOnIdleEnd = 0
    RestartOnIdleResume = 0
    DontStartIfOnBatteries = 0
    KillIfGoingOnBatteries = 0
    RunOnlyIfLoggedOn = 1
    SystemRequired = 0
    Hidden = 0
    TaskFlags: 0

    1 Trigger

    Trigger 0:
    Type: Daily
    DaysInterval: 1
    StartDate: 08/20/2005
    EndDate: 00/00/0000
    StartTime: 03:00
    MinutesDuration: 0
    MinutesInterval: 0
    Flags:
    HasEndDate = 0
    KillAtDuration = 0
    Disabled = 0


    [TRACE] Activating job 'Symantec NetDetect.job'
    [TRACE] Printing all job properties

    ApplicationName: 'C:\Program Files\Symantec\LiveUpdate\NDetect.exe'
    Parameters: ''
    WorkingDirectory: 'C:\Program Files\Symantec\LiveUpdate'
    Comment: 'Symantec NetDetect'
    Creator: 'SYSTEM'
    Priority: NORMAL
    MaxRunTime: 259200000 (3d 0:00:00)
    IdleWait: 10
    IdleDeadline: 60
    MostRecentRun: 00/00/0000 0:00:00
    NextRun: 08/17/2006 0:38:00
    StartError: 0x80070002
    ExitCode: 0
    Status: SCHED_S_TASK_HAS_NOT_RUN
    ScheduledWorkItem Flags:
    DeleteWhenDone = 0
    Suspend = 0
    StartOnlyIfIdle = 0
    KillOnIdleEnd = 0
    RestartOnIdleResume = 0
    DontStartIfOnBatteries = 0
    KillIfGoingOnBatteries = 0
    RunOnlyIfLoggedOn = 1
    SystemRequired = 0
    Hidden = 0
    TaskFlags: 0

    1 Trigger

    Trigger 0:
    Type: Daily
    DaysInterval: 1
    StartDate: 06/20/2006
    EndDate: 00/00/0000
    StartTime: 03:03
    MinutesDuration: 1440
    MinutesInterval: 5
    Flags:
    HasEndDate = 0
    KillAtDuration = 0
    Disabled = 0
     

Share This Page