I don't know if anyone has posted this problem yet, but I'm using my grandfather’s computer. It's an old machine running Windows 2000. The problem that occurs on this machine is that whenever anyone logs in there are about 5 internet explorer windows that load up for itself. Most of the windows have some "freewebs" page loading up and one of them tries to load up "mynbx247" which I read was some type od adware. I downloaded StartupList from the Merijn website and the list they gave me seemed to have stuff that I recognised and stuff that I didn't. I was hoping that someone on this site could help me with this problem. The help will be much appreciated.
This is the log from the StartupList program:
StartupList report, 28/10/2007, 12:03:57
StartupList version: 1.52
Started from : C:\Program Files\ADaware\Spywareinfo\StartupList.EXE
Detected: Windows 2000 SP4 (WinNT 5.00.2195)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\CTsvcCDA.EXE
C:\WINNT\System32\svchost.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINNT\System32\msdtc.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\xmzwre.exe
C:\WINNT\system32\xaudezq.exe
C:\WINNT\system32\tthvutp.exe
C:\WINNT\system32\vncdy.exe
C:\WINNT\system32\eajglrpt.exe
C:\WINNT\system32\vpuurwp.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINNT\Logi_MwX.Exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINNT\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINNT\system32\ElkCtrl.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Real Alternative\Update_OB\realsched.exe
C:\WINNT\system32\internat.exe
C:\WINNT\system32\jqsxtq.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Creative\Shared Files\CamTray.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINNT\regedit.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Program Files\ADaware\Spywareinfo\StartupList.exe
--------------------------------------------------
Listing of startup folders:
Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
--------------------------------------------------
Checking Windows NT UserInit:
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINNT\system32\userinit.exe,
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Synchronization Manager = mobsync.exe /logon
Workflow = E:\Workflow.exe
NT Logging Service = syslog32.exe
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
Windows Compliant = jqsxtq.exe
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
internat.exe = internat.exe
Windows Compliant = jqsxtq.exe
LDM = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
Creative WebCam Tray = "C:\Program Files\Creative\Shared Files\CamTray.exe"
swg = C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
--------------------------------------------------
Shell & screensaver key from C:\WINNT\SYSTEM.INI:
Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*
Shell & screensaver key from Registry:
Shell=Explorer.exe
SCRNSAVE.EXE=
drivers=*Registry value not found*
Policies Shell key:
HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*
--------------------------------------------------
Enumerating Browser Helper Objects:
(no name) - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_0.dll - {02478D38-C3F9-4efb-9B51-7695ECA05670}
(no name) - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - c:\program files\google\googletoolbar1.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}
--------------------------------------------------
Enumerating Task Scheduler jobs:
AntiSpyware Scheduled Scan.job
AppleSoftwareUpdate.job
--------------------------------------------------
Enumerating Download Program Files:
[Shockwave ActiveX Control]
InProcServer32 = C:\WINNT\system32\macromed\Director\SwDir.dll
CODEBASE =
http://download.macromedia.com/pub/s...irector/sw.cab
[Windows Genuine Advantage Validation Tool]
InProcServer32 = C:\WINNT\System32\LegitCheckControl.DLL
CODEBASE =
http://go.microsoft.com/fwlink/?linkid=39204
[InstallerBehaviorFactory Class]
InProcServer32 = C:\WINNT\Downloaded Program Files\MsnInstC.dll
CODEBASE =
https://signup.msn.com/pages/MsnInstC.cab
[{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}]
CODEBASE =
http://ak.exe.imgfarm.com/images/noc...up1.0.0.15.cab
[CTVUAxCtrl Object]
InProcServer32 = C:\WINNT\Downloaded Program Files\TVUAx.dll
CODEBASE =
http://dl.tvunetworks.com/TVUAx.cab
[RdxIE Class]
CODEBASE =
http://software-dl.real.com/25b39b89...p/RdxIE601.cab
[UnoCtrl Class]
InProcServer32 = C:\WINNT\Downloaded Program Files\GAME_UNO1.dll
CODEBASE =
http://messenger.zone.msn.com/EN-GB/.../GAME_UNO1.cab
[DivXBrowserPlugin Object]
InProcServer32 = C:\Program Files\DivX\DivX Web Player\npdivx32.dll
CODEBASE =
http://go.divx.com/plugin/DivXBrowserPlugin.cab
[Groove Control]
InProcServer32 = C:\WINNT\Downloaded Program Files\GrooveAX.dll
CODEBASE =
http://www.nick.com/common/groove/gx/GrooveAX27.cab
[SbInstObj]
InProcServer32 = C:\WINNT\Downloaded Program Files\HbInstIE.dll
CODEBASE =
http://installs.spamblockerutility.c...kerutility.cab
[{9F1C11AA-197B-4942-BA54-47A8489BB47F}]
CODEBASE =
http://v4.windowsupdate.microsoft.co...438.1721527778
[MsnMessengerSetupDownloadControl Class]
InProcServer32 = C:\WINNT\Downloaded Program Files\MsnMessengerSetupDownloader.ocx
CODEBASE =
http://messenger.msn.com/download/ms...downloader.cab
[MessengerStatsClient Class]
InProcServer32 = C:\WINNT\Downloaded Program Files\MessengerStatsPAClient.dll
CODEBASE =
http://messenger.zone.msn.com/binary...t.cab56907.cab
[VacPro.internazionale_ver11]
InProcServer32 = C:\WINNT\Downloaded Program Files\internazionale_ver11.ocx
CODEBASE =
http://advnt01.com/dialer/internazionale_ver11.CAB
[Shockwave Flash Object]
InProcServer32 = C:\WINNT\system32\Macromed\Flash\Flash9b.ocx
CODEBASE =
http://download.macromedia.com/pub/s...sh/swflash.cab
[Virtools WebPlayer Class]
InProcServer32 = C:\Program Files\Virtools\3D Life Player\WebPlayer.ocx
CODEBASE =
http://a532.g.akamai.net/f/532/6712/.../installer.exe
[{FF3F0F03-0F01-131A-A3F9-08F02B23E0CC}]
CODEBASE =
http://66.117.37.13/dbn2291.exe
--------------------------------------------------
Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*
Windows NT checkdisk command:
BootExecute = autocheck autochk *
Windows NT 'Wininit.ini':
PendingFileRenameOperations: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nss12.tmp\System.dll||C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nss12.tmp\||C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsj10.tmp\DivXComponentInstaller.exe||C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsj10.tmp\
--------------------------------------------------
Enumerating ShellServiceObjectDelayLoad items:
Network.ConnectionTray: C:\WINNT\system32\NETSHELL.dll
WebCheck: C:\WINNT\System32\webcheck.dll
SysTray: stobject.dll
--------------------------------------------------
End of report, 9,021 bytes
Report generated in 3.936 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
Thanks again. And my apologies if this has already been posted, if that is so, can someone post a link please, my grandfather gets really annoyed when he logs in.
Chevy Camaro Forum
Ford Mustang Forum
Jeep Wrangler Forum
Volkswagen Touareg Forum
Land Rover Defender Forum
