Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan.startpage

Started by Colonel , Jan 24 2005 06:40 PM

  • Please log in to reply

#1
Colonel
Posted 24 January 2005 - 06:40 PM

Colonel

    New Member

  • Member
  • Pip
  • 5 posts
I followed your outlined procedures - Adaware, Spybot, CWS Shredder, etc. and still have a problem.

There is some file (executable) in my windows startup and once I re-boot and click on either windows explorer or internet explorer, my Norton AV finds the Trojan.StartPage virus and quarantines it. But I need to find the file that keeps launching.

Anyway, I'm at my wits end and would really prefer not to reformat my drive. So, I have attached the Hijackthis log file for your review.

Thanks in advance.


Logfile of HijackThis v1.99.0
Scan saved at 6:24:14 PM, on 1/24/05
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\NORTON ANTIVIRUS\RTVSCN95.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\DEFWATCH.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\TWAIN_32\PAPRPORT\6100B\FLATBED.EXE
C:\PROGRAM FILES\CREATIVE\COLORIF\PROGRAM\HGCCTL95.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\VPTRAY.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\GAME CONTROLLERS\COMMON\SWTRAYV4.EXE
C:\PROGRAM FILES\CLEANMYPC\REGISTRY CLEANER\RCSCHEDULER.EXE
C:\PROGRAM FILES\WEBROOT\WASHER\WWDISP.EXE
C:\PROGRAM FILES\WEBROOT\POP-UP WASHER\POPUPWASHER.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\DISTILLR\ACROTRAY.EXE
C:\PROGRAM FILES\SONY CORPORATION\IMAGE TRANSFER\SONYTRAY.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\LOGITECH\WINGMAN SOFTWARE\LWEMON.EXE
C:\JEFF\HIJACK\HIJACKTH.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://c:\windows\TEMP\sp.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://c:\windows\TEMP\sp.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\ACROBAT\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {5F7A8B41-6871-11D9-9427-444591671B88} - C:\WINDOWS\SYSTEM\JMHP.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: Popup Killer - {4A3A071E-F913-4eee-AE15-AEFFA16FB6BC} - C:\PROGRAM FILES\WEBROOT\POP-UP WASHER\VAPOPUPKILLER.DLL
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDPB.DLL
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDSG.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [PP6100b] C:\WINDOWS\twain_32\paprport\6100b\flatbed.exe
O4 - HKLM\..\Run: [BlstApp] C:\WINDOWS\SYSTEM\BLSTAPP.EXE
O4 - HKLM\..\Run: [Colorific Control Panel] C:\PROGRA~1\CREATIVE\COLORIF\PROGRAM\HGCCTL95.EXE
O4 - HKLM\..\Run: [3Deep Control Panel] C:\PROGRA~1\CREATIVE\3DEEP\PROGRAM\3DeepCTL.EXE
O4 - HKLM\..\Run: [vptray] c:\Program Files\Norton AntiVirus\vptray.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MICROS~3\GAMECO~1\COMMON\SWTRAYV4.EXE
O4 - HKLM\..\Run: [XoftSpy] C:\PROGRAM FILES\XOFTSPY\XoftSpy.exe -s
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [RNBOStart] C:\WINDOWS\SYSTEM\RNBOSENT\SENTSTRT.EXE
O4 - HKLM\..\RunServices: [BCDetect] c:\windows\SYSTEM\BCDetect.exe defer
O4 - HKLM\..\RunServices: [rtvscn95] c:\Program Files\Norton AntiVirus\rtvscn95.exe
O4 - HKLM\..\RunServices: [defwatch] c:\Program Files\Norton AntiVirus\defwatch.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [Start WingMan Profiler] "c:\Program Files\Logitech\WingMan Software\lwtest.exe" /detect /quiet /launch "c:\Program Files\Logitech\WingMan Software\lwemon.exe /noui"
O4 - HKCU\..\Run: [Registry Cleaner Scheduler] "C:\Program Files\CleanMyPC\Registry Cleaner\RCScheduler.exe" /startup
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [PopUpWasher] C:\PROGRA~1\WEBROOT\POP-UP~1\PopUpWasher.exe
O4 - HKCU\..\RunServices: [Start WingMan Profiler] "c:\Program Files\Logitech\WingMan Software\lwtest.exe" /detect /quiet /launch "c:\Program Files\Logitech\WingMan Software\lwemon.exe /noui"
O4 - HKCU\..\RunServices: [Registry Cleaner Scheduler] "C:\Program Files\CleanMyPC\Registry Cleaner\RCScheduler.exe" /startup
O4 - HKCU\..\RunServices: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\RunServices: [PopUpWasher] C:\PROGRA~1\WEBROOT\POP-UP~1\PopUpWasher.exe
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: EPSON Background Monitor.lnk = C:\ESM2\Stms.exe
O4 - Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Startup: Image Transfer.lnk = C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDPB.DLL
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai....23/cpbrkpie.cab
O18 - Filter hijack: text/webviewhtml - (no CLSID) - (no file)
O18 - Filter: text/html - {E52270C0-6E32-11D9-9427-8ED880087BD5} - C:\WINDOWS\SYSTEM\JMHP.DLL
O18 - Filter: text/plain - {E52270C0-6E32-11D9-9427-8ED880087BD5} - C:\WINDOWS\SYSTEM\JMHP.DLL
  • 0

Advertisements

#2
Koretek
Posted 24 January 2005 - 07:47 PM

Koretek

    Member

  • Member
  • PipPipPip
  • 340 posts
Hi Colonel,

Welcome to the Geekstogo forums and for right now please dont touch anything we are examining your log and will be back with our recommendations, you hang in there help is on the way and soon you will be heard to be shouting from the rooftops, Free at last, free at last!! :tazz:
  • 0

#3
Koretek
Posted 24 January 2005 - 08:17 PM

Koretek

    Member

  • Member
  • PipPipPip
  • 340 posts
Im gathering your info and waiting for a reply from a top notch expert because this is something that I havent seen yet to be honest altho I think we have it, what I need to know is this........


1. exactly WHERE is the Norton showing the error or Trojan. it would be nice if you could copy the entire info on the file thats quaranteed or just retype it in here for us. The entire pathway like C:\Windows\Temp\boogeyman.exe or wherever it lies and the name.

2. Did you just do a re-install of this OS or was something just installed or re-installed?

Edited by Koretek, 24 January 2005 - 08:19 PM.

  • 0

#4
Colonel
Posted 25 January 2005 - 09:02 AM

Colonel

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Thanks for the help so far Koretek. :tazz:

I'm not at home right now and will post the entire error message this afternoon.

But from what I remember off the top of my head, Norton quarantines a file called sp.dll and it gets located in my C:\Windows\Temp folder.

Like I said earlier everytime I turn my computer on, something adds files to my registry. I've gone in and manually removed files in my registry and used Hijackthis to remove the R1 and R0 items listed, but once I reboot, they show up again. :mad:

Again, I really appreciate the help. Let me know if you have any questions.

Thanks. ;)
  • 0

#5
Colonel
Posted 25 January 2005 - 07:40 PM

Colonel

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Koretek, here is the Norton error message.


Scan type: Realtime Protection Scan
Event: Virus Found!
Virus name: Trojan.StartPage
File: C:\windows\TEMP\sp.dll
Location: Quarantine
Computer: OEMCOMPUTER
User: jeffrey
Action taken: Clean failed : Quarantine succeeded : Access denied
Date found: Tue Jan 25 19:34:19

To answer your other questions - this is not a new OS for this computer, it is the original. I have not loaded any new software prior to running Hijackthis. I did load a couple of new games afterwards yesterday.
  • 0

#6
Colonel
Posted 25 January 2005 - 07:41 PM

Colonel

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Just realized something. I did load all kinds of anti-spyware type software over the last couple of days. But, that was after I found the Trojan.
  • 0

#7
pogenog
Posted 26 January 2005 - 01:24 PM

pogenog

    New Member

  • Member
  • Pip
  • 1 posts
Hi--I noticed that Korotek asked whether the OS had been re-installed so I post this only hoping that it will help him diagnose and solve the problem. If I should have started a separate thread I am sorry, and will do so if I have any questions.

I reinstalled my OS this weekend, a supposedly non-destructive reinstall of XP home edition from a partition on the C drive of an HP Pavilion. I installed the dial-up program from Allvantage.com (saved on a thumbdrive), then connected to the HP website. I got some very strange non HP pop-ups telling me the computer had a virus, click here for a scan, etc. I closed them. Then I connected to Windows update, which now does nothing but freeze when it says it is trying to download the latest version of the windows update program. Then I installed Trend-Micro Pc-Cillin Internet Security 2005, updated it, and ran a scan. It says I have the trojan startpge.kr.

I will post more detailed info, like the complete file path, if Korotex wants me to.
  • 0

#8
Koretek
Posted 26 January 2005 - 07:17 PM

Koretek

    Member

  • Member
  • PipPipPip
  • 340 posts
Sure Pogenog,
U can start by reading this and leaving a log in your own thread.

Read please:

Steps to take before posting a log

Havent forgotten about you Colonel hang in there buddy!
  • 0

#9
Koretek
Posted 26 January 2005 - 08:33 PM

Koretek

    Member

  • Member
  • PipPipPip
  • 340 posts
Hi Colonel

You have a nasty About:Blank infection. This fix requires

several tools that need to be downloaded. Please download

these now, we will run them later.

1) About:Buster - Download it and extract it to
C:/aboutbuster.
About Buster

2) CleanUp! - Download it and install it
CleanUp!

3) CWShredder 2.11 - Download it and save it to your
desktop.
CWShredder

4) Ad-Aware - Download, install, and update.
Ad-aware



During the fix do NOT connect to the internet. Unless you

can memorize these instructions, it would be a good idea to

print them out.

Boot into safe mode:
Restart your computer and as soon as it starts booting up

again continuously tap F8. A menu should come up where you

will be given the option to enter Safe Mode.

Enable hidden files and folders:

http://www.bleepingc...torial=62#winme


Run AboutBuster
-Click Start to begin the process
-Click OK on the Buster Report dialogue box to start the

scan
AboutBuster scans the computer for malicious files and

deletes them.
Save the report (copy and paste into Notepad and save as a

.txt file) to post a copy for review.

Run CWShredder
-Next, click on the: ‘Fix’ button
-Follow the prompts, and press OK

Run CleanUp
-Make sure it is on Standard Mode
-Click the "CleanUp!" button

Run Ad-Aware
-Configure Ad-Aware for a full system scan
-Run it

Clean Up the left overs

Run HJT, close any open windows, and fix the following items

(if they are still there):

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://c:\windows\TEMP\sp.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://c:\windows\TEMP\sp.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {5F7A8B41-6871-11D9-9427-444591671B88} - C:\WINDOWS\SYSTEM\JMHP.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai....23/cpbrkpie.cab
O18 - Filter hijack: text/webviewhtml - (no CLSID) - (no file)
O18 - Filter: text/html - {E52270C0-6E32-11D9-9427-8ED880087BD5} - C:\WINDOWS\SYSTEM\JMHP.DLL
O18 - Filter: text/html - {E52270C0-6E32-11D9-9427-8ED880087BD5} - C:\WINDOWS\SYSTEM\JMHP.DLL

Delete the following Items if they still exist:

C:\WINDOWS\SYSTEM\JMHP.DLL
c:\windows\TEMP\sp.dll
C:\WINDOWS\web\related.htm


Reboot into normal mode (simply restart your computer as you

normally would), and run the following free, online virus

scans:

http://housecall.tre.../start_corp.asp
http://www.pandasoft...n_principal.htm
http://housecall.tre.../start_corp.asp

Then restart your computer one more time and post a new HJT

log as well as the About:Buster log I asked you to save

earlier.

Edited by Koretek, 26 January 2005 - 09:05 PM.

  • 0

#10
Koretek
Posted 26 January 2005 - 08:50 PM

Koretek

    Member

  • Member
  • PipPipPip
  • 340 posts
Good Luck! :tazz:

Edited by Koretek, 26 January 2005 - 09:06 PM.

  • 0

#11
Colonel
Posted 27 January 2005 - 12:04 PM

Colonel

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Koretek, I'm on the rooftop and shouting FREE AT LAST!!! FREE AT LAST!!! :tazz:

Here are the log files you requested.

AboutBuster:

Scanned at: 10:43:40 AM on: 1/27/05


-- Scan 1 ---------------------------
About:Buster Version 3.0
Reference List : 15


ADS not scanned System(FAT)
Attempted Clean Of Temp folder.
Pages Reset... Done!

-- Scan 2 ---------------------------
About:Buster Version 3.0
Reference List : 15


ADS not scanned System(FAT)
Attempted Clean Of Temp folder.
Pages Reset... Done!

HJT

Logfile of HijackThis v1.99.0
Scan saved at 11:53:01 AM, on 1/27/05
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\NORTON ANTIVIRUS\RTVSCN95.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\DEFWATCH.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\TWAIN_32\PAPRPORT\6100B\FLATBED.EXE
C:\PROGRAM FILES\CREATIVE\COLORIF\PROGRAM\HGCCTL95.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\VPTRAY.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\GAME CONTROLLERS\COMMON\SWTRAYV4.EXE
C:\PROGRAM FILES\CLEANMYPC\REGISTRY CLEANER\RCSCHEDULER.EXE
C:\PROGRAM FILES\WEBROOT\WASHER\WWDISP.EXE
C:\PROGRAM FILES\WEBROOT\POP-UP WASHER\POPUPWASHER.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\DISTILLR\ACROTRAY.EXE
C:\PROGRAM FILES\SONY CORPORATION\IMAGE TRANSFER\SONYTRAY.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\LOGITECH\WINGMAN SOFTWARE\LWEMON.EXE
C:\JEFF\HIJACK\HIJACKTH.EXE

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\ACROBAT\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: Popup Killer - {4A3A071E-F913-4eee-AE15-AEFFA16FB6BC} - C:\PROGRAM FILES\WEBROOT\POP-UP WASHER\VAPOPUPKILLER.DLL
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDPB.DLL
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDSG.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [PP6100b] C:\WINDOWS\twain_32\paprport\6100b\flatbed.exe
O4 - HKLM\..\Run: [BlstApp] C:\WINDOWS\SYSTEM\BLSTAPP.EXE
O4 - HKLM\..\Run: [Colorific Control Panel] C:\PROGRA~1\CREATIVE\COLORIF\PROGRAM\HGCCTL95.EXE
O4 - HKLM\..\Run: [3Deep Control Panel] C:\PROGRA~1\CREATIVE\3DEEP\PROGRAM\3DeepCTL.EXE
O4 - HKLM\..\Run: [vptray] c:\Program Files\Norton AntiVirus\vptray.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MICROS~3\GAMECO~1\COMMON\SWTRAYV4.EXE
O4 - HKLM\..\Run: [XoftSpy] C:\PROGRAM FILES\XOFTSPY\XoftSpy.exe -s
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [RNBOStart] C:\WINDOWS\SYSTEM\RNBOSENT\SENTSTRT.EXE
O4 - HKLM\..\RunServices: [BCDetect] c:\windows\SYSTEM\BCDetect.exe defer
O4 - HKLM\..\RunServices: [rtvscn95] c:\Program Files\Norton AntiVirus\rtvscn95.exe
O4 - HKLM\..\RunServices: [defwatch] c:\Program Files\Norton AntiVirus\defwatch.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [Start WingMan Profiler] "c:\Program Files\Logitech\WingMan Software\lwtest.exe" /detect /quiet /launch "c:\Program Files\Logitech\WingMan Software\lwemon.exe /noui"
O4 - HKCU\..\Run: [Registry Cleaner Scheduler] "C:\Program Files\CleanMyPC\Registry Cleaner\RCScheduler.exe" /startup
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [PopUpWasher] C:\PROGRA~1\WEBROOT\POP-UP~1\PopUpWasher.exe
O4 - HKCU\..\RunServices: [Start WingMan Profiler] "c:\Program Files\Logitech\WingMan Software\lwtest.exe" /detect /quiet /launch "c:\Program Files\Logitech\WingMan Software\lwemon.exe /noui"
O4 - HKCU\..\RunServices: [Registry Cleaner Scheduler] "C:\Program Files\CleanMyPC\Registry Cleaner\RCScheduler.exe" /startup
O4 - HKCU\..\RunServices: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\RunServices: [PopUpWasher] C:\PROGRA~1\WEBROOT\POP-UP~1\PopUpWasher.exe
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: EPSON Background Monitor.lnk = C:\ESM2\Stms.exe
O4 - Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Startup: Image Transfer.lnk = C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDPB.DLL
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O18 - Filter hijack: text/webviewhtml - (no CLSID) - (no file)

On another note, what would you recommend I do to protect my computer in the future. In other words what software should I run (adaware, etc.) and what sort of maintenance routine should I employ?

Look forward to hearing back from you. ;) :thumbsup: :cheers:
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP