Results 1 to 3 of 3

Thread: Having a problem removing trojan Startpage.19.J...HJT log attached...help appreciate

  1. #1
    Junior Member
    Join Date
    Nov 2005
    Location
    Limerick, Ireland
    Posts
    1

    Default Having a problem removing trojan Startpage.19.J...HJT log attached...help appreciated

    Logfile of HijackThis v1.99.1
    Scan saved at 20:58:22, on 22/11/05
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\PROGRAM FILES\SPYHUNTER\POPUPBLOCKER\ENIGMAPOPUPSTOP.EXE
    C:\PROGRAM FILES\LOGITECH\ITOUCH\ITOUCH.EXE
    C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
    C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
    C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
    C:\WINDOWS\INTELSPN.EXE
    C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE
    C:\PROGRAM FILES\SONY CORPORATION\IMAGE TRANSFER\SONYTRAY.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\DESKTOP\PAUL_TEMP\HIJACKTHIS.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\WINDOWS\RUNDLL32.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/space.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/space.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by eircom net
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O2 - BHO: (no name) - {DE62ED0B-5B99-11DA-B050-FDBDBD6BDC18} - C:\WINDOWS\SYSTEM\CONH.DLL
    O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [EnigmaPopupStop] C:\Program Files\SpyHunter\PopupBlocker\EnigmaPopupStop.exe
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
    O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
    O4 - HKLM\..\Run: [SelahFrontPanel] C:\WINDOWS\Intelspn /B:Software\Intel\Selah
    O4 - HKLM\..\RunServices: [Drive2Drive] C:\Program Files\Future Systems Solutions\Drive2Drive\SYSTEM\D2DSVC.EXE /c
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TeaTimer.exe
    O4 - Startup: Image Transfer.lnk = C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O15 - Trusted IP range: 64.127.104.144
    O18 - Filter: text/html - {DE62ED06-5B99-11DA-B050-FDBD536A7386} - C:\WINDOWS\SYSTEM\CONH.DLL
    O18 - Filter: text/plain - {DE62ED06-5B99-11DA-B050-FDBD536A7386} - C:\WINDOWS\SYSTEM\CONH.DLL

  2. #2
    Emeritus
    Join Date
    Nov 2005
    Location
    Texas
    Posts
    1,144

    Default

    Please download and run CWShredder. Make sure that all browser windows are closed with the exception of Cwshredder and choose FIX.

    http://www.majorgeeks.com/downloadge...fd6b3ff02edc90

    We have found that some of the CWS infections can be removed better from safe mode, rather than normal mode.
    To get to safe mode use the F8 key while booting the machine.
    Detailed instructions from here http://service1.symantec.com/SUPPORT...01052409420406


    Then post another log.

  3. #3
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,584

    Default Having a problem removing trojan Startpage.19.J...HJT log attached...help appreciate

    Due to lack of a response this topic will be archived.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •