Startpage

Discussion in 'adware, spyware & hijack cleaning' started by maximmortal, Jun 28, 2004.

Thread Status:
Not open for further replies.
  1. maximmortal

    maximmortal Registered Member

    Joined:
    May 29, 2004
    Posts:
    17
    Hello, I'm back again! :rolleyes:

    This time writing from my mum's computer. She somehow contracted the Startpage virus? I ran AVG free edition and isolated it. Now to clean up.

    Logfile of HijackThis v1.97.7
    Scan saved at 22:55:59, on 28/06/2004
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
    C:\WINDOWS\System32\CePMTray.exe
    C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\PROGRA~1\Grisoft\AVG6\AVGCC32.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\MIKE\My Documents\MAXINE'S\Hijack This\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server224.smartbotpro.net/7search/?hkcu
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://default-homepage-network.com/start.cgi?hklm
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server224.smartbotpro.net/7search/?hklm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by BTopenworld
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://moneycentral.msn.co.uk/
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [CeEKey.exe] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [CeEPOWER] C:\WINDOWS\System32\CePMTray.exe
    O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {03177121-226B-11D4-B0BE-005004AD3039} (UploaderCtrl Class) - http://members21.clubphoto.com/_img/uploader/atl_uploader.cab
    O16 - DPF: {1803B9EF-9905-4F34-AFC4-05D1BAB28801} (RegUserCfgUI Class) - http://download.yahoo.com/dl/installs/bt/yregucfg.cab
    O16 - DPF: {8EF27A70-DD04-11D6-B7F6-00A0C9CD5F8A} - http://www.quikshield.com/qshsetup.exe
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{33B1D021-91BC-4AC9-8D4A-C03854DF0C52}: NameServer = 213.1.119.97 213.1.119.98
     
  2. maximmortal

    maximmortal Registered Member

    Joined:
    May 29, 2004
    Posts:
    17
    I'm thinking... get rid of this lot, right?

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server224.smartbotpro.net/7search/?hkcu
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://default-homepage-network.com/start.cgi?hklm
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server224.smartbotpro.net/7search/?hklm

    O17 - HKLM\System\CCS\Services\Tcpip\..\{33B1D021-91BC-4AC9-8D4A-C03854DF0C52}: NameServer = 213.1.119.97 213.1.119.98
     
Thread Status:
Not open for further replies.