Home > Computer > Effectively Remove Trojan, Virus, Spyware from Windows Startup
Donation Goal
Donate Now Goal amount for this year: 799 USD, Received: 100 USD (13%)
Please donate to help support this website. The funds will be used to purchase owned license of LiteSpeed Web Server Enterprise (2-CPU). It provides superior performance in terms of raw speed, scalability and anti-DDoS capabilities.

Effectively Remove Trojan, Virus, Spyware from Windows Startup

Posted By Raymond In Category: Computer

Sep
4
2006

I’ve been helping people to remove trojan, virus, spyware and unnecessary programs from Windows startup for many years now. It’s very interesting because you will learn the Windows startup methods from finding out where will the program be hidden. The old method by running System Configuration Utility(msconfig) doesn’t work so well now because there are many other ways to start the programs when Windows is being booted up without being displayed in System Configuration Utility(msconfig). Even some smart trojans are hidden from Task Manager, Processes tab.

Spywares, it is by nature to create random filenames and file sizes so avoid detection. That is why you always need 2-3 antispywares to completely remove spywares. Using anti-spyware software such as Ad-Aware, SpyBot and XoftSpy is good to identify spyware files but I can assure you that it’s not smart enough to 100% completely remove trojan, virus or spyware from startup. For example, one of my friend’s computer has been infected by spyware because everything is so slow. I find it hard to even download, update or copy the anti-spyware scanners to the computer. However, I manage to copy the updated anti-spyware software to the computer, scanned it, and removed the potential infections. I restarted the computer and it is still slow. That shows that spyware is still being ran during startup.

I am going to show you one of the best way to remove trojan, virus or spyware from startup but it requires you have at least some knowledge in computers, otherwise you’ll be removing the wrong startup programs which may cause the Windows to be unbootable.


HijackThis is a general homepage hijackers detector and remover. Hijackers are spywares, trojans and viruses. They infect your computer without your knowledge.
HijackThis Trojan Spyware removal
Initially based on the article Hijacked!, but expanded with a lot of other checks against hijacker tricks. It is continually updated to detect and remove new hijacks. It does not target specific programs/URLs, just the methods used by hijackers to force you onto their sites.
As a result, false positives are imminent, and unless you are sure what you’re doing, you should always consult with knowledgeable folks from forums before deleting anything or you can go a Google search on the filename to know if that file is a virus.

There are 2 types of scan methods.
1. Do a system scan and save a logfile.
- This is for newbie who doesn’t want to mess around with their computers. It will scan your computer and create a hijackthis.log file which you can paste it to forums and request for help.
2. Do a system scan only.
- Same as first method but it doesn’t create log files. Mostly for advance user who would like to troubleshoot themselves.

Again I would like to stress out that IF you’re unsure what to fix after running the scan, please request for help in forums. Simply removing any startup programs would result in an unbootable Windows.

[ Download HijackThis ]


Related posts:
  • How-to remove Winfixer, Virtumonde, Msevents, and Trojan.vundo (ATLDistrib Object)
  • Remove HotBar – Adware Spyware Removal Instructions
  • Auto Removal Spy Sheriff Spyware
  • Remove Windows Genuine Advantage Notification by KillCode
  • Bypass, Remove and Disable Windows Genuine Notification
    • Robert

      my computer will not boot up. When it runs a scan before boot up it says \windows\Dumpbe5F.tmp is cross-linked on allocation unit 3426557
      I need help, how do I fix problem? thanks, Robert

    • y4me

      gr8t job

    • Pingback: Trend Micro acquired HiJackThis tool » Raymond.CC Blog

    • http://www.tinysigns.com tinysigns

      I would definitely try this one… I once thought this hijackthis is a hacker tool or something…

    • Naughtygirlkesh

      I am trying to get rid of the Brontok virus and it is just not working it keeps on shutting down my computer every 5mins. I am currently using Zone Alert to scan and remove them but it seem like it is not working that well. Could you please email and tell me what to do????

    • Pingback: Top Rated FREE and Powerful Malware Cleaner » Raymond.CC Blog

    • Pingback: The Malaysian Blogosphere » Blog Archive » Raymond.CC: Top Rated FREE and Powerful Malware Cleaner

    • merryo

      Hello raymond! h r u you r indeed doing a great job but where is the link for this software i cant find the download option please provide me one thanx

    • webcadre

      wheres the link ray???

    • prashant girdhar

      there are lot of viruses and trojans on my laptop,which are also there in its boot file. whenever i run any antivirus software or start its set up it does nt work,i m not even able to format my windows as there are trojans and viruses in the boot files as well.please help me

    • http://evertec.rg3.net everton

      eu uso bastante e tem me ajudado muito, essa ferramenta.recomendo.
      []\\\\\\\’s

    • madhusudana Rao

      there are lot of viruses and trojans on my pc,which are also there in its boot file. whenever i run any antivirus software or start its set up it does nt work, in every 5min from task bar is showing you find 70 viruses/trojens/autorun/worm etc .please help me

    • ابتسام

      لو سمحتو دخل عندي فيروس طروادة كيف ازيلة وان ويندوز فيستا الي عندي

    • jasmine

      someone please help me remove the viris xp2008 antiviris that takes over your computer if you dnt buy it

    • emma

      i have a trojan horse virus, and it wont go ! it seriously wont i have tried everything and anything and its so annoying help!

    • ann

      pls how can i remove trojan virius from my pc. and i think becos of the trojan my pc is very slow pls help me out

    • Matthew

      My computer has been slow to start up can you please let know if there is anything i can delete to speed it up.

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 3:37:52 AM, on 3/09/2009
      Platform: Windows Vista SP2 (WinNT 6.00.1906)
      MSIE: Internet Explorer v8.00 (8.00.6001.18813)
      Boot mode: Normal

      Running processes:
      C:\Windows\system32\taskeng.exe
      C:\Windows\system32\Dwm.exe
      C:\Windows\Explorer.EXE
      C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
      C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
      C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
      C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
      C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
      C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\Program Files\IDT\WDM\sttray.exe
      C:\WINDOWS\System32\rundll32.exe
      C:\Program Files\Java\jre6\bin\jusched.exe
      C:\Program Files\PowerISO\PWRISOVM.EXE
      C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
      C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
      C:\Program Files\Windows Sidebar\sidebar.exe
      C:\Program Files\Windows Live\Messenger\msnmsgr.exe
      C:\WINDOWS\ehome\ehtray.exe
      C:\Users\Matthew\Program Files\DNA\btdna.exe
      C:\Program Files\Windows Defender\MSASCui.exe
      C:\Program Files\HP\QuickPlay\QPService.exe
      C:\Windows\ehome\ehmsas.exe
      C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
      C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
      C:\Users\Matthew\Downloads\Programs\HiJackThis.exe

      R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.ninemsn.com.au
      R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ninemsn.com.au/
      R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_au&c=83&bd=Pavilion&pf=cnnb
      R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_au&c=83&bd=Pavilion&pf=cnnb
      R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      R0 – HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
      R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
      O1 – Hosts: ::1 localhost
      O2 – BHO: Adobe PDF Reader Link Helper – {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} – C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 – BHO: Skype add-on (mastermind) – {22BF413B-C6D2-4d91-82A9-A0F997BA588C} – C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
      O2 – BHO: (no name) – {5C255C8A-E604-49b4-9D64-90988571CECB} – (no file)
      O2 – BHO: NCO 2.0 IE BHO – {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} – C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
      O2 – BHO: Symantec Intrusion Prevention – {6D53EC84-6AAE-4787-AEEE-F4628F01010C} – C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
      O2 – BHO: Search Helper – {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} – C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
      O2 – BHO: Windows Live ID Sign-in Helper – {9030D464-4C02-4ABF-8ECC-5164760863C6} – C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 – BHO: Java(tm) Plug-In 2 SSV Helper – {DBC80044-A445-435b-BC74-9C25C1C588A9} – C:\Program Files\Java\jre6\bin\jp2ssv.dll
      O2 – BHO: Windows Live Toolbar Helper – {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} – C:\Program Files\Windows Live\Toolbar\wltcore.dll
      O3 – Toolbar: Show Norton Toolbar – {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} – C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
      O3 – Toolbar: &Windows Live Toolbar – {21FA44EF-376D-4D53-9B0F-8A89D3229068} – C:\Program Files\Windows Live\Toolbar\wltcore.dll
      O4 – HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      O4 – HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
      O4 – HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
      O4 – HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
      O4 – HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
      O4 – HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
      O4 – HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
      O4 – HKLM\..\Run: [ccApp] “C:\Program Files\Common Files\Symantec Shared\ccApp.exe”
      O4 – HKLM\..\Run: [osCheck] “C:\Program Files\Norton 360\osCheck.exe”
      O4 – HKLM\..\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
      O4 – HKLM\..\Run: [QuickTime Task] “C:\Program Files\QuickTime\QTTask.exe” -atboottime
      O4 – HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
      O4 – HKLM\..\Run: [iTunesHelper] “C:\Program Files\iTunes\iTunesHelper.exe”
      O4 – HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
      O4 – HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
      O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
      O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
      O4 – HKLM\..\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre6\bin\jusched.exe”
      O4 – HKLM\..\Run: [QPService] “C:\Program Files\HP\QuickPlay\QPService.exe”
      O4 – HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
      O4 – HKLM\..\Run: [UpdatePDRShortCut] “C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe” “C:\Program Files\CyberLink\DVD Suite” UpdateWithCreateOnce “Software\CyberLink\PowerStarter”
      O4 – HKLM\..\Run: [RemoteControl8] “C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe”
      O4 – HKLM\..\Run: [PDVD8LanguageShortcut] “C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe”
      O4 – HKLM\..\Run: [UpdatePPShortCut] “C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe” “C:\Program Files\CyberLink\PowerProducer” update “Software\CyberLink\PowerProducer\5.0″
      O4 – HKLM\..\Run: [CLMLServer] “C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe”
      O4 – HKLM\..\Run: [UCam_Menu] “C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe” “C:\Program Files\CyberLink\YouCam” UpdateWithCreateOnce “Software\CyberLink\YouCam\2.0″
      O4 – HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
      O4 – HKCU\..\Run: [msnmsgr] “C:\Program Files\Windows Live\Messenger\msnmsgr.exe” /background
      O4 – HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
      O4 – HKCU\..\Run: [BitTorrent DNA] “C:\Users\Matthew\Program Files\DNA\btdna.exe”
      O4 – HKCU\..\Run: [Internet Security Services] c:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\DoooooM.exe
      O4 – Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
      O8 – Extra context menu item: Add to Windows &Live Favorites – http://favorites.live.com/quickadd.aspx
      O8 – Extra context menu item: E&xport to Microsoft Excel – res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
      O9 – Extra button: Blog This – {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} – C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
      O9 – Extra ‘Tools’ menuitem: &Blog This in Windows Live Writer – {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} – C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
      O9 – Extra button: Send to OneNote – {2670000A-7350-4f3c-8081-5663EE0C6C49} – C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
      O9 – Extra ‘Tools’ menuitem: S&end to OneNote – {2670000A-7350-4f3c-8081-5663EE0C6C49} – C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
      O9 – Extra button: Skype – {77BF5300-1474-4EC7-9980-D32B190E9B07} – C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
      O9 – Extra button: Research – {92780B25-18CC-41C8-B9BE-3C9C571A8263} – C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
      O13 – Gopher Prefix:
      O15 – Trusted Zone: http://dating.ninemsn.com.au
      O17 – HKLM\System\CCS\Services\Tcpip\..\{E9B4C289-10AE-4157-BC8D-925E4B1CF736}: NameServer = 195.229.241.222 213.42.20.20
      O18 – Protocol: skype4com – {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} – C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
      O23 – Service: Andrea ST Filters Service (AESTFilters) – Andrea Electronics Corporation – C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\aestsrv.exe
      O23 – Service: Agere Modem Call Progress Audio (AgereModemAudio) – Agere Systems – C:\Windows\system32\agrsmsvc.exe
      O23 – Service: Apple Mobile Device – Apple Inc. – C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 – Service: Automatic LiveUpdate Scheduler – Symantec Corporation – C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
      O23 – Service: Bonjour Service – Apple Inc. – C:\Program Files\Bonjour\mDNSResponder.exe
      O23 – Service: Symantec Event Manager (ccEvtMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      O23 – Service: Symantec Settings Manager (ccSetMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      O23 – Service: Symantec Lic NetConnect service (CLTNetCnService) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      O23 – Service: Com4QLBEx – Hewlett-Packard Development Company, L.P. – C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
      O23 – Service: COM Host (comHost) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
      O23 – Service: GameConsoleService – WildTangent, Inc. – C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
      O23 – Service: HP Health Check Service – Hewlett-Packard – c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
      O23 – Service: hpqwmiex – Hewlett-Packard Development Company, L.P. – C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
      O23 – Service: HP Service (hpsrv) – Hewlett-Packard Corporation – C:\Windows\system32\Hpservice.exe
      O23 – Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) – Intel Corporation – C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
      O23 – Service: InstallDriver Table Manager (IDriverT) – Macrovision Corporation – C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 – Service: iPod Service – Apple Inc. – C:\Program Files\iPod\bin\iPodService.exe
      O23 – Service: LiveUpdate – Symantec Corporation – C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
      O23 – Service: LiveUpdate Notice – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      O23 – Service: NVIDIA Display Driver Service (nvsvc) – NVIDIA Corporation – C:\Windows\system32\nvvsvc.exe
      O23 – Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) – Unknown owner – C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
      O23 – Service: QuickPlay Task Scheduler (QTS) (QPSched) – Unknown owner – C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
      O23 – Service: Recovery Service for Windows – Unknown owner – C:\Windows\SMINST\BLService.exe
      O23 – Service: Cyberlink RichVideo Service(CRVS) (RichVideo) – Unknown owner – C:\Program Files\CyberLink\Shared Files\RichVideo.exe
      O23 – Service: PC Tools Auxiliary Service (sdAuxService) – PC Tools – C:\Program Files\Spyware Doctor\pctsAuxs.exe
      O23 – Service: PC Tools Security Service (sdCoreService) – PC Tools – C:\Program Files\Spyware Doctor\pctsSvc.exe
      O23 – Service: Audio Service (STacSV) – IDT, Inc. – C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\STacSV.exe
      O23 – Service: Symantec Core LC – Unknown owner – C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe


      End of file – 12377 bytes

    • Linda Meredith

      My grandsons pc has trojan horse virus. Can’t even get online to try and remove. Anyway to solve this other than wiping pc clean and reloading everything?

    • chris

      The virus i have on my PC infects anything I download etc…..

      Windows Security Alert:
      Application Cannot Be Executed. The file hijackthis.exe is infected.

    • sanjie

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 6:39:00 PM, on 2/20/2011
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\VTTimer.exe
      C:\WINDOWS\SOUNDMAN.EXE
      C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
      C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
      C:\Program Files\Alwil Software\Avast5\avastUI.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\CyberLink\Shared Files\RichVideo.exe
      C:\Program Files\Globe Broadband\Globe Broadband.exe
      D:\Tantra II Philippines\Update.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Program Files\Mozilla Firefox\plugin-container.exe
      C:\Documents and Settings\Administrator\My Documents\Downloads\HiJackThis.exe

      R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com/?SearchSource=10&ctid=CT2233703
      O2 – BHO: Groove GFS Browser Helper – {72853161-30C5-4D22-B7F9-0BBC1D38A37E} – C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
      O4 – HKLM\..\Run: [VTTimer] VTTimer.exe
      O4 – HKLM\..\Run: [VTTrayp] VTtrayp.exe
      O4 – HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
      O4 – HKLM\..\Run: [GrooveMonitor] “C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe”
      O4 – HKLM\..\Run: [RemoteControl] “C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe”
      O4 – HKLM\..\Run: [LanguageShortcut] “C:\Program Files\CyberLink\PowerDVD\Language\Language.exe”
      O4 – HKLM\..\Run: [avast5] “C:\Program Files\Alwil Software\Avast5\avastUI.exe” /nogui
      O4 – HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 – Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
      O8 – Extra context menu item: &Download All using 4shared Desktop – C:\Program Files\4shared Desktop\down_all.htm
      O8 – Extra context menu item: E&xport to Microsoft Excel – res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
      O9 – Extra button: Send to OneNote – {2670000A-7350-4f3c-8081-5663EE0C6C49} – C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
      O9 – Extra ‘Tools’ menuitem: S&end to OneNote – {2670000A-7350-4f3c-8081-5663EE0C6C49} – C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
      O9 – Extra button: Research – {92780B25-18CC-41C8-B9BE-3C9C571A8263} – C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
      O9 – Extra button: Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
      O9 – Extra ‘Tools’ menuitem: Windows Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
      O16 – DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) – file://C:\Program Files\Hidden Expedition – Titanic\Images\stg_drm.ocx
      O16 – DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) – file://C:\Program Files\Hidden Expedition – Titanic\Images\armhelper.ocx
      O17 – HKLM\System\CCS\Services\Tcpip\..\{848A8294-4D8B-40F8-B16E-D308CD2B3089}: NameServer = 202.138.128.50 202.138.128.54
      O18 – Protocol: grooveLocalGWS – {88FED34C-F0CA-4636-A375-3CB6248B04CD} – C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
      O23 – Service: avast! Antivirus – AVAST Software – C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
      O23 – Service: Google Update Service (gupdate) (gupdate) – Google Inc. – C:\Program Files\Google\Update\GoogleUpdate.exe
      O23 – Service: Cyberlink RichVideo Service(CRVS) (RichVideo) – Unknown owner – C:\Program Files\CyberLink\Shared Files\RichVideo.exe


      End of file – 3824 bytes

      this my log file of my computer..pls help me to checked wether there’s a virus running on it…tnx..

    Copyright © 2005-2012 - Raymond.CC Blog