"Startnow Navigation Helper" (Is it a problem)

  eego 14:15 17 Jan 05
Locked

An application software has suddenly appeared on my computer called "Startnow Navigation Helper", can anyone please tell me whether or not this software is assosciated with the browser hijacker "startnow" and if so, can it be removed. I dont know where its come from and, I have tried removing it with add / remove, but it won't remove and all I get is an error message informing me that it was "not installed properly". None of my anti-spy or anti-virus detectors will recognise it.

  JoeC 14:24 17 Jan 05
  Graham ® 14:25 17 Jan 05

You need Hijackthis from click here

Await professional advice before you do anything!

  Graham ® 14:27 17 Jan 05

BTW it often comes with P2P file sharing programs (Warez?).

  eego 16:19 17 Jan 05

Thanks Graham Ive already sussed that it is a biproduct of "Warez" P2P File Sharing. I will have a go with Hijackthis and see where it takes me.

  eego 16:34 17 Jan 05

I have run "Highjackthis" and the file shows several items, but as you suggested I will wait for some professional advise.

  Graham ® 17:18 17 Jan 05

You need Nellie2, keep posting to maintain your thread on page 1.

  Dennis1 17:25 17 Jan 05

I had the same thing, I found that I had to uninstall the startnow helper before the warez prog, You'll probably find another program installed called new net Domains,If it's the same as I had.Dennis

  Graham ® 17:26 17 Jan 05

In the meantime, post your results. Please double space after every line so it is easy to read. You may need more than one response due to the 800 word limit.

click here for an example.

  eego 17:46 17 Jan 05

Logfile of HijackThis v1.99.0
Scan saved at 16:20:39, on 17/01/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\CA\eTrust Antivirus\InoRpc.exe

C:\Program Files\CA\eTrust Antivirus\InoRT.exe

C:\Program Files\CA\eTrust Antivirus\InoTask.exe

C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\system32\carpserv.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe

C:\PROGRA~1\CA\ETRUST~1\realmon.exe

C:\Program Files\Winferno\SIEPIE\SIEPulse.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe

C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe

C:\Program Files\Messenger\msmsgs.exe

c:\progra~1\intern~1\iexplore.exe

C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

C:\Program Files\SpywareGuard\sgmain.exe

C:\Program Files\SpywareGuard\sgbhp.exe


C:\Program Files\Winferno\SIEPIE\SecureIE.exe

C:\WINDOWS\system32\WISPTIS.EXE

C:\DOCUME~1\ELGIN~1.ELG\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

C:\WINDOWS\system32\wuauclt.exe

  eego 17:55 17 Jan 05

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = click here

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = click here

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = click here

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = click here

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = click here

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = click here

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = click here

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = click here

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = click here

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = click here

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = click here


R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = click here

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = click here

R3 - URLSearchHook: HyperSearchHook - {3574BC38-81E8-482A-AF9B-9BEBC8AFCF8D} - C:\Program Files\Common Files\Hyperbar\HyperbarSS3.dll

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {23B1BCD3-C2BE-E526-60A4-86089BEC8EB5} - C:\DOCUME~1\ELGIN~1.ELG\APPLIC~1\EACHON~1\RDR THIRD.exe

O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: PrivateIEBHO.CPrivateIEBHO - {BD0D4420-5E4C-4FCC-AFC0-EEA69B608E75} - C:\Program Files\Winferno\SIEPIE\PrivateIEBHO.dll

O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll


O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode

O4 - HKLM\..\Run: [CARPService] carpserv.exe



O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE


O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [AntivirusRegistration] C:\Program Files\Excid.com Aps\eTrust Antivirus Registration\EzAntivirusRegistrationCheck.exe

O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s

O4 - HKLM\..\Run: [SIE2004] "C:\Program Files\Winferno\SIEPIE\SIEPulse.exe"

O4 - HKLM\..\Run: [wma rect meta way] C:\Documents and Settings\All Users\Application Data\MEMOLOGWMARECT\fordlong.exe

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [InstantTray] C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe

O4 - HKCU\..\Run: [IW_Drop_Icon] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe /DropDisc

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background


O4 - HKCU\..\Run: [info anti] C:\DOCUME~1\ELGIN~1.ELG\APPLIC~1\shimbash\Fourcool.exe

O4 - Startup: PowerReg Scheduler.exe

O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe

O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

This thread is now locked and can not be replied to.

How to get Windows 10 for free | How to install Windows 10: There is still a way to avoid paying…

1995-2015: How technology has changed the world in 20 years

Alex Chinneck’s giant ice cube Christmas tree at Kings Cross

Apple rumours & predictions 2017: The iPhone 8, new iPads, and everything else you should expect fr7…