Tom's Guide | Tom's Hardware | Tom's Games
 |
 |
 |
everytime i reboot or even log off and then log back on again my homepage is reset to start-space.com. i ran spy-bot, hijackthis, and cws shredder. that works untill i restart or log off. then when i run those programs again it finds the exact same stuff that i deleted the time before.
0 
0
here you go:
Logfile of HijackThis v1.97.2
Scan saved at 6:55:13 PM, on 11/27/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Alex\Local Settings\Temp\Temporary Directory 3 for hijackthis.zip\HijackThis.exeR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.start-space.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://www.start-space.com/
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [rlgkhan] "C:\WINDOWS\System32\rlgkhan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe"
O4 - HKCU\..\Run: [QuickTime Task] c:\windows\qttasks.exe
O9 - Extra button: AIM (HKLM)
O16 - DPF: Yahoo! Euchre - http://download.games.yahoo.com/games/clients/y/et1_x.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt0_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
0
I have the same prob.
Here is my log file.
Logfile of HijackThis v1.97.7
Scan saved at 3:40:22 PM, on 11/30/2003
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.exe
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.exe
C:\WINDOWS\SYSTEM\DEVLDR16.exe
C:\WINDOWS\EXPLORER.exe
C:\WINDOWS\TASKMON.exe
C:\WINDOWS\SYSTEM\SYSTRAY.exe
C:\PROGRAM FILES\OPTIMUM ONLINE\NETSURF.exe
C:\PROGRAM FILES\PANDA SOFTWARE\PANDA TITANIUM ANTIVIRUS 2004\APVXDWIN.exe
C:\WINDOWS\SYSTEM\WMIEXE.exe
C:\WINDOWS\SYSTEM\RESTORE\STMGR.exe
C:\WINDOWS\SYSTEM\DDHELP.exe
C:\PROGRAM FILES\PANDA SOFTWARE\PANDA TITANIUM ANTIVIRUS 2004\WEBPROXY.exe
C:\WINDOWS\SYSTEM\STIMON.exe
C:\PROGRAM FILES\AIM\AIM.exe
C:\WINDOWS\SYSTEM\PSTORES.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.exe
C:\MY DOCUMENTS\MY PICTURES\HIJACKTHIS\HIJACKTHIS.exeR1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.search-1.net/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = C:\WINDOWS\search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = C:\WINDOWS\search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = C:\WINDOWS\search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.optonline.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = C:\WINDOWS\search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = C:\WINDOWS\search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = C:\WINDOWS\search.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.start-space.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = C:\WINDOWS\search.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = C:\WINDOWS\search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = C:\WINDOWS\search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = C:\WINDOWS\search.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = C:\WINDOWS\search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://e-plus.cc/search.php?aff_id=46&keyword=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.optonline.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://www.start-space.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = C:\WINDOWS\search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchAssistant = http://www.search-1.net/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer,CustomizeSearch = http://www.search-1.net/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = http://ie-search.com/srchasst.html (obfuscated)
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.exe
O4 - HKLM\..\Run: [Optimum Online] C:\Program Files\Optimum Online\Netsurf.exe -tray
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.exe" -atboottime
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.exe" /s
O4 - HKLM\..\Run: [devldr16.exe] C:\WINDOWS\SYSTEM\devldr16.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [PavProc] C:\Program Files\Common Files\Panda Software\PavShld\PavPrS9x.exe
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [QuickTime Task] c:\windows\qttasks.exe
O9 - Extra button: AIM (HKLM)
O10 - Unknown file in Winsock LSP: c:\program files\panda software\panda titanium antivirus 2004\pavlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\panda software\panda titanium antivirus 2004\pavlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\panda software\panda titanium antivirus 2004\pavlsp.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://support.gateway.com/support/profiler/PCPitStop.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/abarth/us/win/QuickTimeInstaller.exe
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinstc.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37948.589849537
0
me too!
Logfile of HijackThis v1.97.7
Scan saved at 04:02:51 p.m., on 01/12/03
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.exe
C:\WINDOWS\SYSTEM\MPREXE.exe
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.exe
C:\WINDOWS\TASKMON.exe
C:\WINDOWS\SYSTEM\SYSTRAY.exe
C:\WINDOWS\SYSTEM\IRMON.exe
C:\ARCHIVOS DE PROGRAMA\COMPAQ\COMPAQ EAB SOFTWARE\CPQEK.exe
C:\ARCHIVOS DE PROGRAMA\SYNAPTICS\SYNTP\SYNTPLPR.exe
C:\ARCHIVOS DE PROGRAMA\SYNAPTICS\SYNTP\SYNTPENH.exe
C:\WINDOWS\LOADQM.exe
C:\ARCHIVOS DE PROGRAMA\ARCHIVOS COMUNES\REAL\UPDATE_OB\REALSCHED.exe
C:\WINDOWS\SYSTEM\WMIEXE.exe
C:\WINDOWS\SYSTEM\DDHELP.exe
C:\ARCHIVOS DE PROGRAMA\MSN MESSENGER\MSNMSGR.exe
C:\ARCHIVOS DE PROGRAMA\INTERNET EXPLORER\IEXPLORE.exe
C:\HIJACKTHIS.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.start-space.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.start-space.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://login.passport.net/uilogin.srf?id=2
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://www.start-space.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
F1 - win.ini: run=hpfsched
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\ARCHIVOS DE PROGRAMA\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARCHIV~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [IrMon] IrMon.exe
O4 - HKLM\..\Run: [cpqek] C:\Archivos de programa\Compaq\Compaq EAB Software\cpqek.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Archivos de programa\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKCU\..\Run: [explore] c:\windows\explore.exe
O4 - HKCU\..\Run: [QuickTime Task] c:\windows\qttasks.exe
O4 - Startup: Inicio de Office.lnk = C:\Archivos de programa\Microsoft Office\Office\OSA.exe
O4 - Startup: Búsqueda rápida de Microsoft.lnk = C:\Archivos de programa\Microsoft Office\Office\FINDFAST.exe
O12 - Plugin for .rip: C:\ARCHIV~1\INTERN~1\PLUGINS\nptmpt32.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} - http://dload.ipbill.com/del/loader.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4271/mcfscan.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37953.5967476852
0
And me!!!!!!!
Here is my scan log:Logfile of HijackThis v1.97.7
Scan saved at 21:11:38, on 01/12/2003
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\Explorer.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\WINNT\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\winnt\winlogon.exe
C:\Program Files\ClockSync\Sync.exe
C:\program files\GlobalDialer\wordi00053\iexplore.exe
C:\Documents and Settings\Anthony\Local Settings\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search-space.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search-space.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.freeserve.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Freeserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://www.search-space.com/
O1 - Hosts: 69.56.223.196 t.rack.cc
O1 - Hosts: 69.56.223.196 www.alfa-search.com
O1 - Hosts: 69.56.223.196 webcoolsearch.com
O1 - Hosts: 69.56.223.196 in.webcounter.cc
O1 - Hosts: 69.56.223.196 i-lookup.com
O1 - Hosts: 69.56.223.196 www.hand-book.com
O1 - Hosts: 69.56.223.196 www.maxxxhosters.com
O1 - Hosts: 69.56.223.196 allneedsearch.com
O1 - Hosts: 69.56.223.196 nativehardcore.com
O1 - Hosts: 69.56.223.196 teen-biz.com
O1 - Hosts: 69.56.223.196 tits.hardcore4ever.net
O1 - Hosts: 69.56.223.196 best.royalsearch.net
O1 - Hosts: 69.56.223.196 default-homepage-network.com
O1 - Hosts: 69.56.223.196 xwebsearch.biz
O1 - Hosts: 69.56.223.196 www.rightfinder.net
O1 - Hosts: 69.56.223.196 www.search-1.net
O1 - Hosts: 69.56.223.196 www.searchv.com
O1 - Hosts: 69.56.223.196 www.websearch.com
O1 - Hosts: 69.56.223.196 mysearchnow.com
O1 - Hosts: 69.56.223.196 www.therealsearch.com
O1 - Hosts: 69.56.223.196 www.find-itnow.com
O1 - Hosts: 69.56.223.196 find.microgirls.com
O1 - Hosts: 69.56.223.196 super-spider.com
O1 - Hosts: 69.56.223.196 www.searching-the-net.com
O1 - Hosts: 69.56.223.196 www.firstbookmark.com
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Microsoft Excel - {17DA0C9E-4A27-4ac5-BB75-5D24B8CDB972} - C:\DOCUME~1\Anthony\APPLIC~1\MICROS~1\Office\Excel10.dll
O2 - BHO: (no name) - {23BC1CCF-4BE7-497F-B154-6ADA68425FBB} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Freeserve - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\FREESE~1\FSBar\FSBar.dll
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [HPCDRW Reminder] "C:\Program Files\HP CD-Writer\support\webreg\Navbrowser.exe" /r /i "C:\Program Files\HP CD-Writer\support\webreg\NavLoad.ini"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINNT\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [winlogon] c:\winnt\winlogon.exe
O4 - HKCU\..\Run: [QuickTime Task] c:\winnt\qttasks.exe
O4 - HKCU\..\Run: [ClockSync] C:\Program Files\ClockSync\Sync.exe
O4 - HKCU\..\Run: [sws.exe] c:\program files\GlobalDialer\wordi00053\iexplore.exe -remove
O4 - Startup: New Text Document.bat
O4 - Startup: Shortcut to trex.wav.lnk = C:\My Shared Folder\trex.wav
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com/
O15 - Trusted Zone: *.teensguru.com
O16 - DPF: axscanner - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: axscannerruntime - http://www.pestscan.com/scanner/axscannerruntime.cab
O16 - DPF: mscomctl - http://www.pestscan.com/scanner/mscomctl.cab
O16 - DPF: msvcp71 - http://download.pestpatrol.com/Downloads/Components/msvcp71.cab
O16 - DPF: msvcr71 - http://download.pestpatrol.com/Downloads/Components/msvcr71.cab
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cabThanks!!
0
I get the same problems. This is the first place I've found that even addresses this virus. Nothing seems to work. HELP!!!
0
I have a 4 computer LAN, and 1 computer infected with start-space-itis. I've just installed XP on it in the last month, so IF this is a result of a program I downloaded, it is one of these:
Pop-Up Stopper
Inboxcop
JetAudio
AD-Aware
Yahoo Messenger
QuicktimeMy other computers are running all of the above except InboxCop. I removed InboxCop to no avail. I am a software developer and not stupid enough to open the wrong attachment.
Theory:
My other computers are either laptops or seldom turned on, this computer is up and online at all times. Also, I am just lazy enough to leave the default password on my router (RoadRunner cable).
My guess is my network was attacked and spyware (and God knows what else) put on the computer.... Thoughts??
Could future posters include the network situation of their computer?
0
http://www.spywareinfo.com/~merijn/cwschronicles.html#qttasksMake sure you update the security hole in explorer's jave VM from Microsoft.
Good luck!
0
Hi,
I have the same problem, so I loaded all the critical Microsoft updates onto my PC. However, the search/start-space.com homepage keeps coming up. Am I doing something wrong?
Cheers
0
ATTN ALL: I suspect based on the available info that the QuickTime download was sabotaged to include this Trojan on or around 11/23. I downloaded QuickTime on 11/23 (verified by the timestamp of the download) and this is also the timestamp of the trojan files. Furthermore, all of the above HijackThis logs suggest the other victims were running QuickTime.
TO FIX (ATTN steve1)
You need to delete the registry entry for (winxp directory)/winlogon.exe. Then delete winlogon.exe and qttasks.exe.
There is a legitimate winlogon.exe but it is in the system32 subdirectory not the windows directory.
0  |
 |
 |
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
| Ads by Google |
