|
|
|||||||
| Spyware Cleaning Section Closed!! |
| Notice: The spyware cleaning (HijackThis) section is closed. Wilders Security no longer provides one on one spyware cleaning assistance. Please see this announcement for a list of websites that provide such services. |
|
|
Thread Tools | Search this Thread |
|
#1
January 12th, 2004, 12:01 PM
|
|||
|
|||
Hijacked: www.search-space.com
Being new to this forum, I hope I am posting this correctly. My start page has been hijacked to www.search-space.com.
I have ron spybot and spywareblaster with no effect. Every time I restart my system I am back at this website. Any ideas? Thanks |
|
#2
January 12th, 2004, 12:29 PM
|
||||
|
||||
|
Re:Hijacked: www.search-space.com
hey sloryde,
can u plz do this Download, extract and run HijackThis itself: Make sure you use the latest version of this program as it is updated often to keep up with the latest threats! When running HijackThis note that most of what it finds will be harmless, so don't try to "Fix" anything yet!! HijackThis * Download HijackThis from here: http://www.tomcoyote.org/hjt/ - Use the HijackThis button on left which has the green flashing light next to it. Open the download ZIP file to extract the HijackThis program from within. - If you can't open the ZIP file, you'll need to get an unzipping tool such as this one. Run HijackThis.exe Press "Scan" button. When done the "Scan" button will change to "Save Log", press that. Save the log as a text file. In step 3 below, you'll need to copy and paste the contents of this log to a post here. HijackThis is a very powerful tool! If you want to try and fix things yourself with it, keep in mind that it makes no distinction between good or bad items. It just does whatever the user instructs it to do, no matter what the consequences might be. You could end up disconnecting yourself from the internet or being unable to reboot your system at all! and do wait for some expert over here to chk ur log and help u thx
__________________
http://blog.emsisoft.com www.Emsisoft.com |
|
#3
January 12th, 2004, 04:11 PM
|
|||
|
|||
|
Re:Hijacked: www.search-space.com
this is the log I got from hijack this
Logfile of HijackThis v1.97.7 Scan saved at 2:19:15 PM, on 1/12/2004 Platform: Windows ME (Win9x 4.90.3000) MSIE: Internet Explorer v5.50 (5.50.4134.0100) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\WINDOWS\SYSTEM\SSDPSRV.EXE C:\WINDOWS\SYSTEM\ATI2EVXX.EXE C:\WINDOWS\SYSTEM\STIMON.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\WINDOWS\SYSTEM\ATIPTAXX.EXE C:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\COMMON\BIN\RXMON9X.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\PROGRAM FILES\DELL\ACCESSDIRECT\DADAPP.EXE C:\PROGRAM FILES\DELL\ACCESSDIRECT\DADTRAY.EXE C:\WINDOWS\DOCKAPP.EXE C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE C:\WINDOWS\SYSTEM\MDM.EXE C:\PROGRAM FILES\MOTIVE\MOTMON.EXE C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE C:\PROGRAM FILES\LOGITECH\ITOUCH\ITOUCH.EXE C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE C:\PROGRAM FILES\IOMEGA\DRIVEICONS\IMGICON.EXE C:\WINDOWS\SYSTEM\HPHA2MON.EXE C:\WINDOWS\SYSTEM\SPOOL32.EXE C:\WINDOWS\SYSTEM\HPZTSB01.EXE C:\PROGRAM FILES\CAERE\OMNIPAGEPRO90\OPWARE32.EXE C:\PROGRAM FILES\CAERE\OMNIPAGEPRO90\opware16.exe C:\PROGRAM FILES\MICROSOFT HARDWARE\GAME CONTROLLERS\COMMON\SWTRAYV4.EXE C:\WINDOWS\SVCHOST.EXE C:\PROGRAM FILES\LOGITECH\ITOUCH\KBDTRAY.EXE C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 4\CREATECD\CREATECD.EXE C:\WINDOWS\SYSTEM\HPHIPM08.EXE C:\WINDOWS\RunDLL.exe C:\WINDOWS\TEMP\TD_0001.DIR\HIJACKTHIS.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search-space.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search-space.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://government.dellnet.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://www.search-space.com/ F1 - win.ini: run=hpfsched O1 - Hosts: 5377608764 spywareinfoforum.com O1 - Hosts: 5377608764 www.spywareinfoforum.com O1 - Hosts: 5377608764 lavasoftsupport.com O1 - Hosts: 5377608764 www.lavasoftsupport.com O1 - Hosts: 5377608764 searchv.com O1 - Hosts: 5377608764 www.searchv.com O1 - Hosts: 5377608764 approvedlinks.com O1 - Hosts: 5377608764 www.approvedlinks.com O1 - Hosts: 5377608764 searching-the-net.com O1 - Hosts: 5377608764 www.searching-the-net.com O1 - Hosts: 5377608764 ywebsearch.info O1 - Hosts: 5377608764 www.ywebsearch.info O1 - Hosts: 5377608764 ok-search.com O1 - Hosts: 5377608764 www.ok-search.com O1 - Hosts: 5377608764 ewebsearch.net O1 - Hosts: 5377608764 www.ewebsearch.net O1 - Hosts: 5377608764 www.008k.com O1 - Hosts: 5377608764 autosearcher.com O1 - Hosts: 5377608764 www.autosearcher.com O1 - Hosts: 5377608764 www.smutserver.com O1 - Hosts: 5377608764 www.smuthosts.com O1 - Hosts: 5377608764 www.kinghost.com O1 - Hosts: 5377608764 exit.xitcash.com O1 - Hosts: 5377608764 www.exitforcash.com O1 - Hosts: 5377608764 exit.sellyourexit.com O1 - Hosts: 5377608764 sex-explorer.com O1 - Hosts: 5377608764 www.sex-explorer.com O1 - Hosts: 5377608764 www.online-dialer.com O1 - Hosts: 5377608764 network.nocreditcard.com O1 - Hosts: 5377608764 www.mtreexxx.net O1 - Hosts: 5377608764 www.0190-dialer.com O1 - Hosts: 5377608764 install.xxxtoolbar.com O1 - Hosts: 5377608764 www.xxxtoolbar.com O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\SPYBOT~1\SDHELPER.DLL O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [RxMon] C:\Program Files\Dell\Resolution Assistant\Common\bin\RxMon9x.exe O4 - HKLM\..\Run: [MadExe] C:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\COMMON\BIN\LaunchRA.exe -boot O4 - HKLM\..\Run: [DadApp] C:\Program Files\DELL\AccessDirect\dadapp.exe O4 - HKLM\..\Run: [CPortPatch] C:\WINDOWS\Quick Install\CPPatch.exe O4 - HKLM\..\Run: [BayMgr] DockApp.exe O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSHWIN32.EXE O4 - HKLM\..\Run: [McAfeeWebScanX] C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\WebScanX.Exe O4 - HKLM\..\Run: [Alogserv] C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe O4 - HKLM\..\Run: [NPROTECT] C:\Program Files\Norton Utilities\NPROTECT.EXE O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE O4 - HKLM\..\Run: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET O4 - HKLM\..\Run: [zBrowser Launcher] C:\PROGRA~1\LOGITECH\ITOUCH\iTouch.exe O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe O4 - HKLM\..\Run: [HPHA2MON] C:\WINDOWS\SYSTEM\hpha2mon.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb01.exe O4 - HKLM\..\Run: [OmniPage] C:\PROGRAM FILES\CAERE\OMNIPAGEPRO90\opware32.exe O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MICROS~3\GAMECO~1\COMMON\SWTRAYV4.EXE O4 - HKLM\..\Run: [Online Service] C:\WINDOWS\svchost.exe O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\ADAPTEC\EASYCD~1\CREATECD\CREATECD.EXE -r O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe O4 - HKLM\..\RunServices: [ATIPOLAB] ati2evxx.exe O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY O4 - HKCU\..\Run: [QuickTime Task] c:\windows\qttasks.exe O4 - Startup: Resolution Assistant.lnk = C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\matcli.exe O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O9 - Extra button: Related (HKLM) O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM) O9 - Extra button: Dell Home (HKCU) O14 - IERESET.INF: START_PAGE_URL=http://government.dellnet.com/ O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.dell.com/us/en/systemprofiler/SysProfLCD.CAB |
|
#4
January 12th, 2004, 04:33 PM
|
||||
|
||||
|
Re:Hijacked: www.search-space.com
Hi sloryde,
Please download and run CWShredder Then reboot, run HijackThis again and check the following items in HijackThis that are still there. Close all windows except HijackThis and click Fix checked: R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search-space.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search-space.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://www.search-space.com/ All the O1 entries O4 - HKLM\..\Run: [Online Service] C:\WINDOWS\svchost.exe O4 - HKCU\..\Run: [QuickTime Task] c:\windows\qttasks.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present Then reboot and delete: C:\WINDOWS\svchost.exe <= NOTE, opnly the one in the windows directory Regards, Pieter
__________________
Regards, Pieter Itīs nice to be important, but itīs more important to be nice. It's human to make mistakes. It's even more so to blame the computer for it. |
|
#6
January 13th, 2004, 02:11 PM
|
||||
|
||||
|
Re:Hijacked: www.search-space.com
Hi sloryde,
Great to hear the hijack is cured.  Maybe the file is hidden. Check here how to "unhide" those: http://www.tacktech.com/display.cfm?ttid=192 On the other hand CWShredder might have "killed" it. Regards, Pieter
__________________
Regards, Pieter Itīs nice to be important, but itīs more important to be nice. It's human to make mistakes. It's even more so to blame the computer for it. |
| « Previous Thread | Next Thread » |
| Thread Tools | Search this Thread |
|
|
