Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

spyware---startsearch.net

Started by rondvc , Jun 01 2005 04:01 PM

  • Please log in to reply

#1
rondvc
Posted 01 June 2005 - 04:01 PM

rondvc

    New Member

  • Member
  • Pip
  • 1 posts
A short time ago my homepage started going to startsearch.net. You can see it try to go to the set location but it can't. There is no telling what is in my system. I have Ad-Aware SE Personal and Microsoft Spyware but they don't seem to detect this. Help. Here is my Hijack log:

Logfile of HijackThis v1.99.1
Scan saved at 5:58:47 PM, on 6/1/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
E:\CharterAntiVirusFireWall\Common\FSM32.EXE
E:\MicrosoftAntispyware\gcasServ.exe
E:\qttask.exe
E:\quicktunes\iTunesHelper.exe
E:\IVT BlueSoleil\BlueSoleil.exe
E:\CHARTE~1\backweb\3528733\Program\SERVIC~1.EXE
E:\CharterAntiVirusFireWall\Anti-Virus\fsgk32st.exe
E:\Common\Bin\WinCinemaMgr.exe
E:\CharterAntiVirusFireWall\backweb\3528733\Program\fspex.exe
E:\CharterAntiVirusFireWall\Anti-Virus\FSGK32.EXE
E:\Program Files\WinZip\WZQKPICK.EXE
E:\CharterAntiVirusFireWall\backweb\3528733\program\fsbwsys.exe
C:\WINDOWS\system32\wfxsnt40.exe
E:\CharterAntiVirusFireWall\Common\FSMA32.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
E:\CharterAntiVirusFireWall\Common\FSMB32.EXE
E:\CharterAntiVirusFireWall\Anti-Virus\fssm32.exe
E:\CharterAntiVirusFireWall\Common\FCH32.EXE
E:\WINFAX\wfxctl32.exe
E:\CharterAntiVirusFireWall\Common\FAMEH32.EXE
E:\CharterAntiVirusFireWall\FSPC\fspc.exe
C:\Program Files\iPod\bin\iPodService.exe
E:\CharterAntiVirusFireWall\FWES\Program\fsdfwd.exe
E:\CharterAntiVirusFireWall\Anti-Virus\fsav32.exe
E:\CharterAntiVirusFireWall\FSGUI\fsguiexe.exe
E:\WINFAX\WFXMOD32.EXE
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
E:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://charter.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://charter.msn.com/
R3 - Default URLSearchHook is missing
O2 - BHO: VMHomepage Class - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA} - C:\WINDOWS\System32\hp53DC.tmp
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Microsoft RPC Module] WINrpc32.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AOL 9.0 Optimized] AOLCLIENT.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [zzzHPSETUP] D:\Setup.exe
O4 - HKLM\..\Run: [ap9h4qmo] C:\WINDOWS\System32\ap9h4qmo.exe
O4 - HKLM\..\Run: [hutdowns] C:\WINDOWS\System32\hutdowns.exe
O4 - HKLM\..\Run: [etbrun] C:\windows\system32\elitevjd32.exe
O4 - HKLM\..\Run: [F-Secure Manager] "E:\CharterAntiVirusFireWall\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "E:\CharterAntiVirusFireWall\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "E:\CharterAntiVirusFireWall\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "E:\CharterAntiVirusFireWall\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [gcasServ] "E:\MicrosoftAntispyware\gcasServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "E:\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] E:\quicktunes\iTunesHelper.exe
O4 - HKLM\..\RunServices: [Microsoft RPC Module] WINrpc32.exe
O4 - HKCU\..\Run: [ver] C:\WINDOWS\System32\ver.exe
O4 - HKCU\..\Run: [YB23RffEg] C:\Program Files\asdfe57\SPBS.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: WinFax Application Port Starter.lnk = C:\WINDOWS\system32\wfxsnt40.exe
O4 - Startup: WinFax PRO Controller.lnk = E:\WINFAX\wfxctl32.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Adobe7\Reader\reader_sl.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = E:\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: WinZip Quick Pick.lnk = E:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - E:\CharterAntiVirusFireWall\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - E:\CharterAntiVirusFireWall\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Show website &list - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - E:\CharterAntiVirusFireWall\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - E:\CharterAntiVirusFireWall\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: &Suspend Webpage Filter - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - E:\CharterAntiVirusFireWall\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - E:\CharterAntiVirusFireWall\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: &Deny this website - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - E:\CharterAntiVirusFireWall\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - E:\CharterAntiVirusFireWall\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: &Allow this website - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - E:\CharterAntiVirusFireWall\FSPC\fspcmsie.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - E:\Program Files\AIM\aim.exe
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - E:\Hello by Picasa\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - E:\Hello by Picasa\Hello\PicasaCapture.dll
O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - https://components.v...llsize_bed.html
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab32846.cab
O16 - DPF: {D670D0B3-05AB-4115-9F87-D983EF1AC747} (AOL Downloader Plugin) - http://pak06.picture...US.9.1.6.18.cab
O23 - Service: Charter High-Speed Security Suite (BackWeb Plug-in - 3528733) - Unknown owner - E:\CHARTE~1\backweb\3528733\Program\SERVIC~1.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - E:\CharterAntiVirusFireWall\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - E:\CharterAntiVirusFireWall\backweb\3528733\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - E:\CharterAntiVirusFireWall\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - E:\CharterAntiVirusFireWall\FSPC\fshttps\fshttps.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - E:\CharterAntiVirusFireWall\Common\FSMA32.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP