nasty little fellow stuck some shortcuts on the desktop and hijacked the homepage. boot to safe mode to remove the
c:\winnt\inetm folder and it's contents. Then use
HiJack This! to remove the startup info.
Home page had been redirected to www.search-paga.com/10040
suspicious entry in startup listed xp_system and c:\winnt\inetm\winlogon.exe
this system is Windows 2000 and it was SP3 .. now is SP4 !
have a good one !
( Paga winlogon.exe )