i have run ad aware, goodbye spy, spybot S&D, and hijack this. they all destroyed a good number of things, but i continually get that damn default-homepage-network thing. it seems to be on a timer, as it replaces my homepage every 5 minutes or so which makes browsing downright annoying. it happens each time i re-open IE after 5 minutes of not using it.
i saw a previous person's post about this, and following the instruction did not seem to help me.
here is my hijack this log:
Logfile of HijackThis v1.97.6
Scan saved at 8:07:45 PM, on 4/2/2004
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\System32\winlogon
.exe
C:\WINNT\system32\services
.exe
C:\WINNT\system32\lsass.ex
e
C:\WINNT\system32\svchost.
exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.
exe
C:\WINNT\System32\DRIVERS\
CDANTSRV.E
XE
C:\WINNT\System32\svchost.
exe
C:\PROGRA~1\Iomega\System3
2\AppServi
ces.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTEC
T.EXE
C:\WINNT\System32\nvsvc32.
exe
C:\WINNT\system32\regsvc.e
xe
C:\WINNT\system32\MSTask.e
xe
C:\Program Files\Supero Doctor II\NTService.exe
C:\WINNT\System32\Tablet.e
xe
C:\WINNT\System32\WBEM\Win
Mgmt.exe
C:\WINNT\System32\mspmspsv
.exe
C:\WINNT\system32\svchost.
exe
C:\Program Files\Iomega\AutoDisk\ADSe
rvice.exe
C:\WINNT\Explorer.EXE
C:\Program Files\AIM95\aim.exe
C:\WINNT\System32\wuauclt.
exe
C:\WINNT\System32\mshta.ex
e
C:\WINNT\system32\ntvdm.ex
e
C:\WINNT\System32\mshta.ex
e
C:\WINNT\system32\ntvdm.ex
e
C:\WINNT\SYSTEM32\CS4P028.
EXE
C:\WINNT\SYSTEM32\CS4P028.
EXE
C:\WINNT\System32\mshta.ex
e
C:\WINNT\system32\ntvdm.ex
e
C:\WINNT\System32\mshta.ex
e
C:\WINNT\system32\ntvdm.ex
e
C:\WINNT\SYSTEM32\CS4P028.
EXE
C:\WINNT\SYSTEM32\CS4P028.
EXE
C:\WINNT\System32\mshta.ex
e
C:\WINNT\system32\ntvdm.ex
e
C:\WINNT\SYSTEM32\CS4P028.
EXE
C:\WINNT\System32\mshta.ex
e
C:\WINNT\system32\ntvdm.ex
e
C:\WINNT\SYSTEM32\CS4P028.
EXE
C:\WINNT\System32\mshta.ex
e
C:\WINNT\system32\ntvdm.ex
e
C:\WINNT\System32\mshta.ex
e
C:\WINNT\system32\ntvdm.ex
e
C:\WINNT\SYSTEM32\CS4P028.
EXE
C:\WINNT\SYSTEM32\CS4P028.
EXE
C:\Program Files\mIRC\mirc.exe
C:\WINNT\System32\mshta.ex
e
C:\WINNT\system32\ntvdm.ex
e
C:\WINNT\SYSTEM32\CS4P028.
EXE
C:\Program Files\Macromedia\Flash MX\Flash.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Kazaa Lite\kazaalite.kpp
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\hijackthis\hijackthis.e
xe
R1 - HKCU\Software\Microsoft\In
ternet Explorer\Main,Search Bar =
http://server224.smartbotpro.net/7search/?hkcuR0 - HKCU\Software\Microsoft\In
ternet Explorer\Main,Start Page =
http://www.synj.net/R0 - HKLM\Software\Microsoft\In
ternet Explorer\Main,Start Page =
http://default-homepage-network.com/start.cgi?hklmR1 - HKLM\Software\Microsoft\In
ternet Explorer\Main,Search Bar =
http://server224.smartbotpro.net/7search/?hklmO2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-C
F10577473F
7} - c:\program files\google\googletoolbar
1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-0
09027A5CD4
F} - c:\program files\google\googletoolbar
1.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe
" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dl
l,NvStartu
p
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKLM\..\RunOnce: [Ad-aware] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe" "+b1"
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar
1.dll/cmse
arch.html
O8 - Extra context menu item: Allow Site's Pop-&ups - file://C:\Program Files\PopNot\trustsite.scr
ipt
O8 - Extra context menu item: Always &Kill this Pop-up - file://C:\Program Files\PopNot\blocksite.scr
ipt
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar
1.dll/cmba
cklinks.ht
ml
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar
1.dll/cmca
che.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar
1.dll/cmsi
milar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar
1.dll/cmtr
ans.html
O9 - Extra button: AIM (HKLM)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-4
4455354000
0} (Shockwave ActiveX Control) -
http://download.macromedia.com/pub/shockwave/cabs/director/sw.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-4
4455354000
0} (Shockwave Flash Object) -
http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cabplease help! it has been annoying me for over a week. it's the only spyware i've ever had a serious problem with.
Start Free Trial
