1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

need help with homepage hyjacking

Discussion in 'Virus & Other Malware Removal' started by groovelad, Apr 23, 2004.

Thread Status:
Not open for further replies.
  1. groovelad

    groovelad Thread Starter

    Joined:
    Apr 23, 2004
    Messages:
    1
    mk:mad:MSITStore:C:\WINNT\start.chm::/start.html

    I keep getting my homepage changed to the above address and I get pop ups to this address. I can't get it with adware, I keep fixing this entry in Hyjackthis, but it keeps comming back. This thing has been plauging me for weeks, I keeping thinking I got it, but then it comes back. Let me know anyone can offer any help. Thanks

    Here is my current hyjackthis log

    Logfile of HijackThis v1.97.7
    Scan saved at 8:37:25 PM, on 4/23/2004
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\AVPersonal\AVWUPSRV.EXE
    C:\PROGRA~1\Iomega\System32\AppServices.exe
    C:\Program Files\GFI\LANguard Network Security Scanner 3\sscansvc.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\Program Files\TightVNC\WinVNC.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\Explorer.EXE
    C:\Program Files\3Com\3Com 11Mbps Wireless LAN\Services.exe
    C:\WINNT\tppaldr.exe
    C:\Program Files\AVPersonal\AVGNT.EXE
    C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
    C:\Program Files\3Com\3Com 11Mbps Wireless LAN\WLauncher.exe
    C:\Program Files\Palm\HOTSYNC.EXE
    C:\WINNT\System32\svchost.exe
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\YBKN2VIT\access[1].exe
    C:\WINNT\system32\cmd.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\AVPersonal\AVGUARD.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\hj\HijackThis.exe

    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\TightVNC\WinVNC.exe" -servicehelper
    O4 - HKLM\..\Run: [3ComSMS] C:\Program Files\3Com\3Com 11Mbps Wireless LAN\Services.exe
    O4 - HKLM\..\Run: [3ComLoginS] C:\Program Files\3Com\3Com 11Mbps Wireless LAN\LoginService.exe
    O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINNT\tppaldr.exe
    O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
    O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
    O4 - Global Startup: 3Com WLAN Launcher.lnk = C:\Program Files\3Com\3Com 11Mbps Wireless LAN\WLauncher.exe
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/US/install.cab
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    O16 - DPF: {544EB377-350A-4295-9BEB-EAB8392E09C6} (MSN Money Charting) - http://fdl.msn.com/public/investor/v13/invinstl.exe
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/03ab81933e27e2c31521/netzip/RdxIE601.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37946.7665972222
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
     
  2. Pancake

    Pancake

    Joined:
    Jan 9, 2004
    Messages:
    313
    It could be still in your restore files.If it keeps coming back turn off System Restore,delete the file and reboot.Turn System restore back on again.
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/223321

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice