Whenever I open my Internet Explorer it tries to connect to www.thehun.net. It automatically opens additional windows and all open www.thehun.net. Here is what I did allready: Update and scan everything with Norton Antivirus -> nothing found Run Spybot Search and Destroy -> found something and removed it. Run Ad aware -> nothing found I am running out of ideas. I finally run hijackthis and got the following log. Logfile of HijackThis v1.97.3 Scan saved at 19:42:58, on 04.11.2003 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe C:\Programme\Norton Personal Firewall\NISUM.exe C:\Programme\Norton Personal Firewall\ccPxySvc.exe C:\WINNT\System32\svchost.exe C:\Programme\Promise\FastTrak\FtrakSvc.exe C:\Programme\Norton AntiVirus\navapsvc.exe C:\WINNT\System32\nvsvc32.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\stisvc.exe C:\WINNT\system32\ZoneLabs\vsmon.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\System32\mspmspsv.exe C:\WINNT\system32\svchost.exe C:\WINNT\Explorer.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe C:\Programme\Microsoft Office\Office\WINWORD.exe H:\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.aon.at R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.at R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll O3 - Toolbar: @msdxmLC.dll,-1@1031,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.e__ O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb01.e__ O4 - HKLM\..\Run: [PLoader] c:\program files\umsd tools\umsd.exe sys_auto_run C:\Program Files\UMSD Tools O4 - HKLM\..\Run: [REGSHAVE] C:\Progra~1\REGSHAVE\REGSHAVE.exe /autorun O4 - HKLM\..\Run: [SysUpd] C:\WINNT\System32\SysUpd.e__ O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Device Detector 2.lnk = C:\Programme\Olympus\DeviceDetector\devdtct2.exe O4 - Global Startup: FastCheck Monitoring Utility.lnk = C:\Programme\Promise\FastTrak\RAIDeUtility.exe O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.exe O4 - Global Startup: PlexTools.lnk = C:\Programme\Plextor\PlexTool.exe O4 - Global Startup: U.S. Robotics 802.11g Wireless Network Utility.lnk = C:\Programme\U.S. Robotics 802.11g WLAN\USRWLANG.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK.exe O9 - Extra button: Related (HKLM) O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM) O12 - Plugin for .mpeg: C:\Programme\Internet Explorer\PLUGINS\npqtplugin3.dll O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall-Kontrolle) - http://a840.g.akamai.net/7/840/537/76808a0e7ae82f/housecall.antivirus.com/housecall/xscan53.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37874.339837963 O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{A803D6CF-1CA4-49F5-87A5-24667E198C88}: NameServer = 195.3.96.67,195.3.96.68 Can someone tell me if there is anything I can do? Is one of these entries the problem? I found some more people with this problem allready but none of them got an answer so far. Many thanks

I do not see anything in there that looks bad at all. Are you connecting to the internet via your companys server? It appears you are to me. The server could have issues. Anyone else see something???? KTTD

thehun.net and the huns yellow pages.com are in ie-spyads list of restricted sites. ie-spyads or you could add them to the list of restricted sites via IE and/or firewall.

Copy and paste this text file to Notepad and save as Repair.reg, save it as type 'all files'. Then double click on it to merge with the registry. http://d21c.com/Tom41/HunHijack.txt

Tom glad you posted, was going to give the link to your other post. Feel free to jump in any of my hijackthis posts.

Hi Abnormal, I changed those files around a little, they are now: 95/98/ME/2000: http://d21c.com/Tom41/HunHijack.txt XP: http://d21c.com/Tom41/HunHijackXP.txt

My ie "home" page has been hijacked by http://www.777search.com. Anyone seeen this one? Cannot find a way of getting rid of it.