Browser Being Hijacked

Discussion in 'privacy problems' started by ennyoueffsea, Jul 31, 2004.

Thread Status:
Not open for further replies.
  1. ennyoueffsea

    ennyoueffsea Registered Member

    Joined:
    May 5, 2004
    Posts:
    28
    Location:
    Newcastle Upon Tyne, U.K.
    Hi All,

    Can someone check out this Hijack This log please. Have run Spybot and AdAware, but page keeps reverting to directwebsearch. I notice that name appears loads in the log. Can anyone suggest if there's anything else to look out for.

    Many thanks for any help,

    Terry

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Logfile of HijackThis v1.97.7
    Scan saved at 22:33:56, on 31/07/04
    Platform: Windows 98 Gold (Win9x 4.10.199:cool:
    MSIE: Internet Explorer v5.50 (5.50.4134.0600)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
    C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
    C:\WINDOWS\RunDLL.exe
    C:\PROGRAM FILES\AOL 7.0\WAOL.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\PROGRAM FILES\GRISOFT\AVG6\AVGW.EXE
    C:\PROGRAM FILES\AOL 7.0\DOWNLOAD\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://7842.directwebsearch.net/search.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://7842.directwebsearch.net/search.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://7842.directwebsearch.net/search.php
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://7842.directwebsearch.net/index.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://7842.directwebsearch.net/search.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://7842.directwebsearch.net/search.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://7842.directwebsearch.net/search.php
    R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://7842.directwebsearch.net/search.php
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://7842.directwebsearch.net/index.php
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://7842.directwebsearch.net/search.php
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://7842.directwebsearch.net/search.php
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://7842.directwebsearch.net/search.php
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://7842.directwebsearch.net/search.php
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://7842.directwebsearch.net/search.php
    R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://7842.directwebsearch.net/search.php
    R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://7842.directwebsearch.net/search.php
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRAM FILES\GRISOFT\AVG6\avgcc32.exe /startup
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\SYGATE\SPF\SMC.EXE -startgui
    O4 - HKLM\..\Run: [winupd] C:\WINDOWS\SYSTEM\winupd.exe
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [SmcService] C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
    O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
    O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
    O14 - IERESET.INF: START_PAGE_URL=http://www.aol.co.uk
    O16 - DPF: Perfect Pair Solitaire by pogo - http://waterwheel.pogo.com/applet-5.9.0.25/waterwheel/waterwheel-ob-assets.cab
    O16 - DPF: High Stakes Pool by pogo - http://pool2.pogo.com/applet-5.8.6.20/pool2/pool-ob-assets.cab
    O16 - DPF: Phlinx by pogo - http://flinger.pogo.com/applet-5.9.0.25/flinger/flinger-ob-assets.cab
    O16 - DPF: Texas Hold'em Poker by pogo - http://holdem2.pogo.com/applet-5.9.1.18/holdem/holdem-ob-assets.cab
     
  2. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,898
    Location:
    SW. Oklahoma
    We here at wilders no longer read HJT logs please have a look here , thank you
    bigc
     
Loading...
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.