Jump to content


Photo

WEBADIRECTWEBSEARCH


  • Please log in to reply
11 replies to this topic

#1 G.Q.

G.Q.

    Member

  • Full Member
  • Pip
  • 11 posts

Posted 27 June 2004 - 03:40 PM

HI,i think i have a problem here.First of all please excuse my english but i'n not a native english speaker but..i'll try my best to be clear and explain you the situation.

Every time i reboot my pc , even after i've performed a sistem scan with CWSHREDDER that says it fixes all the infected file,as soon as i try to connect to the internet WEBADIRECTWEBSEARCH.NET pops up as starting page.What should i do?I really dont know how to handle this cause i'm not a very expert pc user.Somebody help me please!
Thanx.

Gianluca

#2 G.Q.

G.Q.

    Member

  • Full Member
  • Pip
  • 11 posts

Posted 27 June 2004 - 04:01 PM

help me please !

#3 G.Q.

G.Q.

    Member

  • Full Member
  • Pip
  • 11 posts

Posted 27 June 2004 - 04:42 PM

please plese please don't froget about me...:(

#4 G.Q.

G.Q.

    Member

  • Full Member
  • Pip
  • 11 posts

Posted 27 June 2004 - 08:18 PM

@ this point..i'm desperate

#5 G.Q.

G.Q.

    Member

  • Full Member
  • Pip
  • 11 posts

Posted 28 June 2004 - 06:23 AM

PLEASE! :techsupport:

#6 G.Q.

G.Q.

    Member

  • Full Member
  • Pip
  • 11 posts

Posted 28 June 2004 - 07:46 AM

here's the hijack this log:

Logfile of HijackThis v1.97.7
Scan saved at 14.45.55, on 28/06/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAMMI\GRISOFT\AVG6\AVGSERV9.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\PROGRAMMI\SYGATE\SPF\SMC.EXE
C:\PROGRAMMI\EXECUTIVE SOFTWARE\DISKEEPER\DKSERVICE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAMMI\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\PROGRAMMI\DAP\DAP.EXE
C:\PROGRAMMI\GRISOFT\AVG6\AVGCC32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAMMI\ICQLITE\ICQLITE.EXE
C:\PROGRAMMI\FILE COMUNI\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAMMI\WINAMP\WINAMPA.EXE
C:\WINDOWS\SYSTEM\LVCOMSX.EXE
C:\PROGRAMMI\LOGITECH\VIDEO\LOGITRAY.EXE
C:\PROGRAMMI\ADAPTEC\EASY CD CREATOR 4\CREATECD\CREATECD.EXE
C:\PROGRAMMI\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAMMI\HP DESKJET 610C SERIES\EREG\REMIND32.EXE
C:\PROGRAMMI\WINDOWS MEDIA COMPONENTS\ENCODER\WMENCAGT.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAMMI\LOGITECH\VIDEO\FXSVR2.EXE
C:\PROGRAMMI\WINAMP\WINAMP.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://weba.directwe...net/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://weba.directwe...net/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://weba.directwe...net/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aliceadsl.it/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://weba.directwe...net/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://weba.directwe...net/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://weba.directwe...net/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://weba.directwe...net/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://weba.directwe....net/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://weba.directwe...net/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://weba.directwe...net/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://weba.directwe...net/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://weba.directwe...net/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://weba.directwe...net/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da Alice
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://weba.directwe...net/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://weba.directwe...net/search.html
F1 - win.ini: run=hpfsched
O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\PROGRAMMI\DAP\DAPBHO.DLL
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\PROGRAMMI\DAP\DAPIEBAR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Q3dctlTray] Fmctrl.EXE
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\SYGATE\SPF\SMC.EXE -startgui
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [ICQ Lite] C:\Programmi\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [WinampAgent] C:\Programmi\Winamp\winampa.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\SYSTEM\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmi\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmi\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [winupd] C:\WINDOWS\SYSTEM\winupd.exe
O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\ADAPTEC\EASYCD~1\CREATECD\CREATECD.EXE -r
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [BCDetect] C:\WINDOWS\SYSTEM\BCDetect.exe defer
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [SmcService] C:\PROGRAMMI\SYGATE\SPF\SMC.EXE
O4 - HKLM\..\RunServices: [DkService] C:\Programmi\Executive Software\Diskeeper\DkService.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRAMMI\YAHOO!\MESSENGER\ypager.exe -quiet
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\PROGRAMMI\ICQLITE\ICQLITE.EXE -trayboot
O4 - Startup: Reminder-hpc41004.lnk = C:\Programmi\HP DeskJet 610C Series\ereg\Remind32.exe
O4 - Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Encoder Agent.lnk = C:\Programmi\Windows Media Components\Encoder\WMENCAGT.EXE
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Programmi\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Programmi\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Programmi\Yahoo!\Common/ycdict.htm
O9 - Extra button: Run DAP (HKLM)
O9 - Extra button: ICQ Lite (HKLM)
O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Alice (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://gw.aliceadsl.it/home
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.ma...ash/swflash.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yaho...s/yinst0401.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com...ex/qtplugin.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...B?1072729005460
O16 - DPF: {36C66BBD-E667-4DAD-9682-58050E7C9FDC} (CDKey Class) - http://www.cdkeybonu...key/ITCDKey.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {11010101-1001-1111-1000-110112345678} - ms-its:mhtml:file://c:\nosuch.mht!http://69.31.79.101/...nsearchie32.exe

#7 G.Q.

G.Q.

    Member

  • Full Member
  • Pip
  • 11 posts

Posted 28 June 2004 - 12:47 PM

:weep:

#8 G.Q.

G.Q.

    Member

  • Full Member
  • Pip
  • 11 posts

Posted 29 June 2004 - 06:02 AM

I STILL HAVE FAITH.SOMEBODY HELP ME PLEASE.

#9 G.Q.

G.Q.

    Member

  • Full Member
  • Pip
  • 11 posts

Posted 29 June 2004 - 09:23 AM

:alarm:

#10 G.Q.

G.Q.

    Member

  • Full Member
  • Pip
  • 11 posts

Posted 29 June 2004 - 04:32 PM

:techsupport:

#11 killspyprogrammers

killspyprogrammers

    Member

  • Full Member
  • Pip
  • 7 posts

Posted 04 July 2004 - 05:08 PM

I've also had problems with http://weba.directwe....net/index.html
As at least a temporary fix I just changed my homepage back to google. This is probably a better fix ...

http://www.spywarein...directwebsearch

#12 ferg04

ferg04

    Member

  • New Member
  • Pip
  • 1 posts

Posted 05 July 2004 - 07:39 PM

hey, hows it goin? i had the exact same problem myself. But good news i fixed it! Basically all you have to do is delete winupd.exe form the C:\windows\system folder. I then recommend you download the program below. It gives you the list of everything on startup and gives you the option to remove them. Remove winupd.exe then from the list in this program. hope it works!

http://www.windowsst....com/isw210.exe




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button