Jump to content


Photo

browser redirection


  • Please log in to reply
1 reply to this topic

#1 bladerunner

bladerunner

    Member

  • Full Member
  • Pip
  • 28 posts

Posted 28 July 2004 - 11:06 AM

Here is a log taken with Hijack this:

Logfile of HijackThis v1.97.7
Scan saved at 17:05:38, on 28/07/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\PROGRA~1\Grisoft\AVG6\avgserv.exe
E:\Program Files\Common Files\Microsoft Shared\Media Manager\airsvcu.exe
E:\WINDOWS\System32\nvsvc32.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Messenger Plus! 3\MsgPlus.exe
E:\WINDOWS\System32\rundll32.exe
E:\Program Files\CiDial\CiDial.exe
E:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\Program Files\BPFTP Server\G6FTPSrv.exe
E:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\Program Files\mIRC\mirc.exe
E:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\misc programs\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tesco.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = https://tesco.autoregister.net/cd
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {E3E0399C-08A0-3D25-5CC0-7DF728A6291E} - E:\PROGRA~1\LONGLO~1\drv name.dll
O3 - Toolbar: Crack Find Search - {A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB} - E:\WINDOWS\SrchPlug.dll
O3 - Toolbar: Ref Anti Roam - {6333BB76-E3BD-6302-B646-2B2CCBF78AFD} - E:\PROGRA~1\LONGLO~1\drv name.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Zone Labs Client] "E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [DXM6Patch_981116] E:\WINDOWS\p_981116.exe /Q:A
O8 - Extra context menu item: Download with GetRight - E:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - E:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://www.tesco.net
O15 - Trusted Zone: http://register-tesc...usiness.ntl.com
O15 - Trusted Zone: http://memberservices.tesco.net
O16 - DPF: NTLSignup - https://tesco.autore...o/NTLSignup.cab
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zone...ee/cm/ICSCM.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yaho...s/yinst0401.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by22fd.bay22....ex/HMAtchmt.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{0B6A9F44-33CE-4667-AAB3-8D4F7BADCF09}: NameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CS1\Services\Tcpip\..\{0B6A9F44-33CE-4667-AAB3-8D4F7BADCF09}: NameServer = 194.168.4.100 194.168.8.100

Hope someone can help...thanks!

#2 Kat

Kat

    Princess Kitty

  • Ambassador
  • PipPipPip
  • 204 posts

Posted 28 July 2004 - 11:23 AM

Hi there! First of all, you need to do some serious updating of your Windows and Internet Explorer. Please click on Tools>Windows Update. Allow Microsoft to search for all updates, and install ALL critical updates, rebooting as necessary. This is a vital step to help keep your computer clean and safe.

Now, re-open HijackThis and scan for a new log. Place a checkmark next to each of the following entries:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =


O2 - BHO: (no name) - {E3E0399C-08A0-3D25-5CC0-7DF728A6291E} - E:\PROGRA~1\LONGLO~1\drv name.dll

O3 - Toolbar: Crack Find Search - {A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB} - E:\WINDOWS\SrchPlug.dll

O3 - Toolbar: Ref Anti Roam - {6333BB76-E3BD-6302-B646-2B2CCBF78AFD} - E:\PROGRA~1\LONGLO~1\drv name.dll

now, make sure ALL programs and windows other than HJT are closed, and with only HJT running and ONLY the entries above selected, click the "Fix Selected" button.

Scan for and post a fresh HJT log for us to check.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button