Jump to content


Photo

Guess what I'm hijacked! concerning Onlinedirect


  • Please log in to reply
6 replies to this topic

#1 waffles

waffles

    Member

  • New Member
  • Pip
  • 4 posts

Posted 19 May 2004 - 10:42 AM

I've tried everything but nothing helped. So pleeeaaaazzzz help me. I would be very thankful.

Greetz Waffles

Logbook:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Program%20Files/Onlinedirect/Portal/portal.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell...gen/default.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell...gen/default.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///C:/Program%20Files/Onlinedirect/Portal/portal.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.euro.dell...gen/default.htm
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [CLSID] C:\WINDOWS\System32\msgplus.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Date Manager.lnk = C:\Program Files\Date Manager\DateManager.exe
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: PrecisionTime.lnk = C:\Program Files\PrecisionTime\PrecisionTime.exe
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{43A7EBB6-EC53-4132-AD89-6C4A0C02A648}: NameServer = 195.238.2.22 195.238.2.21
O17 - HKLM\System\CS3\Services\Tcpip\..\{43A7EBB6-EC53-4132-AD89-6C4A0C02A648}: NameServer = 195.238.2.22 195.238.2.21

#2 waffles

waffles

    Member

  • New Member
  • Pip
  • 4 posts

Posted 19 May 2004 - 10:58 AM

Anyone a solution????

#3 waffles

waffles

    Member

  • New Member
  • Pip
  • 4 posts

Posted 19 May 2004 - 11:01 AM

Maybe you need more information?

It concerns Onlinedirect
C:\Program Files\Onlinedirect\Portal\portal.html
www.24start.com appears on my startpage

#4 Kevin_b_er

Kevin_b_er

    Gliding through the clutter

  • Retired Staff - Helper
  • Pip
  • 36 posts

Posted 19 May 2004 - 11:25 AM

looking into it, I can't see the critical part thats causing it

You can check and [Fix] these in hijackthis while I go get expert help :)
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O4 - Global Startup: Date Manager.lnk = C:\Program Files\Date Manager\DateManager.exe

#5 waffles

waffles

    Member

  • New Member
  • Pip
  • 4 posts

Posted 20 May 2004 - 06:50 PM

Can I get an expert over here? ;-)

#6 brianm

brianm

    Member

  • New Member
  • Pip
  • 1 posts

Posted 25 May 2004 - 11:32 AM

Hi:

I am also having trouble getting rid of the startportal pgm installed by onlinedirect. Have installed and run the appps listed in the FAQ, and looked for the items to remove, but it keeps coming back.

Edited by brianm, 25 May 2004 - 11:33 AM.


#7 dave38

dave38

    Devout Murphyite!

  • Emeritus
  • PipPipPipPipPip
  • 8,508 posts

Posted 25 May 2004 - 02:02 PM

Waffles,
Have Hijack This fix all of the following by placing a check in the appropriate boxes and hitting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Program%20Files/Onlinedirect/Portal/portal.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///C:/Program%20Files/Onlinedirect/Portal/portal.html

O4 - HKLM\..\Run: [CLSID] C:\WINDOWS\System32\msgplus.exe

Reboot, and delete the file C:\WINDOWS\System32\msgplus.exe

These may be hidden files. See HERE for how to show hidden files

Please post a followup Hijack this log, and say if the problems persist.

Brianm, please start you own thread. Trying to help two people in the same thread is confusing to posters, and helpers alike!
Be wary of strong drink. It may make you shoot at tax collectors, and miss!
Please support SWI forum




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button