1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Searchmyrequest hijacking favorites!

Discussion in 'Virus & Other Malware Removal' started by angry newby, Sep 11, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. angry newby

    angry newby Thread Starter

    Joined:
    Jul 22, 2003
    Messages:
    39
    Hi can anyone tell me how to get searchmyrequest.com out of my favorites list/ I have ended up with about 5 sites listed there that i did not enter and cannot delete. Anyone know how to get rid??
     
  2. Byteman

    Byteman Gone but Never Forgotten

    Joined:
    Jan 24, 2002
    Messages:
    17,742
    Hi, The thing to do is post a Hijackthis log for experts to look over and advise you.

    http://spywarewarrior.com/files/HijackThis.exe

    make a new folder on the desktop, rename it HJT, download to that. When run, hijackthis.exe will create a log, you save the log....it should open with Notepad. Come back and copy/paste the entire log into a reply right here in this thread. DO NOT try to fix things with HJT, much of what it shows is needed.
     
  3. angry newby

    angry newby Thread Starter

    Joined:
    Jul 22, 2003
    Messages:
    39
    Hi thanks very much for your reply here is the log hope you can help to get rid totally!
    Tesco.net is my ISP





    Logfile of HijackThis v1.98.2
    Scan saved at 19:24:30, on 15/09/2004
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\TDK Systems\Bluetooth Software\bin\btwdins.exe
    C:\WINDOWS\System32\CTsvcCDA.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\system32\devldr32.exe
    C:\PROGRA~1\Ontrack\SYSTEM~1\mxtask.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Creative\ShareDLL\CtNotify.exe
    C:\Program Files\Creative\SBLive\Program\CTAvTray.EXE
    C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
    C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
    C:\Program Files\Nokia\Nokia PC Suite 5\DataLayer.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\TDK Systems\Bluetooth Software\BTTray.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
    C:\Program Files\Creative\ShareDLL\MediaDet.Exe
    C:\Program Files\Common Files\Nokia\Services\ServiceLayer.exe
    C:\PROGRA~1\TDKSYS~1\BLUETO~1\BTSTAC~1.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Tesconet\Tesconet.exe
    C:\Documents and Settings\Nick\My Documents\Software\HijackThis1104.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmyrequest.com/sp.php
    R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://searchmyrequest.com/sp.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchmyrequest.com/sp.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchmyrequest.com/sp.php
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tesco.net/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tesco.net
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchmyrequest.com/sp.php
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchmyrequest.com/sp.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmyrequest.com/sp.php
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmyrequest.com/sp.php
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O4 - HKLM\..\Run: [Fix-It AV] C:\PROGRA~1\Ontrack\SYSTEM~1\MemCheck.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
    O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
    O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
    O4 - HKLM\..\Run: [CTAvTray] C:\Program Files\Creative\SBLive\Program\CTAvTray.EXE
    O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
    O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
    O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Nokia\Nokia PC Suite 5\DataLayer.exe
    O4 - HKLM\..\Run: [SysA] C:\windows\system32\winsom32.exe
    O4 - HKLM\..\RunOnce: [CTAVTray] C:\Program Files\Creative\SBLive\Program\CTAvStub.EXE EAX.AVI
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://register-tesco.qa.business.ntl.com
    O15 - Trusted Zone: http://memberservices.tesco.net
    O17 - HKLM\System\CCS\Services\Tcpip\..\{643E63FD-D178-49CA-8308-0C986268B7F9}: NameServer = 194.168.4.100 194.168.8.100
     
  4. Byteman

    Byteman Gone but Never Forgotten

    Joined:
    Jan 24, 2002
    Messages:
    17,742
    Hi, Please do this: Just as soon as you get back to this thread-


    And then, go here

    http://www.kaspersky.com/scanforvirus

    and use the Browse tab, go to your
    C:\Windows\System32 folder and find this file:

    C:\windows\system32\winsom32.exe <--file

    Let the detector scan it and keep note of what it finds, so you can post it here, OK?


    Download CWShredder.exe / to a separate folder as you did with HJT> and run it from that folder.

    http://www.lurkhere.com/~nicefiles/

    Reboot to Safe Mode> tap the F8 key several times when the pc first starts up, from the menu select Safe Mode. Give it plenty of time to get to SM.


    Run Hijackthis, put checks next to each/every item below and click "Fix checked".




    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmyrequest.com/sp.php

    R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://searchmyrequest.com/sp.php

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchmyrequest.com/sp.php

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchmyrequest.com/sp.php


    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchmyrequest.com/sp.php

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchmyrequest.com/sp.php

    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmyrequest.com/sp.php

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmyrequest.com/sp.php

    Quickly after fixing those items,
    Open Windows Explorer, find your cwshredder.exe file and run Shredder.
    With all other windows/browsers closed, start it up and use the "FIX" button and let it remove files it finds.


    Reboot, post a new HJT log.
     
  5. angry newby

    angry newby Thread Starter

    Joined:
    Jul 22, 2003
    Messages:
    39
    Hi Byteman, thanks for all your help and advice so far. I did all the things you instructed, the only problem was that when i connected to kaspersky i couldnt find winsom32.exe in system 32 file. the closest file was called winspool.exe so i checked this on kaspersky and said it was claen. Hope this was ok?

    Ran HJT and cwshredder this is the latest log, thanks again AN.

    ogfile of HijackThis v1.98.2
    Scan saved at 19:29:42, on 20/09/2004
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\TDK Systems\Bluetooth Software\bin\btwdins.exe
    C:\WINDOWS\System32\CTsvcCDA.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\Ontrack\SYSTEM~1\mxtask.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\devldr32.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Creative\ShareDLL\CtNotify.exe
    C:\Program Files\Creative\SBLive\Program\CTAvTray.EXE
    C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
    C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
    C:\Program Files\Nokia\Nokia PC Suite 5\DataLayer.exe
    C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
    C:\Program Files\Creative\ShareDLL\MediaDet.Exe
    C:\Program Files\TDK Systems\Bluetooth Software\BTTray.exe
    C:\Program Files\Common Files\Nokia\Services\ServiceLayer.exe
    C:\PROGRA~1\TDKSYS~1\BLUETO~1\BTSTAC~1.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Tesconet\Tesconet.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Nick\My Documents\Software\HijackThis1104.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchmyrequest.com/sp.php
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tesco.net/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tesco.net
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O4 - HKLM\..\Run: [Fix-It AV] C:\PROGRA~1\Ontrack\SYSTEM~1\MemCheck.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
    O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
    O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
    O4 - HKLM\..\Run: [CTAvTray] C:\Program Files\Creative\SBLive\Program\CTAvTray.EXE
    O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
    O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
    O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Nokia\Nokia PC Suite 5\DataLayer.exe
    O4 - HKLM\..\Run: [SysA] C:\windows\system32\winsom32.exe
    O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
    O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
    O4 - HKLM\..\RunOnce: [CTAVTray] C:\Program Files\Creative\SBLive\Program\CTAvStub.EXE EAX.AVI
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://register-tesco.qa.business.ntl.com
    O15 - Trusted Zone: http://memberservices.tesco.net
    O17 - HKLM\System\CCS\Services\Tcpip\..\{643E63FD-D178-49CA-8308-0C986268B7F9}: NameServer = 194.168.4.100 194.168.8.100
     
  6. Byteman

    Byteman Gone but Never Forgotten

    Joined:
    Jan 24, 2002
    Messages:
    17,742
    Hi, I am assuming you did the "Show all files" settings as in my other reply above...

    You will need to write down or print these directions or copy them as a Notepad file so you can have them to refer to as you will not be online when you do the next step.

    Start in Safe Mode by tapping the F8 Key several times when you start up, and select Safe Mode from the menu with your down arrow key and hit Enter key. Give it plenty of time to reach Safe Mode...

    Run Hijackthis, click the scan button, and put checks next to these items and click "Fix checked".

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchmyrequest.com/sp.php

    O4 - HKLM\..\Run: [SysA] C:\windows\system32\winsom32.exe

    Reboot normally. Run CWShredder. Reboot, get online and go here for an online scan:

    http://www.pandasoftware.com/activescan

    If it finds anything, please write down exactly what it is and the location of any files.
    Then, run HJT in Normal Mode and post a new logfile.
     
  7. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/272742

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice