Need to clean up redirects Please review log

Discussion in 'adware, spyware & hijack cleaning' started by baspinall, May 12, 2004.

Thread Status:
Not open for further replies.
  1. baspinall

    baspinall Registered Member

    Joined:
    May 12, 2004
    Posts:
    2
    My home page is constantly redirected to here4search. I read and followed the directions on this post "https://www.wilderssecurity.com/showthread.php?t=15913"
    I have, and ran CWshreddit as well.

    Here is my log: Thanks for any help

    Logfile of HijackThis v1.97.7
    Scan saved at 9:12:49 PM, on 5/12/2004
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\WINDOWS\SYSTEM\LEXBCES.EXE
    C:\WINDOWS\SYSTEM\RPCSS.EXE
    C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\IRMON.EXE
    C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
    C:\WINDOWS\SYSTEM\PRPCUI.EXE
    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPLPR.EXE
    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPENH.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\CQSCP2PS.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
    C:\PROGRAM FILES\SPYHUNTER\SPYHUNTER.EXE
    C:\PROGRAM FILES\SPYHUNTER\POPUPBLOCKER\ENIGMAPOPUPSTOP.EXE
    C:\PROGRAM FILES\HP\HP SOFTWARE UPDATE\HPWUSCHD.EXE
    C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE
    C:\PROGRAM FILES\SYMANTEC\LIVEUPDATE\ALUNOTIFY.EXE
    C:\PROGRAM FILES\SONY CORPORATION\IMAGE TRANSFER\SONYTRAY.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQTRA08.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\PROGRAM FILES\SBC YAHOO!\CONNECTION MANAGER\CONNECTIONMANAGER.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\TD_0001.DIR\HIJACKTHIS.EXE
    C:\TD_0003.DIR\HIJACKTHIS.EXE

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://klounada.com/sp.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = www.prodigy.net;enroll.prodigy.net;enroll-isp.prodigy.net;
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.sierraimaging.com/general/IE2000/dell/sw.html
    O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_0_2_4.DLL
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [IrMon] irmon.exe
    O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
    O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
    O4 - HKLM\..\Run: [cqscp2ps.exe] C:\WINDOWS\SYSTEM\cqscp2ps.exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
    O4 - HKLM\..\Run: [SpyHunter] C:\PROGRAM FILES\SPYHUNTER\SPYHUNTER.exe
    O4 - HKLM\..\Run: [EnigmaPopupStop] C:\Program Files\SpyHunter\PopupBlocker\EnigmaPopupStop.exe
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
    O4 - HKLM\..\Run: [HP Component Manager] "C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE"
    O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
    O4 - HKLM\..\RunServices: [ccEvtMgr] C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
    O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
    O4 - HKCU\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe
    O4 - HKCU\..\Run: [lnkxhcxvdi] C:\WINDOWS\LITHRDFMYF.EXE
    O4 - Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    O4 - Startup: Image Transfer.lnk = C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
    O4 - Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O9 - Extra button: Yahoo! Login (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Login (HKLM)
    O9 - Extra button: Print Favorites (HKLM)
    O9 - Extra 'Tools' menuitem: Print &Favorites... (HKLM)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash4/cabs/swflash.cab
    O16 - DPF: {11111111-1111-1111-1111-111111111111} - file://c:\info6.cab
    O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab


    Thanks again
     
    Last edited: May 12, 2004
  2. baspinall

    baspinall Registered Member

    Joined:
    May 12, 2004
    Posts:
    2
    Nobody? Pretty please :D
     
  3. Unzy

    Unzy Registered Member

    Joined:
    Nov 2, 2003
    Posts:
    1,098
    Location:
    Belgium
    Hi baspinall,

    Have only HijackThis running and fix :

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://klounada.com/sp.htm

    O4 - HKLM\..\Run: [cqscp2ps.exe] C:\WINDOWS\SYSTEM\cqscp2ps.exe
    O4 - HKCU\..\Run: [lnkxhcxvdi] C:\WINDOWS\LITHRDFMYF.EXE

    O16 - DPF: {11111111-1111-1111-1111-111111111111} - file://c:\info6.cab

    Restart PC after doing so and remove (if still present) :

    C:\WINDOWS\SYSTEM\cqscp2ps.exe <- this file
    C:\WINDOWS\LITHRDFMYF.EXE <- this file

    Clean temp internet files as well

    Run shredder again

    Hope this helps

    Cheers,
     
Thread Status:
Not open for further replies.