problem with searchmyrequest

Discussion in 'adware, spyware & hijack cleaning' started by darioardito, Jul 5, 2004.

Thread Status:
Not open for further replies.
  1. darioardito

    darioardito Registered Member

    Joined:
    Jul 5, 2004
    Posts:
    2
    Hi,
    I can't eliminate searchmyrequest.com on my start-page.
    I used ad-Aware 6 for the first step.
    Thank you!!
     

    Attached Files:

    darioardito, Jul 5, 2004
    #1
  2. IMM

    IMM Spyware Fighter

    Joined:
    May 6, 2004
    Posts:
    351
    Logfile of HijackThis v1.97.7
    Scan saved at 14.35.13, on 05/07/04
    Platform: Windows NT 4 SP6 (WinNT 4.00.1381)
    MSIE: Internet Explorer v5.00 (5.00.2314.1000)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\spoolss.exe
    C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
    C:\WINNT\system32\RpcSs.exe
    C:\Programmi\Alwil Software\Avast4\ashserv.exe
    c:\winnt\system32\pstores.exe
    C:\WINNT\System32\nddeagnt.exe
    C:\WINNT\Explorer.exe
    C:\WINNT\System32\SysTray.Exe
    C:\Programmi\McAfee\McAfee VirusScan\alogserv.exe
    C:\WINNT\System32\loadwc.exe
    C:\WINNT\loadqm.exe
    C:\Programmi\Alwil Software\Avast4\ashDisp.exe
    C:\Programmi\Adobe\Acrobat 4.0\Distillr\AcroTray.exe
    C:\PROGRA~1\Plus!\MICROS~1\iexplore.exe
    C:\WINNT\System32\ddhelp.exe
    C:\Programmi\Plus!\Microsoft Internet\IEXPLORE.EXE
    C:\Programmi\Adobe\Acrobat 4.0\Acrobat\Acrobat.exe
    C:\Programmi\Plus!\Microsoft Internet\IEXPLORE.EXE
    C:\WINNT\Profiles\Administrator\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmyrequest.com/sp.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchmyrequest.com/sp.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchmyrequest.com/sp.php
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchmyrequest.com/hp.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmyrequest.com/sp.php
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.it.msn.com/access/allinone.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = www.garr.it/proxy1.pac
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
    F2 - REG:system.ini: UserInit=userinit,nddeagnt.exe
    N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.ing.unict.it"); (C:\Programmi\Netscape\Users\sraiti\prefs.js)
    O1 - Hosts: 64.237.45.18 www.burstnet.com
    O1 - Hosts: 64.237.45.18 oz.valueclick.com
    O1 - Hosts: 64.237.45.18 a.tribalfusion.com
    O1 - Hosts: 64.237.45.18 servedby.advertising.com
    O1 - Hosts: 64.237.45.18 pagead2.googlesyndication.com
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -off
    O4 - HKLM\..\Run: [Alogserv] C:\Programmi\McAfee\McAfee VirusScan\alogserv.exe
    O4 - HKLM\..\Run: [BrowserWebCheck] loadwc.exe
    O4 - HKLM\..\Run: [SchedulingAgent] mstinit.exe /logon
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [avast!] C:\Programmi\Alwil Software\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [1untxs3ikw] C:\Symantec\r7fpecgcmb.exe
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 4.0\Distillr\AcroTray.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Netscape Mail Notification.lnk = C:\Programmi\Netscape\Communicator\Program\nsnotify.exe
    O12 - Plugin for .pdf: C:\Programmi\Netscape\Communicator\Program\PLUGINS\nppdf32.dll
    O12 - Plugin for .ram: C:\PROGRA~1\Netscape\COMMUN~1\Program\PLUGINS\nppl3260.dll
    O12 - Plugin for .swf: C:\Programmi\Netscape\Communicator\Program\PLUGINS\npswf32.dll
    O13 - WWW. Prefix: http://
    O14 - IERESET.INF: SEARCH_PAGE_URL=
    O14 - IERESET.INF: START_PAGE_URL=
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 151.97.6.1 151.97.6.4
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 151.97.6.1 151.97.6.4
     
    IMM, Jul 5, 2004
    #2
  3. IMM

    IMM Spyware Fighter

    Joined:
    May 6, 2004
    Posts:
    351
    Run HijackThis again, push Scan and place a check mark next to the following items using your mouse.
    Next, close all browser Windows, and push the 'Fix checked' button in HijackThis

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmyrequest.com/sp.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchmyrequest.com/sp.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchmyrequest.com/sp.php
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchmyrequest.com/hp.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmyrequest.com/sp.php
    O1 - Hosts: 64.237.45.18 www.burstnet.com
    O1 - Hosts: 64.237.45.18 oz.valueclick.com
    O1 - Hosts: 64.237.45.18 a.tribalfusion.com
    O1 - Hosts: 64.237.45.18 servedby.advertising.com
    O1 - Hosts: 64.237.45.18 pagead2.googlesyndication.com
    O4 - HKLM\..\Run: [1untxs3ikw] C:\Symantec\r7fpecgcmb.exe
    O13 - WWW. Prefix: http://

    Reboot

    -----------
    Download the latest version of Ad-Aware at http://www.lavasoftusa.com/support/download/
    After installing AAW, and before running the program, you NEED to FIRST update the reference file following these instructions.
    Now do the following:
    - Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Scanning Engine:
    check: "Unload recognized processes during scanning."
    - Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Cleaning Engine:
    Check: "Let Windows remove files in use after reboot."

    Press "Scan Now"
    - Check option "Use Custom scanning options"
    - Check option "Activate In-Depth Scan"
    - Press "Select drives\folders to scan"
    - Select the active partition which is usually C:

    Now press "Next" to let Ad-aware scan your drives...
    It will find a number of "bad" files and registry keys.
    Right-click in that pane and choose "select all"

    Now press "Next" again.
    It will ask you whether you'd like to remove all checked items. Click OK.

    Finally, close Ad-Aware, and reboot.

    -------
    If you have not installed a symantec product then delete the C:\Symantec\ folder

    Get a good online virus scan at HouseCall
    if C:\Symantec\r7fpecgcmb.exe was not recognized by adaware
     
    IMM, Jul 5, 2004
    #3
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...