problem with searchmyrequest

Discussion in 'adware, spyware & hijack cleaning' started by darioardito, Jul 5, 2004.

Thread Status:
Not open for further replies.
  1. darioardito

    darioardito Registered Member

    Joined:
    Jul 5, 2004
    Posts:
    2
    Hi,
    I can't eliminate searchmyrequest.com on my start-page.
    I used ad-Aware 6 for the first step.
    Thank you!!
     

    Attached Files:

  2. IMM

    IMM Spyware Fighter

    Joined:
    May 6, 2004
    Posts:
    351
    Logfile of HijackThis v1.97.7
    Scan saved at 14.35.13, on 05/07/04
    Platform: Windows NT 4 SP6 (WinNT 4.00.1381)
    MSIE: Internet Explorer v5.00 (5.00.2314.1000)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\spoolss.exe
    C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
    C:\WINNT\system32\RpcSs.exe
    C:\Programmi\Alwil Software\Avast4\ashserv.exe
    c:\winnt\system32\pstores.exe
    C:\WINNT\System32\nddeagnt.exe
    C:\WINNT\Explorer.exe
    C:\WINNT\System32\SysTray.Exe
    C:\Programmi\McAfee\McAfee VirusScan\alogserv.exe
    C:\WINNT\System32\loadwc.exe
    C:\WINNT\loadqm.exe
    C:\Programmi\Alwil Software\Avast4\ashDisp.exe
    C:\Programmi\Adobe\Acrobat 4.0\Distillr\AcroTray.exe
    C:\PROGRA~1\Plus!\MICROS~1\iexplore.exe
    C:\WINNT\System32\ddhelp.exe
    C:\Programmi\Plus!\Microsoft Internet\IEXPLORE.EXE
    C:\Programmi\Adobe\Acrobat 4.0\Acrobat\Acrobat.exe
    C:\Programmi\Plus!\Microsoft Internet\IEXPLORE.EXE
    C:\WINNT\Profiles\Administrator\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmyrequest.com/sp.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchmyrequest.com/sp.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchmyrequest.com/sp.php
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchmyrequest.com/hp.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmyrequest.com/sp.php
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.it.msn.com/access/allinone.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = www.garr.it/proxy1.pac
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
    F2 - REG:system.ini: UserInit=userinit,nddeagnt.exe
    N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.ing.unict.it"); (C:\Programmi\Netscape\Users\sraiti\prefs.js)
    O1 - Hosts: 64.237.45.18 www.burstnet.com
    O1 - Hosts: 64.237.45.18 oz.valueclick.com
    O1 - Hosts: 64.237.45.18 a.tribalfusion.com
    O1 - Hosts: 64.237.45.18 servedby.advertising.com
    O1 - Hosts: 64.237.45.18 pagead2.googlesyndication.com
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -off
    O4 - HKLM\..\Run: [Alogserv] C:\Programmi\McAfee\McAfee VirusScan\alogserv.exe
    O4 - HKLM\..\Run: [BrowserWebCheck] loadwc.exe
    O4 - HKLM\..\Run: [SchedulingAgent] mstinit.exe /logon
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [avast!] C:\Programmi\Alwil Software\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [1untxs3ikw] C:\Symantec\r7fpecgcmb.exe
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 4.0\Distillr\AcroTray.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Netscape Mail Notification.lnk = C:\Programmi\Netscape\Communicator\Program\nsnotify.exe
    O12 - Plugin for .pdf: C:\Programmi\Netscape\Communicator\Program\PLUGINS\nppdf32.dll
    O12 - Plugin for .ram: C:\PROGRA~1\Netscape\COMMUN~1\Program\PLUGINS\nppl3260.dll
    O12 - Plugin for .swf: C:\Programmi\Netscape\Communicator\Program\PLUGINS\npswf32.dll
    O13 - WWW. Prefix: http://
    O14 - IERESET.INF: SEARCH_PAGE_URL=
    O14 - IERESET.INF: START_PAGE_URL=
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 151.97.6.1 151.97.6.4
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 151.97.6.1 151.97.6.4
     
  3. IMM

    IMM Spyware Fighter

    Joined:
    May 6, 2004
    Posts:
    351
    Run HijackThis again, push Scan and place a check mark next to the following items using your mouse.
    Next, close all browser Windows, and push the 'Fix checked' button in HijackThis

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmyrequest.com/sp.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchmyrequest.com/sp.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchmyrequest.com/sp.php
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchmyrequest.com/hp.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmyrequest.com/sp.php
    O1 - Hosts: 64.237.45.18 www.burstnet.com
    O1 - Hosts: 64.237.45.18 oz.valueclick.com
    O1 - Hosts: 64.237.45.18 a.tribalfusion.com
    O1 - Hosts: 64.237.45.18 servedby.advertising.com
    O1 - Hosts: 64.237.45.18 pagead2.googlesyndication.com
    O4 - HKLM\..\Run: [1untxs3ikw] C:\Symantec\r7fpecgcmb.exe
    O13 - WWW. Prefix: http://

    Reboot

    -----------
    Download the latest version of Ad-Aware at http://www.lavasoftusa.com/support/download/
    After installing AAW, and before running the program, you NEED to FIRST update the reference file following these instructions.
    Now do the following:
    - Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Scanning Engine:
    check: "Unload recognized processes during scanning."
    - Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Cleaning Engine:
    Check: "Let Windows remove files in use after reboot."

    Press "Scan Now"
    - Check option "Use Custom scanning options"
    - Check option "Activate In-Depth Scan"
    - Press "Select drives\folders to scan"
    - Select the active partition which is usually C:

    Now press "Next" to let Ad-aware scan your drives...
    It will find a number of "bad" files and registry keys.
    Right-click in that pane and choose "select all"

    Now press "Next" again.
    It will ask you whether you'd like to remove all checked items. Click OK.

    Finally, close Ad-Aware, and reboot.

    -------
    If you have not installed a symantec product then delete the C:\Symantec\ folder

    Get a good online virus scan at HouseCall
    if C:\Symantec\r7fpecgcmb.exe was not recognized by adaware
     
Thread Status:
Not open for further replies.