can anyone help???

[JasonChaplin]

i dont know what my brother has been doing but when ever i click on Internat Explore this little browser thing is at the bottom, no matter what i do i carnt get rid of it, ive search software thats been installed and searched with Ad-Ware and Spy Bot but they havent managed to get rid of it! i dont know what it is and how it got there can anyone help???

i have added an attachment, so you can see exactly what ut is!

thanks everyone!

[glc]

Did you update Ad-Aware and Spybot before scanning?

[JasonChaplin]

yes mate, this is just really anoying me, it just wont go no matter wot i do!

[JasonChaplin]

no problem guys cracked it using ad-aware and zone alarm, i found to file name etc and blocked it with zone alarm


thanks anyway!

carnt live without ad-ware!

[JasonChaplin]

after all this the things back!!!! omegasearch wont go off my IE. i have used Ad-Aware and Spybot - Search & Destroy

no luck!!

is there anything else i can do! like find the files on my comp and delete them etc??? thanks

[glc]

http://www.short-media.com/review.php?r=235

[JasonChaplin]

Tryed mate no luck! after i turn the computer of and back on it comes back!


Anyone have any other ideas???

[ghost2003]

Run hijackthis and post the log
http://www.spywareinfo.com/~merijn/downloads.html
Click save log and it will appear in note pad so that you can copy/paste it.

[JasonChaplin]

Quote:

Originally posted by ghost2003 Run hijackthis and post the log http://www.spywareinfo.com/~merijn/downloads.html Click save log and it will appear in note pad so that you can copy/paste it.

sorry but copy and paste it where? im confused!

[ghost2003]

Copy paste it here so we can see it. Run the program, press scan, it will show you lots of stuff, press save log, that will open notpad, copy/paste the contents here.

[JasonChaplin]

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://omegasearch.com/passthrough/i...ww.google.com/

[Lobos]

run highjack this again.

copy and paste the whole log here please

[ghost2003]

Yes, we need the whole log to really see the problem. It might also find others. Also, uncheck "Automatically parse URLs" when you post so it doesnt put "..." in the middle of the adresses.

[JasonChaplin]

This what you want????

Also is there any otheres that should be gone????

Logfile of HijackThis v1.97.7
Scan saved at 22:56:44, on 13/04/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\RunDll32.exe
C:\WINDOWS\System32\GSICON.EXE
C:\WINDOWS\System32\dslagent.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\Program Files\Messenger Plus! 2\MsgPlus.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\HECKCH~1\inside bias.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\wanmpsvc.exe
C:\EA Sports\PGA TOUR Pro\PGAPRO.EXE
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Documents and Settings\Jason\My Documents\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://omegasearch.com/passthrough/i...oogle.com/</a>
O2 - BHO: (no name) - {1BDD55B8-3985-4E59-B906-5E0AD56D6710} - C:\Documents and Settings\Jason\My Documents\WH5_1833006.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Rectfast] C:\PROGRA~1\HECKCH~1\inside bias.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com (HKLM)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/comput...up/qdiagcc.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...reShowdown.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6929C90F-11FC-44D1-9F4A-20CDB1FA6BCE}: NameServer = 152.163.0.26 205.188.64.153
O17 - HKLM\System\CCS\Services\Tcpip\..\{F1A7CC3F-C5B2-46D3-867A-4920E7D59E06}: NameServer = 195.93.32.134

[ghost2003]

http://www.spywareinfo.com/newslette...une-2003/3.php

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://omegasearch.com/passthrough/...www.google.com/ looks like your home page is also hijacked. Try start page guard http://www.spywareinfo.com/downloads/spg/


I made a search for "O17 - HKLM\System\CCS\Services\Tcpip\..\{6929C90F-11FC-44D1-9F4A-20CDB1FA6BCE}: NameServer = 152.163.0.26 205.188.64.153" and on a other forum it nsaid to fix it. Sorry, im not very good at finding bad stuff in these logs. Maybe someone elses can help you more.

[Lobos]

Download AdAware 6 181 from here: http://www.lavasoftusa.com/
Before you scan with AdAware, check for updates of the reference file by using the "webupdate".
Then ........

Make sure the following settings are made and on -------"ON=GREEN"
From main window :Click "Start" then " Activate in-depth scan"

Then......

Click "Use custom scanning options>Customize" and have these options on: "Scan within archives" ,"Scan active processes","Scan registry", "Deep scan registry" ,"Scan my IE Favorites for banned URL" and "Scan my host-files"

Then.........

Go to settings(the gear on top of AdAware)>Tweak>Scanning engine and tick "Unload recognized processes during scanning" and "Let windows remove files in use at next reboot"

Then...... click "proceed" to save your settings.

Now to scan it´s just to click the "Scan" button.

When scan is finished mark everything for removal and get rid of it.(Right-click the window and choose"select all" from the drop down menu)

Download Spybot - Search & Destroy from http://security.kolla.de

After installing, first press Online, and search for, put a check mark at, and install all updates.
Next, close all Internet Explorer and OE windows, hit 'Check for Problems', and have SpyBot remove all it finds that is marked in RED

let mje know if that helps

[lostplanet]

Try http://www.lavasoftsupport.com/
goto ad-aware 6 personal forum and read the sticky post about posting your logfile
they will guide you thru the removal process and are very helpful
HTH

[Lobos]

whoops sorry i guess you have already downloaded them.
try updating adaware they have been updating it almost every other day

[Lobos]

i looked on omega search help on how to get rid of there tool bar
this is what i came up with

omehttp://omegasearch.com/help.html#toolbarga

[JasonChaplin]

non of this is what i need! i have already done all this!!! and i have these software and they havent got rid of it :-s

[Blue_Gundam2002]

Try this guide, http://www.short-media.com/review.php?r=235

[ghost2003]

Quote:

Originally posted by glc http://www.short-media.com/review.php?r=235

Glc already posted it. Try a2 free www.emsisoft.com
also http://www.pandasoftware.com/actives..._principal.htm

[Chrisk]

Try clicking the search bar and going to the site. See if they have any uninstall options. My kid had this and I found it in the uninstall menu but was after I went to the site to find out what it was.

[JasonChaplin]

Quote:

Originally posted by Chrisk Try clicking the search bar and going to the site. See if they have any uninstall options. My kid had this and I found it in the uninstall menu but was after I went to the site to find out what it was.

been to the site where abouts did you remove it??? carnt find it anywhere!

[ghost2003]

some other software, spyware blaster and spyware guard. www.javacoolsoftware.com
Dont see how it could survive adaware, spybot and those 2.

[Blue_Gundam2002]

I know this is a long shot but doesn't real player load popups sometimes? Maybe this is connected with it. Try turning of realplayer.