Options
omegasearchbar
Hi, i followed the instructions on how to get rid of the omegasearchbar. However it still occurs and it is so annoying. I have attached my log to this thread, and if ne1 has a clue how to get rid of it, pls pls pls get back to me.Thanx
p.s. im currently running on xp
0
Comments
Also, please copy and paste the entire HiJackThis log into your post. It makes it easier to work with when it's not an attachment.
ok this is a copy of my log from hijackthis:
Logfile of HijackThis v1.97.7
Scan saved at 15:42:31, on 20/06/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\DrawCast\DATATIME.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Rach\Desktop\downloads\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=127.0.0.1:1080
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {DCA1F413-88D9-D47A-A353-DC9FAD328515} - C:\PROGRA~1\ITCHSH~1\Fastregs.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [proxy scr] C:\PROGRA~1\DrawCast\DATATIME.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: messenger.hotmail.com
O15 - Trusted Zone: loginnet.passport.com
O15 - Trusted Zone: login.passport.net
O15 - Trusted Zone: memberservicesnet.passport.net
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28177.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28177.cab
O16 - DPF: {95EEE69E-27B4-4D13-BD32-766617A16909} (NDTVVideo.MPlayer) - http://www.ndtv.com/video/NDTVseekvideo.CAB
O16 - DPF: {C9BEF1E9-21F6-486F-80A2-32D61DE86E5E} - http://www.directxtras.com/speaksforitself/download/ms_sapi.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D4BC3B10-F024-4EF7-A62C-A298A11B51B5} - http://www.directxtras.com/speaksforitself/download/mstts_mike.cab
O16 - DPF: {E4DFABBD-F5F6-11D3-8421-0080C6F79C42} (SpeechControl Class) - http://www.directxtras.com/speaksforitself/download/speechplugin.cab
AND THIS IS MY LOG FROM AD-WARE:
Lavasoft Ad-aware Personal Build 6.181
Logfile created on :20 June 2004 15:35:49
Created with Ad-aware Personal, free for private use.
Using reference-file :01R312 30.05.2004
______________________________________________________
Ad-aware Settings
=========================
Set : Activate in-depth scan (Recommended)
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep scan registry
20-06-2004 15:35:49 - Scan started. (Smart mode)
Listing running processes
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ThreadCreationTime : 20-06-2004 13:17:14
BasePriority : Normal
#:2 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ThreadCreationTime : 20-06-2004 13:17:16
BasePriority : High
#:3 [services.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 20-06-2004 13:17:16
BasePriority : Normal
FileSize : 99 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
OriginalFilename : services.exe
ProductName : Microsoft
Created on : 23/08/2001 12:00:00
Last accessed : 20/06/2004 14:35:49
Last modified : 23/08/2001 12:00:00
#:4 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 20-06-2004 13:17:16
BasePriority : Normal
FileSize : 11 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
OriginalFilename : lsass.exe
ProductName : Microsoft
Created on : 23/08/2001 12:00:00
Last accessed : 20/06/2004 14:35:49
Last modified : 23/08/2001 12:00:00
#:5 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 20-06-2004 13:17:16
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 23/08/2001 12:00:00
Last accessed : 20/06/2004 14:35:49
Last modified : 23/08/2001 12:00:00
#:6 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 20-06-2004 13:17:16
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 23/08/2001 12:00:00
Last accessed : 20/06/2004 14:35:49
Last modified : 23/08/2001 12:00:00
#:7 [ccsetmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ThreadCreationTime : 20-06-2004 13:17:17
BasePriority : Normal
FileSize : 229 KB
FileVersion : 2.1.0.610
ProductVersion : 2.1.0.610
Copyright : Copyright (c) 2000-2003 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Common Client Settings Manager Service
InternalName : ccSetMgr
OriginalFilename : ccSetMgr.exe
ProductName : Common Client
Created on : 17/02/2004 18:33:42
Last accessed : 20/06/2004 14:35:49
Last modified : 10/11/2003 13:30:12
#:8 [ccevtmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ThreadCreationTime : 20-06-2004 13:17:17
BasePriority : Normal
FileSize : 249 KB
FileVersion : 2.1.0.610
ProductVersion : 2.1.0.610
Copyright : Copyright (c) 2000-2003 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Common Client Event Manager Service
InternalName : ccEvtMgr
OriginalFilename : ccEvtMgr.exe
ProductName : Common Client
Created on : 17/02/2004 18:33:42
Last accessed : 20/06/2004 14:35:49
Last modified : 10/11/2003 13:30:04
#:9 [explorer.exe]
FilePath : C:\WINDOWS\
ThreadCreationTime : 20-06-2004 13:17:18
BasePriority : Normal
FileSize : 977 KB
FileVersion : 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion : 6.00.2600.0000
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
OriginalFilename : EXPLORER.EXE
ProductName : Microsoft
Created on : 23/08/2001 12:00:00
Last accessed : 20/06/2004 14:35:49
Last modified : 23/08/2001 12:00:00
#:10 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 20-06-2004 13:17:18
BasePriority : Normal
FileSize : 50 KB
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
OriginalFilename : spoolsv.exe
ProductName : Microsoft
Created on : 23/08/2001 12:00:00
Last accessed : 20/06/2004 14:35:49
Last modified : 23/08/2001 12:00:00
#:11 [incd.exe]
FilePath : C:\Program Files\Ahead\InCD\
ThreadCreationTime : 20-06-2004 13:17:19
BasePriority : Normal
FileSize : 1196 KB
Created on : 16/11/2003 21:31:18
Last accessed : 20/06/2004 14:35:49
Last modified : 17/01/2003 17:08:42
#:12 [rundll32.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 20-06-2004 13:17:19
BasePriority : Normal
FileSize : 31 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
OriginalFilename : RUNDLL.EXE
ProductName : Microsoft
Created on : 23/08/2001 12:00:00
Last accessed : 20/06/2004 14:35:50
Last modified : 23/08/2001 12:00:00
#:13 [evntsvc.exe]
FilePath : C:\Program Files\Common Files\Real\Update_OB\
ThreadCreationTime : 20-06-2004 13:17:19
BasePriority : Normal
FileSize : 143 KB
FileVersion : 0.1.0.880
ProductVersion : 0.1.0.880
Copyright : Copyright
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
OriginalFilename : evntsvc.EXE
ProductName : RealOne Player (32-bit)
Created on : 01/12/2003 14:13:35
Last accessed : 20/06/2004 14:35:50
Last modified : 01/12/2003 14:13:35
#:14 [ccapp.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ThreadCreationTime : 20-06-2004 13:17:19
BasePriority : Normal
FileSize : 69 KB
FileVersion : 2.1.0.610
ProductVersion : 2.1.0.610
Copyright : Copyright (c) 2000-2003 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Common Client User Session
InternalName : ccApp
OriginalFilename : ccApp.exe
ProductName : Common Client
Created on : 17/02/2004 18:33:42
Last accessed : 20/06/2004 14:35:50
Last modified : 10/11/2003 13:30:02
#:15 [qttask.exe]
FilePath : C:\Program Files\QuickTime\
ThreadCreationTime : 20-06-2004 13:17:19
BasePriority : Normal
FileSize : 76 KB
FileVersion : 6.4
ProductVersion : QuickTime 6.4
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
OriginalFilename : QTTask.exe
ProductName : QuickTime
Created on : 01/03/2004 01:23:44
Last accessed : 20/06/2004 14:35:50
Last modified : 01/03/2004 01:23:45
#:16 [jusched.exe]
FilePath : C:\Program Files\Java\j2re1.4.2_04\bin\
ThreadCreationTime : 20-06-2004 13:17:19
BasePriority : Normal
FileSize : 32 KB
Created on : 22/02/2068 23:44:46
Last accessed : 20/06/2004 14:35:50
Last modified : 22/02/2004 23:44:44
#:17 [winampa.exe]
FilePath : C:\Program Files\Winamp\
ThreadCreationTime : 20-06-2004 13:17:19
BasePriority : Normal
FileSize : 33 KB
Created on : 13/12/2003 00:50:34
Last accessed : 20/06/2004 14:35:50
Last modified : 13/12/2003 00:50:34
#:18 [datatime.exe]
FilePath : C:\PROGRA~1\DrawCast\
ThreadCreationTime : 20-06-2004 13:17:19
BasePriority : Normal
FileSize : 188 KB
Created on : 26/04/2004 12:14:33
Last accessed : 20/06/2004 14:35:50
Last modified : 02/06/2004 02:04:12
#:19 [msnmsgr.exe]
FilePath : C:\Program Files\MSN Messenger\
ThreadCreationTime : 20-06-2004 13:17:19
BasePriority : Normal
FileSize : 4572 KB
FileVersion : 6.1.0211
ProductVersion : Version 6.1
Copyright : Copyright (c) Microsoft Corporation 1997-2003
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msnmsgr
OriginalFilename : msnmsgr.exe
ProductName : Messenger
Created on : 04/03/2004 15:01:00
Last accessed : 20/06/2004 14:03:28
Last modified : 04/03/2004 15:01:00
#:20 [ctfmon.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 20-06-2004 13:17:19
BasePriority : Normal
FileSize : 13 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
OriginalFilename : CTFMON.EXE
ProductName : Microsoft
Created on : 23/08/2001 12:00:00
Last accessed : 20/06/2004 14:35:50
Last modified : 23/08/2001 12:00:00
#:21 [wzqkpick.exe]
FilePath : C:\Program Files\WinZip\
ThreadCreationTime : 20-06-2004 13:17:19
BasePriority : Normal
FileSize : 104 KB
FileVersion : 1.0 (32-bit)
ProductVersion : 8.1 (4319)
Copyright : Copyright (c) WinZip Computing, Inc. 1991-2001 - All Rights Reserved
CompanyName : WinZip Computing, Inc.
FileDescription : WinZip Executable
InternalName : WZQKPICK.EXE
OriginalFilename : WZQKPICK.EXE
ProductName : WinZip
Created on : 16/11/2003 21:17:14
Last accessed : 20/06/2004 14:35:50
Last modified : 11/02/2003 08:10:00
#:22 [navapsvc.exe]
FilePath : C:\Program Files\Norton AntiVirus\
ThreadCreationTime : 20-06-2004 13:17:26
BasePriority : Normal
FileSize : 155 KB
FileVersion : 10.00.2
ProductVersion : 10.00.2
Copyright : Norton AntiVirus 2004 for Windows 98/ME/2000/XP Copyright (c) 2003 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
OriginalFilename : NAVAPSVC.EXE
ProductName : Norton AntiVirus
Created on : 20/05/2004 12:05:06
Last accessed : 20/06/2004 14:35:50
Last modified : 23/04/2004 10:04:18
#:23 [nprotect.exe]
FilePath : C:\Program Files\Norton AntiVirus\AdvTools\
ThreadCreationTime : 20-06-2004 13:17:26
BasePriority : Normal
FileSize : 132 KB
FileVersion : 16.00.0.22
ProductVersion : 16.00.0.22
Copyright : Copyright (C) 2003 Symantec Corporation
CompanyName : Symantec Corporation
FileDescription : Norton Protection Status
InternalName : NPROTECT
OriginalFilename : NPROTECT.EXE
ProductName : Norton Utilities
Created on : 17/02/2004 18:14:14
Last accessed : 20/06/2004 14:35:50
Last modified : 14/08/2002 06:03:00
#:24 [symlcsvc.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\CCPD-LC\
ThreadCreationTime : 20-06-2004 13:17:26
BasePriority : Normal
FileSize : 572 KB
FileVersion : 1, 8, 48, 77
ProductVersion : 1, 8, 48, 77
Copyright : Copyright (C) 2003
CompanyName : Symantec Corporation
FileDescription : Symantec Core Component
InternalName : symlcsvc
OriginalFilename : symlcsvc.exe
ProductName : Symantec Core Component
Created on : 17/02/2004 18:12:54
Last accessed : 20/06/2004 14:35:50
Last modified : 17/02/2004 18:12:53
#:25 [savscan.exe]
FilePath : C:\Program Files\Norton AntiVirus\
ThreadCreationTime : 20-06-2004 13:17:33
BasePriority : Normal
FileSize : 189 KB
FileVersion : 9.2.1.14
ProductVersion : 9.2
Copyright : Copyright (c) 2003 Symantec Corporation
CompanyName : Symantec Corporation
FileDescription : Symantec AntiVirus Scanner
InternalName : SAVSCAN
OriginalFilename : SAVSCAN.EXE
ProductName : Symantec AntiVirus AutoProtect
Created on : 17/02/2004 18:33:47
Last accessed : 20/06/2004 14:35:50
Last modified : 04/12/2003 18:22:30
#:26 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ThreadCreationTime : 20-06-2004 13:19:23
BasePriority : Normal
FileSize : 89 KB
FileVersion : 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion : 6.00.2600.0000
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
OriginalFilename : IEXPLORE.EXE
ProductName : Microsoft
Created on : 10/11/2003 12:43:00
Last accessed : 20/06/2004 14:17:26
Last modified : 23/08/2001 12:00:00
#:27 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-aware 6\
ThreadCreationTime : 20-06-2004 14:35:39
BasePriority : Normal
FileSize : 668 KB
FileVersion : 6.0.1.181
ProductVersion : 6.0.0.0
Copyright : Copyright
CompanyName : Lavasoft Sweden
FileDescription : Ad-aware 6 core application
InternalName : Ad-aware.exe
OriginalFilename : Ad-aware.exe
ProductName : Lavasoft Ad-aware Plus
Created on : 01/06/2004 22:35:29
Last accessed : 20/06/2004 14:35:39
Last modified : 12/07/2003 20:00:20
Memory scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0
Started registry scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Registry scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0
Started deep registry scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainStart Pageabout:blank
Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "about:blank"
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Internet Explorer\Main
Value : Start Page
Data : "about:blank"
Deep registry scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 1
Objects found so far: 1
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Tracking Cookie Object recognized!
Type : File
Data : rach@2o7[1].txt
Object : C:\Documents and Settings\Rach\Cookies\
Created on : 18/06/2004 21:23:39
Last accessed : 20/06/2004 14:37:03
Last modified : 18/06/2004 21:23:39
Tracking Cookie Object recognized!
Type : File
Data : rach@ad-logics[1].txt
Object : C:\Documents and Settings\Rach\Cookies\
Created on : 18/06/2004 12:12:32
Last accessed : 20/06/2004 14:37:03
Last modified : 18/06/2004 12:12:32
Tracking Cookie Object recognized!
Type : File
Data : rach@atdmt[1].txt
Object : C:\Documents and Settings\Rach\Cookies\
Created on : 02/06/2004 12:02:35
Last accessed : 20/06/2004 14:11:04
Last modified : 02/06/2004 12:02:35
Tracking Cookie Object recognized!
Type : File
Data : rach@bins.lop[1].txt
Object : C:\Documents and Settings\Rach\Cookies\
Created on : 20/06/2004 13:24:23
Last accessed : 20/06/2004 14:37:03
Last modified : 20/06/2004 13:24:23
Tracking Cookie Object recognized!
Type : File
Data : rach@casalemedia[1].txt
Object : C:\Documents and Settings\Rach\Cookies\
Created on : 02/06/2004 02:09:08
Last accessed : 20/06/2004 14:37:03
Last modified : 02/06/2004 02:09:08
Tracking Cookie Object recognized!
Type : File
Data : rach@doubleclick[1].txt
Object : C:\Documents and Settings\Rach\Cookies\
Created on : 02/06/2004 12:11:29
Last accessed : 20/06/2004 14:12:44
Last modified : 02/06/2004 12:11:52
Tracking Cookie Object recognized!
Type : File
Data : rach@edge.ru4[2].txt
Object : C:\Documents and Settings\Rach\Cookies\
FileSize : 1 KB
Created on : 20/06/2004 14:12:07
Last accessed : 20/06/2004 14:12:07
Last modified : 20/06/2004 14:12:07
Tracking Cookie Object recognized!
Type : File
Data : rach@ehg-bskyb.hitbox[2].txt
Object : C:\Documents and Settings\Rach\Cookies\
Created on : 19/06/2004 18:52:16
Last accessed : 20/06/2004 14:37:03
Last modified : 19/06/2004 18:52:36
Tracking Cookie Object recognized!
Type : File
Data : rach@etype.adbureau[2].txt
Object : C:\Documents and Settings\Rach\Cookies\
Created on : 18/06/2004 16:04:40
Last accessed : 20/06/2004 14:37:03
Last modified : 18/06/2004 16:04:40
Tracking Cookie Object recognized!
Type : File
Data : rach@euniverseads[2].txt
Object : C:\Documents and Settings\Rach\Cookies\
Created on : 18/06/2004 12:11:26
Last accessed : 20/06/2004 14:37:03
Last modified : 18/06/2004 12:11:38
Tracking Cookie Object recognized!
Type : File
Data : rach@gator[1].txt
Object : C:\Documents and Settings\Rach\Cookies\
Created on : 18/06/2004 15:46:35
Last accessed : 20/06/2004 14:37:03
Last modified : 18/06/2004 15:46:35
Tracking Cookie Object recognized!
Type : File
Data : rach@hitbox[1].txt
Object : C:\Documents and Settings\Rach\Cookies\
Created on : 18/06/2004 14:06:35
Last accessed : 20/06/2004 14:37:03
Last modified : 19/06/2004 18:52:36
Tracking Cookie Object recognized!
Type : File
Data : rach@mediaplex[1].txt
Object : C:\Documents and Settings\Rach\Cookies\
Created on : 20/06/2004 14:12:11
Last accessed : 20/06/2004 14:12:11
Last modified : 20/06/2004 14:12:11
Tracking Cookie Object recognized!
Type : File
Data : rach@overture[1].txt
Object : C:\Documents and Settings\Rach\Cookies\
Created on : 02/06/2004 11:29:31
Last accessed : 20/06/2004 14:37:04
Last modified : 02/06/2004 11:29:31
Tracking Cookie Object recognized!
Type : File
Data : rach@phg.hitbox[2].txt
Object : C:\Documents and Settings\Rach\Cookies\
Created on : 18/06/2004 14:06:38
Last accessed : 20/06/2004 14:37:04
Last modified : 18/06/2004 14:06:56
Tracking Cookie Object recognized!
Type : File
Data : rach@promo.match[1].txt
Object : C:\Documents and Settings\Rach\Cookies\
Created on : 20/06/2004 13:17:40
Last accessed : 20/06/2004 14:37:04
Last modified : 20/06/2004 13:17:40
Tracking Cookie Object recognized!
Type : File
Data : rach@rub[1].txt
Object : C:\Documents and Settings\Rach\Cookies\
Created on : 02/06/2004 02:06:36
Last accessed : 20/06/2004 14:37:04
Last modified : 02/06/2004 02:06:36
Tracking Cookie Object recognized!
Type : File
Data : rach@srch.lop[1].txt
Object : C:\Documents and Settings\Rach\Cookies\
Created on : 18/06/2004 21:15:10
Last accessed : 20/06/2004 14:37:04
Last modified : 18/06/2004 21:15:10
Tracking Cookie Object recognized!
Type : File
Data : rach@targetnet[1].txt
Object : C:\Documents and Settings\Rach\Cookies\
Created on : 18/06/2004 15:46:29
Last accessed : 20/06/2004 14:37:04
Last modified : 18/06/2004 15:46:34
Tracking Cookie Object recognized!
Type : File
Data : rach@tradedoubler[1].txt
Object : C:\Documents and Settings\Rach\Cookies\
Created on : 18/06/2004 13:44:16
Last accessed : 20/06/2004 14:37:04
Last modified : 18/06/2004 13:44:16
Tracking Cookie Object recognized!
Type : File
Data : rach@tribalfusion[1].txt
Object : C:\Documents and Settings\Rach\Cookies\
Created on : 02/06/2004 13:19:02
Last accessed : 20/06/2004 14:37:04
Last modified : 02/06/2004 13:19:03
Tracking Cookie Object recognized!
Type : File
Data : rach@xxxtoolbar[1].txt
Object : C:\Documents and Settings\Rach\Cookies\
Created on : 18/06/2004 12:47:36
Last accessed : 20/06/2004 14:37:04
Last modified : 18/06/2004 12:47:37
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Deep scanning and examining files (C:)
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Performing conditional scans..
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Conditional scan result:
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 23
15:37:42 Scan complete
Summary of this scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Total scanning time :00:01:52:344
Objects scanned :42302
Objects identified :23
Objects ignored :0
New objects :23
CAN YOU PLEASE TELL ME WHICH I SHOULD DELETE IN ORDER TO GET RID OF ALL POP UPS, TOOLBARS, SEARCHBARS AND VIRUSES.
THANK YOU!
O2 - BHO: (no name) - {DCA1F413-88D9-D47A-A353-DC9FAD328515} - C:\PROGRA~1\ITCHSH~1\Fastregs.dll
O4 - HKLM\..\Run: [proxy scr] C:\PROGRA~1\DrawCast\DATATIME.exe
then, manually delete the folders
c:\program files\itchsh~1 (this is a folder that starts with itchsh)
c:\program files\drawcast
reboot, and post a new Hijackthis log.
There are some resource hogs in there, but let's focus on getting rid of omegasearch.
my new log is as follows:
Logfile of HijackThis v1.97.7
Scan saved at 03:19:23, on 21/06/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\DrawCast\DATATIME.exe
C:\Program Files\Messenger Plus! 2\MsgPlus.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Kazaa Lite K++\KazaaLite.kpp
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Rach\Desktop\downloads\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearchnow.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://mysearchnow.com/searchbar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mysearchnow.com/passthrough/index.html?http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearchnow.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://mysearchnow.com/searchbar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://mysearchnow.com/searchbar.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=127.0.0.1:1080
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {DCA1F413-88D9-D47A-A353-DC9FAD328515} - C:\PROGRA~1\ITCHSH~1\Bowscreative.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: BAIT RECT ARMY - {DF95DF3F-6630-893A-A9D8-8CD72B42B65D} - C:\PROGRA~1\ITCHSH~1\Bowscreative.dll (file missing)
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [proxy scr] C:\PROGRA~1\DrawCast\DATATIME.exe
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: messenger.hotmail.com
O15 - Trusted Zone: loginnet.passport.com
O15 - Trusted Zone: login.passport.net
O15 - Trusted Zone: memberservicesnet.passport.net
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28177.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28177.cab
O16 - DPF: {95EEE69E-27B4-4D13-BD32-766617A16909} (NDTVVideo.MPlayer) - http://www.ndtv.com/video/NDTVseekvideo.CAB
O16 - DPF: {C9BEF1E9-21F6-486F-80A2-32D61DE86E5E} - http://www.directxtras.com/speaksforitself/download/ms_sapi.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D4BC3B10-F024-4EF7-A62C-A298A11B51B5} - http://www.directxtras.com/speaksforitself/download/mstts_mike.cab
O16 - DPF: {E4DFABBD-F5F6-11D3-8421-0080C6F79C42} (SpeechControl Class) - http://www.directxtras.com/speaksforitself/download/speechplugin.cab
1) Disable system restore.
2) Boot into safe mode, remove these entries with hijackthis:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearchnow.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://mysearchnow.com/searchbar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mysearchnow.com/passthrough/...w.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearchnow.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://mysearchnow.com/searchbar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://mysearchnow.com/searchbar.html
O2 - BHO: (no name) - {DCA1F413-88D9-D47A-A353-DC9FAD328515} - C:\PROGRA~1\ITCHSH~1\Bowscreative.dll (file missing)
O3 - Toolbar: BAIT RECT ARMY - {DF95DF3F-6630-893A-A9D8-8CD72B42B65D} - C:\PROGRA~1\ITCHSH~1\Bowscreative.dll (file missing)
O4 - HKLM\..\Run: [proxy scr] C:\PROGRA~1\DrawCast\DATATIME.exe
3) Delete the folder c:\program files\drawcast
4) reboot.
5) enable system restore and create a new restore point.