«

A BLANK CHEQUE TO ANYONE THAT SOLVE THIS?

I am running XP and my Internet Explorer has been captured by some sort of
toolbar that continually loads all sorts of web pages. I right clicked on
the bogus toolbar then clicked properties and it states:

PROTOCOL: HyperText Transfer Protocol


ADDRESS: (URL) HTTP: myserchnow.com/passthrough/newpass2. HTLM.

Shopping.net/toolbar. HTLM

--------
How can I trace where this spy-ware is? I tried Ad-Aware and Microsoft's own
spy-ware Beta
software and both found spy-ware and deleted it but still the toolbar keeps
coming back when I reboot? I have web-addresses in my favourites that I didn't
put there, but when I go into my favourites folder to list and delete them
the mystery favourites don't appear, therefor I can't see them to delete
them?

---------

UPDATE

I reluctantly went out today and bought McAfee Internet Security Suite for
£24.75
at PC World, as it was reduced for a couple of days from £29.99.
Unfortunately
McAfee hasn't helped me. I still have this toolbar that I can't get rid of
and I cant delete the web addresses that have been put into my favourites.
As I have said before when I list my favourites the bogus web site address
do not appear in the list, for me to delete them? How can I delete them? One
more question, can I download Search & Destroy while I have McAfee installed
on my computer, because, before I bought McAfee today I had already
downloaded Search & Destroy to scan my disk. It also found spyware but it
wouldn't delete the spyware unless I bought the product. I have been told
that this should not have happened as S & D was FREE, have I done something
wrong? I think this has happened to me before?

Oh yes, does anyone want to buy the McAfee I.N.S that has been used once for
a penny?



My computer skills are still NILL therefor could you please keep any advice
simple, thank you.

Sounds like a job for Frank DeLucca MS MPV and his service pak2.
I would appreciate a cut for the referral though.
"<<Scottie>>" <> wrote in message
news:yyb7e.17139$...
>A BLANK CHEQUE TO ANYONE THAT SOLVE THIS?
>
> I am running XP and my Internet Explorer has been captured by some sort of
> toolbar that continually loads all sorts of web pages. I right clicked on
> the bogus toolbar then clicked properties and it states:
>
> PROTOCOL: HyperText Transfer Protocol
>
>
> ADDRESS: (URL) HTTP: myserchnow.com/passthrough/newpass2. HTLM.
>
> Shopping.net/toolbar. HTLM
>
> --------
> How can I trace where this spy-ware is? I tried Ad-Aware and Microsoft's
> own spy-ware Beta
> software and both found spy-ware and deleted it but still the toolbar
> keeps coming back when I reboot? I have web-addresses in my favourites
> that I didn't put there, but when I go into my favourites folder to list
> and delete them the mystery favourites don't appear, therefor I can't see
> them to delete them?
>
> ---------
>
> UPDATE
>
> I reluctantly went out today and bought McAfee Internet Security Suite for
> £24.75
> at PC World, as it was reduced for a couple of days from £29.99.
> Unfortunately
> McAfee hasn't helped me. I still have this toolbar that I can't get rid of
> and I cant delete the web addresses that have been put into my favourites.
> As I have said before when I list my favourites the bogus web site address
> do not appear in the list, for me to delete them? How can I delete them?
> One more question, can I download Search & Destroy while I have McAfee
> installed on my computer, because, before I bought McAfee today I had
> already downloaded Search & Destroy to scan my disk. It also found spyware
> but it wouldn't delete the spyware unless I bought the product. I have
> been told that this should not have happened as S & D was FREE, have I
> done something wrong? I think this has happened to me before?
>
> Oh yes, does anyone want to buy the McAfee I.N.S that has been used once
> for a penny?
>
>
>
> My computer skills are still NILL therefor could you please keep any
> advice simple, thank you.
>
>

On Wed, 13 Apr 2005 16:13:18 GMT, <<Scottie>> wrote:

>A BLANK CHEQUE TO ANYONE THAT SOLVE THIS?
>
>I am running XP and my Internet Explorer has been captured by some sort of
>toolbar that continually loads all sorts of web pages. I right clicked on
>the bogus toolbar then clicked properties and it states:
>
>PROTOCOL: HyperText Transfer Protocol
>
>
>ADDRESS: (URL) HTTP: myserchnow.com/passthrough/newpass2. HTLM.
>
>Shopping.net/toolbar. HTLM

Try running,
SpyBot S&D , http://security.kolla.de/


The toolbar name, mysearchnow produces lots of hits in Google.
http://www.experts-exchange.com/Oper..._20833849.html



1)
http://short-media.com/forum/showthread.php?p=166159
It's a long thread, with several HiJackThis (from)
http://www.spywareinfo.com/~merijn/downloads.html
logs. The person reported the problem was sorted, it involves fixing
several of the startup entries and running this -
OmegakillerSM, which will remove Mysearchnow.com and the toolbar.

Information about the search page hijacking
http://www.short-media.com/review.php?r=252&p=1


The thread finishes off with -

Then, run the Omegakiller application to restore your HOSTS file against
their domains.

Then....set a new System Restore Point. Follow Step 9 in this article:

Removal steps
http://www.short-media.com/review.php?r=252&p=3

<snip>

Me

neville wrote:
> Sounds like a job for Frank DeLucca MS MPV and his service pak2.
> I would appreciate a cut for the referral though.

Nice one, Neville!

<<Scottie>> wrote:
> A BLANK CHEQUE TO ANYONE THAT SOLVE THIS?
>
> I am running XP and my Internet Explorer has been captured by some
> sort of toolbar that continually loads all sorts of web pages. I
> right clicked on the bogus toolbar then clicked properties and it states:
>
> PROTOCOL: HyperText Transfer Protocol
>
>
> ADDRESS: (URL) HTTP: myserchnow.com/passthrough/newpass2. HTLM.
>
> Shopping.net/toolbar. HTLM
>
> --------
> How can I trace where this spy-ware is? I tried Ad-Aware and
> Microsoft's own spy-ware Beta
> software and both found spy-ware and deleted it but still the toolbar
> keeps coming back when I reboot? I have web-addresses in my
> favourites that I didn't put there, but when I go into my favourites
> folder to list and delete them the mystery favourites don't appear,
> therefor I can't see them to delete them?
>
> ---------
>
> UPDATE
>
> I reluctantly went out today and bought McAfee Internet Security
> Suite for £24.75
> at PC World, as it was reduced for a couple of days from £29.99.
> Unfortunately
> McAfee hasn't helped me. I still have this toolbar that I can't get
> rid of and I cant delete the web addresses that have been put into my
> favourites. As I have said before when I list my favourites the bogus web
> site
> address do not appear in the list, for me to delete them? How can I delete
> them? One more question, can I download Search & Destroy while I have
> McAfee installed on my computer, because, before I bought McAfee
> today I had already downloaded Search & Destroy to scan my disk. It
> also found spyware but it wouldn't delete the spyware unless I bought
> the product. I have been told that this should not have happened as S
> & D was FREE, have I done something wrong? I think this has happened
> to me before?
> Oh yes, does anyone want to buy the McAfee I.N.S that has been used
> once for a penny?
>
>
>
> My computer skills are still NILL therefor could you please keep any
> advice simple, thank you.

This a very nasty thing to get rid off. We suggest you download, install and
update Service Pak 2. Then start in safe mode and run Service Pak 2 again.
It should be able to find the culprit. If not, poast back with your real
email address so we can send you a patch by private email.

Glad to be of any help, as always.
--
- Frank DeLucca -

MS-MPV (Confirmation coming up any time now, seconds are ticking away..)

Download, update and use ALL of the following -- even
if you already have them installed, UPDATE THEM NOW.
Malware changes by the day, even by the hour, so you MUST
have the latest version of removal tools:

Spybot Search & Destroy
http://www.safer-networking.org/en/index.html
SpyBot S&D guide
http://www.chem.wisc.edu/~network/spybot/

Ad-Aware SE
http://www.lavasoftusa.com/
Ad-Aware VX2 cleaner plug-in
http://www.lavasoftusa.com/software/...2cleaner.shtml
IMPORTANT NOTICE:
http://www.mvps.org/winhelp2002/hosts.htm#Attention

Spyware Blaster
http://www.javacoolsoftware.com/spywareblaster.html

CWShredder (CoolWebSearch remover)
http://cwshredder.net/cwshredder/cwschronicles.html
Now maintained by InterMute
http://www.intermute.com/spysubtract..._download.html
http://cwshredder.net/bin/CWShredder.exe


In <yyb7e.17139$>,
<<Scottie>> took 50 lines to utter:

>A BLANK CHEQUE TO ANYONE THAT SOLVE THIS?
>
>I am running XP and my Internet Explorer has been captured by some sort of
>toolbar that continually loads all sorts of web pages. I right clicked on
>the bogus toolbar then clicked properties and it states:

<snip>

--
Basic computer maintenance
http://uk.geocities.com/personel44/maintenance.html

My thanks for all the advice. It's nice to hear from you again Mike. To my
rescue as usual. I have finally downloaded Spybot and it found and deleted
17 errors. I am about to try Internet Explorer again, fingers X. Mike can I
download all the software you recommended while I have McAfee installed on
my computer? Once again my thanks to all.
----------
"°Mike°" <> wrote in message
news:42626722.2739343@localhost...
> Download, update and use ALL of the following -- even
> if you already have them installed, UPDATE THEM NOW.
> Malware changes by the day, even by the hour, so you MUST
> have the latest version of removal tools:
>
> Spybot Search & Destroy
> http://www.safer-networking.org/en/index.html
> SpyBot S&D guide
> http://www.chem.wisc.edu/~network/spybot/
>
> Ad-Aware SE
> http://www.lavasoftusa.com/
> Ad-Aware VX2 cleaner plug-in
> http://www.lavasoftusa.com/software/...2cleaner.shtml
> IMPORTANT NOTICE:
> http://www.mvps.org/winhelp2002/hosts.htm#Attention
>
> Spyware Blaster
> http://www.javacoolsoftware.com/spywareblaster.html
>
> CWShredder (CoolWebSearch remover)
> http://cwshredder.net/cwshredder/cwschronicles.html
> Now maintained by InterMute
> http://www.intermute.com/spysubtract..._download.html
> http://cwshredder.net/bin/CWShredder.exe
>
>
> In <yyb7e.17139$>,
> <<Scottie>> took 50 lines to utter:
>
>>A BLANK CHEQUE TO ANYONE THAT SOLVE THIS?
>>
>>I am running XP and my Internet Explorer has been captured by some sort of
>>toolbar that continually loads all sorts of web pages. I right clicked on
>>the bogus toolbar then clicked properties and it states:
>
> <snip>
>
> --
> Basic computer maintenance
> http://uk.geocities.com/personel44/maintenance.html

You're welcome.

And yes, you can install all of the software with McAfee installed,
but if anything complains during install, temporarily disable
McAfee (after scanning, of course).

In <HDe7e.21159$>,
<<Scottie>> took 51 lines to utter:

>My thanks for all the advice. It's nice to hear from you again Mike. To my
>rescue as usual. I have finally downloaded Spybot and it found and deleted
>17 errors. I am about to try Internet Explorer again, fingers X. Mike can I
>download all the software you recommended while I have McAfee installed on
>my computer? Once again my thanks to all.

<snip>

--
Basic computer maintenance
http://uk.geocities.com/personel44/maintenance.html

I tried Internet Explorer but I am still getting the bogus toolbar? I have
tried to send the Search & Destroy report with this post but the fonts are
very small, so I don't know if I will be able to send it?

WebTrends live: Tracking cookie (Mozilla: default) (Cookie, fixed)

Weblrends live: Tracking cookie (Mozilla: default) (Cookie, fixed)

Weblrends live: Tracking cookie (Mozilla: default) (Cookie, fixed)

WebTrends live: Tracking cookie (Mozilla: default) (Cookie, fixed)

Avenue A, Inc.: Tracking cookie (Mozifla: default) (Cookie, fixed)

FastClick: Tracking cookie (Mozilla: default) (Cookie, fixed)

HitBox: Tracking cookie (Mozilla: default) (Cookie, fixed)

l-fttBox: Tracking cookie (Mozilla: default) (Cookie, fixed)

Hothar: Interface (lHbMapiAddrBook) (Registry key, fixed)
HKEY_LOCAL_MACHlNE\Software~Classes~lnterface\{F64 B26Cl -O7DE-1 1
D5-B5OD-OODOB77FOA6D}

Hothar: Global settings (Registry key, fixed)
HKEY_LOCALMACHlNE\Software~Hothar

Hotbar: Interface (Registry key, fixed)

HKEY_CLASSES_ROOT\lnterface\{927420A3-7259-4A74-B402-93291 77EC3FC}

Hothar: Interface (Registry key, fixed) HKEY_CLASSES_ROOT\lnterface\{DA60341
1-0593-11 D5-A46B-OO5O8B5BA2DF}

Hothar: Interface (Registry key, fixed)
HKEY_CLASSESfiOOlllnterface\{7E33BC81 -0818-11 D5-B5OD-OODOB77FOA6D}

Hotbar: Interface (Registry key, fixed) HKEY_CLASSESROOT\Interface\(31 03E31
2-El BB-49AB-8OEB-0A92FCA78746}

Hothar: Interface (Registry key, fixed) HKEY_CLASSES_ROOT\lnterface\{1 771
9B53-FAD1-1 1 D4-A466-OO5O8B5BA2DF}

Hothar: Interface (lhbStats) (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\lnterface\{1 771 9B54-FAD1-1 I
D4-A466-OO5O8B5BA2DF}

Hothar: Type library (Registry key, fixed)

HKEY_CLASSESROOT\TypeLibl{60F63095-41 EC-1 1 D5-B558-OODOB77FOA6D}

Spybot - Search && Destroy version: 1.3

2005-03-03 lncludes\Cookies.sbi

2005-04-07 tncludes\Diater.sbi

2005-04-07 lncludes\Hijackers.sbi

2005-03-22 lncludes\Keyloggers.sbi

2004-11-29 Includes\LSP.sbi

2005-04-07 lncludes\Malware.sbi

2005-03-17 Includes\PUPS.sbi

2005-03-17 lncIudes~Revision.sbi

2005-02-09 lncludes\Security.sbi

2005-04-07 lncludes\Spybots.sbi

2005-02-17 Includes\Tracks.uti

2Q05-04-07 lncludes\Trojans.sbi

<snip>

A SpyBot S&D log is useless for diagnosis. Install HijackThis
and post the contents of that log here.

HijackThis
http://mjc1.com/mirror/hjt/
http://www.spywareinfo.com/~merijn/files/hijackthis.zip
http://209.133.47.12/~merijn/files/HijackThis.exe
http://aumha.org/downloads/hijackthis.zip
http://aumha.org/downloads/hijackthis.exe


In <A4f7e.40$>,
<<Scottie>> took 80 lines to utter:

>I tried Internet Explorer but I am still getting the bogus toolbar? I have
>tried to send the Search & Destroy report with this post but the fonts are
>very small, so I don't know if I will be able to send it?

<snip>

--
Basic computer maintenance
http://uk.geocities.com/personel44/maintenance.html