omegasearch - mlink - Icrontic Forums

To talk on Icrontic, just register!

It only takes 30 seconds.

Have an account? Sign in:

To reopen your thread, send a Private Message (PM) to Trogan with a link to your thread.

If you are not the user who started this thread, you must start your own thread instead.

Reply to Discussion

Options

mondi

dot.

798 Posts

» Subscriber

15 Apr 2004, 4:53pm

omegasearch - mlink

Ghetto thread split #1

Quoting mlink

Ok I'm new to the board and I found you through my total annoyance with omegasearch...I tried to just find the files on my computer first and got rid of some but that didn't stop the passthrough page from coming up, then i got annoyed and went to the page and yes, i did download their uninstaller and tried to use it which of course didn't work. So i did a search and found the hijackthis software, but the files mentioned that i need to look for were not there. also, i got an error message before hijackthis opened.

here's my log:

Logfile of HijackThis v1.97.7
Scan saved at 10:44:25 AM, on 4/15/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\r_server.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\EXPL0RER.EXE
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\THUNKSLOW\KIND DASH.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\sllights.exe
C:\WINDOWS\SYSTEM32\rundll32.exe
C:\Program Files\Xi\Net Transport\NetTransport.exe
C:\Documents and Settings\peter\Desktop\HijackThis.exe

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {9ECEDC6B-C6E8-7F28-B650-F327DFA7B2DE} - C:\PROGRA~1\STARTB~1\Skipmp3.dll
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\Net Transport\NTIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: ????? - {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} - C:\PROGRA~1\Kingsoft\FASTAI~1\IEBand.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: Forflapbat - {AD50D826-F0F5-AEB7-9761-9E86A7A8A22F} - C:\PROGRA~1\STARTB~1\Skipmp3.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [inter rdr] C:\PROGRA~1\THUNKSLOW\KIND DASH.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download all by Net Transport - C:\PROGRA~1\XI\NETTRA~1\NTAddList.html
O8 - Extra context menu item: Download by Net Transport - C:\PROGRA~1\XI\NETTRA~1\NTAddLink.html
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite (HKLM)
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... (HKLM)
O9 - Extra button: Research (HKLM)
O9 - Extra button: Researcher (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: QQ (HKLM)
O9 - Extra button: FlashGet (HKLM)
O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.c...7958.3224421296
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/...ash/swflash.cab
O16 - DPF: {FC87A650-207D-4392-A6A1-82ADBC56FA64} (MultiDist) - http://xbs.climaxbucks.com/internet...3/MultiDist.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{5581AA9F-EAD7-4B5B-BE76-CBBAEA4A5206}: NameServer = 211.100.1.36 211.100.0.58

the error message said:

An unexpected error has occurred at procedure: frmMain_LoadSettings()
Error #5 - Invalid procedure call or argument

Please email me at merijn@spywareinfo.com, reporting the following:
* What you were doing when the error occurred
* How you can reproduce the error

Windows version: Windows NT 5.01.2600
MSIE version: 6.0.2800.1106
HijackThis version: 1.97.7

This message has been copied to your clipboard.

i'm gonna e-mail this to merijn in a sec

any help is appreciated.

--------------------------------------------------------------------------------

the only one i suspect is
O4 - HKLM\..\Run: [inter rdr] C:\PROGRA~1\THUNKSLOW\KIND DASH.exe

but i'd rather someone more experienced confirm what i think before i totally screw up my computer.

__________________

coj08

mondi

dot.

798 Posts

» Subscriber

15 Apr 2004, 5:09pm

hi there.

remove the following using the methods described here

O2 - BHO: (no name) - {9ECEDC6B-C6E8-7F28-B650-F327DFA7B2DE} - C:\PROGRA~1\STARTB~1\Skipmp3.dll
O3 - Toolbar: Forflapbat - {AD50D826-F0F5-AEB7-9761-9E86A7A8A22F} - C:\PROGRA~1\STARTB~1\Skipmp3.dll
O4 - HKLM\..\Run: [inter rdr] C:\PROGRA~1\THUNKSLOW\KIND DASH.exe
O16 - DPF: {FC87A650-207D-4392-A6A1-82ADBC56FA64} (MultiDist) - http://xbs.climaxbucks.com/internet...3/MultiDist.CAB

thats a start. Did you install Net Transport knowingly??, its on the edge of spyware/helper as far as I can see.

Dexter

Former SM Staff Member

3,580 Posts

15 Apr 2004, 5:44pm

And please come back to let us know if it worked or not.

And welcome to Short-Media, the best little Tech Community on the Net

Dexter...

__________________ "Forty-two," said Deep Thought, with infinite majesty and calm.

Put your computer's spare power to work searching for the cure to diseases: Folding@Home. Join Team 93 today! Join a winning team, and help Fold for a Cure!

Get spyware fighting tools at our Security Downloads Page. Get a better browser: Get Firefox.

[folding_sig1]

mlink

New to the neighborhood

4 Posts

16 Apr 2004, 7:58am

Well, i went against what I said and just deleted 3 files without waiting for the experts advice. Guess i did pretty good since i deleted 3 out of the 4 that you mentioned. I got frustrated waiting

but everytime i delete kind dash, i do a scan again and hijack this finds it there. I'm gonna delete all 4 now. And I didn't install net transport. It's a wierd situation. I'm sharing my friends computer in China and just last week I found omegasearch as the default browser. I will elt you know my progress and thanks for the help so far

mlink

New to the neighborhood

4 Posts

16 Apr 2004, 11:44am

ok, removed O4 - HKLM\..\Run: [inter rdr] C:\PROGRA~1\THUNKSLOW\KIND DASH.exe
O16 - DPF: {FC87A650-207D-4392-A6A1-82ADBC56FA64} (MultiDist) - http://xbs.climaxbucks.com/internet...3/MultiDist.CAB

the other 2 i had gotten rid of before, and i explained the 3rd before kept coming back, but after removing the climaxbucks one, Kind Dash has stopped coming back and the disease that is Omegasearch has been purged from my friends computer. Hopefully, I'll be able to help someone on this board one day, thanks again for the help

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Remove Omegasearch	MediaMan	Technology Articles	30	24 May 2004 5:10am
omegasearch	big_ecky	Resolved / Inactive	10	15 Apr 2004 5:06am
Omegasearch	music_head	Resolved / Inactive	6	14 Apr 2004 9:23pm
Updated Omegasearch Removal Information - Check here for the latest Omegasearch Info!	Dexter	Resolved / Inactive	0	12 Apr 2004 3:17pm

		Icrontic Forums > Malware Help > Spyware & Virus Removal > Resolved / Inactive
omegasearch - mlink

Jump to

This Thread	Search this Thread
Print Email	Search this Thread: Advanced Search

Username
Password	Forgot?
Remember me