To talk on Icrontic, just register!

It only takes 30 seconds.

Have an account? Sign in:

Forgot?

To reopen your thread, send a Private Message (PM) to Trogan with a link to your thread.

If you are not the user who started this thread, you must start your own thread instead.

 
Reply to Discussion Options
oloh
melodramatic fool
oloh
3 Posts
16 Apr 2004, 9:15am

Need help with HijackThis (log included)

Ok, I suddenly discovered I had that naughty thing called Omegasearch installed and I tried to remove it using Short-media's guide. I did all the guide said, removing these entries in HijackThis:

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://omegasearch.com/searchbar.html
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://omegasearch.com/searchbar.html
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://omegasearch.com/passthrough/...p://about_:blank
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://omegasearch.com/searchbar.html
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://omegasearch.com/searchbar.html
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://omegasearch.com/searchbar.html
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://omegasearch.com/searchbar.html

...but my browser is still messed up. I have an addinional searchbar below the adress line at all times, and everytime I start a new window an extremely irritating popup opens at the bottom of the page. HijackThis found a lot of other things on my computer but I did not dare to delete any of them as I did not know what they were. Below are links to my HijackThis log (in .txt format) and a screenshot showing the browserproblems.

Screenshot

Log

Please help, this is driving me crazy. Ugh.
Dexter
Former SM Staff Member
Dexter
3,580 Posts
16 Apr 2004, 9:18am
Welcome to Short-Media You've come to the right place for help.

I am posting your log file in the thread for easy reference:

Logfile of HijackThis v1.97.7
Scan saved at 09:39:12, on 16.04.2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\PROGRA~1\FIVEBARBSETUP\Build mp3.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\RUNDLL32.EXE
D:\Programmer\iFinger\iFinger.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Joakim\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://omegasearch.com/passthrough/i...://about:blank
O2 - BHO: (no name) - {037D536A-F052-65E0-CBE9-0BE58B2C0108} - C:\PROGRA~1\magsatom\new inside.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programmer\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {A114D52B-870C-4F15-8021-B6D7F91A054B} - D:\Programmer\iFinger\plugins\IE.ifp
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: TimeMix - {EB3D7F53-171A-7DF7-6766-A4ECFF34BC5D} - C:\PROGRA~1\magsatom\new inside.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [dart beep] C:\PROGRA~1\FIVEBARBSETUP\Build mp3.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: iFinger 2.0.lnk = D:\Programmer\iFinger\iFinger.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Programmer\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: iFinger (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/downlo...22/wmv9VCM.CAB
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://dev-www.fileplanet.com/fpdlmg...C_1_0_0_41.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/09f33e2fc31a840...p/RdxIE601.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite...ITDetector.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab
__________________ "Forty-two," said Deep Thought, with infinite majesty and calm.

Put your computer's spare power to work searching for the cure to diseases: Folding@Home. Join Team 93 today! Join a winning team, and help Fold for a Cure!
Get spyware fighting tools at our Security Downloads Page. Get a better browser: Get Firefox. Get Firefox!

[folding_sig1]
Dexter
Former SM Staff Member
Dexter
3,580 Posts
16 Apr 2004, 9:25am
All right, first of all, make sure you read the Updated Removal Instructions post.

There are random file names generated by the installer, but they follow a certain detectable pattern.

Following the instructions in the post above, reboot your computer in safe mode, and rerun HJT. Fix the following:


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://omegasearch.com/passthrough/...p://about_:blank


O2 - BHO: (no name) - {037D536A-F052-65E0-CBE9-0BE58B2C0108} - C:\PROGRA~1\magsatom\new inside.dll

O3 - Toolbar: TimeMix - {EB3D7F53-171A-7DF7-6766-A4ECFF34BC5D} - C:\PROGRA~1\magsatom\new inside.dll

O4 - HKLM\..\Run: [dart beep] C:\PROGRA~1\FIVEBARBSETUP\Build mp3.exe


Then manually locate your Program Files folder, and look for these:

C:\PROGRAM FILES\magsatom\new inside.dll
C:\PROGRAM FILES\FIVEBARBSETUP\Build mp3.exe

Delete the entire folder for each one.

Reboot normally, and you should be okay. Please post back to let us know. If you still have problems, post a new log (right here in the thread please) for further assistance.

Dexter...
oloh
melodramatic fool
oloh
3 Posts
16 Apr 2004, 10:10am
YESS

It worked. Thanks a lot, that was a big relief. Thank you.
Dexter
Former SM Staff Member
Dexter
3,580 Posts
16 Apr 2004, 10:17am
Quoting oloh
YESS

It worked. Thanks a lot, that was a big relief. Thank you.

You're very welcome

We hope you will stick around our little corner of the internet. Lot's of great folks here with lots of great knowledge, and we have some fun along the way.

Oh, and has anyone mentioned the word "Folding" to you yet...?

Dexter...
oloh
melodramatic fool
oloh
3 Posts
16 Apr 2004, 10:31am
Quoting Dexter
Oh, and has anyone mentioned the word "Folding" to you yet...?
Unfortunately, no.

Enlighten me!
Similar Threads
Thread Thread Starter Forum Replies Last Post
Problem installing HijackThis mountaineer Resolved / Inactive 4 19 Apr 2004 4:46pm
Omegasearch, hijackthis log hwkuser Resolved / Inactive 7 12 Apr 2004 12:34pm
another hijackthis log ryko General Software 7 1 Apr 2004 12:33am
Help with spybots (Hijackthis log) Omatic810 General Software 14 28 Mar 2004 2:17am
Look at this connection log just after about 4 or 5 days of using PeerGuardian leishi85 Networking & Security 20 18 Sep 2003 3:22pm

Go Back   Icrontic Forums > Malware Help > Spyware & Virus Removal > Resolved / Inactive
Reload this Page Need help with HijackThis (log included)
Jump to
This Thread Search this Thread
Search this Thread:

Advanced Search

Today's Posts - Mark All Read - Contact Us - Icrontic.com - Archive - Top

Current time: 7:49am (GMT)
Powered by vBulletin®
Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
Get Vanilla instead. Trust me.