hey there:
this is quite the infestation, i highly recommend reading prime's article
here when youre done, and running the applications mentioned...
The instructions
here should set you straight. though given the scope of your infection you may need to repost updated logs and have us go through them again.
heres what to remove: (can someone else scan this too, im certain to miss something
)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://omegasearch.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://omegasearch.com/searchbar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://omegasearch.com/passthrough/...://www.msn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://omegasearch.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://omegasearch.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://omegasearch.com/searchbar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://omegasearch.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://www.searchgateway.net/search/%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,AutoConfigURL =
kpower2@cogeco.ca
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {D6DFF6D8-B94B-4720-B730-1C38C7065C3B} - C:\PROGRA~1\COMMON~1\BTLINK\btlink.dll
O2 - BHO: (no name) - {00000273-8230-4DD4-BE4F-6889D1E74167} - C:\WINDOWS\host.dll
O2 - BHO: (no name) - {35A6E019-4754-386A-9AC1-589C2A2145EC} - C:\PROGRA~1\TEAMLI~1\ooze real.dll
O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_22.dll
O3 - Toolbar: &Search Toolbar - {6A85D97D-665D-4825-8341-9501AD9F56A3} - C:\PROGRA~1\SEARCH~1\stoolbar.dll
O3 - Toolbar: Comet Toolbar - {FE6BC4EF-5676-484B-88AE-883323913256} - C:\PROGRA~1\Comet\Bin\csietb.dll
O3 - Toolbar: Dvdcool - {552A842B-86EE-7083-74B6-F45B3047320E} - C:\PROGRA~1\TEAMLI~1\ooze real.dll
O4 - HKLM\..\Run: [] C:\WINDOWS\Options\OEMReset.exe /Audit
O4 - HKLM\..\Run: [susp] C:\WINDOWS\susp.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup
O4 - HKLM\..\Run: [inside view] C:\PROGRA~1\FUNKFO~1\junk live 01.exe
O4 - Global Startup: PrecisionTime.lnk = C:\Program Files\PrecisionTime\PrecisionTime.exe
O4 - Startup: Virtual Bouncer.lnk = C:\Program Files\VBouncer\VirtualBouncer.exe
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O16 - DPF: {10000273-8230-4DD4-BE4F-6889D1E74167} -
http://download.abetterinternet.com....cab?id=3342612
O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} -
http://www.spywarenuker.com/product...erInstaller.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
http://ak.imgfarm.com/images/nocach...etup1.0.0.6.cab
O16 - DPF: {20000273-8230-4DD4-BE4F-6889D1E74167} -
http://download.abetterinternet.com...06/payload2.cab
O16 - DPF: {26E8361F-BCE7-4F75-A347-98C88B418322} -
http://dst.trafficsyndicate.com/Dnl/T_50023/QDow.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
http://a1540.g.akamai.net/7/1540/52...meInstaller.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
http://software-dl.real.com/169d195...ip/RdxIE601.cab
O16 - DPF: {D9EC0A76-03BF-11D4-A509-0090270F86E3} -
http://download.spywarelabs.com/ins...erOuter1203.EXE
Similar Threads
