Need help with HijackThis (log included)

Unknown
edited April 2004 in Spyware & Virus Removal
Ok, I suddenly discovered I had that naughty thing called Omegasearch installed and I tried to remove it using Short-media's guide. I did all the guide said, removing these entries in HijackThis:

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://omegasearch.com/searchbar.html
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://omegasearch.com/searchbar.html
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://omegasearch.com/passthrough/...p://about_:blank
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://omegasearch.com/searchbar.html
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://omegasearch.com/searchbar.html
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://omegasearch.com/searchbar.html
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://omegasearch.com/searchbar.html

...but my browser is still messed up. I have an addinional searchbar below the adress line at all times, and everytime I start a new window an extremely irritating popup opens at the bottom of the page. HijackThis found a lot of other things on my computer but I did not dare to delete any of them as I did not know what they were. Below are links to my HijackThis log (in .txt format) and a screenshot showing the browserproblems.

Screenshot

Log

Please help, this is driving me crazy. Ugh.

Comments

  • DexterDexter Vancouver, BC Canada
    edited April 2004
    Welcome to Short-Media :) You've come to the right place for help.

    I am posting your log file in the thread for easy reference:

    Logfile of HijackThis v1.97.7
    Scan saved at 09:39:12, on 16.04.2004
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\PROGRA~1\FIVEBARBSETUP\Build mp3.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\System32\RUNDLL32.EXE
    D:\Programmer\iFinger\iFinger.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\System32\wuauclt.exe
    C:\Documents and Settings\Joakim\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://omegasearch.com/passthrough/index.html?http://about:blank
    O2 - BHO: (no name) - {037D536A-F052-65E0-CBE9-0BE58B2C0108} - C:\PROGRA~1\magsatom\new inside.dll
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programmer\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {A114D52B-870C-4F15-8021-B6D7F91A054B} - D:\Programmer\iFinger\plugins\IE.ifp
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: TimeMix - {EB3D7F53-171A-7DF7-6766-A4ECFF34BC5D} - C:\PROGRA~1\magsatom\new inside.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [dart beep] C:\PROGRA~1\FIVEBARBSETUP\Build mp3.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: iFinger 2.0.lnk = D:\Programmer\iFinger\iFinger.exe
    O4 - Global Startup: Microsoft Office.lnk = D:\Programmer\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: iFinger (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://dev-www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_41.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/09f33e2fc31a84052220/netzip/RdxIE601.cab
    O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
    O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab
  • DexterDexter Vancouver, BC Canada
    edited April 2004
    All right, first of all, make sure you read the Updated Removal Instructions post.

    There are random file names generated by the installer, but they follow a certain detectable pattern.

    Following the instructions in the post above, reboot your computer in safe mode, and rerun HJT. Fix the following:


    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://omegasearch.com/passthrough/...p://about_:blank


    O2 - BHO: (no name) - {037D536A-F052-65E0-CBE9-0BE58B2C0108} - C:\PROGRA~1\magsatom\new inside.dll

    O3 - Toolbar: TimeMix - {EB3D7F53-171A-7DF7-6766-A4ECFF34BC5D} - C:\PROGRA~1\magsatom\new inside.dll

    O4 - HKLM\..\Run: [dart beep] C:\PROGRA~1\FIVEBARBSETUP\Build mp3.exe


    Then manually locate your Program Files folder, and look for these:

    C:\PROGRAM FILES\magsatom\new inside.dll
    C:\PROGRAM FILES\FIVEBARBSETUP\Build mp3.exe

    Delete the entire folder for each one.

    Reboot normally, and you should be okay. Please post back to let us know. If you still have problems, post a new log (right here in the thread please) for further assistance.

    Dexter...
  • oloh
    edited April 2004
    YESS :)

    It worked. Thanks a lot, that was a big relief. Thank you.
  • DexterDexter Vancouver, BC Canada
    edited April 2004
    oloh wrote:
    YESS :)

    It worked. Thanks a lot, that was a big relief. Thank you.


    You're very welcome :)

    We hope you will stick around our little corner of the internet. Lot's of great folks here with lots of great knowledge, and we have some fun along the way.

    Oh, and has anyone mentioned the word "Folding" to you yet...? ;)

    Dexter...
  • oloh
    edited April 2004
    Dexter wrote:
    Oh, and has anyone mentioned the word "Folding" to you yet...? ;)

    Unfortunately, no.

    Enlighten me!
This discussion has been closed.