omegasearch - Shuky
Can someone help me to get rid from this hijack.
I followed Dexter datailed information , runnig through Safe mode etc.
but after the reboot still have it back.
Here is my HijackThis log file.
Thanks,
Shuky.
Logfile of HijackThis v1.97.7
Scan saved at 18:53:49, on 16/04/2004
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 (5.00.2920.0000)
Running processes:
D:\WINNT\System32\smss.exe
D:\WINNT\system32\winlogon.exe
D:\WINNT\system32\services.exe
D:\WINNT\system32\lsass.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\system32\spoolsv.exe
D:\Program Files\VPNremote for Windows 2000\AvVpnService.exe
D:\WINNT\System32\svchost.exe
D:\Program Files\Network Associates\Common Framework\FrameworkService.exe
D:\Program Files\Network Associates\VirusScan\mcshield.exe
D:\Program Files\Network Associates\VirusScan\vstskmgr.exe
D:\Program Files\NMapWin\bin\nmapserv.exe
D:\WINNT\System32\nvsvc32.exe
D:\WINNT\system32\regsvc.exe
D:\WINNT\system32\MSTask.exe
D:\WINNT\system32\slserv.exe
D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
D:\WINNT\system32\stisvc.exe
D:\WINNT\system32\ZONELABS\vsmon.exe
D:\WINNT\System32\WBEM\WinMgmt.exe
D:\WINNT\Explorer.exe
D:\WINNT\anvshell.exe
C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
D:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
D:\Program Files\Analog Devices\SoundMAX\Smtray.exe
D:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
D:\PROGRA~1\UPLOAD~1\Ace mp3.exe
D:\WINNT\System32\internat.exe
D:\Program Files\Babylon\babylon.exe
D:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
D:\Program Files\MRU-Blaster\scheduler.exe
D:\Program Files\Webshots\WebshotsTray.exe
D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
D:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
D:\WINNT\System32\mdm.exe
D:\Documents and Settings\administrator\My Documents\Shuky\tools\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://omegasearch.com/passthrough/index.html?http://about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [anvshell] anvshell.exe
O4 - HKLM\..\Run: [WheelMouse] c:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [IMONTRAY] C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
O4 - HKLM\..\Run: [TkBellExe] D:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [Smapp] D:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "D:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [once memo] D:\PROGRA~1\UPLOAD~1\Ace mp3.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [Babylon Translator] D:\Program Files\Babylon\babylon.exe
O4 - HKLM\..\RunOnce: [MRUBlaster] D:\Program Files\MRU-Blaster\indexcleaner.exe -COOKIES
O4 - Startup: MRU-Blaster Scheduler.lnk = D:\Program Files\MRU-Blaster\scheduler.exe
O4 - Startup: MRU-Blaster Silent Clean.lnk = D:\Program Files\MRU-Blaster\mrublaster.exe
O4 - Startup: Webshots.lnk = D:\Program Files\Webshots\WebshotsTray.exe
O4 - Global Startup: ZoneAlarm.lnk = D:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: hpoddt01.exe.lnk = D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - Global Startup: hp psc 1000 series.lnk = D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
O9 - Extra button: ICQ Lite (HKLM)
O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)
O12 - Plugin for .php3: D:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=
I followed Dexter datailed information , runnig through Safe mode etc.
but after the reboot still have it back.
Here is my HijackThis log file.
Thanks,
Shuky.
Logfile of HijackThis v1.97.7
Scan saved at 18:53:49, on 16/04/2004
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 (5.00.2920.0000)
Running processes:
D:\WINNT\System32\smss.exe
D:\WINNT\system32\winlogon.exe
D:\WINNT\system32\services.exe
D:\WINNT\system32\lsass.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\system32\spoolsv.exe
D:\Program Files\VPNremote for Windows 2000\AvVpnService.exe
D:\WINNT\System32\svchost.exe
D:\Program Files\Network Associates\Common Framework\FrameworkService.exe
D:\Program Files\Network Associates\VirusScan\mcshield.exe
D:\Program Files\Network Associates\VirusScan\vstskmgr.exe
D:\Program Files\NMapWin\bin\nmapserv.exe
D:\WINNT\System32\nvsvc32.exe
D:\WINNT\system32\regsvc.exe
D:\WINNT\system32\MSTask.exe
D:\WINNT\system32\slserv.exe
D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
D:\WINNT\system32\stisvc.exe
D:\WINNT\system32\ZONELABS\vsmon.exe
D:\WINNT\System32\WBEM\WinMgmt.exe
D:\WINNT\Explorer.exe
D:\WINNT\anvshell.exe
C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
D:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
D:\Program Files\Analog Devices\SoundMAX\Smtray.exe
D:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
D:\PROGRA~1\UPLOAD~1\Ace mp3.exe
D:\WINNT\System32\internat.exe
D:\Program Files\Babylon\babylon.exe
D:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
D:\Program Files\MRU-Blaster\scheduler.exe
D:\Program Files\Webshots\WebshotsTray.exe
D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
D:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
D:\WINNT\System32\mdm.exe
D:\Documents and Settings\administrator\My Documents\Shuky\tools\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://omegasearch.com/passthrough/index.html?http://about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [anvshell] anvshell.exe
O4 - HKLM\..\Run: [WheelMouse] c:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [IMONTRAY] C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
O4 - HKLM\..\Run: [TkBellExe] D:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [Smapp] D:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "D:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [once memo] D:\PROGRA~1\UPLOAD~1\Ace mp3.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [Babylon Translator] D:\Program Files\Babylon\babylon.exe
O4 - HKLM\..\RunOnce: [MRUBlaster] D:\Program Files\MRU-Blaster\indexcleaner.exe -COOKIES
O4 - Startup: MRU-Blaster Scheduler.lnk = D:\Program Files\MRU-Blaster\scheduler.exe
O4 - Startup: MRU-Blaster Silent Clean.lnk = D:\Program Files\MRU-Blaster\mrublaster.exe
O4 - Startup: Webshots.lnk = D:\Program Files\Webshots\WebshotsTray.exe
O4 - Global Startup: ZoneAlarm.lnk = D:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: hpoddt01.exe.lnk = D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - Global Startup: hp psc 1000 series.lnk = D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
O9 - Extra button: ICQ Lite (HKLM)
O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)
O12 - Plugin for .php3: D:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=
0
This discussion has been closed.
Comments
these are the entries/files you need to delete using those instructions:
D:\PROGRA~1\UPLOAD~1\Ace mp3.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://omegasearch.com/passthrough/...p://about_:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - HKLM\..\Run: [once memo] D:\PROGRA~1\UPLOAD~1\Ace mp3.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=
let me know if that does it, if not post back an updated log and we'll take it from there
mondi
About my log file - This is the log file I got after cleaning the same line
from my previous Hijackthis run - and do a reboot.
( of course directly after cleaning it and rerun of hijackthis - that line does not appear).
Shuky.
no problem ...though im not sure that i understand your reply - you already deleted those lines and it came back ?, if so did you make sure to delete the file too (D:\PROGRA~1\UPLOAD~1\Ace mp3.exe) ...
if so, ill look a little deeper into your log and see if i can find anything else.
mondi
is your system clean now, or not? Can you post a fresh log please?
Dexter...
Thanks Mondi and Dexter.
Shuky.
I'd also like to invite you to click the links in my signature below, and consider joining our good cause: Folding For a Cure. We are part of a worldwide effort to use home computers to find cures to complex diseases like cancer, alzheimers, parkinson's, etc. Short-Media's team is ranked #9 world-wide for our contribution, and we welcome all new members. Check the links below to find out more, and we hope you will consider joining our Team and helping the cause!
Cheers,
Dexter...