Another Omegasearch victim (Hijackthis log)

Unknown

This Omegasearch thing is KILLING me! Did the thing you recommended, with the "safe mode" and all, but it didn't go away.
So here's the log, hope you guys can help me out!



Logfile of HijackThis v1.97.7
Scan saved at 15:45:21, on 2004-05-13
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Grisoft\AVG6\avgcc32.exe
G:\Program\Winamp3\winampa.exe
C:\Program\IDOLHE~1\STOPREAL.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program\Internet Explorer\iexplore.exe
C:\WINDOWS\Explorer.EXE
G:\Program\mIRC\mirc.exe
C:\Program\Internet Explorer\iexplore.exe
I:\Hijack This\HijackThis.exe
C:\WINDOWS\System32\cidaemon.exe
C:\WINDOWS\System32\msiexec.exe
C:\WINDOWS\System32\MsiExec.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {4A723B96-4876-B482-B16C-D4C4A65ECF9E} - C:\Program\OOZEUP~1\Okay Bits.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Team Soft Meta - {5885F4FC-A17D-A32A-283C-CBAE81023C47} - C:\Program\OOZEUP~1\Okay Bits.dll
O4 - HKLM\..\Run: [AVG_CC] C:\Program\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] "G:\Program\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [fork noun] C:\Program\IDOLHE~1\STOPREAL.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\System32\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: 3DO Registration.lnk = G:\Spel\Heroes 3\Register\Remind32.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: Real.com (HKLM)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_41.cab
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37790.3375462963
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

mmonnin

O2 - BHO: (no name) - {4A723B96-4876-B482-B16C-D4C4A65ECF9E} - C:\Program\OOZEUP~1\Okay Bits.dll
O3 - Toolbar: Team Soft Meta - {5885F4FC-A17D-A32A-283C-CBAE81023C47} - C:\Program\OOZEUP~1\Okay Bits.dll
O4 - HKLM\..\Run: [fork noun] C:\Program\IDOLHE~1\STOPREAL.exe


Those all look bad.

Kwitko

Frank, welcome to Short-Media. Boot into safe mode again, but manually delete the files and folders above.

Once you're finished, boot into normal mode and rerun HiJackThis. You might see those same entries, but perhaps with "(file missing)" next to them. Repost your log if you run into any problems.