Hijack logfile

Unknown

Hey i have that bloody omegasearch thingy on my puter and i have tryed to get rid of it but it keeps comming back. So i post my logfile here and hopefully i will get that shiat out from the puter

Logfile of HijackThis v1.97.7
Scan saved at 19:27:24, on 2004-07-09
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Delade filer\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program\ICQLite\ICQLite.exe
C:\download\iclogin1.2.exe
C:\Program\LOADMU~1\Linkdeafsend.exe
C:\program\steam\steam.exe
C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe
C:\Program\Norton AntiVirus\navapsvc.exe
C:\Program\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe
C:\Program\Norton AntiVirus\SAVScan.exe
C:\Program\Internet Explorer\IEXPLORE.EXE
C:\Program\Internet Explorer\IEXPLORE.EXE
C:\Program\Messenger\msmsgs.exe
C:\Documents and Settings\jimmy\Skrivbord\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://omegasearch.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://omegasearch.com/searchbar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = omegasearch.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://omegasearch.com/searchbar.html
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\Documents and Settings\jimmy\Application Data\Mozilla\Profiles\default\9418ba7f.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\jimmy\Application Data\Mozilla\Profiles\default\9418ba7f.slt\prefs.js)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {06851477-16F1-ED65-E873-D2648F9A458B} - C:\Program\ITCHVG~1\FLAW SLOW.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Dent Store Intra - {8AE2C7D8-8F98-CAB6-E6BA-3D66C35027DC} - C:\Program\ITCHVG~1\FLAW SLOW.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\Program\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ICQ Lite] C:\Program\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [IC Login] "C:\download\iclogin1.2.exe"
O4 - HKLM\..\Run: [PingInside] C:\Program\LOADMU~1\Linkdeafsend.exe
O4 - HKCU\..\Run: [Steam] "c:\program\steam\steam.exe" -silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ 4.0 (HKLM)
O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O10 - Broken Internet access because of LSP provider 'xfire_lsp_7651.dll' missing
O12 - Plugin for .spop: C:\Program\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37996.6624537037
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Service Client v.3.4) - http://ccon.futuremark.com/global/msc34.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Clintan

noticed that i didnt had the newest version of hijackthis. heres the new logfile and hopefully someone will be able to help me.

Logfile of HijackThis v1.98.0
Scan saved at 20:03:50, on 2004-07-09
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Delade filer\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program\ICQLite\ICQLite.exe
C:\download\iclogin1.2.exe
C:\Program\LOADMU~1\Linkdeafsend.exe
C:\program\steam\steam.exe
C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe
C:\Program\Norton AntiVirus\navapsvc.exe
C:\Program\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe
C:\Program\Norton AntiVirus\SAVScan.exe
C:\Program\Internet Explorer\IEXPLORE.EXE
C:\Program\Internet Explorer\IEXPLORE.EXE
C:\Program\Messenger\msmsgs.exe
C:\Documents and Settings\jimmy\Skrivbord\hijackthis\hijackthis.98\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://omegasearch.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://omegasearch.com/searchbar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = omegasearch.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://omegasearch.com/searchbar.html
F0 - system.ini: Shell=
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\Documents and Settings\jimmy\Application Data\Mozilla\Profiles\default\9418ba7f.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\jimmy\Application Data\Mozilla\Profiles\default\9418ba7f.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: forderrorfour - {06851477-16F1-ED65-E873-D2648F9A458B} - C:\Program\ITCHVG~1\FLAW SLOW.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Dent Store Intra - {8AE2C7D8-8F98-CAB6-E6BA-3D66C35027DC} - C:\Program\ITCHVG~1\FLAW SLOW.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\Program\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ICQ Lite] C:\Program\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [IC Login] "C:\download\iclogin1.2.exe"
O4 - HKLM\..\Run: [PingInside] C:\Program\LOADMU~1\Linkdeafsend.exe
O4 - HKCU\..\Run: [Steam] "c:\program\steam\steam.exe" -silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ 4.0 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\MSMSGS.EXE
O10 - Broken Internet access because of LSP provider 'xfire_lsp_7651.dll' missing
O12 - Plugin for .spop: C:\Program\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Service Client v.3.4) - http://ccon.futuremark.com/global/msc34.cab
O18 - Protocol: df2 - {219A97F3-D661-4766-B658-646A771AE49E} - C:\Program\Run-Time\dffav\df2proto.dll
O18 - Protocol: df23chat - {219A97F3-D661-4766-B658-646A771AE49E} - C:\Program\Run-Time\dffav\df2proto.dll
O18 - Protocol: df3 - {219A97F3-D661-4766-B658-646A771AE49E} - C:\Program\Run-Time\dffav\df2proto.dll
O18 - Protocol: df4 - {219A97F3-D661-4766-B658-646A771AE49E} - C:\Program\Run-Time\dffav\df2proto.dll
O18 - Protocol: df5 - {219A97F3-D661-4766-B658-646A771AE49E} - C:\Program\Run-Time\dffav\df2proto.dll
O18 - Protocol: df5demo - {219A97F3-D661-4766-B658-646A771AE49E} - C:\Program\Run-Time\dffav\df2proto.dll
O18 - Protocol: ofpjoin - {219A97F3-D661-4766-B658-646A771AE49E} - C:\Program\Run-Time\dffav\df2proto.dll

Clintan

i would be glad if somebody please help me wit hthis. Im a n00b with computers and i would really be glad if someone helped me.

shwaip

Welcome to short-media

please be patient. you will be helped.

please read this post and then post a new log. This will most likely not remove omegasearch, but it will help us fix the problem:
http://www.short-media.com/forum/showthread.php?t=14915

Clintan

i have done all that, but just to be sure i did it again. heres the logfile:

Logfile of HijackThis v1.98.0
Scan saved at 12:46:40, on 2004-07-10
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe
C:\Program\Norton AntiVirus\navapsvc.exe
C:\Program\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe
C:\Program\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Delade filer\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program\ICQLite\ICQLite.exe
C:\download\iclogin1.2.exe
C:\Program\LOADMU~1\Linkdeafsend.exe
C:\program\steam\steam.exe
C:\Program\Internet Explorer\IEXPLORE.EXE
C:\Program\Messenger\msmsgs.exe
C:\Documents and Settings\jimmy\Skrivbord\hijackthis\hijackthis.98\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://omegasearch.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://omegasearch.com/searchbar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = omegasearch.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://omegasearch.com/searchbar.html
F0 - system.ini: Shell=
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\Documents and Settings\jimmy\Application Data\Mozilla\Profiles\default\9418ba7f.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\jimmy\Application Data\Mozilla\Profiles\default\9418ba7f.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: forderrorfour - {06851477-16F1-ED65-E873-D2648F9A458B} - C:\Program\ITCHVG~1\FLAW SLOW.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Dent Store Intra - {8AE2C7D8-8F98-CAB6-E6BA-3D66C35027DC} - C:\Program\ITCHVG~1\FLAW SLOW.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\Program\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ICQ Lite] C:\Program\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [IC Login] "C:\download\iclogin1.2.exe"
O4 - HKLM\..\Run: [PingInside] C:\Program\LOADMU~1\Linkdeafsend.exe
O4 - HKCU\..\Run: [Steam] "c:\program\steam\steam.exe" -silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ 4.0 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\MSMSGS.EXE
O10 - Broken Internet access because of LSP provider 'xfire_lsp_7651.dll' missing
O12 - Plugin for .spop: C:\Program\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Service Client v.3.4) - http://ccon.futuremark.com/global/msc34.cab
O18 - Protocol: df2 - {219A97F3-D661-4766-B658-646A771AE49E} - C:\Program\Run-Time\dffav\df2proto.dll
O18 - Protocol: df23chat - {219A97F3-D661-4766-B658-646A771AE49E} - C:\Program\Run-Time\dffav\df2proto.dll
O18 - Protocol: df3 - {219A97F3-D661-4766-B658-646A771AE49E} - C:\Program\Run-Time\dffav\df2proto.dll
O18 - Protocol: df4 - {219A97F3-D661-4766-B658-646A771AE49E} - C:\Program\Run-Time\dffav\df2proto.dll
O18 - Protocol: df5 - {219A97F3-D661-4766-B658-646A771AE49E} - C:\Program\Run-Time\dffav\df2proto.dll
O18 - Protocol: df5demo - {219A97F3-D661-4766-B658-646A771AE49E} - C:\Program\Run-Time\dffav\df2proto.dll
O18 - Protocol: ofpjoin - {219A97F3-D661-4766-B658-646A771AE49E} - C:\Program\Run-Time\dffav\df2proto.dll

shwaip

i have done all that, but just to be sure i did it again.

Good. Some people don't bother before, and am sorry I had to ask you to do it again.

boot into safe mode and remove these entries w/ hijackthis:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://omegasearch.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://omegasearch.com/searchbar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = omegasearch.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://omegasearch.com/searchbar.html
F0 - system.ini: Shell=
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\Documents and Settings\jimmy\Application Data\Mozilla\Profiles\default\9418ba7f.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%5CNetscape%5CNetscape%5Csearchplugi ns%5CSBWeb_01.src"); (C:\Documents and Settings\jimmy\Application Data\Mozilla\Profiles\default\9418ba7f.slt\prefs.js)
O2 - BHO: forderrorfour - {06851477-16F1-ED65-E873-D2648F9A458B} - C:\Program\ITCHVG~1\FLAW SLOW.dll
O3 - Toolbar: Dent Store Intra - {8AE2C7D8-8F98-CAB6-E6BA-3D66C35027DC} - C:\Program\ITCHVG~1\FLAW SLOW.dll
O4 - HKLM\..\Run: [PingInside] C:\Program\LOADMU~1\Linkdeafsend.exe
O10 - Broken Internet access because of LSP provider 'xfire_lsp_7651.dll' missing


I'm not sure what these are, a google comes up empty. Do you know?
O18 - Protocol: df2 - {219A97F3-D661-4766-B658-646A771AE49E} - C:\Program\Run-Time\dffav\df2proto.dll
O18 - Protocol: df23chat - {219A97F3-D661-4766-B658-646A771AE49E} - C:\Program\Run-Time\dffav\df2proto.dll
O18 - Protocol: df3 - {219A97F3-D661-4766-B658-646A771AE49E} - C:\Program\Run-Time\dffav\df2proto.dll
O18 - Protocol: df4 - {219A97F3-D661-4766-B658-646A771AE49E} - C:\Program\Run-Time\dffav\df2proto.dll
O18 - Protocol: df5 - {219A97F3-D661-4766-B658-646A771AE49E} - C:\Program\Run-Time\dffav\df2proto.dll
O18 - Protocol: df5demo - {219A97F3-D661-4766-B658-646A771AE49E} - C:\Program\Run-Time\dffav\df2proto.dll
O18 - Protocol: ofpjoin - {219A97F3-D661-4766-B658-646A771AE49E} - C:\Program\Run-Time\dffav\df2proto.dll

delete the following folders:
C:\Program\ITCHVG~1\
C:\Program\LOADMU~1\
these are folders with names that are longer than 8 characters, that start with "itchvg" or "loadmu"

now, run LSPFix, available from the first link in my sig.

reboot, and post a new log please.

Clintan

I dont know what those 018 things are. Should i remove them? Anyway, heres the new log, that omegasearch seemes to be gone now, thanks!


Logfile of HijackThis v1.98.0
Scan saved at 14:48:39, on 2004-07-11
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe
C:\Program\Norton AntiVirus\navapsvc.exe
C:\Program\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Delade filer\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program\ICQLite\ICQLite.exe
C:\download\iclogin1.2.exe
C:\program\steam\steam.exe
C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe
C:\Program\Messenger\msmsgs.exe
C:\Program\Norton AntiVirus\SAVScan.exe
C:\Documents and Settings\jimmy\Skrivbord\hijackthis\hijackthis.98\HijackThis.exe

F0 - system.ini: Shell=
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\Documents and Settings\jimmy\Application Data\Mozilla\Profiles\default\9418ba7f.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\jimmy\Application Data\Mozilla\Profiles\default\9418ba7f.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\Program\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ICQ Lite] C:\Program\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [IC Login] "C:\download\iclogin1.2.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [Steam] "c:\program\steam\steam.exe" -silent
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ 4.0 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Service Client v.3.4) - http://ccon.futuremark.com/global/msc34.cab
O18 - Protocol: df2 - {219A97F3-D661-4766-B658-646A771AE49E} - C:\Program\Run-Time\dffav\df2proto.dll
O18 - Protocol: df23chat - {219A97F3-D661-4766-B658-646A771AE49E} - C:\Program\Run-Time\dffav\df2proto.dll
O18 - Protocol: df3 - {219A97F3-D661-4766-B658-646A771AE49E} - C:\Program\Run-Time\dffav\df2proto.dll
O18 - Protocol: df4 - {219A97F3-D661-4766-B658-646A771AE49E} - C:\Program\Run-Time\dffav\df2proto.dll
O18 - Protocol: df5 - {219A97F3-D661-4766-B658-646A771AE49E} - C:\Program\Run-Time\dffav\df2proto.dll
O18 - Protocol: df5demo - {219A97F3-D661-4766-B658-646A771AE49E} - C:\Program\Run-Time\dffav\df2proto.dll
O18 - Protocol: ofpjoin - {219A97F3-D661-4766-B658-646A771AE49E} - C:\Program\Run-Time\dffav\df2proto.dll

shwaip

I would leave them, if you're no longer having trouble.

primesuspect

I would delete them. What I would do is "break" that by renaming the C:\PROGRAM\RUN-TIME folder. Rename it to "RUN-TIME-OLD" or something. Reboot, then delete the folder. Then, re-run HJT and if there are any O18 entries in there, kill them.

Straight_Man

Prime's possibly right, they need to go UNLESS you play Delta Force, the game, but it gets a bit more complex than simply not letting them be found to totally trash this O18 thing. Here's a discussion on VX2.betterinternet that might be pertinent:

http://computercops.biz/check56091previous.html

Note the specific VX2 removers tried, how they were used, and what finally fixed due to Bulldog's post on howto. I am not Bulldog, but his logic is sound and the result said that this method works. These proto2df.dll's are tied into system as system required resources until the CLSID's for them are detoothed\disconnected. One place this can be picked up is Delta Force Barracks, the LEGIT form of this stuff, that is. Ever played the game Delta Force???? If so, and you have no problems on computer, these might WELL be the game files (for Delta Force I)....

I hate to waffle, BUT these files are in use both as somewhat-baddies and as legit game files.

Clintan

God damn guys..im really starting to like u im sorry but my english its not that good, but i do have deltaforce landwarrior installed on my puter. I really cant understand all that u guys said in the previous answers, but if i got u right, i shouldnt delete the O18 things if i had deltaforce installed??

shwaip

leave them, if you have DF:LW installed.