OmegaKiller Log-What do I do. Jaybee
Hi everyone, I brand new at this so please excuse me if I seem to be asking dumb questions 
I have run OmegaKiller and it has created the following log, what do I need to do? Thanks in advance. Oh yeah, I also have spyblaster installed and run it frequently.
Running pass number: 1
- enumerating modules
- Downloader.HC module found
c:\documents and settings\janet\local settings\temp\sta2f.exe
- scanning bookmarks
- scanning desktop icons
- scanning and deleting browser hijacks
- scanning running processes..
- infection in memory: c:\docume~1\janet\locals~1\temp\sta2f.exe
- process terminated.
- file removed.
- removing process startup key
- scanning startup processes
- found infection: mapi build
- deleted.
- found infection: mapi build
- deleted.
- scanning executable variants
- scanning BHO's
- infected BHO: {709B8058-542C-9AAA-034C-E68D578059D7}
- removed
- infected BHO: {709B8058-542C-9AAA-034C-E68D578059D7}
- removed
- scanning toolbars
- adding host entries
Running pass number: 2
- killing Internet Explorer
- enumerating modules
- scanning bookmarks
- scanning desktop icons
- scanning and deleting browser hijacks
- scanning running processes..
- infection in memory: c:\progra~1\starto~1\bytena~2.exe
- process terminated.
- file removed.
- removing process startup key
- scanning startup processes
- scanning executable variants
- scanning BHO's
- scanning toolbars
- adding host entries
Running pass number: 3
- killing Internet Explorer
- enumerating modules
- scanning bookmarks
- scanning desktop icons
- scanning and deleting browser hijacks
- scanning running processes..
- infection in memory: c:\progra~1\starto~1\bytena~2.exe
- process terminated.
- file removed.
- removing process startup key
- scanning startup processes
- scanning executable variants
- scanning BHO's
- scanning toolbars
- adding host entries
Running pass number: 4
- killing Internet Explorer
- enumerating modules
- scanning bookmarks
- scanning desktop icons
- scanning and deleting browser hijacks
- scanning running processes..
- infection in memory: c:\progra~1\starto~1\bytena~2.exe
- process terminated.
- file removed.
- removing process startup key
- scanning startup processes
- scanning executable variants
- scanning BHO's
- scanning toolbars
- adding host entries
Running pass number: 5
- killing Internet Explorer
- enumerating modules
- scanning bookmarks
- scanning desktop icons
- scanning and deleting browser hijacks
- scanning running processes..
- removing process startup key
- scanning startup processes
- scanning executable variants
- scanning BHO's
- scanning toolbars
- adding host entries
- launching homepage reset
- no infections found, system clean on pass number: 5 ...
It's all meaningless to me. Hope someone can explain.
I have run OmegaKiller and it has created the following log, what do I need to do? Thanks in advance. Oh yeah, I also have spyblaster installed and run it frequently.Running pass number: 1
- enumerating modules
- Downloader.HC module found
c:\documents and settings\janet\local settings\temp\sta2f.exe
- scanning bookmarks
- scanning desktop icons
- scanning and deleting browser hijacks
- scanning running processes..
- infection in memory: c:\docume~1\janet\locals~1\temp\sta2f.exe
- process terminated.
- file removed.
- removing process startup key
- scanning startup processes
- found infection: mapi build
- deleted.
- found infection: mapi build
- deleted.
- scanning executable variants
- scanning BHO's
- infected BHO: {709B8058-542C-9AAA-034C-E68D578059D7}
- removed
- infected BHO: {709B8058-542C-9AAA-034C-E68D578059D7}
- removed
- scanning toolbars
- adding host entries
Running pass number: 2
- killing Internet Explorer
- enumerating modules
- scanning bookmarks
- scanning desktop icons
- scanning and deleting browser hijacks
- scanning running processes..
- infection in memory: c:\progra~1\starto~1\bytena~2.exe
- process terminated.
- file removed.
- removing process startup key
- scanning startup processes
- scanning executable variants
- scanning BHO's
- scanning toolbars
- adding host entries
Running pass number: 3
- killing Internet Explorer
- enumerating modules
- scanning bookmarks
- scanning desktop icons
- scanning and deleting browser hijacks
- scanning running processes..
- infection in memory: c:\progra~1\starto~1\bytena~2.exe
- process terminated.
- file removed.
- removing process startup key
- scanning startup processes
- scanning executable variants
- scanning BHO's
- scanning toolbars
- adding host entries
Running pass number: 4
- killing Internet Explorer
- enumerating modules
- scanning bookmarks
- scanning desktop icons
- scanning and deleting browser hijacks
- scanning running processes..
- infection in memory: c:\progra~1\starto~1\bytena~2.exe
- process terminated.
- file removed.
- removing process startup key
- scanning startup processes
- scanning executable variants
- scanning BHO's
- scanning toolbars
- adding host entries
Running pass number: 5
- killing Internet Explorer
- enumerating modules
- scanning bookmarks
- scanning desktop icons
- scanning and deleting browser hijacks
- scanning running processes..
- removing process startup key
- scanning startup processes
- scanning executable variants
- scanning BHO's
- scanning toolbars
- adding host entries
- launching homepage reset
- no infections found, system clean on pass number: 5 ...
It's all meaningless to me. Hope someone can explain.
0
This discussion has been closed.
Comments
from what i see here you are clean but Omega killer does not find some of the hidden stuff the other 3 will.
Logfile of HijackThis v1.98.2
Scan saved at 11:49:14 AM, on 29/09/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iMesh\iMesh5\iMesh.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MediaKey v1.00\Versato.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\MediaKey v1.00\MediaPlayer.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\MediaKey v1.00\OSD.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
c:\progra~1\intern~1\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: DownloadRedirect Class - {00000000-6CB0-410C-8C3D-8FA8D2011D0A} - C:\Program Files\iMesh\iMesh5\iMeshBHO.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: prjBHO_New.CBrowserHelpObj - {A2E1AE65-BB68-11D6-B1B2-96787719A248} - C:\Program Files\Simcast Media\Simcast\Simcast.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [iMesh] C:\Program Files\iMesh\iMesh5\iMesh.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: MediaKey v1.00.lnk = C:\Program Files\MediaKey v1.00\Versato.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - http://www.simcast.com.au/install/Install.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CCAA814E-56AC-42DB-86A3-6B3EBEA82340}: NameServer = 210.80.58.34,210.80.58.42
At any rate, have HJT fix the following:
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: DownloadRedirect Class - {00000000-6CB0-410C-8C3D-8FA8D2011D0A} - C:\Program Files\iMesh\iMesh5\iMeshBHO.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0. dll (file missing)
O2 - BHO: prjBHO_New.CBrowserHelpObj - {A2E1AE65-BB68-11D6-B1B2-96787719A248} - C:\Program Files\Simcast Media\Simcast\Simcast.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0. dll (file missing)
O4 - HKCU\..\Run: [iMesh] C:\Program Files\iMesh\iMesh5\iMesh.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - http://www.simcast.com.au/install/Install.cab
Remove those entries, reboot, and post a new log in this thread
Logfile of HijackThis v1.98.2
Scan saved at 12:57:26 PM, on 30/09/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\MediaKey v1.00\Versato.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\MediaKey v1.00\MediaPlayer.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\MediaKey v1.00\OSD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Janet\Desktop\hijackthis\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: MediaKey v1.00.lnk = C:\Program Files\MediaKey v1.00\Versato.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CCAA814E-56AC-42DB-86A3-6B3EBEA82340}: NameServer = 210.80.58.34,210.80.58.42