Options

OMEGAKILLER: It's not working... (I updated)

I've downloaded v1.2 and ran it a few times, but within 10 min, omegasearch comes right back, toolbar, bottom toolbar, favorites, home page, the works. I ran spybot, ad-aware, and restarted my computer dozens of times, but omegakiller just doesn't work. One thing I haven't tried is HijackThis, but I don't know what to do and I come up with this:

Logfile of HijackThis v1.98.2
Scan saved at 12:54:32 PM, on 10/11/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Desktop Master Chief\skinkers.exe
C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Xfire\Xfire.exe
C:\Documents and Settings\Owner\Desktop\HALO\Halo Mod Tools\Sheep Trainer\halo.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\~f1d055.tmp
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us8.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = halo.bungie.org
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = halo.bungie.org
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - C:\Program Files\MyWay\SrchAstt\1.bin\MYSRCHAS.DLL (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [OneTouch Monitor] C:\PROGRA~1\VISION~2\ONETOU~2.EXE
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [mswspl] C:\Program Files\Windows Media Player\wmplayer.exe
O4 - HKLM\..\Run: [Ad-watch] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe"
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [winupdt] RUNDLL32.EXE c:\windows\tpatchw32.dll,_mainRD
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [DesktopX] "C:\Program Files\Stardock\Object Desktop\DesktopX\DesktopX.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Halo2Cluster] C:\Program Files\Desktop Master Chief\skinkers.exe
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: America Online Tray Icon.lnk = C:\Program Files\America Online 9.0c\aoltray.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: ICQ 4 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'xfire_lsp_8742.dll' missing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: kids.Game WordSearch - http://210.59.226.132/client/WordSearch/WordSearch.cab
O16 - DPF: {1A73C134-41FE-47CD-A65D-11FFB4D5EFF3} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydropper/ydropper1_3tw.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_42.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {52454909-B15F-11D3-83A3-000083613743} (SCMDir Class) - https://go13d.wspan.com/Secure/DLLs/SCMDIRCTL.CAB
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {7DB7E238-1425-4434-8B05-6453AD6A49C6} (WSPrint3 Control) - https://go13d.wspan.com/secure/DLLs/WSPrint3.CAB
O16 - DPF: {85788258-6ACF-4FC1-A2CD-3BD248065AB9} (WSKeyboardMap Class) - https://go13d.wspan.com/Secure/DLLs/WSKeyboardTranslator.cab
O16 - DPF: {9145A52A-9B22-4858-AEE7-74D6C7D3F366} (BrowserConfig Class) - https://go4d.wspan.com/secure/DLLs/WSBrowserConfig.cab
O16 - DPF: {A4D41E3A-613D-11D3-85B2-400011500081} (WSCustInst Class) - https://go13d.wspan.com/Secure/DLLs/WSCustInst.CAB
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
O16 - DPF: {CCB125B9-6C37-4F76-858E-5F8DD6C96681} (SCM Class 2) - https://go13d.wspan.com/Secure/DLLs/WSSCM2.CAB
O16 - DPF: {CE7C3CF0-4B15-11D1-ABED-709549C10000} - https://go4d.wspan.com/secure/DLLs/IEHelper.cab
O16 - DPF: {E367B390-9331-4003-B884-7D1EF8C9EEF7} (WSEmul Control 2) - https://go13d.wspan.com/Secure/DLLs/WSEMUL2.CAB
O16 - DPF: {E99BF99C-5D95-11D4-A0EC-00500489A32D} (WSFileIO Class) - https://go4d.wspan.com/secure/DLLs/WSFileIO.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by14fd.bay14.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab


Please help, because the favorites folder is scaring my parents and the pop ups are crashing my projects. I just want it all to end...

Comments

  • primesuspectprimesuspect Beepin n' Boopin Detroit, MI Icrontian
    edited October 2004
    Welcome to short-media.

    First, make sure all programs are closed.

    Hit CTRL-ALT-DEL, to go Task Manager, and go to the processes tab.

    You must END the following processes:

    C:\DOCUME~1\Owner\LOCALS~1\Temp\~f1d055.tmp
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE

    as well as ANY iexplore.exe process that is running.

    Now, find and delete the following files/folders:

    C:\Program Files\ICQLite (whole folder)
    C:\DOCUME~1\Owner\LOCALS~1\Temp\ (delete the contents of the temp folder)
    C:\PROGRAM FILES\DAP (whole folder)

    Now, fix the following entries in HJT:


    O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - C:\Program Files\MyWay\SrchAstt\1.bin\MYSRCHAS.DLL (file missing)

    O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)
    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

    O4 - HKLM\..\Run: [mswspl] C:\Program Files\Windows Media Player\wmplayer.exe

    O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
    O4 - HKLM\..\Run: [winupdt] RUNDLL32.EXE c:\windows\tpatchw32.dll,_mainRD

    O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm

    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)

    O9 - Extra button: ICQ 4 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
    O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
    O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm

    O16 - DPF: kids.Game WordSearch - http://210.59.226.132/client/WordSearch/WordSearch.cab

    Now, pull the plug - do not shut your computer down properly. Turn it back on, and post a new log :)
  • edited October 2004
    Alright, this is the new HJT log after I did all of the above, and when I turned the computer on again, I think it worked! Thanks a lot!

    Logfile of HijackThis v1.98.2
    Scan saved at 4:42:25 PM, on 10/12/2004
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Softex\OmniPass\Omniserv.exe
    C:\Program Files\Softex\OmniPass\OPXPApp.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\Explorer.EXE
    C:\windows\system\hpsysdrv.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\ALCXMNTR.EXE
    C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
    C:\WINDOWS\LTMSG.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\AIM\aim.exe
    C:\Program Files\Desktop Master Chief\skinkers.exe
    C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
    C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\Owner\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = halo.bungie.org
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = halo.bungie.org
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.pbznizslwfczpxonmoywxtpen.com/RBlEBobqhGOlKvwU3ZjmPvF12URk1aEZ0c2ZQwXYUITynyJ1Bwn6XkZ7ofmZL_qh.html
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [OneTouch Monitor] C:\PROGRA~1\VISION~2\ONETOU~2.EXE
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
    O4 - HKLM\..\Run: [Ad-watch] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe"
    O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [Halo2Cluster] C:\Program Files\Desktop Master Chief\skinkers.exe
    O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Broken Internet access because of LSP provider 'xfire_lsp_8742.dll' missing
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {1A73C134-41FE-47CD-A65D-11FFB4D5EFF3} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydropper/ydropper1_3tw.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_42.cab
    O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
    O16 - DPF: {52454909-B15F-11D3-83A3-000083613743} (SCMDir Class) - https://go13d.wspan.com/Secure/DLLs/SCMDIRCTL.CAB
    O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {7DB7E238-1425-4434-8B05-6453AD6A49C6} (WSPrint3 Control) - https://go13d.wspan.com/secure/DLLs/WSPrint3.CAB
    O16 - DPF: {85788258-6ACF-4FC1-A2CD-3BD248065AB9} (WSKeyboardMap Class) - https://go13d.wspan.com/Secure/DLLs/WSKeyboardTranslator.cab
    O16 - DPF: {9145A52A-9B22-4858-AEE7-74D6C7D3F366} (BrowserConfig Class) - https://go4d.wspan.com/secure/DLLs/WSBrowserConfig.cab
    O16 - DPF: {A4D41E3A-613D-11D3-85B2-400011500081} (WSCustInst Class) - https://go13d.wspan.com/Secure/DLLs/WSCustInst.CAB
    O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
    O16 - DPF: {CCB125B9-6C37-4F76-858E-5F8DD6C96681} (SCM Class 2) - https://go13d.wspan.com/Secure/DLLs/WSSCM2.CAB
    O16 - DPF: {CE7C3CF0-4B15-11D1-ABED-709549C10000} - https://go4d.wspan.com/secure/DLLs/IEHelper.cab
    O16 - DPF: {E367B390-9331-4003-B884-7D1EF8C9EEF7} (WSEmul Control 2) - https://go13d.wspan.com/Secure/DLLs/WSEMUL2.CAB
    O16 - DPF: {E99BF99C-5D95-11D4-A0EC-00500489A32D} (WSFileIO Class) - https://go4d.wspan.com/secure/DLLs/WSFileIO.cab
    O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by14fd.bay14.hotmail.msn.com/activex/HMAtchmt.ocx
    O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab
  • edited October 2004
    Never mind. After a brief hour or so, after Spybot was run, and after Omegakiller was run (twice), Omegasearch came back. Home page, favorites folder, toolbar, etc. It's all back. Is there anything I missed? I'm sure I did most of it.
  • primesuspectprimesuspect Beepin n' Boopin Detroit, MI Icrontian
    edited October 2004
    No, it's never that easy. It's always a multiple step process.

    Next round :D

    First, end this process in task manager:

    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

    Now, go to that folder - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG - rename the folder to VS7DEBUG.OLD

    If you can't rename it, try ending all IEXPLORE.EXE processes if there are any. Make sure the process isn't running.

    Now, delete the following:

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.pbznizslwfczpxonmoywxtpe...Z7ofmZL_qh.html
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost

    Pull plug, post a new log :mullet:
  • edited October 2004
    Here's the third round:

    Logfile of HijackThis v1.98.2
    Scan saved at 7:15:00 PM, on 10/12/2004
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Softex\OmniPass\Omniserv.exe
    C:\Program Files\Softex\OmniPass\OPXPApp.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\windows\system\hpsysdrv.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\ALCXMNTR.EXE
    C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
    C:\WINDOWS\LTMSG.exe
    C:\Program Files\AIM\aim.exe
    C:\Program Files\Desktop Master Chief\skinkers.exe
    C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
    C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
    C:\Documents and Settings\Owner\Desktop\HijackThis.exe
    C:\WINDOWS\system32\wuauclt.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = halo.bungie.org
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = halo.bungie.org
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [OneTouch Monitor] C:\PROGRA~1\VISION~2\ONETOU~2.EXE
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
    O4 - HKLM\..\Run: [Ad-watch] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe"
    O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [Halo2Cluster] C:\Program Files\Desktop Master Chief\skinkers.exe
    O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Broken Internet access because of LSP provider 'xfire_lsp_8742.dll' missing
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {1A73C134-41FE-47CD-A65D-11FFB4D5EFF3} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydropper/ydropper1_3tw.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_42.cab
    O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
    O16 - DPF: {52454909-B15F-11D3-83A3-000083613743} (SCMDir Class) - https://go13d.wspan.com/Secure/DLLs/SCMDIRCTL.CAB
    O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {7DB7E238-1425-4434-8B05-6453AD6A49C6} (WSPrint3 Control) - https://go13d.wspan.com/secure/DLLs/WSPrint3.CAB
    O16 - DPF: {85788258-6ACF-4FC1-A2CD-3BD248065AB9} (WSKeyboardMap Class) - https://go13d.wspan.com/Secure/DLLs/WSKeyboardTranslator.cab
    O16 - DPF: {9145A52A-9B22-4858-AEE7-74D6C7D3F366} (BrowserConfig Class) - https://go4d.wspan.com/secure/DLLs/WSBrowserConfig.cab
    O16 - DPF: {A4D41E3A-613D-11D3-85B2-400011500081} (WSCustInst Class) - https://go13d.wspan.com/Secure/DLLs/WSCustInst.CAB
    O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
    O16 - DPF: {CCB125B9-6C37-4F76-858E-5F8DD6C96681} (SCM Class 2) - https://go13d.wspan.com/Secure/DLLs/WSSCM2.CAB
    O16 - DPF: {CE7C3CF0-4B15-11D1-ABED-709549C10000} - https://go4d.wspan.com/secure/DLLs/IEHelper.cab
    O16 - DPF: {E367B390-9331-4003-B884-7D1EF8C9EEF7} (WSEmul Control 2) - https://go13d.wspan.com/Secure/DLLs/WSEMUL2.CAB
    O16 - DPF: {E99BF99C-5D95-11D4-A0EC-00500489A32D} (WSFileIO Class) - https://go4d.wspan.com/secure/DLLs/WSFileIO.cab
    O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by14fd.bay14.hotmail.msn.com/activex/HMAtchmt.ocx
    O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab
  • primesuspectprimesuspect Beepin n' Boopin Detroit, MI Icrontian
    edited October 2004
    Okay, that "desktop master chief" and "halo2" stuff - you installed all that, right?
  • edited October 2004
    Yeah, I downloaded those myself.
  • primesuspectprimesuspect Beepin n' Boopin Detroit, MI Icrontian
    edited October 2004
    Okay, then the log looks clean. Does the problem seem to be gone?
  • edited October 2004
    No...I still have all the usual Omegasearch stuff.
  • mondimondi Icrontian
    edited October 2004
    please download this file: process list

    unzip it in the same folder as omegakiller and run the file called "proc" ...

    then please send me the following files: process.txt, logfile.txt and if you can, please zip the omegakiller backup folder and send that along too.

    ill pm you the email to send it to ...

    m
  • edited October 2004
    Alright, I sent the logfile and process text documents to your e-mail, but the backup.zip was too big to send.
  • primesuspectprimesuspect Beepin n' Boopin Detroit, MI Icrontian
    edited October 2004
    How big is it, Nick? I can figure something out for you....
  • edited October 2004
    Hmm, backup.zip is about 28.2mb, yahoo being able to send only 10mb.
    What does it do anyways?
  • DexterDexter Vancouver, BC Canada
    edited October 2004
    Open the Zip file, click on Actions, and choose Split. Use a 5 MB part size, and give the zip fle a new name. Click OK. You will end up with something like this:

    New.zip
    New.z01
    New.z02
    New.z03
    etc...

    The Zip file is now split across several 5 MB files. Send each of those files in a separate e-mail, starting with the .zip file, then each of the z01, z02 etc files.

    Dexter...
Sign In or Register to comment.