Help me out with my searchbar plz!!!

Discussion in 'adware, spyware & hijack cleaning' started by admiral, May 10, 2004.

Thread Status:
Not open for further replies.
  1. admiral

    admiral Registered Member

    Joined:
    May 10, 2004
    Posts:
    1
    Logfile of HijackThis v1.97.7
    Scan saved at 18:28:34, on 2004.05.10.
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    E:\WINDOWS\System32\smss.exe
    E:\WINDOWS\system32\winlogon.exe
    E:\WINDOWS\system32\services.exe
    E:\WINDOWS\system32\lsass.exe
    E:\WINDOWS\System32\Ati2evxx.exe
    E:\WINDOWS\system32\svchost.exe
    E:\WINDOWS\System32\svchost.exe
    E:\WINDOWS\system32\spoolsv.exe
    E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    E:\WINDOWS\system32\Ati2evxx.exe
    E:\WINDOWS\Explorer.EXE
    E:\Program Files\Common Files\Symantec Shared\ccApp.exe
    E:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
    E:\WINDOWS\System32\CTsvcCDA.exe
    E:\Program Files\Internet Explorer\IEXPLORE.EXE
    E:\PROGRA~1\COMMTR~1\CTSERV.EXE
    E:\Program Files\Winamp\winampa.exe
    E:\WINDOWS\System32\CTHELPER.EXE
    E:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
    E:\Program Files\Messenger Plus! 2\MsgPlus.exe
    E:\Program Files\D-Tools\daemon.exe
    E:\WINDOWS\System32\MMTray.exe
    E:\Program Files\Norton AntiVirus\navapsvc.exe
    E:\WINDOWS\System32\MMTray2k.exe
    E:\WINDOWS\System32\MMTrayLSI.exe
    E:\WINDOWS\System32\qttask.exe
    E:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
    E:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    E:\PROGRA~1\mfcd1\PlusShim.exe
    E:\WINDOWS\System32\ctfmon.exe
    E:\Program Files\Messenger\msmsgs.exe
    E:\PROGRA~1\ICQ\ICQ.exe
    E:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
    E:\Program Files\Netropa\Onscreen Display\OSD.exe
    E:\Program Files\WinZip\WZQKPICK.EXE
    E:\Program Files\MSN Messenger\msnmsgr.exe
    E:\Program Files\CommTraffic\CommTraffic.exe
    E:\WINDOWS\System32\MsPMSPSv.exe
    E:\WINDOWS\System32\wuauclt.exe
    E:\Program Files\NNS\mirc.exe
    E:\Program Files\Internet Explorer\IEXPLORE.EXE
    E:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe
    E:\Program Files\Internet Explorer\IEXPLORE.EXE
    D:\Downloads2\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://omegasearch.com/passthrough/index.html?http://about:blank
    N3 - Netscape 7: user_pref("browser.startup.homepage", ""); (E:\Documents and Settings\AdMiRaL\Application Data\Mozilla\Profiles\default\i29uhg08.slt\prefs.js)
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {16664845-0E00-11D2-8059-000000000000} - E:\Program Files\Common Files\ReGet Shared\Catcher.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - E:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {D27CF393-6F2E-725C-CD58-8B67A8D919D0} - E:\PROGRA~1\AIMSTA~1\BALL CURB.dll
    O3 - Toolbar: &Rádió - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - E:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: ReGet Bar - {17939A30-18E2-471E-9D3A-56DD725F1215} - E:\Program Files\ReGetDx\iebar.dll
    O3 - Toolbar: Play City - {439A9A75-8981-B4D6-FFDA-C198A04CAD4B} - E:\PROGRA~1\AIMSTA~1\BALL CURB.dll
    O4 - HKLM\..\Run: [ccApp] "E:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "E:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [Advanced Tools Check] E:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
    O4 - HKLM\..\Run: [WinampAgent] E:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [UpdReg] E:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [Jet Detection] "E:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
    O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] E:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
    O4 - HKLM\..\Run: [MessengerPlus2] "E:\Program Files\Messenger Plus! 2\MsgPlus.exe"
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "E:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [Mirabilis ICQ] E:\PROGRA~1\ICQ\ICQNet.exe
    O4 - HKLM\..\Run: [MMTray] MMTray.exe
    O4 - HKLM\..\Run: [MMTray2K] MMTray2k.exe
    O4 - HKLM\..\Run: [MMTrayLSI] MMTrayLSI.exe
    O4 - HKLM\..\Run: [QuickTime Task] "E:\WINDOWS\System32\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ATIPTA] E:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [loudwarn] E:\PROGRA~1\mfcd1\PlusShim.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [MessengerPlus2] "E:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [msnmsgr] "E:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - Global Startup: WinZip Quick Pick.lnk = E:\Program Files\WinZip\WZQKPICK.EXE
    O4 - Global Startup: CommTraffic Console.lnk = E:\Program Files\CommTraffic\CommTraffic.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O8 - Extra context menu item: Download All by FlashGet - E:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: Download Using &BitSpirit - E:\Program Files\BitSpirit\bsurl.htm
    O8 - Extra context menu item: Download using FlashGet - E:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: E&xportálás Microsoft Excel formátumba - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Letöltés => Re&Get Deluxe - E:\Program Files\Common Files\ReGet Shared\CC_Link.htm
    O8 - Extra context menu item: Letöltés a FlashGet-tel - E:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: Min&d letöltése => &ReGet Deluxe - E:\Program Files\Common Files\ReGet Shared\CC_All.htm
    O8 - Extra context menu item: MINDEN letöltése a FlashGet-tel - E:\Program Files\FlashGet\jc_all.htm
    O9 - Extra button: Trace (HKLM)
    O9 - Extra 'Tools' menuitem: VisualRoute Trace (HKLM)
    O9 - Extra button: ICQ Pro (HKLM)
    O9 - Extra 'Tools' menuitem: ICQ (HKLM)
    O9 - Extra button: Kutatás (HKLM)
    O9 - Extra button: FlashGet (HKLM)
    O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
    O12 - Plugin for .spop: E:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{59D7FC2A-484D-4C42-A78E-A84CF5960940}: NameServer = 192.168.1.254

    I downloaded hijack this, but i dont know how to remove this ****!!!
    http://admiral.msgcenter.hu/searchbar.jpg


    thanks for help!!!
     
    admiral, May 10, 2004
    #1
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,491
    Location:
    Netherlands
    Hi admiral,

    Check the following items in HijackThis.
    Close all windows except HijackThis and click Fix checked:

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://omegasearch.com/passthrough/index.html?http://about:blank

    O2 - BHO: (no name) - {D27CF393-6F2E-725C-CD58-8B67A8D919D0} - E:\PROGRA~1\AIMSTA~1\BALL CURB.dll

    O3 - Toolbar: Play City - {439A9A75-8981-B4D6-FFDA-C198A04CAD4B} - E:\PROGRA~1\AIMSTA~1\BALL CURB.dll

    O4 - HKLM\..\Run: [UpdReg] E:\WINDOWS\UpdReg.EXE

    O4 - HKLM\..\Run: [loudwarn] E:\PROGRA~1\mfcd1\PlusShim.exe

    Then reboot into safe mode and delete:
    E:\PROGRAM FILES\mfcd1 <= entire folder
    E:\PROGRAM FILES\AIMSTA~1 <= the entire folder that holds BALL CURB.dll

    Regards,

    Pieter
     
    Pieter_Arntz, May 10, 2004
    #2
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...