1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

omegasearch problems - cannot get rid of it !!

Discussion in 'Security and Privacy' started by Oli, 2004/05/04.

Thread Status:
Not open for further replies.
  1. 2004/05/04
    Oli

    Oli Inactive Thread Starter

    Joined:
    2004/05/04
    Messages:
    1
    Likes Received:
    0
    Hi, any chance of some help for a beginner ? i am having problems removing omegasearch and the toolbars etc from my PC - its there everytime I restart !!

    I have a HijackThis log file taken after running CWShredder and rebooting thinknig this would solve the problem - but no) - any help gratefully received !!



    Logfile of HijackThis v1.97.7
    Scan saved at 23:34:42, on 04/05/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Norton Internet Security\NISUM.EXE
    C:\Program Files\Norton Internet Security\ccPxySvc.exe
    C:\windows\system\hpsysdrv.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\USB Storage RW\shwicon.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\VERITAS Software\Update Manager\sgtray.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\program files\bt home computing\bt home computing.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\Planopennoun\Sect 1.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 3 for hijackthis.zip\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://omegasearch.com/passthrough/index.html?http://google.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://gb7.hpwis.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://gb7.hpwis.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://gb7.hpwis.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R3 - Default URLSearchHook is missing
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - c:\Program Files\Microsoft Money\System\mnyside.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [KYE_Showicon] "C:\Program Files\USB Storage RW\shwicon.exe" -t "KYE\USB Storage RW "
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\Coloreal\coloreal.exe "
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded
    O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [BT Home Computing] c:\program files\bt home computing\bt home computing.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe "
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [adiras] adiras.exe
    O4 - HKLM\..\Run: [copywindow] C:\PROGRA~1\Planopennoun\Sect 1.exe
    O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [MoneyAgent] "c:\Program Files\Microsoft Money\System\mnyexpr.exe "
    O4 - Startup: Registration-Studio 8 LE.lnk = C:\Program Files\Pinnacle\Studio 8\Register\RegTool.exe
    O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
    O4 - Global Startup: VTAgentReboot.exe
    O9 - Extra button: Money Viewer (HKLM)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
     
    Oli,
    #1
  2. 2004/05/04
    Lonny Jones

    Lonny Jones Inactive Alumni

    Joined:
    2002/12/16
    Messages:
    2,252
    Likes Received:
    0
    Hello

    have you tried this aproach yet ?


    Open task manager then use the proccess tab and end this proccess
    >Sect 1.exe<

    close hiajckthis if its open, \Temp\Temporary Directory 3 for hijackthis.zip\HijackThis.exe
    unzip hiajckthis dont run anything from within a zipped file
    or download the exe version here http://radiosplace.com/
    make a new folder for instance
    C:\Documents and Settings\Owner\ "anti spyware" then put hijackthis there.

    Start Hijackthis and place a check next to these items
    Close all browser windows and shut down all other programs(even Folders)
    that show in the taskbar. Then Hit fix selected
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://omegasearch.com/passthrough/...p://google.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
    R3 - Default URLSearchHook is missing
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O4 - HKLM\..\Run: [copywindow] C:\PROGRA~1\Planopennoun\Sect 1.exe
    ========
    then delete this folder
    C:\PROGRA~1\Planopennoun
    You might have to have windows show hidden file's and folder's in order to see them.
    How to Show hidden files and folders.
    if you have problems reboot and try again, if you still have problems do the above while in safe mode.
    How to start in safe mode


    there's usualy a BHO invovled (maybe two), youve aperenlty removed it so you will need to delete its folder to.


    there are usualy a few 0 16's was that the entire log ?

    make and post another log
     
    Lonny Jones,
    #2


  3. to hide this advert.

  4. 2004/05/06
    Lonny Jones

    Lonny Jones Inactive Alumni

    Joined:
    2002/12/16
    Messages:
    2,252
    Likes Received:
    0
    We are curious how you are doing ?
    Hope all is well
     
    Lonny Jones,
    #3
Thread Status:
Not open for further replies.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...