PDA

View Full Version : driven insane with Omegasearch

haguewl2004
29 Sep 2004, 10:55pm
hi there all you at short media,
please, please help me before I jump up and down on my computer in frustration.
Every time I switch my machine on I get the omega search and I have tried everything, in fact think most of my computers memory is full of spy hunters and pop up stoppers etc
I have downloaded and used adaware and spybot, to no avail.
I would really appreciate any help as I dont really know that much about computers and dont really know what to "fix"
please find below details of my highjack this log
Logfile of HijackThis v1.97.7
Scan saved at 22:45:28, on 29/09/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe
C:\Program Files\Nokia\PC Suite for Nokia 6600\connmngmntbox.exe
C:\Program Files\Nokia\PC Suite for Nokia 6600\ectaskscheduler.exe
C:\Program Files\Trust\Trust 730S LCD PowerC@M ZOOM\ICON.EXE
C:\PROGRA~1\Nokia\PCSUIT~1\Elogerr.exe
C:\Program Files\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe
C:\PROGRA~1\Nokia\PCSUIT~1\BROADC~1.EXE
C:\PROGRA~1\Nokia\PCSUIT~1\SCRFS.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Admin\My Documents\My Received Files\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.qjgijijufwovbbzum.biz/jvWZl9/O5_DmFFoTXMiNskVQN6W_orrbexKIsele2Bp7FHQk/Ey5HE4DNwWpakp5.html
O2 - BHO: (no name) - {52094829-94D9-7494-3106-CA1254EE9FD6} - C:\PROGRA~1\ModeBat\Drive Anti.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1001\en-xu\stmain.dll
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-gb\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-gb\msntb.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
O4 - HKLM\..\Run: [Vga Film Settings Cake] C:\Documents and Settings\All Users\Application Data\Jump Surf Vga Film\Data cool.exe
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [EPSON Stylus C42 Series] C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C42 Series" /O6 "USB001" /M "Stylus C42"
O4 - HKLM\..\Run: [dupe this] C:\PROGRA~1\BLAHBA~1\Option Math Comp.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PCSuiteForNokia6600 Detect.lnk = ?
O4 - Global Startup: PCSuiteForNokia6600 TS.lnk = ?
O4 - Global Startup: Trust 730S LCD PowerC@M ZOOM Monitor.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger (HKLM)
primesuspect
30 Sep 2004, 4:33am
Before we continue, can you please download the latest version of HJT (1.98.2) from our downloads section? A link can be found in my sig.

If you haven't already, please also download OmegaKiller SM 1.2 from there and run that as well.

After you do those things, post a new log with HJT v1.98.2 :)
haguewl2004
30 Sep 2004, 9:07pm
Before we continue, can you please download the latest version of HJT (1.98.2) from our downloads section? A link can be found in my sig.

If you haven't already, please also download OmegaKiller SM 1.2 from there and run that as well.

After you do those things, post a new log with HJT v1.98.2 :)

thank you for your quick reply to my problem.
I have now downloaded the latest version of HJT and I already had Omegakiller.
Please find below my latest HJT log:
Logfile of HijackThis v1.98.2
Scan saved at 20:55:51, on 30/09/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Nokia\PC Suite for Nokia 6600\connmngmntbox.exe
C:\Program Files\Nokia\PC Suite for Nokia 6600\ectaskscheduler.exe
C:\Program Files\Trust\Trust 730S LCD PowerC@M ZOOM\ICON.EXE
C:\Program Files\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe
C:\PROGRA~1\Nokia\PCSUIT~1\Elogerr.exe
C:\PROGRA~1\Nokia\PCSUIT~1\BROADC~1.EXE
C:\PROGRA~1\Nokia\PCSUIT~1\SCRFS.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\WinZip\winzip32.exe
C:\DOCUME~1\Admin\LOCALS~1\Temp\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.wjznjzgsggnvjwvsoqpmvbxep.com/jvWZl9/O5_DmFFoTXMiNskVQN6W_orrbexKIsele2BrJYhovIXwrm04DNwWpakp5.htm
O2 - BHO: (no name) - {52094829-94D9-7494-3106-CA1254EE9FD6} - C:\PROGRA~1\ModeBat\Drive Anti.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1001\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-gb\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-gb\msntb.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
O4 - HKLM\..\Run: [Vga Film Settings Cake] C:\Documents and Settings\All Users\Application Data\Jump Surf Vga Film\Data cool.exe
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [EPSON Stylus C42 Series] C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C42 Series" /O6 "USB001" /M "Stylus C42"
O4 - HKLM\..\Run: [dupe this] C:\PROGRA~1\BLAHBA~1\Option Math Comp.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PCSuiteForNokia6600 Detect.lnk = ?
O4 - Global Startup: PCSuiteForNokia6600 TS.lnk = ?
O4 - Global Startup: Trust 730S LCD PowerC@M ZOOM Monitor.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
SpywareShooter
2 Oct 2004, 12:55am
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.wjznjzgsggnvjwvsoqpmvbxe...DN wWpakp5.htm
O2 - BHO: (no name) - {52094829-94D9-7494-3106-CA1254EE9FD6} - C:\PROGRA~1\ModeBat\Drive Anti.exe
O4 - HKLM\..\Run: [dupe this] C:\PROGRA~1\BLAHBA~1\Option Math Comp.exe

Fix those entries then find and delete the folders "ModeBat" and the one that starts with "BLAHBA"
primesuspect
2 Oct 2004, 1:19am
Just a note:

You will not be able to delete those folders until you do the following:

Hit CTRL-ALT-DEL to get to task manager. Go to the processes tab. End ALL IEXPLORE.EXE processes. There will be more than one.

End them all! If you can't delete the folder, that means you still have an IEXPLORE.EXE process running.
haguewl2004
2 Oct 2004, 10:49pm
hi Primesuspect,

thank you for your reply.

As per your instructions I tried to end all IEXPLORE.EXE processes but to no avail.
I would end them only for them to reappear somewhere else on the list.

where would I find the IEXPLORE.EXE process that you mentioned will still be running if I was unable to delete the folder?

ps. I do apologise for my computer knowledge ignorance
primesuspect
5 Oct 2004, 1:27pm
Boot into safe mode. While in safe mode, make sure all iexplore processes are ended. Instead of click on it and clicking "end process", RIGHT click on it and click "END PROCESS TREE'.

After all iexplore.exe processes are ended, you will be able to delete those folders/files