please help getting rid of Omegasearch

To talk on Icrontic, just register!

It only takes 30 seconds.

Have an account? Sign in:

To reopen your thread, send a Private Message (PM) to Trogan with a link to your thread.

If you are not the user who started this thread, you must start your own thread instead.

Reply to Discussion

Options

kjell

Getting settled in

5 Posts

15 Apr 2004, 6:54am

please help getting rid of Omegasearch

Hi, I followed the instructions on the site, running Hijack this and all. Could I please get some help on what to delete here? Posted below is the most recent log. The top line (RO-...) is recurrant. I can press fix, but it comes back if I scan a while later.

Logfile of HijackThis v1.97.7
Scan saved at 10:44:41 PM, on 4/14/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\gearsec.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\pctspk.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0HIC1.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\glueaudio\CompBook.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\My Shared Folder\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://omegasearch.com/passthrough/i...://about:blank
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus C82 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0HIC1.EXE /P23 "EPSON Stylus C82 Series" /O6 "USB001" /M "Stylus C82"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Admin thunk] C:\PROGRA~1\glueaudio\CompBook.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research (HKLM)
O9 - Extra button: AIM (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub...sh/swflash.cab

I tried running Norton antivirus too, and it does fine in identifying 1 file as a threat: Adware.Lop But unfortunately, and strangely, it will not delete it even if I press the delete command, instead Norton goes to the next step, giving the options 'Exclude' or 'Skip'.

I tried running Adaware on it too, but that's not working either.

I'd really appreciate some advice.

Thanks,

Kjell

shwaip

elaborate bot

5,730 Posts

15 Apr 2004, 7:00am

follow these updated instructions:
http://www.short-media.com/forum/showthread.php?t=12173

to get rid of
O4 - HKLM\..\Run: [Admin thunk] C:\PROGRA~1\glueaudio\CompBook.exe

__________________ my photostream for ic photography challenge

Anyone who wants dropbox, please use my referral link

Dexter

Former SM Staff Member

3,580 Posts

15 Apr 2004, 5:42pm

Quoting shwaip

follow these updated instructions:
http://www.short-media.com/forum/showthread.php?t=12173

to get rid of
O4 - HKLM\..\Run: [Admin thunk] C:\PROGRA~1\glueaudio\CompBook.exe

Also get rid of:

C:\PROGRA~1\glueaudio\CompBook.exe

and manually delete that from your computer.

Also have HJT fix this one, obviously:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://omegasearch.com/passthrough/...p://about_:blank

Do this all in safe mode, and set a new system restore point, as outlined in the updated instructions above and in the original guide.

Come back and let us know if it worked or not.

And welcome to Short-Media, the best little Tech Community on the Net

Dexter...

__________________ "Forty-two," said Deep Thought, with infinite majesty and calm.

Put your computer's spare power to work searching for the cure to diseases: Folding@Home. Join Team 93 today! Join a winning team, and help Fold for a Cure!

Get spyware fighting tools at our Security Downloads Page. Get a better browser: Get Firefox.

[folding_sig1]

kjell

Getting settled in

5 Posts

15 Apr 2004, 9:55pm

Glad to have joined the short-media forum, thank you

Still having problems unfortunately...

When I attempt to manually delete C:\PROGRA~1\glueaudio\CompBook.exe an error box pops up w/ the message, "Cannot delete CompBook: Access is denied. Make sure the disk is not full or write-protected and that the file is not currently in use."

In the glueaudio folder in my program files, there are two icons besides 'Compbook': these are 'Creative' and 'linkgridnurb'. Compbook is the one I'm not presently able to delete in any case though.

Hijack this will not remove O4 - HKLM\..\Run: [Admin thunk] C:\PROGRA~1\glueaudio\CompBook.exe when I check it and press fix checked; I suppose that's because C:\PROGRA~1\glueaudio\CompBook.exe is still around.

Kwitko

Sheriff of Dicktown

6,524 Posts

» Subscriber

15 Apr 2004, 9:57pm

Open Task Manager and end the CompBook.exe program, then delete the file. It might be listed under Processes and not Applications in the Task Manager.

__________________ "Is it not cruel to let our city die by degrees, stripped of all her proud monuments, until there will be nothing left of all her history and beauty to inspire our children?... this is the time to take a stand, to reverse the tide, so that we won't all end up in a uniform world of steel and glass boxes." - Jacqueline Kennedy Onassis

Dexter

Former SM Staff Member

3,580 Posts

15 Apr 2004, 10:05pm

Also, make sure you have started your computer in SAFE MODE before running Hijack This.

Another thing to try is to rename the .exe file to .xxx and then reboot.

When you reboot, it will not be located not be located by the startup registries, and you should be able to repair it in HJT.

Dexter...

kjell

Getting settled in

5 Posts

16 Apr 2004, 8:16am

Wonderful, I think it's gone now

Thanks for helping me out,

-Kjell

Dexter

Former SM Staff Member

3,580 Posts

16 Apr 2004, 10:20am

You're very welcome

We hope you will stick here at Short-Media. We have some great folks here with lots of tech knowledge, and we have a lot of fun here too.

Oh, and has anyone mentioned the word "Folding" to you yet...?

Dexter...

shwaip

elaborate bot

5,730 Posts

16 Apr 2004, 10:31am

I'm sure if he's read at least one of prof or mmonnin's posts it's been in there somewhere

mmonnin

Veteran Icrontian

10,545 Posts

16 Apr 2004, 2:22pm

Nope havent mentioned it to anyone that has asked for OmegaSearch help.

__________________ Stanford Team Stats_____________Team Short-Media
Statsman Team Stats______________EOC Team Stats

Dexter

Former SM Staff Member

3,580 Posts

16 Apr 2004, 9:53pm

Quoting mmonnin

Nope havent mentioned it to anyone that has asked for OmegaSearch help.

I've been doing that

If we can get everyone we help on our Folding For A Cure team, we'll pump out some serious WU's!

Dexter...

Dexter

Former SM Staff Member

3,580 Posts

16 Apr 2004, 10:12pm

Quoting Dexter

I've been doing that

If we can get everyone we help on our Folding For A Cure team, we'll pump out some serious WU's!

Dexter...

KJELL - I moved your reply into a new thread in our Team 93 Forum, click here to find it and the answers to your questions:

http://www.short-media.com/forum/showthread.php?t=12412

Hope you join the Team!

Dexter...

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Remove Omegasearch	MediaMan	Technology Articles	30	24 May 2004 5:10am
omegasearch	big_ecky	Resolved / Inactive	10	15 Apr 2004 5:06am
Omegasearch	music_head	Resolved / Inactive	6	14 Apr 2004 9:23pm
Omegasearch the undead!	dbrugman	Resolved / Inactive	6	12 Apr 2004 6:34pm
Updated Omegasearch Removal Information - Check here for the latest Omegasearch Info!	Dexter	Resolved / Inactive	0	12 Apr 2004 3:17pm

		Icrontic Forums > Malware Help > Spyware & Virus Removal > Resolved / Inactive
please help getting rid of Omegasearch

Jump to

This Thread	Search this Thread
Print Email	Search this Thread: Advanced Search

Username
Password	Forgot?
Remember me