Omeasearch Help - theorangepippins

theorangepippins · April 2004

I Would appreciate any help. I've [tried to] follow the instructions to remove Omegasearch, but it's still there. No doubt ive done something rong . Here is my HJ log after my attempt to remove it. Any wisdom much appreciated. Thanks Des

Logfile of HijackThis v1.97.7
Scan saved at 19:46:56, on 19/04/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\devldr32.exe
C:\All Downloads\Hijack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://omegasearch.com/passthrough/index.html?http://about:blank
O2 - BHO: (no name) - {8A5EE84C-660B-FEEE-88AE-1E9B6A18F321} - C:\PROGRA~1\CREATI~1\pile dupe.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: memo cool - {7DB9E60A-272A-D852-E4DC-CFD3E05A3D11} - C:\PROGRA~1\CREATI~1\pile dupe.dll (file missing)
O4 - HKLM\..\Run: [Army Dead] C:\PROGRA~1\SHIMME~1\Bend dumb.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [MSZTCE] C:\WINNT\system32\MSZTCE.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /startup
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\SpyHunter\SpyHunter.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Research (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 - DPF: {30000273-8230-4DD4-BE4F-6889D1E74167} - http://download.abetterinternet.com/download/cabs/FIX19105/flash.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37994.5059143519
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Thanks Des

Kwitko · April 2004

Boot into safe mode and remove the following items:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://omegasearch.com/passthrough/...p://about_:blank
O2 - BHO: (no name) - {8A5EE84C-660B-FEEE-88AE-1E9B6A18F321} - C:\PROGRA~1\CREATI~1\pile dupe.dll (file missing)
O3 - Toolbar: memo cool - {7DB9E60A-272A-D852-E4DC-CFD3E05A3D11} - C:\PROGRA~1\CREATI~1\pile dupe.dll (file missing)
O4 - HKLM\..\Run: [Army Dead] C:\PROGRA~1\SHIMME~1\Bend dumb.exe
O4 - HKLM\..\Run: [MSZTCE] C:\WINNT\system32\MSZTCE.EXE
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 - DPF: {30000273-8230-4DD4-BE4F-6889D1E74167} - http://download.abetterinternet.com...19105/flash.cab

When finished, reboot and repost your HiJackThis log.

Necropolis · April 2004

Moving to Security Sub-forum

theorangepippins · April 2004

This is what I have now
Logfile of HijackThis v1.97.7
Scan saved at 16:02:11, on 20/04/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\devldr32.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\WINNT\system32\ctfmon.exe
C:\All Downloads\Hijack\HijackThis.exe

O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /startup
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\SpyHunter\SpyHunter.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37994.5059143519
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Des

Kwitko · April 2004

Looks good. Just remove O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot. This is for Real Player, and it's not necessary and a waste of resources.

theorangepippins · April 2004

Thank you, Thank you, Thankyou, a great help any thing I can help you with Just call..............

Des

Dexter · April 2004

There is something you could help us all with: Join our fight against diseases by joining Short-Media's Folding At Home Team! Click the links in my signature below to find out how you can put your computer's unused processor power to work searching for the cure to diseases like cancer, alzheimers and parkinsons. Join Team 93 and Fold For a Cure!

Dexter...

Omeasearch Help - theorangepippins

Comments