My case may be a small case, any one help? Kill omegasearch!

i have no idea of this thing. i had tried to remove a "BHO", but "omegasearch" is still there.

Logfile of HijackThis v1.97.7
Scan saved at 14:03:50, on 2004-5-1
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\System32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\gearsec.exe
D:\WINDOWS\system32\gearsec.exe
D:\Program Files\Norton AntiVirus\navapsvc.exe
D:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
D:\WINDOWS\System32\MsPMSPSv.exe
D:\Program Files\Norton AntiVirus\SAVScan.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\System32\TCAUDIAG.exe
D:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
D:\Program Files\Analog Devices\SoundMAX\Smax4.exe
D:\Program Files\ASUS\Probe\AsusProb.exe
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\Program Files\WildTangent\Apps\GameChannel.exe
D:\WINDOWS\wt\updater\wcmdmgr.exe
D:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
D:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
D:\PROGRA~1\SOFTKN~1\licensebait.exe
D:\Program Files\D-Tools\daemon.exe
D:\WINDOWS\System32\ctfmon.exe
D:\Program Files\Steam\Steam.exe
D:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
D:\Program Files\VIA\RAID\raid_tool.exe
D:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\Messenger\msmsgs.exe
D:\download\HijackThis.exe

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {57C2A4A0-3A80-4B98-81E2-E7CDED058038} - D:\PROGRA~1\VGATOO~1\Mp3Face.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: ????? - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] D:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] D:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG.exe -on
O4 - HKLM\..\Run: [SoundMAXPnP] D:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "D:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [ASUS Probe] d:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] D:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [ATIPTA] D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [WT GameChannel] D:\Program Files\WildTangent\Apps\GameChannel.exe
O4 - HKLM\..\Run: [wcmdmgr] D:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [ATI DeviceDetect] D:\Program Files\ATI Multimedia\\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "D:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "D:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "D:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [helpsettings] D:\PROGRA~1\SOFTKN~1\licensebait.exe
O4 - HKLM\..\Run: [DAEMON Tools-2052] "D:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [ATI Launchpad] "D:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [Steam] D:\Program Files\Steam\Steam.exe -silent
O4 - Startup: NTUSER.DAT
O4 - Startup: ntuser.dat.LOG
O4 - Startup: ntuser.ini
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38092.7157060185
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Comments

  • shwaipshwaip bluffin' with my muffin Icrontian
    edited May 2004
    Hi!

    Boot into safe mode,
    rerun hijackthis, and remove the following entries:

    O2 - BHO: (no name) - {57C2A4A0-3A80-4B98-81E2-E7CDED058038} - D:\PROGRA~1\VGATOO~1\Mp3Face.dll

    O4 - HKLM\..\Run: [helpsettings] D:\PROGRA~1\SOFTKN~1\licensebait.exe

    If you don't use Wildtangent for games, get rid of the following:
    O4 - HKLM\..\Run: [WT GameChannel] D:\Program Files\WildTangent\Apps\GameChannel.exe

    O4 - HKLM\..\Run: [wcmdmgr] D:\WINDOWS\wt\updater\wcmdmgrl.exe -launch


    then, delete the folders:

    D:\program files\softkn~1 (it starts with softkn)
    D:\program files\VGATOO~1 (it starts with vgatoo)
  • aza
    edited May 2004
    Thanks Shwaip, your suggestion is very much appreciate.
    I did what you told, but it seems "omegasearch" is still in somewhere of my computer.

    i did check "Turn Off System Restore on all drives".

    Logfile of HijackThis v1.97.7
    Scan saved at 5:12:06, on 2004-5-3
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\System32\Ati2evxx.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\WINDOWS\system32\Ati2evxx.exe
    D:\WINDOWS\Explorer.EXE
    D:\WINDOWS\System32\TCAUDIAG.exe
    D:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    D:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    D:\Program Files\ASUS\Probe\AsusProb.exe
    D:\Program Files\Common Files\Symantec Shared\ccApp.exe
    D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    D:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
    D:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
    D:\Program Files\D-Tools\daemon.exe
    D:\WINDOWS\System32\ctfmon.exe
    D:\Program Files\Steam\Steam.exe
    D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    D:\WINDOWS\system32\gearsec.exe
    D:\WINDOWS\system32\gearsec.exe
    D:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    D:\Program Files\Norton AntiVirus\navapsvc.exe
    D:\Program Files\VIA\RAID\raid_tool.exe
    D:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
    D:\Program Files\Messenger\msmsgs.exe
    D:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
    D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    D:\WINDOWS\System32\svchost.exe
    D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    D:\WINDOWS\System32\MsPMSPSv.exe
    D:\Program Files\Norton AntiVirus\SAVScan.exe
    D:\Program Files\Common Files\Symantec Shared\NMain.exe
    D:\download\HijackThis.exe

    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [PHIME2002ASync] D:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] D:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG.exe -on
    O4 - HKLM\..\Run: [SoundMAXPnP] D:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    O4 - HKLM\..\Run: [SoundMAX] "D:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [ASUS Probe] d:\Program Files\ASUS\Probe\AsusProb.exe
    O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ATIPTA] D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [ATI DeviceDetect] D:\Program Files\ATI Multimedia\\Program Files\ATI Multimedia\main\ATIDtct.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [RoxioEngineUtility] "D:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
    O4 - HKLM\..\Run: [RoxioDragToDisc] "D:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
    O4 - HKLM\..\Run: [RoxioAudioCentral] "D:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
    O4 - HKLM\..\Run: [DAEMON Tools-2052] "D:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [ATI Launchpad] "D:\Program Files\ATI Multimedia\main\launchpd.exe"
    O4 - HKCU\..\Run: [Steam] D:\Program Files\Steam\Steam.exe -silent
    O4 - HKCU\..\Run: [SpySweeper] D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
    O4 - Startup: NTUSER.DAT
    O4 - Startup: ntuser.dat.LOG
    O4 - Startup: ntuser.ini
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38092.7157060185
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
  • aza
    edited May 2004
    After i reboot my computer several times, " omegasearch" seems gone.

    Thanks Shwaip, Thanks all of you!

    Now i had installed "ad-aware", I hope it works well for protection.
This discussion has been closed.