Please help - Omegasearch
lachesis
Zurich, Switzerland
Hi, can anyone help me remove omegasearch? I read the review and followed the "remove" instructions of shortmedia, but still the frames are active whenever I use Internet Explorer. It now says "about:blank", not "omegasearch", but still the frames are there... I here post my log:
:bawling: :bawling:
Logfile of HijackThis v1.97.7
Scan saved at 13:55:33, on 12.05.2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Network Associates\Common Framework\FrameworkService.exe
C:\Programme\Network Associates\VirusScan\Mcshield.exe
C:\Programme\Network Associates\VirusScan\VsTskMgr.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Java\j2re1.5.0\bin\jusched.exe
C:\Programme\Network Associates\VirusScan\SHSTAT.EXE
C:\Programme\Network Associates\Common Framework\UpdaterUI.exe
C:\Programme\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Dokumente und Einstellungen\Julia\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.access.unizh.ch/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar.dll
O2 - BHO: (no name) - {FE4E0499-FEB1-40D7-9A7D-F169F42CEE97} - C:\PROGRA~1\SAFEJU~1\Meow Rdr.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: chic size - {33B12E39-58FE-C70F-759D-7B0F37C9E352} - C:\PROGRA~1\SAFEJU~1\Meow Rdr.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Programme\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Programme\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Programme\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKCU\..\Run: [AIM] C:\Programme\AIM95\aim.exe -cnetwait.odl
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Programme\Google\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Programme\Google\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Programme\Google\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Programme\Google\googletoolbar.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Programme\Google\googletoolbar.dll/cmtrans.html
O9 - Extra 'Tools' menuitem: Sun Java Konsole (HKLM)
O9 - Extra button: Recherche-Assistent (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
anything suspicious? thanks!
:bawling: :bawling:
Logfile of HijackThis v1.97.7
Scan saved at 13:55:33, on 12.05.2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Network Associates\Common Framework\FrameworkService.exe
C:\Programme\Network Associates\VirusScan\Mcshield.exe
C:\Programme\Network Associates\VirusScan\VsTskMgr.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Java\j2re1.5.0\bin\jusched.exe
C:\Programme\Network Associates\VirusScan\SHSTAT.EXE
C:\Programme\Network Associates\Common Framework\UpdaterUI.exe
C:\Programme\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Dokumente und Einstellungen\Julia\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.access.unizh.ch/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar.dll
O2 - BHO: (no name) - {FE4E0499-FEB1-40D7-9A7D-F169F42CEE97} - C:\PROGRA~1\SAFEJU~1\Meow Rdr.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: chic size - {33B12E39-58FE-C70F-759D-7B0F37C9E352} - C:\PROGRA~1\SAFEJU~1\Meow Rdr.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Programme\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Programme\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Programme\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKCU\..\Run: [AIM] C:\Programme\AIM95\aim.exe -cnetwait.odl
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Programme\Google\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Programme\Google\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Programme\Google\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Programme\Google\googletoolbar.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Programme\Google\googletoolbar.dll/cmtrans.html
O9 - Extra 'Tools' menuitem: Sun Java Konsole (HKLM)
O9 - Extra button: Recherche-Assistent (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
anything suspicious? thanks!
0
Comments
That looks suspicious.
Nice to see a German member on the site. Welcome to SM.
Thats the only thing I see right away. Someone else might see something different.
O2 - BHO: (no name) - {FE4E0499-FEB1-40D7-9A7D-F169F42CEE97} - C:\PROGRA~1\SAFEJU~1\Meow Rdr.dll
O3 - Toolbar: chic size - {33B12E39-58FE-C70F-759D-7B0F37C9E352} - C:\PROGRA~1\SAFEJU~1\Meow Rdr.dll
Reboot your PC into safe mode, rerun HiJackThis, and delete those two items. Once that's done, we can turn our attention to the about:blank. This may be a symptom of a larger problem caused by a particularly nasty version of CoolWebSearch.
It worked and Omega is gone, thanks to you two. Also the "about:blank" is dead and buried. Thank you very much for your time and help!
lachesis
ps: Actually, I'm in Zurich, Switzerland.
Oh a Miss as well. Dont let the guys see this, they will want pics.:D