omegasearch is my bane

Unknown

I've spent the last three hours trying to rid my computer of this Omegasearch.
Here is my log. Can anyone help, please?
Thanks,
Rhett

Logfile of HijackThis v1.97.7
Scan saved at 6:00:58 PM, on 6/4/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Matt Ressman\Desktop\Hijack This\HijackThis.exe

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {91EA6AB7-275C-13EE-6986-8383C9950911} - C:\PROGRA~1\SURFOK~1\Phone Audio.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: FastWin - {DC3C9DFE-60B8-5963-A69F-C9F98CDF7106} - C:\PROGRA~1\SURFOK~1\Phone Audio.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HP OfficeJet T Series] "C:\Program Files\Hewlett-Packard\HP OfficeJet T Series NT\bin\ktchnsnk.exe" -reg "Software\Hewlett-Packard\OfficeJet T Series\Install"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\System32\hphmon03.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Exit Tray] C:\PROGRA~1\HOLDDA~1\tons pop city.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Win32] C:\Win32\dll\Win32k.exe -starthide C:\Win32\dll\Win32.exe -local
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: LimeWire 3.8.10.lnk = C:\Program Files\LimeWire\3.8.10\LimeWire.exe
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView5\NkvMon.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\LimeShop\System\Temp\limeshop_script0.htm
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://www.viewpoint.com/cgi-bin/beta/vet_install_popup.pl?1&4&04.00.07.02&http://www.scion.com/scionConfigApp/scion/viewsection.jsp?forceLoad=1
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {544EB377-350A-4295-9BEB-EAB8392E09C6} (MSN Money Charting) - http://fdl.msn.com/public/investor/v13/invinstl.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/26f48fd8afc415c6ab04/netzip/RdxIE601.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38009.7731712963
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0D35960A-B329-4A29-BD83-ACAF97F43788}: NameServer = 64.105.97.90,64.105.113.138
O17 - HKLM\System\CS1\Services\Tcpip\..\{0D35960A-B329-4A29-BD83-ACAF97F43788}: NameServer = 64.105.97.90,64.105.113.138
O17 - HKLM\System\CS2\Services\Tcpip\..\{0D35960A-B329-4A29-BD83-ACAF97F43788}: NameServer = 64.105.97.90,64.105.113.138

primesuspect

Welcome to short-media. Please read this before we go any further. If you've already followed those steps, please let us know

Rhett

Primesuspect,
Yeah, I've already used both of those after doing the Removal Guide. I've even used Stinger.
I appreciate the help.
Thanks,
Rhett

shwaip

ok, now, could you send a couple of files to shwaip@short-media.com , as we're doing some research to learn how to better remove omegasearch.
c:\program files\surfok~1\phone audio.dll
c:\program files\HOLDDA~1\tons pop city.exe

surfok~1 will be a folder that starts with surfok
holdda~1 will be a folder that starts with holdda


to remove omegasearch, boot into safe mode, rerun hijackthis, and then remove the following:

O2 - BHO: (no name) - {91EA6AB7-275C-13EE-6986-8383C9950911} - C:\PROGRA~1\SURFOK~1\Phone Audio.dll
O3 - Toolbar: FastWin - {DC3C9DFE-60B8-5963-A69F-C9F98CDF7106} - C:\PROGRA~1\SURFOK~1\Phone Audio.dll omegasearch dlls
O4 - HKLM\..\Run: [Exit Tray] C:\PROGRA~1\HOLDDA~1\tons pop city.exe omegasearch exe
O4 - HKLM\..\Run: [Win32] C:\Win32\dll\Win32k.exe -starthide C:\Win32\dll\Win32.exe -local VIRUS, please run a virus scan

then, delete the folders

c:\program files\surfok~1\
c:\program files\HOLDDA~1\

reboot, and you should be golden