#¤%& Omegasearch

Unknown

First I have to say that it is a wonderful little guide you put together for removing Omegaserach. Even if you are an idiot like me and have windows in another language, it wasn't too hard to follow. Thanks, guys. My problem is that I must have missed something because I didn't get rid of it. I thought it was gone but when I changed my homepage from blank to something else, Omegasearch changed it into their page. And I also get some **** on the bottom of my screen. I don't dare deleting stuff if it doesn't have Omegasearch in the name or isn't on your updated page since I don't really know what is suppose to be there. I guess about now it would be time for me to publish my log here, but I'm afraid I'm going to need help with that as well. How do you put logs online after you have run Hijack This?

primesuspect

After you have the HJT log on your screen, put the mouse in the log area, push "CTRL-A" to select all the text, push "CTRL-C" to copy it. Post here, and push "CTRL-V" to paste the log into the post window.

Zaixot

Thanks, have tried that. It CTRL-A doesn't work. It doesn't want to mark everything and it doesn't work with the mouse either.

Kwitko

The Scan button becomes a Save Log button after you scan. When you click Save Log, it will ask for a filename and then should automatically open it up in Notepad. Hit CTRL-A, then CTRL-C to copy, then paste it into your post.

Zaixot

Thanks. And tadaadam:

Logfile of HijackThis v1.97.7
Scan saved at 20:45:16, on 2004-06-27
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\HPQ\ONE-TO~1\OneTouch.EXE
C:\Program\Synaptics\SynTP\SynTPLpr.exe
C:\Program\Grisoft\AVG6\avgserv.exe
C:\Program\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program\QuickTime\qttask.exe
C:\Program\Delade filer\Real\Update_OB\realsched.exe
C:\Program\ICQLite\ICQLite.exe
C:\Program\Norton AntiVirus\navapsvc.exe
C:\Program\Delade filer\Symantec Shared\ccApp.exe
C:\Program\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program\Windows Media Player\wmplayer.exe
C:\Program\Norton AntiVirus\SAVScan.exe
C:\Program\GRIMCO~1\forslowstore.exe
C:\Program\Winamp\winampa.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program\Wfwin\Wfwin32.exe
C:\Program\Netscape\Netscape\Netscp.exe
C:\Hijack This\HijackThis.exe
C:\Program\Grisoft\AVG6\AVGCC32.EXE
C:\Program\Grisoft\AVG6\avgw.exe
C:\Program\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://omegasearch.com/passthrough/index.html?http://about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.moviemistakes.com/"); (C:\Documents and Settings\Application Data\Mozilla\Profiles\default\psnyv55j.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Application Data\Mozilla\Profiles\default\psnyv55j.slt\prefs.js)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3392BD0A-A851-4AA4-86E0-4651006F9EA8} - C:\Program\Delade filer\Atomica Shared\agtbho.dll
O2 - BHO: (no name) - {AE586399-467E-D133-36F8-D2144870A04B} - C:\Program\GLOBAL~1\Once Does.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [Display Settings] C:\Program\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [QT4HPOT] C:\Program\HPQ\ONE-TO~1\OneTouch.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ICQ Lite] C:\Program\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [AVG_CC] C:\Program\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program\Delade filer\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\Program\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [regsnurb] C:\Program\GRIMCO~1\forslowstore.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program\Winamp\winampa.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: GStartup.lnk = C:\RECYCLER\NPROTECT\00002740.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: GuruNet... - file:C:\Program\GuruNet\Html\atiemenu.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program\Yahoo!\Common/ycsrch.htm
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: ICQ Lite (HKLM)
O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: Yahoo! Freecell Solitaire - http://yog55.games.scd.yahoo.com/yog/y/fs10_x.cab
O16 - DPF: Yahoo! Klondike Solitaire - http://yog55.games.scd.yahoo.com/yog/y/ks12_x.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://active.macromedia.com/director/cabs/sw.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {6B401179-541E-4BF3-800F-10C39B529DB9} - http://ftp.gurunet.com/pub/cabs/GNInstaller8000Free.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (&Yahoo! Companion) - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_1_6_0.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{881E3C10-9414-4190-9F86-AF412F5D9FE6}: NameServer = 193.171.43.146

Zaixot

I probably don't need to worry about Omegasearch anymore. My computer just told me that there is a problem with my harddrive that cannot be fixed and that the harddrive needs to be replaced... Good thing that I have my guarantee (my laptop is only about 10 months old).

profdlp

Make sure you run the diagnostic from the HD manufacturer before you do anything drastic - sometimes corruption (or a virus) can give a false reading from a monitoring program.

If the drive turns out OK we'll get back to the Omegasearch problem.

Zaixot

Sorry for being an idiot, but how do I run the diagnostic form?

profdlp

What brand of drive?

There should be instructions at the drive manufacturer's site where you get the program. Generally, the program is copied to a floppy and run from there.

Zaixot

My computer totally crashed a few days ago and I had a friend who knows a bit more about computers than I do, look at it and he says I have to hand it in. The stupid compaq laptop can't find Windows and it won't read from the restoring cd's. Good thing it's only 10 months old so I still have the garantee. Hopefully they can't fix it and I'll get a new computer.

Thanks for trying to help me.