Options
getting rid of omega search
CAN SOME ONE PLEASE HELP WITH GETTING RID OF OMEGA SEARCH
I did a highjack this scan and this was my log file any help would be greatly appreciated
Logfile of HijackThis v1.98.0
Scan saved at 5:21:42 a.m., on 10/07/2004
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\My Downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://xtra.co.nz/home
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://omega-search.com/find/panel_search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://omega-search.com/find/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://omega-search.com/find/panel_search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://omega-search.com/find/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://omega-search.com/find/panel_search.html
F0 - system.ini: Shell=
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\ORL\VNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [KAZAA] "C:\Program Files\Kazaa Lite K++\kpp.exe" "C:\Program Files\Kazaa Lite K++\KazaaLite.kpp" /SYSTRAY
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [olehelp] C:\WINNT\System32\olehelp.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: QuickShelf '95.lnk = C:\Program Files\Microsoft Reference\Bookshelf 95\QS9532.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.6.cab
I did a highjack this scan and this was my log file any help would be greatly appreciated
Logfile of HijackThis v1.98.0
Scan saved at 5:21:42 a.m., on 10/07/2004
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\My Downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://xtra.co.nz/home
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://omega-search.com/find/panel_search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://omega-search.com/find/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://omega-search.com/find/panel_search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://omega-search.com/find/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://omega-search.com/find/panel_search.html
F0 - system.ini: Shell=
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\ORL\VNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [KAZAA] "C:\Program Files\Kazaa Lite K++\kpp.exe" "C:\Program Files\Kazaa Lite K++\KazaaLite.kpp" /SYSTRAY
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [olehelp] C:\WINNT\System32\olehelp.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: QuickShelf '95.lnk = C:\Program Files\Microsoft Reference\Bookshelf 95\QS9532.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.6.cab
0
Comments
Welcome to short-media:
Try removing these entries in safe mode, and then resetting your homepage to whatever you like best:
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://xtra.co.nz/home
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://omega-search.com/find/panel_search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://omega-search.com/find/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://omega-search.com/find/panel_search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://omega-search.com/find/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://omega-search.com/find/panel_search.html
boot into safe mode.
use the search function to find "internat.exe". If it is located in "c:\winnt\", delete it. If it is in "c:\winnt\system32", leave it
now, remove these entries with hijackthis:
F0 - system.ini: Shell=
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe
(O4 - HKCU\..\Run: [internat.exe] internat.exe) (only if it was located in c:\winnt, not c:\winnt\system32)
as well as all of the entries that say omegasearch.