Omega Search Help

Unknown

I am trying to remove omega-search from my computer and I am having problems. I tried downloading omega-search killer v1.0 but it said I couldn't download it. Could this be bacuase of omega-search. I really want to try and stay away from the manual removal if at all possible. PLEASE HELP!!!

primesuspect

Did you try downloading v1.2 from our downloads page?

What kind of problem are you having downloading it? I suggest you try again. Click on the link in my sig (downloads page) and try getting v1.2

Otherwise, follow these steps and post a HJT log. It's really not hard to do it manually, don't be afraid

SKabeanie

Thanks for your help. I was able to download omegakiller v1.2, but I don't think that it removed everything. I got rid of the blue toolbar at the bottom and the gray one at the top, but the next time I open explorer the gray toolbar comes back. I am assuming that this gray toolbar is part of omega search because when I right click on it and go to 'homepage' it takes me to omega-search.com. I am guessing I should post an HJT log???

primesuspect

Yes, please do, and we'll be able to get rid of it

SKabeanie

I downloaded, updated, and ran spybot, ad-aware, and Hijack This. Here is the log from Hijack This. Thanks again for you help!!

Logfile of HijackThis v1.98.2
Scan saved at 12:33:02 AM, on 9/30/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINDOWS\System32\fnllzi.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Web Offer\wo.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\PROGRA~1\Navnt\npssvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\dpnkpart.exe
C:\WINDOWS\system32\dpwerror.exe
C:\Program Files\CxtPls\CxtPls.exe
C:\Program Files\LimeWire\LimeWire 4.0.8\LimeWire.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
C:\WINDOWS\explorer.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.156\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://uqjykgolrkzdqebzfbeo.com/mSdGbrEG3grXGnzaNjAtA4eynb1AyaloQdNscKS6KirDjeD7qx1o0mPogfJ2FTHw.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
O1 - Hosts: 127.0.0.26 www.active-max.com
O1 - Hosts: 127.0.0.97 www.dialup2.com
O1 - Hosts: 127.0.0.6 maxexp.com
O1 - Hosts: 127.0.0.238 www.mp3search.com
O1 - Hosts: 127.0.0.49 www.rub.to
O1 - Hosts: 127.0.0.81 www.spawnet.com
O1 - Hosts: 127.0.0.239 www.mp3search.com
O1 - Hosts: 127.0.0.76 www.negativebeats.com
O1 - Hosts: 127.0.0.222 best.omega-search.com
O1 - Hosts: 127.0.0.37 www.omega-search.com
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll (file missing)
O2 - BHO: ohb - {086CEFD5-A88D-4981-8915-D51F04360ED1} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\System32\mscb.dll
O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\Administrator\Local Settings\Temp\JkCWEuPe1.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {8B224779-3B0E-4FEA-8AE1-B66C20DD840F} - (no file)
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [NPS Event Checker] C:\PROGRA~1\Navnt\npscheck.exe
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [nwtjuum] C:\WINDOWS\System32\fnllzi.exe
O4 - HKLM\..\Run: [STOPzilla] "C:\Program Files\STOPzilla!\Stopzilla.exe" /autorun
O4 - HKLM\..\Run: [UsbD] C:\WINDOWS\System32\iexplore32.exe
O4 - HKLM\..\Run: [gAayeMo] C:\documents and settings\administrator\local settings\temp\gAayeMo.exe
O4 - HKLM\..\Run: [Mq16zDDHH] C:\documents and settings\administrator\local settings\temp\Mq16zDDHH.exe
O4 - HKLM\..\Run: [52R8CCZ5AAGMFH] C:\WINDOWS\system32\VchsZQoq.exe
O4 - HKLM\..\Run: [v7EO3FS] dpnkpart.exe
O4 - HKLM\..\Run: [Great Mpeg] C:\PROGRA~1\DASHLO~1\LiveStyle.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [ewxERPeqg] dpwerror.exe
O4 - HKCU\..\Run: [eZWO] C:\PROGRA~1\Web Offer\wo.exe
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\system32\ms.exe (file missing)
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\system32\ms.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.exe
O16 - DPF: {99802379-7362-40E2-9D28-8A3B9AF880B7} - http://hotsearchbar.com/toolbar2/winhot32.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?322

primesuspect

First, open up your task manager (CTRL-ALT-DEL), and go to the PROCESSES tab. Right click on each of the following processes and click END PROCESS TREE (saying "yes" to the warning):

C:\WINDOWS\system32\dpnkpart.exe
C:\WINDOWS\system32\dpwerror.exe
C:\Program Files\CxtPls\CxtPls.exe
C:\Program Files\LimeWire\LimeWire 4.0.8\LimeWire.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\PROGRA~1\Web Offer\wo.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
C:\PROGRA~1\Navnt\npssvc.exe
C:\WINDOWS\System32\fnllzi.exe
C:\WINDOWS\system32\RUNDLL32.EXE

It is CRITICALLY important that you end every single IEXPLORE.EXE process.

Now, you need to go into the C:\Documents and Settings\Administrator\Local Settings\Temp\ folder and DELETE EVERYTHING IN THERE.

Then, go to C:\PROGRAM FILES\ and DELETE the Bullseye network folder.

Now, go to C:\WINDOWS\SYSTEM32 and DELETE fnllzi.exe and IEXPLORE32.EXE, as well as VchsZQoq.exe.

If you cannot delete some of those, don't panic yet, just delete what you can and we'll get them on the next round.

Now, get rid of the following in HJT:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://uqjykgolrkzdqebzfbeo.com/mSd...PogfJ2FTHw.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=

O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll (file missing)
O2 - BHO: ohb - {086CEFD5-A88D-4981-8915-D51F04360ED1} - (no file)

O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\System32\mscb.dll
O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\Administrator\Local Settings\Temp\JkCWEuPe1.dll

O3 - Toolbar: (no name) - {8B224779-3B0E-4FEA-8AE1-B66C20DD840F} - (no file)
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)

O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [nwtjuum] C:\WINDOWS\System32\fnllzi.exe

O4 - HKLM\..\Run: [UsbD] C:\WINDOWS\System32\iexplore32.exe
O4 - HKLM\..\Run: [gAayeMo] C:\documents and settings\administrator\local settings\temp\gAayeMo.exe
O4 - HKLM\..\Run: [Mq16zDDHH] C:\documents and settings\administrator\local settings\temp\Mq16zDDHH.exe
O4 - HKLM\..\Run: [52R8CCZ5AAGMFH] C:\WINDOWS\system32\VchsZQoq.exe
O4 - HKLM\..\Run: [v7EO3FS] dpnkpart.exe
O4 - HKLM\..\Run: [Great Mpeg] C:\PROGRA~1\DASHLO~1\LiveStyle.exe

O4 - HKCU\..\Run: [ewxERPeqg] dpwerror.exe
O4 - HKCU\..\Run: [eZWO] C:\PROGRA~1\Web Offer\wo.exe

O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\system32\ms.exe (file missing)
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\system32\ms.exe (file missing)

O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.ht m (file missing) (HKCU)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/f...etup1.0.0.8.exe
O16 - DPF: {99802379-7362-40E2-9D28-8A3B9AF880B7} - http://hotsearchbar.com/toolbar2/winhot32.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/...ller/dwnldr.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?322

After you kill these, PULL THE PLUG ON YOUR COMPUTER - do not shut down properly! When you start back up, post a new log.

This is going to be a multiple step process. Please don't get discouraged.

SKabeanie

I did almost everything you said to do. I ended all of the process expcept it would let me end 2 of the iexplore.exe. I clicked on it, hit end process, the warning came up, I said ok and nothing happened. I moved on and tried to delete some of the files you said to but I didn't have some of the. I didn't of the local settings temp folder or the bulseye network folder. I went to the windows system 32 folder and the only one I could find in there was the fnllzi file but it wouldn't let me delete that either. I was able to get rid of everything in the HJT log and I pulled the plug on the computer. This is the new log I get when I started it back up. I have to go to work know I will check back afterwards. Thanks again,

Logfile of HijackThis v1.98.2
Scan saved at 3:51:45 PM, on 9/30/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\PROGRA~1\Navnt\npssvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX01.125\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.lgwzgjnyqnn.com/mSdGbrEG3grXGnzaNjAtA4eynb1AyaloQdNscKS6Kiof3LnfH_0lVmPogfJ2FTHw.htm
O1 - Hosts: 127.0.0.26 www.active-max.com
O1 - Hosts: 127.0.0.97 www.dialup2.com
O1 - Hosts: 127.0.0.6 maxexp.com
O1 - Hosts: 127.0.0.238 www.mp3search.com
O1 - Hosts: 127.0.0.49 www.rub.to
O1 - Hosts: 127.0.0.81 www.spawnet.com
O1 - Hosts: 127.0.0.239 www.mp3search.com
O1 - Hosts: 127.0.0.76 www.negativebeats.com
O1 - Hosts: 127.0.0.222 best.omega-search.com
O1 - Hosts: 127.0.0.37 www.omega-search.com
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [NPS Event Checker] C:\PROGRA~1\Navnt\npscheck.exe
O4 - HKLM\..\Run: [STOPzilla] "C:\Program Files\STOPzilla!\Stopzilla.exe" /autorun
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

SpywareShooter

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.lgwzgjnyqnn.com/mSdGbrEG...mPogfJ2FTHw.htm
O1 - Hosts: 127.0.0.26 www.active-max.com
O1 - Hosts: 127.0.0.97 www.dialup2.com
O1 - Hosts: 127.0.0.6 maxexp.com
O1 - Hosts: 127.0.0.238 www.mp3search.com
O1 - Hosts: 127.0.0.49 www.rub.to
O1 - Hosts: 127.0.0.81 www.spawnet.com
O1 - Hosts: 127.0.0.239 www.mp3search.com
O1 - Hosts: 127.0.0.76 www.negativebeats.com
O1 - Hosts: 127.0.0.222 best.omega-search.com
O1 - Hosts: 127.0.0.37 www.omega-search.com

Fix those entries. Other than that, your log looks okay. Are you still having problems?

SKabeanie

Thanks for responding. I deleted those files unplugged my computer and the toolbars were still on there. I ran omega killer and the were gone but I can't help but think that they will come back. Here is my HJT log after running the second time.

Logfile of HijackThis v1.98.2
Scan saved at 10:40:31 PM, on 10/4/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\PROGRA~1\Navnt\npssvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.066\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [NPS Event Checker] C:\PROGRA~1\Navnt\npscheck.exe
O4 - HKLM\..\Run: [STOPzilla] "C:\Program Files\STOPzilla!\Stopzilla.exe" /autorun
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

primesuspect

It should be gone for good.

Get rid of these:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

You're clean. Read the article in my sig to keep yourself safe, and if you switch to firefox, I PROMISE you'll never get omegasearch again.

Also, check out our folding team. We would love to have you join.