Need Help in Removing Omegasearch !!

Unknown
edited December 2004 in Spyware & Virus Removal
:) hi .. I am new to this forum.
my computer is hijacked with omegasearch.and lots of weird stuff... how can I get rid of them.?? :(
i tried Adware , Spybot .. but cant remove it . I also tried omegakiller . but whenever I open IE again I get infested again..
and I usually get a grayish searchbar on my IE .and weird advertisemnts stuff.

this is my HJT log

Logfile of HijackThis v1.98.2
Scan saved at 13:15:30, on 27/11/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Winamp\winampa.exe
F:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
E:\iTunesHelper.exe
C:\Program Files\Windows AdControl\WinAdCtl.exe
C:\WINDOWS\System32\msstart.exe
E:\bin\iPodService.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Windows AdControl\WinAdAlt.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\conime.exe
C:\PROGRA~1\ICQ\ICQ.exe
E:\iTunes.exe
C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE
F:\Spyware Doctor\spydoctor.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
F:\hijackthis\HijackThis.exe

O1 - Hosts: 127.0.0.26 www.active-max.com
O1 - Hosts: 127.0.0.9 www.allaboutsearching.com
O1 - Hosts: 127.0.0.60 amazingautossearch.com
O1 - Hosts: 127.0.0.77 contexualsearch.com
O1 - Hosts: 127.0.0.86 crap2.com
O1 - Hosts: 127.0.0.2 www.crap2.com
O1 - Hosts: 127.0.0.97 www.dialup2.com
O1 - Hosts: 127.0.0.3 ecpm.com
O1 - Hosts: 127.0.0.45 lop.com
O1 - Hosts: 127.0.0.43 ayb.lop.com
O1 - Hosts: 127.0.0.63 bins.lop.com
O1 - Hosts: 127.0.0.82 srch.lop.com
O1 - Hosts: 127.0.0.54 www1.lop.com
O1 - Hosts: 127.0.0.250 www.lop2.com
O1 - Hosts: 127.0.0.6 maxexp.com
O1 - Hosts: 127.0.0.238 www.mp3search.com
O1 - Hosts: 127.0.0.66 mysearchnow.com
O1 - Hosts: 127.0.0.41 search200.com
O1 - Hosts: 127.0.0.31 www.search200.com
O1 - Hosts: 127.0.0.224 search.mysearchnow.com
O1 - Hosts: 127.0.0.69 www.mysearchnow.com
O1 - Hosts: 127.0.0.233 netsearchsoft.com
O1 - Hosts: 127.0.0.0 omegasearch.com
O1 - Hosts: 127.0.0.250 www.omegasearch.com
O1 - Hosts: 127.0.0.49 www.rub.to
O1 - Hosts: 127.0.0.84 searchexe.com
O1 - Hosts: 127.0.0.95 www.searchexe.com
O1 - Hosts: 127.0.0.3 searchweb2.com
O1 - Hosts: 127.0.0.28 www.searchweb2.com
O1 - Hosts: 127.0.0.81 www.spawnet.com
O1 - Hosts: 127.0.0.200 tdmy.com
O1 - Hosts: 127.0.0.94 tefs.com
O1 - Hosts: 127.0.0.243 www.tfil.com
O1 - Hosts: 127.0.0.8 tdko.com
O1 - Hosts: 127.0.0.40 www.tdko.com
O1 - Hosts: 127.0.0.200 wrn.net
O1 - Hosts: 127.0.0.60 software.wrn.net
O1 - Hosts: 127.0.0.79 www.wrn.net
O1 - Hosts: 127.0.0.239 www.mp3search.com
O1 - Hosts: 127.0.0.76 www.negativebeats.com
O1 - Hosts: 127.0.0.222 best.omega-search.com
O1 - Hosts: 127.0.0.37 www.omega-search.com
O1 - Hosts: 127.0.0.203 www.trinityacquisitions.com
O1 - Hosts: 127.0.0.63 www.errorfreesearch.com
O1 - Hosts: 127.0.0.87 isearchhere.com
O1 - Hosts: 127.0.0.71 www.isearchhere.com
O1 - Hosts: 127.0.0.234 iwantosearch.com
O1 - Hosts: 127.0.0.5 www.iwantosearch.com
O1 - Hosts: 127.0.0.52 opensearch.org
O1 - Hosts: 127.0.0.246 www.searchbee.net
O1 - Hosts: 127.0.0.232 ifsearch.com
O1 - Hosts: 127.0.0.213 mastersearcher.com
O1 - Hosts: 127.0.0.55 aavc.com
O1 - Hosts: 127.0.0.29 www.aavc.com
O1 - Hosts: 127.0.0.229 acjp.com
O1 - Hosts: 127.0.0.219 www.acjp.com
O1 - Hosts: 127.0.0.67 ecmh.com
O1 - Hosts: 127.0.0.239 wabq.com
O1 - Hosts: 127.0.0.243 www.wabq.com
O1 - Hosts: 127.0.0.211 maximumexperience.com
O1 - Hosts: 127.0.0.92 www.maximumexperience.com
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: 收音機(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Super Rabbit SRRestore] C:\PROGRA~1\SUPERR~1\superr\srrest.exe /autosave
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\PROGRA~1\ICQ\ICQNet.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Zone Labs Client] "F:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [iTunesHelper] E:\iTunesHelper.exe
O4 - HKLM\..\Run: [SearchUpgrader] C:\Program Files\Common files\SearchUpgrader\SearchUpgrader.exe
O4 - HKLM\..\Run: [Windows AdControl] C:\Program Files\Windows AdControl\WinAdCtl.exe
O4 - HKLM\..\Run: [msstart] C:\WINDOWS\System32\msstart.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Rdrhide] C:\DOCUME~1\user\APPLIC~1\ABOUTB~1\for tool.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: 使用 FlashGet 下載 - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 全部使用 FlashGet 下載 - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 匯出至 Microsoft Excel(&X) - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
O16 - DPF: {3A835AF0-C223-4F83-A648-5A02F8FFEBFA} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/tc/filesharingctrl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1101524753531
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (趨勢科技線上掃毒程式) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.streamload.com/Upload/XUpload.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{E32EB76E-495F-426F-96D1-EB301A632081}: NameServer = 168.95.1.1


thanks in advance. :thumbsup:

Comments

  • CrunchieCrunchie Mandurah. Western Australia. Member
    edited November 2004
    Uninstall Windows AdControl from add\remove programs.
    Whilst there uninstall 'Window Search', 'Window Searching', 'Lop.com', 'LOP SEARCH', 'Browser Enhancer', or 'Ultimate Browser Enhancer' if listed. You may be given a code to insert, do so and reboot when done. If not listed there, run this uninstaller:
    http://members.rogers.com/rjmac/new_uninstall.exe

    Open Task Manager & end process on the following:
    msstart.exe
    conime.exe

    Go to C:\WINDOWS\System32 and delete those files manually.

    Scan with hijackthis and tick the boxes next to all the following entries, then close all browser and explorer windows, and hit the "Fix checked" button.

    O4 - HKLM\..\Run: [Windows AdControl] C:\Program Files\Windows AdControl\WinAdCtl.exe
    O4 - HKLM\..\Run: [msstart] C:\WINDOWS\System32\msstart.exe
    O4 - HKCU\..\Run: [Rdrhide] C:\DOCUME~1\user\APPLIC~1\ABOUTB~1\for tool.exe

    Reboot into safe mode by tapping f8 whilst starting your PC and delete these;

    C:\Program Files\Windows AdControl< folder
    C:\DOCUME~1\user\APPLIC~1\ABOUTB~1< folder

    Reboot normally.

    Download the Hoster from here. Press "Restore Original Hosts" and press "OK". Exit Program.

    Post another log.
  • d7x-flo
    edited November 2004
    thanks. :D
    I followed the instructions , but I didnt find these when I was in safe mode

    C:\Program Files\Windows AdControl< folder
    C:\DOCUME~1\user\APPLIC~1\ABOUTB~1< folder

    and when I was typing this reply. the grayish tool jump out again
    so did the weird advertisements.. !?!?
    how do i kill them ~??
    o well
    this is my new log..

    Logfile of HijackThis v1.98.2
    Scan saved at 0:09:51, on 28/11/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
    C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
    C:\WINDOWS\system32\ZONELABS\vsmon.exe
    C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
    C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    F:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    E:\iTunesHelper.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\WINDOWS\System32\RUNDLL32.EXE
    E:\bin\iPodService.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\PROGRA~1\ICQ\ICQ.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    c:\progra~1\intern~1\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    F:\hijackthis\HijackThis.exe

    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [Super Rabbit SRRestore] C:\PROGRA~1\SUPERR~1\superr\srrest.exe /autosave
    O4 - HKLM\..\Run: [Mirabilis ICQ] C:\PROGRA~1\ICQ\ICQNet.exe
    O4 - HKLM\..\Run: [Zone Labs Client] "F:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [iTunesHelper] E:\iTunesHelper.exe
    O4 - HKLM\..\Run: [SearchUpgrader] C:\Program Files\Common files\SearchUpgrader\SearchUpgrader.exe
    O4 - HKLM\..\Run: [Setup cast user less] C:\Documents and Settings\All Users\Application Data\POLL DVD SETUP CAST\PilePoke.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Rdrhide] C:\DOCUME~1\user\APPLIC~1\ABOUTB~1\for tool.exe
    O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
    O8 - Extra context menu item: 使用 FlashGet 下載 - C:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: 全部使用 FlashGet 下載 - C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: 匯出至 Microsoft Excel(&X) - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
    O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
    O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
    O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
    O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
    O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
    O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
    O16 - DPF: {3A835AF0-C223-4F83-A648-5A02F8FFEBFA} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/tc/filesharingctrl.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1101524753531
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (趨勢科技線上掃毒程式) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab
    O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.streamload.com/Upload/XUpload.ocx
    O17 - HKLM\System\CCS\Services\Tcpip\..\{E32EB76E-495F-426F-96D1-EB301A632081}: NameServer = 168.95.1.1
    O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - %SystemRoot%\System32\mshtml.dll (file missing)
    O18 - Protocol: cdl - {3DD53D40-7B8B-11D0-B013-00AA0059CE02} - C:\WINDOWS\system32\urlmon.dll
    O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
    O18 - Protocol: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\System32\msvidctl.dll
    O18 - Protocol: file - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
    O18 - Protocol: ftp - {79EAC9E3-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
    O18 - Protocol: gopher - {79EAC9E4-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
    O18 - Protocol: http - {79EAC9E2-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
    O18 - Protocol: https - {79EAC9E5-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
    O18 - Protocol: ipp - (no CLSID) - (no file)
    O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll
    O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - %SystemRoot%\System32\mshtml.dll (file missing)
    O18 - Protocol: local - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
    O18 - Protocol: mailto - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - %SystemRoot%\System32\mshtml.dll (file missing)
    O18 - Protocol: mhtml - {05300401-BCBC-11D0-85E3-00C04FD85AB4} - %SystemRoot%\System32\inetcomm.dll (file missing)
    O18 - Protocol: mk - {79EAC9E6-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
    O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll
    O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
    O18 - Protocol: msdaipp - (no CLSID) - (no file)
    O18 - Protocol: msencarta - {74D92DF3-6D9D-11D1-8B38-006097DBED7A} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\MSREF.DLL
    O18 - Protocol: msero - {B0D92A71-886B-453B-A649-1B91F93801E7} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\msero.dll
    O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
    O18 - Protocol: msref - {74D92DF3-6D9D-11D1-8B38-006097DBED7A} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\MSREF.DLL
    O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - %SystemRoot%\System32\mshtml.dll (file missing)
    O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - %SystemRoot%\System32\mshtml.dll (file missing)
    O18 - Protocol: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\System32\msvidctl.dll
    O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - %SystemRoot%\System32\mshtml.dll (file missing)
    O18 - Protocol: vnd.ms.radio - {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\System32\msdxm.ocx
    O18 - Protocol: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\System32\wiascr.dll
  • CrunchieCrunchie Mandurah. Western Australia. Member
    edited November 2004
    You are still infected by LOP. Did you run the uninstaller provided in my last post? If not, please do so.
    Uninstall Messenger Plus if you have it installed as it comes bundled with LOP, the infection you currently enjoy :). You can reinstall Messenger Plus without the sponsor.
  • d7x-flo
    edited November 2004
    I run the uninstaller just now...
    and I think I removed it..

    Are there any good anti-spyware or anything that can prevent me from getting omegasearch again ??

    omegasearch is killing me... :mad:

    thanks.
  • CrunchieCrunchie Mandurah. Western Australia. Member
    edited November 2004
    I am not sure if spywareshooter prevents it, but I guess you can try it. Find one of Spywareshooter's post's and download it from his Sig.
  • DexterDexter Vancouver, BC Canada
    edited December 2004
    The HOSTS entries you had originally were GOOD HOSTS ENTRIES. The HOSTER app you were advised to run removed entries which were protecting your computer from loading up the C2/LOP sites.

    Omegakiller was designed to remove the newer versions of LOP/C2, which are also known as Omegasearch. When you run OmegakillerSM, and use the HOSTS BLOCK option it will add known C2 Media domains to your HOSTS file and block them. It will not prevent you from getting a new infection, but it should block their home page and toolbar from loading. For more information on HOSTS blocking, run OmegakillerSM, and click the "What is this?" underneath that option.

    And no, the Spyware Shooter file will not prevent you from getting an infection like this again, it works in a similar fashion. Good common sense computing habits will help with that. Please read our article on Defeating Spyware for tips on how to improve your Internet Explorer security, or to learn how to switch to a different browser. For more general information about spyware read this page.

    Finally, if you have not already done so, please take the time to find out more about Folding For a Cure, a good cause by which your computer uses it's spare power to help search for cures to diseases. We would love to have you on our Team.

    Dexter...
This discussion has been closed.