Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HELP! OML.NET will not go away


  • Please log in to reply
3 replies to this topic

#1 PaulyPauly

PaulyPauly

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:53 AM

Posted 26 December 2004 - 02:56 PM

First off...MERRY CHRISTMAS EVERYONE

OMG, this is crazy.....i've read forums and nothing seems to get rid of oml.net.... I donloaded hijack this to c:/programfiles/hijackthis......I ran the program, closed all windows and then fixed all oml.net extensions....then I immediately restarted in safe mode and deleted _sl and _hp files. After that I ran adaware and then I restarted again. I was able to set a different homepage but then it switched over to oml.net all over again! ahhhhh, someone please help....here is what my logfile looks like after I fixed the oml.net files

Logfile of HijackThis v1.99.0
Scan saved at 2:39:15 PM, on 12/26/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\ATI Technologies\HydraVision\HydraMD.exe
C:\Program Files\D-Tools\daemon.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\interMute\SpySubtract\SpySub.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;localhost
R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1003EA14-A9E2-44D3-8B08-5BCC0F56B64E} - blank (file missing)
O2 - BHO: (no name) - {6F730034-4317-9581-1155-A63977C1A183} - blank (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: IEHlprObj Class - {CE7C3CF0-4B15-11D1-ABED-709549C10020} - C:\WINDOWS\System32\jgsxciuhqz.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: Search - {1408C4E6-4439-4E6F-7E5B-0C4CCA09FD65} - blank (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [HydraVisionViewport] C:\Program Files\ATI Technologies\HydraVision\HydraMD.exe
O4 - HKLM\..\Run: [cdsfoj] C:\WINDOWS\cdsfoj.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [Rxagik] C:\WINDOWS\Meruoq.exe
O4 - HKLM\..\Run: [lthusc] C:\WINDOWS\System32\lthusc.exe
O4 - HKLM\..\Run: [Nbxqlen] C:\WINDOWS\sbavof.exe
O4 - HKLM\..\Run: [winupdtl] C:\WINDOWS\System32\winupdtl.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O18 - Protocol: bw+0 - {1E0070B9-3EA4-481B-B319-A12845CCE21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {1E0070B9-3EA4-481B-B319-A12845CCE21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {1E0070B9-3EA4-481B-B319-A12845CCE21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {1E0070B9-3EA4-481B-B319-A12845CCE21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {1E0070B9-3EA4-481B-B319-A12845CCE21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {1E0070B9-3EA4-481B-B319-A12845CCE21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {1E0070B9-3EA4-481B-B319-A12845CCE21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {1E0070B9-3EA4-481B-B319-A12845CCE21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {1E0070B9-3EA4-481B-B319-A12845CCE21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {1E0070B9-3EA4-481B-B319-A12845CCE21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {1E0070B9-3EA4-481B-B319-A12845CCE21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {1E0070B9-3EA4-481B-B319-A12845CCE21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {1E0070B9-3EA4-481B-B319-A12845CCE21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {1E0070B9-3EA4-481B-B319-A12845CCE21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {1E0070B9-3EA4-481B-B319-A12845CCE21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {1E0070B9-3EA4-481B-B319-A12845CCE21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {1E0070B9-3EA4-481B-B319-A12845CCE21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {1E0070B9-3EA4-481B-B319-A12845CCE21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {1E0070B9-3EA4-481B-B319-A12845CCE21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {1E0070B9-3EA4-481B-B319-A12845CCE21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {1E0070B9-3EA4-481B-B319-A12845CCE21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {1E0070B9-3EA4-481B-B319-A12845CCE21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {1E0070B9-3EA4-481B-B319-A12845CCE21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {1E0070B9-3EA4-481B-B319-A12845CCE21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {1E0070B9-3EA4-481B-B319-A12845CCE21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {1E0070B9-3EA4-481B-B319-A12845CCE21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {1E0070B9-3EA4-481B-B319-A12845CCE21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {1E0070B9-3EA4-481B-B319-A12845CCE21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {1E0070B9-3EA4-481B-B319-A12845CCE21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {1E0070B9-3EA4-481B-B319-A12845CCE21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {1E0070B9-3EA4-481B-B319-A12845CCE21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {1E0070B9-3EA4-481B-B319-A12845CCE21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {1E0070B9-3EA4-481B-B319-A12845CCE21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {1E0070B9-3EA4-481B-B319-A12845CCE21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {1E0070B9-3EA4-481B-B319-A12845CCE21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {1E0070B9-3EA4-481B-B319-A12845CCE21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {1E0070B9-3EA4-481B-B319-A12845CCE21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {1E0070B9-3EA4-481B-B319-A12845CCE21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {1E0070B9-3EA4-481B-B319-A12845CCE21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {1E0070B9-3EA4-481B-B319-A12845CCE21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {1E0070B9-3EA4-481B-B319-A12845CCE21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {1E0070B9-3EA4-481B-B319-A12845CCE21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {1E0070B9-3EA4-481B-B319-A12845CCE21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {1E0070B9-3EA4-481B-B319-A12845CCE21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {1E0070B9-3EA4-481B-B319-A12845CCE21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {1E0070B9-3EA4-481B-B319-A12845CCE21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {1E0070B9-3EA4-481B-B319-A12845CCE21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {1E0070B9-3EA4-481B-B319-A12845CCE21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {1E0070B9-3EA4-481B-B319-A12845CCE21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {1E0070B9-3EA4-481B-B319-A12845CCE21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {1E0070B9-3EA4-481B-B319-A12845CCE21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {1E0070B9-3EA4-481B-B319-A12845CCE21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {1E0070B9-3EA4-481B-B319-A12845CCE21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {1E0070B9-3EA4-481B-B319-A12845CCE21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {1E0070B9-3EA4-481B-B319-A12845CCE21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {1E0070B9-3EA4-481B-B319-A12845CCE21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {1E0070B9-3EA4-481B-B319-A12845CCE21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {1E0070B9-3EA4-481B-B319-A12845CCE21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {1E0070B9-3EA4-481B-B319-A12845CCE21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {1E0070B9-3EA4-481B-B319-A12845CCE21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {1E0070B9-3EA4-481B-B319-A12845CCE21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {1E0070B9-3EA4-481B-B319-A12845CCE21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {1E0070B9-3EA4-481B-B319-A12845CCE21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {1E0070B9-3EA4-481B-B319-A12845CCE21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {1E0070B9-3EA4-481B-B319-A12845CCE21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {1E0070B9-3EA4-481B-B319-A12845CCE21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {1E0070B9-3EA4-481B-B319-A12845CCE21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {1E0070B9-3EA4-481B-B319-A12845CCE21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {1E0070B9-3EA4-481B-B319-A12845CCE21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {1E0070B9-3EA4-481B-B319-A12845CCE21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {1E0070B9-3EA4-481B-B319-A12845CCE21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {1E0070B9-3EA4-481B-B319-A12845CCE21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {1E0070B9-3EA4-481B-B319-A12845CCE21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {1E0070B9-3EA4-481B-B319-A12845CCE21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {1E0070B9-3EA4-481B-B319-A12845CCE21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {1E0070B9-3EA4-481B-B319-A12845CCE21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll
O18 - Protocol: offline-8876480 - {1E0070B9-3EA4-481B-B319-A12845CCE21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe




Can anyone help me out?



PaulyPauly

BC AdBot (Login to Remove)

 


#2 PaulyPauly

PaulyPauly
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:53 AM

Posted 26 December 2004 - 04:18 PM

Thanks anyway everyone, I figured it out myself.....if anyone has any questions about oml.net just let me know

#3 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,540 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:53 AM

Posted 27 December 2004 - 02:47 PM

Let us know what you discovered

#4 PaulyPauly

PaulyPauly
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:53 AM

Posted 29 December 2004 - 11:58 AM

REMOVE OML.NET OML.NET REMOVAL GET RID OF OML.NET OML.NET DELETE DELETE OML.NET

Well, here's what I did in order: Make sure you have a spyware remover before starting, I have "Adaware". Make sure you are disconnected to your network (if you have one).

1)---> Downloaded Hijackthis to new folder called "C:\Program Files\Hijackthis"

2)----> Close ALL programs, applications and internet explorer browsers

3)-----> Run Hijackthis and delete everything that contains "oml.net" I also deleted everything containing "_s" and " _h" and I deleted suspicious "O2 - BHO" and "O16 - DPF" files {IMPORTANT!!!! Make sure to delete all backup files located in Hijackthis under "Config>Backups" after "scan" and "Fix checked" processes. }

4)------> Close Hijackthis application and immediately shutdown and restart computer in Safe Mode. {This can be done by hitting the "F8" or "F2" (depends on type of computer) key, as soon as system restarts, continuously until safe mode option appears.

5)-------> Go to C:\Windows and delete _S and _H html files...if they exist

6)--------> Go to Start>Control Panel>Add/Remove programs> then remove Viewpoint Mediaplayer....if it exists

7)---------> Clear internet History, cookies and files (make sure "days to keep pages in history" is 0 before you clear history)

8)----------> Run Hijackthis again and delete anything reappearing with oml.net

9)-----------> Run Adaware and delete everything...don't forget to delete quarantine folder if it exists

10)-----------> BE CAREFUL!!!!.....I opened regedit and deleted every single value and key that contained oml.net..........Before you run regedit make sure you are extemely careful when deleting keys and values.....MAKE SURE YOU ARE 100% sure you are deleting an OML.NET key or value. So here's how to do it go to "Start">"RUN"...then type "regedit" You want to search the entire registry for "oml.net" you can do this by going to "edit" then "find" and type "oml.net" when it finds something just right click on that EXACT file it highilights and hit delete. then click on "F3" and it will search for the next value containing oml.net. After you have deleted everything containing oml.net make sure to repeat this step in case you missed something containing "oml.net". I did the same for "viewpoint" just in case.

11)-------------> Clear internet History, cookies and files (make sure "days to keep pages in history" is 0 before you clear history)

12)---------------> Go to internet properties and set your own homepage. Run Hijackthis again and make sure that oml.net hasn't returned...if it hasn't then you should be ALL SET!!!

OML.NET is a real pain in the ass to get rid of......I had to do this twice before I got the steps correctly. OML.NET is very sensitive so make sure you follow step by step. Also, make sure you backup anything of extreme importance before you delete anything from your registry. Again, if you have any existence of OML.NET in a backup or qurantine folder....when you run a spyware or antivirus program it will make OML.NET reappear....make sure to delete all backups of OML.NET deleted files in Hijackthis.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users