Couldn’t see anything to reply to, so started a new topic. Hope these reports help! :-\
You dont say what the problem is?..
The malwarebytes log you attached is the protection log…we need scan log
I wrote a PM to essexboy earlier today and received a reply from his student who asked for scan logs… this is what I wrote…
“I posted a question last week regarding the Omiga-plus virus I seemed to have on my pc. I followed your instructions - (to install and run farbar recovery tool, Malwarebytes and aswMBR) but I didn’t get as far as replying with reports - because I couldn’t work out how to reply!!! IE seemed to go back to normal, so I gave up trying to post back to you.
Yesterday, Omiga returned in IE and when I did a scan with aswMBR today, I see I have…
20:31:19.245 File: C:\Users\Elizabeth\AppData\Local\Temp\nsh3749.tmp INFECTED Win32:Dropper-gen [Drp]
20:31:20.290 File: C:\Users\Elizabeth\AppData\Local\Temp\nsz9052.tmp INFECTED Win32:Dropper-gen [Drp] !!!
I also downloaded Combofix today and have scanned with this too.”
You can probably tell that I am new here and am a bit confused about how to proceed!
Hi 
I have responded in your previous thread that I am monitoring it, but you pasted nothing more there. Credits to Essexboy for bringing it to my attention… For future reference, please stick with one thread, as multiple people working on 1 issue may do more harm than good.
Give me some time to assess your situation and I should come back here later today or tomorrow at the latest
First - about using ComboFix without supervision of a trained expert:
This tool is not a toy and should be used only if told to do so by a Malware Analyst. Refrain from using it on your own. There were some cases in which CF interefered with a present infection, rendering machine unstable.
https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
Scan with Farbar Recovery Scan Tool
Please download Farbar Recovery Scan Tool x64 and save it to your Desktop.
[*]Right-click on
https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
[*]When the tool opens click Yes to disclaimer.
[*]Make sure that Addition option is checked.
[*]Press Scan button and wait.
[*]The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please attach their content to your next reply.
Ok, here is the report…
This is only addition.txt report. I’m gonna need also FRST.txt one
Sorry, I hope I have it right this time!
OK, there is some work here.
Multiple steps are listed - be sure to perform them in the order mentioned
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/windows-defender-offline-01-535x535.jpg
Deactivate Windows Defender
Please follow the instructions here and temporarily switch-off Windows Defender.
It has to be done before other steps for the purpose of not interfering with the fix.
https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
Fix with Farbar Recovery Scan Tool
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
[b] This fix was created for this user for use on that particular machine.
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
Running it on another one may cause damage and render the system unstable.
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
[/b]
Press the
https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/WindowsKey.png
- R on your keyboard at the same time. Type Notepad and click OK.
[*]Copy the entire content of the codebox below and paste into the Notepad document:
start
C:\Users\Elizabeth\AppData\Local\globalUpdate
C:\Program Files (x86)\globalUpdate
C:\Users\Elizabeth\AppData\Roaming\Bubble Dock.installation.log
C:\Users\Elizabeth\AppData\Roaming\Nosibay
C:\ProgramData\gogZnId
C:\Users\Elizabeth\Documents\PC Speed Maximizer
C:\Users\Elizabeth\AppData\Roaming\aps.uninstall.scan.results
C:\Program Files (x86)\NetCrawl
C:\Users\Elizabeth\AppData\Roaming\ProductData
C:\ProgramData\IObit
C:\Users\Elizabeth\AppData\Local\Slick Savings
C:\ProgramData\ProductData
C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
C:\Program Files (x86)\IObit
C:\Users\Elizabeth\AppData\Roaming\IObit
C:\Radsteroids
C:\Program Files (x86)\predm
C:\Windows\SysWOW64\${LOGFILE}
C:\Program Files (x86)\CinemaD-V1
C:\Windows\Tasks\ImCleanDisabled
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [aaaaihhnfnbnpbhpagnmoplpcjbediml] - C:\Users\Elizabeth\AppData\Local\imeshmusicboxtoolbar\GC\toolbar.crx []
C:\Users\Elizabeth\AppData\Local\imeshmusicboxtoolbar
C:\Program Files (x86)\di4BlockAndSurf
FF HKCU\...\Firefox\Extensions: [{0F0F3172-674B-A5D8-B3C3-5EF7C6C92F2F}] - C:\Program Files (x86)\di4BlockAndSurf\175.xpi
BHO-x32: No Name -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM-x32 - No Name - {45177936-603b-4261-8d42-df6f7091d5d0} - No File
Toolbar: HKCU - No Name - {5733492D-4700-A76A-76A7-7A786E7484D7} - No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
c:\program files (x86)\Common Files\Spigot
ShellIconOverlayIdentifiers: GDriveSharedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => No File
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
end
[*]Click File, Save As and type fixlist.txt as the File Name.
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
[*]Right-click on
https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
[*]Press the Fix button just once and wait.
[*]If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
[*]When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please include it in your reply.
https://sites.google.com/site/cannedfixes/tfc/5204fb054866c-TFC_nieuw_25x25.png
Clean Temporary Files with TFC
Please download TFC by OldTimer and save it to your desktop.
[*]Right-click on
https://sites.google.com/site/cannedfixes/tfc/5204fb054866c-TFC_nieuw_25x25.png
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
[*]Close any open programs and save your current work.
[*]Click the Start button to begin. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a couple of minutes.
[*]Once it’s finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.
This tool doesn’t generate any report. Instead I recommend to keep it for good maintenance of your machine.
https://sites.google.com/site/cannedfixes/junkware-removal-tool/JRTbythisisu.png
Fix with Junkware Removal Tool
Please download JRT by Thisisu and save the file to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
[*]Right-click on
https://sites.google.com/site/cannedfixes/junkware-removal-tool/JRTbythisisu.png
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
[*]Follow the prompts and let this process run uninterrupted.
[*]This scan can take a while, depending on your System specs.
[*]Upon completion, a log (JRT.txt) will open on your desktop.
Please include the contents of that file in your reply.
Do not forget to re-enable your previously switched off protection software!
Please also manually reboot your machine after this procedure.
https://sites.google.com/site/cannedfixes/adwcleaner/adwcleaner_new.png
Fix with AdwCleaner
Please download AdwCleaner by Xplode and save the file to your desktop.
[*]Right-click on
https://sites.google.com/site/cannedfixes/adwcleaner/adwcleaner_new.png
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
[*]Follow the prompts and click Scan.
[*]When finished, please click Clean.
[*]Upon completion, click Report. A log (AdwCleaner[S*].txt) will open.
Please include the contents of that file in your reply.
https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
Scan with Farbar Recovery Scan Tool
Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.
[*]Right-click on
https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
[*]Make sure that Addition option is checked.
[*]Press Scan button and wait.
[*]The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please include their content into your next reply.
Many thanks. Please find 4 reports attached…
…and here’s the last one…
wow … you had an enormous amount of crap programs! … computer must run like new now?
Haha - I am not surprised! ;D
Does this mean my pc should be clean? Because I am still having problems with IE!
When I click on the icon - I get a blank page apart from the toolbars. When I open a new page - I still have the option to open the dreaded omega-plus home page!?
Is there still work to do?
Naathim is the one working your case, he will be back … and when done he will remove all the tools used 
Ok, many thanks
Hi
Is this junk present only in IE? What about the other browsers?
I only have IE and Safari. I did have Chrome which also had the Omiga home page, but I deleted it because nobody really used it. Safari is junk free so far as I can tell.
Hello
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/51a612a8b27e2-Zoek.png
Scan with ZOEK
Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
[*]Right-click on
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/51a612a8b27e2-Zoek.png
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
[]Wait patiently until the main console will appear, it may take a minute or two.
[]In the main box please paste in the following script:
createsrpoint;
iedefaults;
autoclean;
[*]Make sure that Scan All Users option is checked.
[*]Push Run Script and wait patiently. The scan may take a couple of minutes.
[*]When the scan completes, a zoek-results logfile should open in notepad.
[*]If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)
Please include its content in your next reply.
Dont forget to re-enable your previuosly switched-off protection software!
Is that invasive omiga site still there?
Thanks for your reply Naathim. Scan results attached.
Wierdly, the Omiga homepage has disappeared and Google looks normal again, but isn’t functioning well. Some pages work, some won’t. For example I can click on this forum link from my emails and it works on IE and I can post fine, but I click on other links, from my emails or even from my favourites on IE, and they don’t work at all - I just get a blank page. Searching isn’t an option either. My pc is also very slow for the first time today since I’ve had these problems. Safari is still working fine, but on a go slow. Happy days!! ???
So let’s investigate further
https://sites.google.com/site/cannedfixes/tdsskiller/520e76988454e-tdsskiller.PNG
Scan with TDSSKiller
Please download TDSSKiller by Kaspersky and save it to your desktop.
[*]Right-click on
https://sites.google.com/site/cannedfixes/tdsskiller/520e76988454e-tdsskiller.PNG
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
[*]Click on Change parameters and put a checkmark beside Loaded modules. A reboot will be needed to apply the changes, allow it to do so.
[*]Your machine may appear very slow and unusable after that - it’s normal.
[*]TDSSKiller will run automaticaly. Click on Change parameters.
[*]Make sure that Verify driver digital signatures & Detect TDLFS File System are marked and click OK.
[*]Click the Start Scan button and wait patiently.
If anything will be found follow this guidelines:
[*]If a suspicious object is detected, the default action will be Skip, click on Continue.
[*]If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
If Cure is not available, please choose Skip instead.
[*]Do not choose Delete unless instructed!
A report will be created in your root directory, (usually C:\ drive) in the form of TDSSKiller.[Version][Date][Time]_log.txt. Please include the contents of that file in your next post.