1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

NEED HELP WITH offer optimizer

Discussion in 'Virus & Other Malware Removal' started by Ukes, Sep 8, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. Ukes

    Ukes Thread Starter

    Joined:
    Sep 8, 2004
    Messages:
    7
    Hey guys,

    I have this annoying thing on my computer xads.offeroptimizer.com. I tried every single solution that i know in order to remove it: Ad-aware(updated), Spybot(updated) and lots of othe things. However, i still did not remove that thing.
    I tried HijackThis, but i am not sure what can be fixed.

    Please have a look at my log and give me some advice

    Logfile of HijackThis v1.97.7
    Scan saved at 12:11:31, on 08/09/2004
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Norton Internet Security\NISUM.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\eMule\emule.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\Norton Internet Security\ccPxySvc.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\ntvdm.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
    C:\Documents and Settings\Oleg\Desktop\HijackThis.exe

    O2 - BHO: (no name) - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - C:\WINDOWS\localNRD.dll
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [yfhehgwuw] C:\WINDOWS\system32\xosoja.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE
    O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
    O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1094549156289
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab



    Thanks in advance
     
  2. Byteman

    Byteman Gone but Never Forgotten

    Joined:
    Jan 24, 2002
    Messages:
    17,742
    Hi, First, please get HijackThis version 1.98.2 (there is an update feature within HJT, but hardly anyone sees it...they ought to make it 2 inches high in bold, LOL)

    Post a new log when done with the below.
    --------IF you have the personal or free edition of AAW---
    [If you have the Premium or pay-for, need not do]

    I don't know what version of AdAware you have. There is a newer one called AdAware SE personal v. 1.04 and even though it is brand new, it has been re-released as there were a few bugs...(that's life with software, right!)
    It is important that you have the latest and greatest or are at least aware of what AdAware ( and other programs, especially these type of free tools) go through.
    The website for AAW is www.lavasoftusa.com and you can browse there about all this, they have excellent FAQs and forums, etc.
    I would strongly advise that unless you downloaded AAW this morning 9/08, that you download it again. The new one will detect the old and prompt you and offer to uninstall the old, then the new install will continue...then, you must try for updates> even tho it is brand new.
    Go back to the www.lavasoftusa.com website and find the "ADD-ONS" button on the left, and download what you like but especially the VX2 plugin > download to desktop, when you run it, it will install to the same directory that AAW is in by default> then, start up AdAware and when you hit the Add-ons button in the window, the new plug-in should show, and you can run it to see if anything VX2 is found.
    Hijackthis.exe apparently is sitting on the desktop right now?>>>. you must make a new folder there > rename it to HJT and download this newer version into it,

    http://spywarewarrior.com/files/HijackThis.exe


    and from now on, run Hijackthis from that folder so the backups it makes will be stored in the folder and not strung all over your desktop...

    Post a new log when you are done> put the log into a reply right here in your thread! and, thanks!
     
  3. gamegeek2

    gamegeek2

    Joined:
    Nov 29, 2003
    Messages:
    24
    Hmm..What's really weird, is that quite a few people (including myself) has this 'Internet Optimizer' on their computers..Did you check Add&Remove, for something like 'InternetOptimizer'? Thats what it had on my computer..

    If not, just post that updated HJT log, and actually get an expert to help you with this, not some dumb secondry-school student! ;)
     
  4. Byteman

    Byteman Gone but Never Forgotten

    Joined:
    Jan 24, 2002
    Messages:
    17,742
    Hi gamegeek2,

    Yes,Internet Optimizer may have an uninstaller in Add/Remove programs, but that does not remove the components that affect you. Offer Optimizer may be slightly different...and yes, there are many posters with both or one of those installed these days. Lop and CWS are in almost every thread. It's a jungle on the Net.
    Please feel free if you have not already, to start a new thread and post your log there. We usually find more than one ad-junkware on the system.
     
  5. Ukes

    Ukes Thread Starter

    Joined:
    Sep 8, 2004
    Messages:
    7
    Hey Byteman,

    Thanks a lot for help. Luckily i resolved the problem but in a difficult way. I reinstalled the whole windows. :))

    Actually i did that cos just one day ago i reinstalled Windows XP (just to clean up a bit my computer). However, after the first reinstallation I've got this offeroptimizer.com and then i messed up the computer by trying to fix the problem myself.

    So i figured out that it won't harm if i reinstall it again. :D

    Neverthelss, i took all ur advices into consideration. Thanks a lot for that. ;)

    So, now after all that my log looks like that

    Logfile of HijackThis v1.98.2
    Scan saved at 23:38:00, on 08/09/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Norton Internet Security\NISUM.EXE
    C:\WINDOWS\System32\RUNDLL32.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\System32\rmctrl.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\Norton Internet Security\ccPxySvc.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Hijack This\HijackThis.exe

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWS\System32\rmctrl.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1094667665334
     
  6. Byteman

    Byteman Gone but Never Forgotten

    Joined:
    Jan 24, 2002
    Messages:
    17,742
    Hi, The log looks good, I am not too sure about you tho.... :D

    The first thing to do with XP especially with a high speed Internet connection is to enable the built in firewall and installl a good Antivirus Program> the firewall may be turned off as the default setting.

    Get to Windows Updates and get all critical updates for XP and Internet Explorer, even if you plan to use a different browser. Get SP1 installed.

    It can be a matter of minutes on the Internet before you are instantly drive-byed with something. We have posters who tell us they have been.
    Get AdAware SE personal edition or the premium, pay-for if you like. SpyBot Search and Destroy as well, and the list doesn't stop there...you need a good personal firewall as well depending on your surfing habits....and level of ability to configure that type of program. Most are fairly simple.

    IESPY-ADs alone can prevent a lot of bad website trouble.

    Any other problems? I see you are using some good security programs.
     
  7. Ukes

    Ukes Thread Starter

    Joined:
    Sep 8, 2004
    Messages:
    7

    Hi again Byteman,

    Yean, it was my stupid mistake that i did not protected myself immediately after windows instalation.
    However this time, I tried to follow all the advice that are in " How did I get infected in the first place " thread.

    Result is that now i have:

    Ad-aware SE Personal plus VX2 Cleaner
    Spybot search and destroy
    Spywareblaster
    SpywareGuard
    Plus Norton Internet Security (i am not sure if it is really helpful but it does something) :D

    But i am still using SP1, last time when i downloaded SP2 i did not like it and it caused me too many troubles.
    What do you think should i install SP 2?

    Thanks
     
  8. Byteman

    Byteman Gone but Never Forgotten

    Joined:
    Jan 24, 2002
    Messages:
    17,742
    Well, there are some things you have to do:

    There is a system requirements list here:

    http://www.microsoft.com/windowsxp/sp2/sp2_whattoknow.mspx

    Depends on whether you have a branded computer, like a Dell, Gateway etc the manufacturer may also have some things for you to check out.

    Of course, you need the current updates, SP1 etc.

    You may have had some malware on the computer at the time you tried for SP2>> you will see the advice to remove that first in the link.

    You need time...well that is obvious. Turn on Automatic Updates.

    There are some readiness sites that can tell you whether the computer is ready. www.pcpitstop.com
    has one I know of. I advise you to NOT do ANY of the autofixes at that site> I warned you. Just take the readiness test, OK? Have reports and experience myself...the autofixes there can go wrong...

    Other than that: You may still use the Norton Security program, along with SP2, but you will have some steps to take to configure things.

    Many things I read about people who have started using SP2 seem good.
    Waiting some time can also be a good idea until you get used to what you have installed. Take your time, read what you can about SP2 is my advice.
    You do have enough protection for now it would seem to me. I don't know what you do on that computer> that in the long run is the factor that tells you whether you need SP2 or not...

    There are some videos that you may be able to use to SEE the changes, settings, etc that SP2 will ask you to do> it explains what things are pretty well.

    Here is a video about one feature of SP2:

    http://channels.lockergnome.com/windows/archives/20040903_internet_explorers_addon_manager.phtml

    And some others:

    http://support.microsoft.com/default.aspx?scid=fh;ln;xpsp2installed

    That should help you.
     
  9. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/271558

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice