NEED HELP WITH offer optimizer

[Ukes]

Hey guys,

I have this annoying thing on my computer xads.offeroptimizer.com. I tried every single solution that i know in order to remove it: Ad-aware(updated), Spybot(updated) and lots of othe things. However, i still did not remove that thing.
I tried HijackThis, but i am not sure what can be fixed.

Please have a look at my log and give me some advice

Logfile of HijackThis v1.97.7
Scan saved at 12:11:31, on 08/09/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Documents and Settings\Oleg\Desktop\HijackThis.exe

O2 - BHO: (no name) - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - C:\WINDOWS\localNRD.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [yfhehgwuw] C:\WINDOWS\system32\xosoja.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1094549156289
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab



Thanks in advance

 

[Byteman]

Hi, First, please get HijackThis version 1.98.2 (there is an update feature within HJT, but hardly anyone sees it...they ought to make it 2 inches high in bold, LOL)

Post a new log when done with the below.
--------IF you have the personal or free edition of AAW---
[If you have the Premium or pay-for, need not do]

I don't know what version of AdAware you have. There is a newer one called AdAware SE personal v. 1.04 and even though it is brand new, it has been re-released as there were a few bugs...(that's life with software, right!)
It is important that you have the latest and greatest or are at least aware of what AdAware ( and other programs, especially these type of free tools) go through.
The website for AAW is www.lavasoftusa.com and you can browse there about all this, they have excellent FAQs and forums, etc.
I would strongly advise that unless you downloaded AAW this morning 9/08, that you download it again. The new one will detect the old and prompt you and offer to uninstall the old, then the new install will continue...then, you must try for updates> even tho it is brand new.
Go back to the www.lavasoftusa.com website and find the "ADD-ONS" button on the left, and download what you like but especially the VX2 plugin > download to desktop, when you run it, it will install to the same directory that AAW is in by default> then, start up AdAware and when you hit the Add-ons button in the window, the new plug-in should show, and you can run it to see if anything VX2 is found.
Hijackthis.exe apparently is sitting on the desktop right now?>>>. you must make a new folder there > rename it to HJT and download this newer version into it,

http://spywarewarrior.com/files/HijackThis.exe


and from now on, run Hijackthis from that folder so the backups it makes will be stored in the folder and not strung all over your desktop...

Post a new log when you are done> put the log into a reply right here in your thread! and, thanks!

 

[gamegeek2]

Hmm..What's really weird, is that quite a few people (including myself) has this 'Internet Optimizer' on their computers..Did you check Add&Remove, for something like 'InternetOptimizer'? Thats what it had on my computer..

If not, just post that updated HJT log, and actually get an expert to help you with this, not some dumb secondry-school student!

 

[Byteman]

Hi gamegeek2,

Yes,Internet Optimizer may have an uninstaller in Add/Remove programs, but that does not remove the components that affect you. Offer Optimizer may be slightly different...and yes, there are many posters with both or one of those installed these days. Lop and CWS are in almost every thread. It's a jungle on the Net.
Please feel free if you have not already, to start a new thread and post your log there. We usually find more than one ad-junkware on the system.

 

[Ukes]

Hey Byteman,

Thanks a lot for help. Luckily i resolved the problem but in a difficult way. I reinstalled the whole windows. )

Actually i did that cos just one day ago i reinstalled Windows XP (just to clean up a bit my computer). However, after the first reinstallation I've got this offeroptimizer.com and then i messed up the computer by trying to fix the problem myself.

So i figured out that it won't harm if i reinstall it again.

Neverthelss, i took all ur advices into consideration. Thanks a lot for that.

So, now after all that my log looks like that

Logfile of HijackThis v1.98.2
Scan saved at 23:38:00, on 08/09/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\rmctrl.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijack This\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWS\System32\rmctrl.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1094667665334

 

[Byteman]

Hi, The log looks good, I am not too sure about you tho....

The first thing to do with XP especially with a high speed Internet connection is to enable the built in firewall and installl a good Antivirus Program> the firewall may be turned off as the default setting.

Get to Windows Updates and get all critical updates for XP and Internet Explorer, even if you plan to use a different browser. Get SP1 installed.

It can be a matter of minutes on the Internet before you are instantly drive-byed with something. We have posters who tell us they have been.
Get AdAware SE personal edition or the premium, pay-for if you like. SpyBot Search and Destroy as well, and the list doesn't stop there...you need a good personal firewall as well depending on your surfing habits....and level of ability to configure that type of program. Most are fairly simple.

IESPY-ADs alone can prevent a lot of bad website trouble.

Any other problems? I see you are using some good security programs.

 

[Ukes]

Hi, The log looks good, I am not too sure about you tho....

The first thing to do with XP especially with a high speed Internet connection is to enable the built in firewall and installl a good Antivirus Program> the firewall may be turned off as the default setting.

Get to Windows Updates and get all critical updates for XP and Internet Explorer, even if you plan to use a different browser. Get SP1 installed.

It can be a matter of minutes on the Internet before you are instantly drive-byed with something. We have posters who tell us they have been.
Get AdAware SE personal edition or the premium, pay-for if you like. SpyBot Search and Destroy as well, and the list doesn't stop there...you need a good personal firewall as well depending on your surfing habits....and level of ability to configure that type of program. Most are fairly simple.

IESPY-ADs alone can prevent a lot of bad website trouble.

Any other problems? I see you are using some good security programs.

Hi again Byteman,

Yean, it was my stupid mistake that i did not protected myself immediately after windows instalation.
However this time, I tried to follow all the advice that are in " How did I get infected in the first place " thread.

Result is that now i have:

Ad-aware SE Personal plus VX2 Cleaner
Spybot search and destroy
Spywareblaster
SpywareGuard
Plus Norton Internet Security (i am not sure if it is really helpful but it does something)

But i am still using SP1, last time when i downloaded SP2 i did not like it and it caused me too many troubles.
What do you think should i install SP 2?

Thanks

 

[Byteman]

Well, there are some things you have to do:

There is a system requirements list here:

http://www.microsoft.com/windowsxp/sp2/sp2_whattoknow.mspx

Depends on whether you have a branded computer, like a Dell, Gateway etc the manufacturer may also have some things for you to check out.

Of course, you need the current updates, SP1 etc.

You may have had some malware on the computer at the time you tried for SP2>> you will see the advice to remove that first in the link.

You need time...well that is obvious. Turn on Automatic Updates.

There are some readiness sites that can tell you whether the computer is ready. www.pcpitstop.com
has one I know of. I advise you to NOT do ANY of the autofixes at that site> I warned you. Just take the readiness test, OK? Have reports and experience myself...the autofixes there can go wrong...

Other than that: You may still use the Norton Security program, along with SP2, but you will have some steps to take to configure things.

Many things I read about people who have started using SP2 seem good.
Waiting some time can also be a good idea until you get used to what you have installed. Take your time, read what you can about SP2 is my advice.
You do have enough protection for now it would seem to me. I don't know what you do on that computer> that in the long run is the factor that tells you whether you need SP2 or not...

There are some videos that you may be able to use to SEE the changes, settings, etc that SP2 will ask you to do> it explains what things are pretty well.

Here is a video about one feature of SP2:

http://channels.lockergnome.com/windows/archives/20040903_internet_explorers_addon_manager.phtml

And some others:

http://support.microsoft.com/default.aspx?scid=fh;ln;xpsp2installed

That should help you.