2
   

PLEASE help me get rid of Offeroptimizer spyware!

Forums: Computers, Spyware, Offeroptimizer
Email this Topic Print this Page
 
 
Monger
 
  1  
Reply Tue 13 Apr, 2004 05:52 pm
These links should work (they're IP based so they won't be affected by hosts file hijacks):

HijackThis
CWShredder
0 Replies
 
swoosh
 
  1  
Reply Sat 24 Apr, 2004 12:47 pm
Can Someon please help me
This is what I got from HijackThis can someon please tell me what to remove in order to get offeroptimizer off my computer please

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.blazefind.com/search.php?search=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.blazefind.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.blazefind.com/search_page.php
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.blazefind.com
O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - C:\WINDOWS\bi.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - (no file)
O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: ??(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\C-Major Audio\stacmon.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\lserver\server.vbs
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PowerPanel.lnk = ?
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: MoneySide (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: DigiChat Applet - http://host.digichat.com//DigiChat/DigiClasses/Client_IE.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://help.bellsouth.net/sdccommon/download/tgctlcm.cab
O16 - DPF: {41E6DDD6-FBD6-4718-80F7-9B160533C2F5} (Infragistics UltraToolbars Control 5.0) - http://educationservices.ultimatesoftware.com/cabs/IGToolbars50.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37819.3897453704
O16 - DPF: {B3014671-7872-4671-BE73-5D05EB5B2AF5} (Infragistics UltraGrid Control 2.0) - http://educationservices.ultimatesoftware.com/cabs/IGUltraGrid20.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F0D96671-A5CE-4854-AE49-6835742D232F} (Infragistics Panel Control 4.0) - http://educationservices.ultimatesoftware.com/cabs/IGThreed40.cab
0 Replies
 
timberlandko
 
  1  
Reply Sat 24 Apr, 2004 01:27 pm
First, do not append your help request to someone else's pre-existing topic; if you do so it is likely your problem will get little if any attention.

Next, Simply checking things off with HiJackThis is sorta like usin' scotch tape to repair roofin' shingles. The actual repair and maintenance work required to get the job done runs to a bit more than a couple mouse clicks. The job is readily done, but you've gotta put some work of your own into it.

ONLY AFTER YOU HAVE TAKEN THE NESCESSARY PRELIMINARY STEPS DETAILED BELOW, if you still are having problems, open a
http://www.able2know.com/forums/templates/Able2Know/images/lang_english/post.gif with your own request, describe the problem you are having, list what, if any, steps you have taken to remedy the situation, and include your ENTIRE HighJackThis logfile; we need to know the operating system and browser your are using, and their update status, in order to do you any good.

Preliminary Spyware Removal, WinXP[/color]

Note: These instructions are specific to Windows XP; if your operating system is not XP, open a http://www.able2know.com/forums/templates/Able2Know/images/lang_english/post.gif describing the problem you suspect and tell us what operating system, and browser, you are using. Adjusted specific preliminary steps will be provided to get you started.


Get CoolWebShredder , download it to a folder you create for it on your C: drive. To create a folder on your hard drive, right-click "My Computer" from your desktop or Start panel, Select "Open", then find, select and open the folder for your C: drive, and from the toolbar in that folder, Select "File", then select "New", then click "Folder". When "New Folder" appears, give it a name you will recognize as the download you are about to perform and direct the download into that folder. Disconnect from the internet, then boot into Safe Mode[/i][/b]. Find and open the CoolWebShredder folder, then click the icon to start it. Click "Fix" (not "Scan Only") and let it fix whatever it finds. When it has completed, reboot, and reconnect to the internet.

Without doing any other surfing, get AdAware Basic Before opening and installing AdAware, see: How to update AdAware and AdAware Full Scan Instructions.. With no other browser windows open or applications running, install AdAware. Once AdAware has been installed, updated, and configured to run at next boot (make sure its configured for a full scan per the earlier instructions ... also available also in AdAware's built in "Help" documentation), disconnect from the internet, and reboot. AdAware should launch before anything else. Let it fix whatever it finds.

Now, get, install, and configure Spybot S&D. When the download has completed, close all browsers and running programs, and install SpyBot S&D. When the installation is complete, the program will open. Before running SpyBot, update it. Next, when it has updated, leave Spybot open, disconnect from the internet, then select "Immunize", and then select "Install" in the panel beneath, titled "Permanently Running bad download blocker for Internet Explorer. Do not check any of the boxes in the lower panel (Recommended miscellaneous protection") at this time. Now, while still disconnected from the internet and with no other browsers open or apps running, select "Search and Destroy", then select, at the bottom of that page, "Check for problems" (while it is running would be a good time to click on "Help", and read the tutorial). When that has finished, click "Select all items", then click "Fix selected items". As with AdAware, Spybot may ask to run again on next boot to fix some problems. Again, naturally, if so, grant it permission and reboot; if it does not, run it one more time anyway, then reboot.

When that has been done, reconnect to the internet and go immediately to Windows Update and get any needed Critical Updates and any other security or privacy updates which may be recommended. While you're there, take a look at Microsoft: How to protect my computer

Make sure also you have a current and properly configured antivirus, and use at least XP's built in Firewall.


Thanks for helping to us to help you.
0 Replies
 
 

Related Topics

Super cool computer tricks, for dopes like me. - Discussion by OCCOM BILL
Clone of Micosoft Office - Question by Advocate
Do You Turn Off Your Computer at Night? - Discussion by Phoenix32890
The "Death" of the Computer Mouse - Discussion by Phoenix32890
Windows 10... - Discussion by Region Philbis
Surface Pro 3: What do you think? - Question by neologist
Windows 8 tips thread - Discussion by Wilso
Mac help/can't install new printer, don't remember passwd - Discussion by ossobuco
GOOGLE CHROME - Question by Setanta
.Net and Firefox... - Discussion by gungasnake
Hacking a computer and remote access - Discussion by trying2learn
 
  1. Forums
  2. » PLEASE help me get rid of Offeroptimizer spyware!
  3. » Page 3
Copyright © 2024 MadLab, LLC :: Terms of Service :: Privacy Policy :: Page generated in 0.05 seconds on 05/16/2024 at 09:48:05