1
   

Stop Popups Ad

Forums: Computers
Email this Topic Print this Page
 
 
JuliaD12
 
Reply Fri 5 Mar, 2004 06:45 am
Hello, I faced the problem...
Could somebody please help me to remove offeroptimizer.com spyware from my computer??...
Many thanks in advance!

Here is my HiJackThis log:

Logfile of HijackThis v1.97.7
Scan saved at 19:12:58, on 04.03.2004
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
c:\Components\CrmChat\StrategyChat.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Messenger Plus! 2\MsgPlus.exe
C:\WINNT\System32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Microsoft Firewall Client\ISATRAY.EXE
C:\WINNT\System32\rundll32.exe
C:\Program Files\SmartDisk\FlashPath\sdstat.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\wincmd\TOTALCMD.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
D:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearchnow.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://mysearchnow.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearchnow.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://mysearchnow.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://strategia/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - C:\WINNT\bi.dll
O2 - BHO: (no name) - {000E7270-CC7A-0786-8E7A-DA09B51938A6} - C:\WINNT\System32\n3tpa1.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {16664845-0E00-11D2-8059-000000000000} - C:\Program Files\Common Files\ReGet Shared\Catcher.dll
O2 - BHO: (no name) - {af31eea9-3536-4613-bf81-f588d3817bea} - C:\DOCUME~1\terno\APPLIC~1\triesklyiw.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {97f23d83-4b9b-44c7-970a-5d7c146a3d24} - (no file)
O3 - Toolbar: ReGet Bar - {17939A30-18E2-471E-9D3A-56DD725F1215} - C:\Program Files\ReGetDx\iebar.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Belt] C:\WINNT\Belt.exe
O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Firewall Client Connectivity Monitor.LNK = C:\Program Files\Microsoft Firewall Client\ISATRAY.EXE
O4 - Global Startup: FlashPath Monitor.lnk = C:\Program Files\SmartDisk\FlashPath\sdstat.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Translate - http://lingvo.yandex.ru/ie5trans.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yandex &Search - http://lingvo.yandex.ru/ie5search.htm
O8 - Extra context menu item: Закачать &все при помощи ReGet Deluxe - C:\Program Files\Common Files\ReGet Shared\CC_All.htm
O8 - Extra context menu item: Закачать при помощи Re&Get Deluxe - C:\Program Files\Common Files\ReGet Shared\CC_Link.htm
O9 - Extra button: Spy (HKLM)
O9 - Extra 'Tools' menuitem: MSIE &Spy (HKLM)
O10 - Broken Internet access because of LSP provider 'lsp.dll' missing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://strategia/
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/en/filesharingctrl.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37915.0066435185
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E8EDB60C-951E-4130-93DC-FAF1AD25F8E7} (MoneyTree Dialer) -
O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} (ddm_download.ddm_control) - http://download.rfwnad.com/cab/crack.CAB
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = strategypartner.ru
O17 - HKLM\System\CCS\Services\Tcpip\..\{6E059CD6-013E-414A-A12C-C951492E3CFB}: NameServer = 193.232.174.1,192.168.64.26
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = strategypartner.ru
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = strategypartner.ru
  • Topic Stats
  • Top Replies
  • Link to this Topic
Type: Discussion • Score: 1 • Views: 4,500 • Replies: 9
No top replies

 
discogail
 
  1  
Reply Fri 5 Mar, 2004 11:59 am
Download CWShredder
www.zerosrealm.com/downloads/CWShredder.zip
Unzip...Run it......press "Fix", follow its prompts & instructions.. press 'Next', and allow it to fix all it finds.
reboot......
Then rescan w/ HijackThis, after unzipping and placing HijackThis.exe into a folder of it's own...& copy & paste the log into your next reply....
0 Replies
 
JuliaD12
 
  1  
Reply Fri 5 Mar, 2004 12:11 pm
This is a HijackThis scan log after CWShredder.exe scanning.
Hi again..
I downloaded CWShredder.exe. Folowed instructions. This is the Hijack scan log after CWShredder.exe scanning:
Thank you for helping me..

Logfile of HijackThis v1.97.7
Scan saved at 21:07:46, on 05.03.2004
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
c:\Components\CrmChat\StrategyChat.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Messenger Plus! 2\MsgPlus.exe
C:\WINNT\System32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Microsoft Firewall Client\ISATRAY.EXE
C:\WINNT\System32\rundll32.exe
C:\Program Files\SmartDisk\FlashPath\sdstat.exe
C:\Program Files\wincmd\TOTALCMD.EXE
C:\Program Files\Adobe\Photoshop CS\Photoshop.exe
C:\WINNT\Microsoft.NET\Framework\v1.0.3705\aspnet_wp.exe
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Arsenal company\Сократ Персональный 4.0\spv.exe
C:\PROGRA~1\ARSENA~1\4023E~1.0\Spe.exe
C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe
C:\DOCUME~1\terno\LOCALS~1\Temp\~e5d141.tmp
C:\DOCUME~1\terno\LOCALS~1\Temp\~e5d141.tmp
C:\WINNT\explorer.exe
D:\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://strategia/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - C:\WINNT\bi.dll
O2 - BHO: (no name) - {000E7270-CC7A-0786-8E7A-DA09B51938A6} - C:\WINNT\System32\n3tpa1.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {16664845-0E00-11D2-8059-000000000000} - C:\Program Files\Common Files\ReGet Shared\Catcher.dll
O2 - BHO: (no name) - {af31eea9-3536-4613-bf81-f588d3817bea} - C:\DOCUME~1\terno\APPLIC~1\triesklyiw.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {97f23d83-4b9b-44c7-970a-5d7c146a3d24} - (no file)
O3 - Toolbar: ReGet Bar - {17939A30-18E2-471E-9D3A-56DD725F1215} - C:\Program Files\ReGetDx\iebar.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Belt] C:\WINNT\Belt.exe
O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Firewall Client Connectivity Monitor.LNK = C:\Program Files\Microsoft Firewall Client\ISATRAY.EXE
O4 - Global Startup: FlashPath Monitor.lnk = C:\Program Files\SmartDisk\FlashPath\sdstat.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Translate - http://lingvo.yandex.ru/ie5trans.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yandex &Search - http://lingvo.yandex.ru/ie5search.htm
O8 - Extra context menu item: Закачать &все при помощи ReGet Deluxe - C:\Program Files\Common Files\ReGet Shared\CC_All.htm
O8 - Extra context menu item: Закачать при помощи Re&Get Deluxe - C:\Program Files\Common Files\ReGet Shared\CC_Link.htm
O9 - Extra button: Spy (HKLM)
O9 - Extra 'Tools' menuitem: MSIE &Spy (HKLM)
O10 - Broken Internet access because of LSP provider 'lsp.dll' missing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://strategia/
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/en/filesharingctrl.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37915.0066435185
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E8EDB60C-951E-4130-93DC-FAF1AD25F8E7} (MoneyTree Dialer) -
O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} (ddm_download.ddm_control) - http://download.rfwnad.com/cab/crack.CAB
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = strategypartner.ru
O17 - HKLM\System\CCS\Services\Tcpip\..\{6E059CD6-013E-414A-A12C-C951492E3CFB}: NameServer = 193.232.174.1,192.168.64.26
O17 - HKLM\System\CCS\Services\Tcpip\..\{C4D247AD-9D5E-4848-B94A-DDA48A622D8F}: NameServer = 192.168.0.4 192.166.0.3
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = strategypartner.ru
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = strategypartner.ru
0 Replies
 
JuliaD12
 
  1  
Reply Fri 26 Mar, 2004 11:09 am
OfferOptimizer software - how to get rid of this?????
Sad
Still can not remove this OfferOptimizer software from my computer.. Tired.. Could somebody help me please???
Would be very gratefull...
0 Replies
 
sweet majestic darkness
 
  1  
Reply Sun 28 Mar, 2004 10:54 pm
Going to this thread helped me get rid of everything:

http://www.able2know.com/forums/viewtopic.php?t=5579

I had to download Spybot and As-Aware in order to get rid of offeroptimizer.
0 Replies
 
JuliaD12
 
  1  
Reply Thu 1 Apr, 2004 05:43 am
THANK YOU!
Im so happy! Finally I could do it! Thank you! I installed Ad-Aware and it really helped me alot!
Very Happy
0 Replies
 
cavfancier
 
  1  
Reply Thu 1 Apr, 2004 06:07 am
Just for the future, you should also download spybot. Having both on your system is a good thing. The Google toolbar has a great pop-up blocker. Ever since I got it, I've had close to zero spyware.
0 Replies
 
Region Philbis
 
  1  
Reply Sat 3 Apr, 2004 07:08 pm
haven't had a single pop-up since i installed the google toolbar.
i highly recommend it...
0 Replies
 
Craven de Kere
 
  1  
Reply Sat 3 Apr, 2004 07:13 pm
The toolbar will often not help with the spyware though, as they are not launching from an existing browser session.
0 Replies
 
crashoveride
 
  1  
Reply Fri 14 May, 2004 03:07 am
if you have window xP pro/home get the service pack 2 is great stops block ups and is great i have the beta version cant wait untill the final is relesed
0 Replies
 
 

Related Topics

Super cool computer tricks, for dopes like me. - Discussion by OCCOM BILL
Clone of Micosoft Office - Question by Advocate
Do You Turn Off Your Computer at Night? - Discussion by Phoenix32890
The "Death" of the Computer Mouse - Discussion by Phoenix32890
Windows 10... - Discussion by Region Philbis
Surface Pro 3: What do you think? - Question by neologist
Windows 8 tips thread - Discussion by Wilso
Mac help/can't install new printer, don't remember passwd - Discussion by ossobuco
GOOGLE CHROME - Question by Setanta
.Net and Firefox... - Discussion by gungasnake
Hacking a computer and remote access - Discussion by trying2learn
 
  1. Forums
  2. » Stop Popups Ad
Copyright © 2025 MadLab, LLC :: Terms of Service :: Privacy Policy :: Page generated in 0.05 seconds on 01/05/2025 at 02:01:24