offeroptimizer hjt log

Forums: Computers
Email this Topic • Print this Page

I don't normally post for these items, but I can't seem to nail down which item is offeroptimizer. I actually had a tough time figuring out what this was because this site is blocked, but once I got into my history I found it was offeroptimizer opening windows. Here's my log from hijackthis:

Logfile of HijackThis v1.98.2
Scan saved at 4:45:12 PM, on 11/29/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
C:\WINDOWS\BCMSMMSG.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINDOWS\system32\fdppqsbm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\program files\valve\steam\steam.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Danware Data\NetOp Remote Control\GUEST\Ngstw32.exe
C:\Program Files\Danware Data\NetOp Remote Control\GUEST\nldrw32.exe
C:\Program Files\Blitzz\BWP712\OdHost.exe
C:\Program Files\Blitzz\BWP712\DrFVnet.exe
C:\WINDOWS\System32\WISPTIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://games.espn.go.com/ffllm/leagueoffice?leagueId=105992
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://r.office.microsoft.com/r/rlidOfficeUpdate?clid=1033
O2 - BHO: MultiMPPObj Class - {002EB272-2590-4693-B166-FBD5D9B6FEA6} - C:\WINDOWS\multimpp.dll
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [bbuzsxqmukhh] C:\WINDOWS\system32\fdppqsbm.exe
O4 - HKLM\..\Run: [conscorr] C:\WINDOWS\conscorr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [satmat] C:\WINDOWS\satmat.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Shortcut to Ngstw32.exe.lnk = C:\Program Files\Danware Data\NetOp Remote Control\GUEST\Ngstw32.exe
O4 - Global Startup: IEEE802.11g WLAN Card.lnk = C:\Program Files\Blitzz\BWP712\Startup.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=e6fad8bca5ec01a0f9cab88f535b5cd172677af13876d80575558a5afedcb2919a3d40919a1a61851a4834019fcdf82a9ac44068923192c2d035e328f6c13f:d850ebd7cca3b498dc248e2dbf7775d2
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - http://transfers.one.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D06A22B4-6087-4D3D-B7AF-82B113E9ABD4} (CPostLaunch Object) - http://www2.verizon.net/update/msnwebinstall/includes/vzWebIns.CAB
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} (Personal System Administrator Control) - http://www.linksysfix.com/netcheck/24/install/gtdownls.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = rodge.com
O17 - HKLM\Software\..\Telephony: DomainName = rodge.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{6EB61517-923B-4D36-9703-7C044820E772}: Domain = rodge.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{B0CA50FA-8A22-4D92-BDDF-3354A011F2AD}: Domain = rodge.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = rodge.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = rodge.com,stumbaugh.org
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = rodge.com,stumbaugh.org

Topic Stats
Top Replies
Link to this Topic

Type: Discussion • Score: 1 • Views: 1,081 • Replies: 2

No top replies

Hi rstumbaugh and welcome to A2K

Reboot to safe mode ( By tapping the F8 key on start up) Make sure you can view all Hidden Files/Folders search for and delete the following in BOLD
C:\WINDOWS\system32\fdppqsbm.exe
C:\WINDOWS\conscorr.exe
C:\WINDOWS\satmat.exe
C:\WINDOWS\multimpp.dll
C:\WINDOWS\systb.dll
Please restart HJT put a check next to the following, close all open windows and click "Fix Checked"
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
O2 - BHO: MultiMPPObj Class - {002EB272-2590-4693-B166-FBD5D9B6FEA6} - C:\WINDOWS\multimpp.dll
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll (file missing)
O4 - HKLM\..\Run: [bbuzsxqmukhh] C:\WINDOWS\system32\fdppqsbm.exe
O4 - HKLM\..\Run: [conscorr] C:\WINDOWS\conscorr.exe
O4 - HKLM\..\Run: [satmat] C:\WINDOWS\satmat.exe
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=e6fad8bca5ec01a0f9cab88f535b5cd172677af13876d80575558a5afedcb2919a3d40919a1a61851a4834019fcdf82a9ac44068923192c2d035e328f6c13f:d850ebd7cca3b498dc248e2dbf7775d2

Restart your computer,

Restart HJT and post back a fresh log please

0 Replies

need more help
I'm having some serious problems now. I get reboots, random programs installing and everything I remove with hijackthis in sfaemode is back after the next reboot. Here's my og, but I removed some of these things already, they just keep coming back. Hopefully, I'm missing a bunch.

Logfile of HijackThis v1.97.7
Scan saved at 8:38:44 PM, on 12/7/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~2\VPTray.exe
C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\vciowr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Danware Data\NetOp Remote Control\GUEST\Ngstw32.exe
C:\Program Files\Blitzz\BWP712\OdHost.exe
C:\Program Files\Blitzz\BWP712\DrFVnet.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\rodge.RODGE\Desktop\hjt\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lm.espn.go.com/ffllm/leagueoffice?leagueId=105992
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://r.office.microsoft.com/r/rlidOfficeUpdate?clid=1033
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe
O4 - Startup: Shortcut to Ngstw32.exe.lnk = C:\Program Files\Danware Data\NetOp Remote Control\GUEST\Ngstw32.exe
O4 - Global Startup: IEEE802.11g WLAN Card.lnk = C:\Program Files\Blitzz\BWP712\Startup.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Research (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O10 - Unknown file in Winsock LSP: c:\windows\system32\calsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\calsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\calsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\calsp.dll
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://static.topconverting.com/activex/loader2.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = rodge.com
O17 - HKLM\Software\..\Telephony: DomainName = rodge.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{08087A66-53EB-475F-B0D1-24D976CD2F93}: Domain = rodge.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{08087A66-53EB-475F-B0D1-24D976CD2F93}: NameServer = 10.1.1.67
O17 - HKLM\System\CCS\Services\Tcpip\..\{738845B4-A235-49A9-82FA-AE6B8BA5B369}: NameServer = 10.0.8.3,10.0.8.45
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = rodge.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = rodge.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{08087A66-53EB-475F-B0D1-24D976CD2F93}: Domain = rodge.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{08087A66-53EB-475F-B0D1-24D976CD2F93}: NameServer = 10.1.1.67
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = rodge.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = rodge.com
O17 - HKLM\System\CS2\Services\Tcpip\..\{08087A66-53EB-475F-B0D1-24D976CD2F93}: Domain = rodge.com
O17 - HKLM\System\CS2\Services\Tcpip\..\{08087A66-53EB-475F-B0D1-24D976CD2F93}: NameServer = 10.1.1.67
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = rodge.com

0 Replies

offeroptimizer hjt log

Related Topics

Quick Links

My Account

able2know