offeroptimizer.com REMOVAL HELP Please

Discussion in 'adware, spyware & hijack cleaning' started by King99, May 21, 2004.

Thread Status:
Not open for further replies.
  1. King99

    King99 Registered Member

    Joined:
    May 21, 2004
    Posts:
    1
    I have run both Ad Aware 6.0 (Build 162) & Spybot 1.3 and cannot get rid of offeroptimizer.com junk. Periodically, when I start Internet Explorer, I get popups from offeroptimizer.com. My HiJackThis scan is as follows:

    Logfile of HijackThis v1.97.7
    Scan saved at 11:35:26 PM, on 21/05/2004
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\pctspk.exe
    C:\Program Files\pdfMachine\mapisnd.exe
    C:\PROGRA~1\DAP\DAP.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
    C:\WINDOWS\DvzCommon\DvzMsgr.exe
    C:\Program Files\Palm\HOTSYNC.EXE
    C:\Program Files\McAfee VirusScan\Avsynmgr.exe
    C:\WINDOWS\system32\crypserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\McAfee VirusScan\VsStat.exe
    C:\Program Files\McAfee VirusScan\Vshwin32.exe
    C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
    C:\Program Files\McAfee VirusScan\Avconsol.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\Ashif\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hispeed.rogers.com/custom.jsp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.kdscomputers.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.hispeed.rogers.com/custom.jsp
    O1 - Hosts: 66.159.20.52 www1.ndhosting.com
    O1 - Hosts: 66.159.20.52 www3.ndhosting.com
    O1 - Hosts: 66.159.20.52 www2.ndhosting.com
    O1 - Hosts: 66.159.20.52 www.ndhosting.com
    O1 - Hosts: 66.159.20.52 www.kinghost.com
    O1 - Hosts: 66.159.20.52 kinghost.com
    O1 - Hosts: 66.159.20.52 www1.kinghost.com
    O1 - Hosts: 66.159.20.52 www2.kinghost.com
    O1 - Hosts: 66.159.20.52 www3.kinghost.com
    O1 - Hosts: 66.159.20.52 www4.kinghost.com
    O1 - Hosts: 66.159.20.52 www5.kinghost.com
    O1 - Hosts: 66.159.20.52 www6.kinghost.com
    O1 - Hosts: 66.159.20.52 www7.kinghost.com
    O1 - Hosts: 66.159.20.52 www8.kinghost.com
    O1 - Hosts: 66.159.20.52 www9.kinghost.com
    O1 - Hosts: 66.159.20.52 www10.kinghost.com
    O1 - Hosts: 66.159.20.52 www.smutserver.com
    O1 - Hosts: 66.159.20.52 smutserver.com
    O1 - Hosts: 66.159.20.52 www1.smutserver.com
    O1 - Hosts: 66.159.20.52 www2.smutserver.com
    O1 - Hosts: 66.159.20.52 www16.smutserver.com
    O1 - Hosts: 66.159.20.52 www3.smutserver.com
    O1 - Hosts: 66.159.20.52 www4.smutserver.com
    O1 - Hosts: 66.159.20.52 www5.smutserver.com
    O1 - Hosts: 66.159.20.52 www6.smutserver.com
    O1 - Hosts: 66.159.20.52 www7.smutserver.com
    O1 - Hosts: 66.159.20.52 www8.smutserver.com
    O1 - Hosts: 66.159.20.52 www9.smutserver.com
    O1 - Hosts: 66.159.20.52 www10.smutserver.com
    O1 - Hosts: 66.159.20.52 www11.smutserver.com
    O1 - Hosts: 66.159.20.52 www12.smutserver.com
    O1 - Hosts: 66.15
    O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\twaintec.dll
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot\SDHelper.dll
    O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee VirusScan\VSCShellExtension.dll
    O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
    O4 - HKLM\..\Run: [pdfMachine dispatcher] c:\Program Files\pdfMachine\mapisnd.exe -printer="pdfMachine" -port="PDFPORT1:"
    O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
    O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
    O4 - Global Startup: DataViz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.kdscomputers.com
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/127c4bb701dfde95c019/netzip/RdxIE601.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38124.7117824074
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
     
  2. Unzy

    Unzy Registered Member

    Joined:
    Nov 2, 2003
    Posts:
    1,098
    Location:
    Belgium
    Hi King99,

    have only Hijackthis running and fix :

    O1 - Hosts: 66.159.20.52 www1.ndhosting.com
    O1 - Hosts: 66.159.20.52 www3.ndhosting.com
    O1 - Hosts: 66.159.20.52 www2.ndhosting.com
    O1 - Hosts: 66.159.20.52 www.ndhosting.com
    O1 - Hosts: 66.159.20.52 www.kinghost.com
    O1 - Hosts: 66.159.20.52 kinghost.com
    O1 - Hosts: 66.159.20.52 www1.kinghost.com
    O1 - Hosts: 66.159.20.52 www2.kinghost.com
    O1 - Hosts: 66.159.20.52 www3.kinghost.com
    O1 - Hosts: 66.159.20.52 www4.kinghost.com
    O1 - Hosts: 66.159.20.52 www5.kinghost.com
    O1 - Hosts: 66.159.20.52 www6.kinghost.com
    O1 - Hosts: 66.159.20.52 www7.kinghost.com
    O1 - Hosts: 66.159.20.52 www8.kinghost.com
    O1 - Hosts: 66.159.20.52 www9.kinghost.com
    O1 - Hosts: 66.159.20.52 www10.kinghost.com
    O1 - Hosts: 66.159.20.52 www.smutserver.com
    O1 - Hosts: 66.159.20.52 smutserver.com
    O1 - Hosts: 66.159.20.52 www1.smutserver.com
    O1 - Hosts: 66.159.20.52 www2.smutserver.com
    O1 - Hosts: 66.159.20.52 www16.smutserver.com
    O1 - Hosts: 66.159.20.52 www3.smutserver.com
    O1 - Hosts: 66.159.20.52 www4.smutserver.com
    O1 - Hosts: 66.159.20.52 www5.smutserver.com
    O1 - Hosts: 66.159.20.52 www6.smutserver.com
    O1 - Hosts: 66.159.20.52 www7.smutserver.com
    O1 - Hosts: 66.159.20.52 www8.smutserver.com
    O1 - Hosts: 66.159.20.52 www9.smutserver.com
    O1 - Hosts: 66.159.20.52 www10.smutserver.com
    O1 - Hosts: 66.159.20.52 www11.smutserver.com
    O1 - Hosts: 66.159.20.52 www12.smutserver.com
    O1 - Hosts: 66.15

    O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\twaintec.dll

    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/127c4bb701dfde...ip/RdxIE601.cab

    Restart PC after doing so

    Update Xp and IE at windowsupdate.com

    Hope this helps

    Cheers,
     
Thread Status:
Not open for further replies.