Offeroptimizer problem

Discussion in 'adware, spyware & hijack cleaning' started by amolmd, May 10, 2004.

Thread Status:
Not open for further replies.
  1. amolmd

    amolmd Registered Member

    Joined:
    May 10, 2004
    Posts:
    2
    Offeroptimizer problem (HijackThis log attached)

    Hi,
    I'm using adaware,adsgone,spybot. But offeroptimizer has really troubled me. Also there's another site called ad.trafficmp which slips thro' adsgone.
    from the topics I learnt, I installed HijackThis & have scanned with it.
    i am posting my log for all your expert suggestions. Please help me out.
    =========================
    Logfile of HijackThis v1.97.7
    Scan saved at 2:11:05 PM, on 5/10/04
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    D:\PROGRAM FILES\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\RTVSCN95.EXE
    D:\PROGRAM FILES\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\DEFWATCH.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\COMSMD.EXE
    C:\PROGRAM FILES\HP CD-WRITER\DIRECTCD\DIRECTCD.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\WINDOWS\LOADQM.EXE
    D:\PROGRAM FILES\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\VPTRAY.EXE
    D:\PROGRAM FILES\DESKTOP ARCHITECT\DATRAY.EXE
    D:\PROGRAM FILES\ADSGONE\ADSGONE.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    O2 - BHO: (no name) - {100F5040-0FE2-11d3-8A81-00C04F529A5F} - (no file)
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\PROGRAM FILES\ADOBE\ACROBAT 5.0\ACROBAT\ACTIVEX\ACROIEHELPER.OCX
    O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - (no file)
    O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\TWAINTEC.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [COMSMDEXE] comsmd.exe -on
    O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\HPCD-W~1\DIRECTCD\DIRECTCD.EXE
    O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
    O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [vptray] D:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
    O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
    O4 - HKLM\..\RunServices: [rtvscn95] D:\PROGRA~1\SYMANT~1\SYMANT~1\rtvscn95.exe
    O4 - HKLM\..\RunServices: [defwatch] D:\PROGRA~1\SYMANT~1\SYMANT~1\defwatch.exe
    O4 - HKCU\..\Run: [Desktop Architect] "D:\PROGRAM FILES\DESKTOP ARCHITECT\DATRAY.EXE" -S
    O4 - Startup: AdsGone 2004.lnk = D:\Program Files\AdsGone\adsgone.exe
    O4 - Startup: PowerReg Scheduler.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O9 - Extra button: Short Message (HKLM)
    O9 - Extra button: PowerWord (HKLM)
    O9 - Extra button: Joyo (HKLM)
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O13 - WWW. Prefix: http://
    O16 - DPF: Dialpad US Java Applet - http://www.dialpad.com/applet/src/vscp.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = den.uic.edu
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 128.248.97.97,128.248.97.224

    ========================================
     
    Last edited: May 10, 2004
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    Re: Offeroptimizer problem (HijackThis log attached)

    Hi amolmd,

    Before you start, please move hijackthis to a separate folder. The program will make backups in the folder in the folder it's in.
    These will now end up on your desktop.

    Check the items listed below in HijackThis, close all windows except HijackThis and click Fix checked:

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    O2 - BHO: (no name) - {100F5040-0FE2-11d3-8A81-00C04F529A5F} - (no file)

    O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - (no file)
    O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\TWAINTEC.DLL

    O4 - Startup: PowerReg Scheduler.exe

    Then reboot.

    Regards,

    Pieter
     
  3. amolmd

    amolmd Registered Member

    Joined:
    May 10, 2004
    Posts:
    2
    Re: Offeroptimizer problem (HijackThis log attached)

    Hey Pieter,

    Thanks a lot for your quick help. Seems that solution has worked perfectly.

    Regards,

    Amolmd
     
Thread Status:
Not open for further replies.