offeroptimizer removal

Discussion in 'adware, spyware & hijack cleaning' started by paulsue, Apr 2, 2004.

Thread Status:
Not open for further replies.
  1. paulsue

    paulsue Guest

    I have a problem with xlime.offeroptimizer flooding me with popups and crashing my system. I have run Ad-aware and am now posting my log from HijackThis. I am hoping that you will be able to help. Thank you.

    LOG:


    Logfile of HijackThis v1.97.7
    Scan saved at 4:40:18 PM, on 4/2/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Norton Internet Security\NISUM.EXE
    C:\Program Files\Norton Internet Security\ccPxySvc.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\mHotkey.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\BigFix\BigFix.exe
    C:\WINDOWS\system32\ntvdm.exe
    C:\OPLIMIT\ocrawr32.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Paul Hertzog\Local Settings\Temp\Temporary Directory 1 for hijackthis1977.zip\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
    N2 - Netscape 6: user_pref("browser.startup.homepage", "http://www.google.com"); (C:\Documents and Settings\Paul Hertzog\Application Data\Mozilla\Profiles\default\yowfe5pz.slt\prefs.js)
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: Citi Virtual Account Numbers Browser Helper Object - {E8C0F153-B768-4e68-B14F-40F0E8531675} - C:\WINDOWS\System32\BhoCiti.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
    O4 - Startup: OCRAWARE.lnk = C:\OPLIMIT\OCRAWARE.EXE
    O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: ICQ (HKLM)
    O9 - Extra 'Tools' menuitem: ICQ (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: MoneySide (HKLM)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
     
  2. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    5,084
    Location:
    North Carolina, USA
    Hi paulsue,

    Your log looks clean. Are you still having problems? Did you reboot after running Ad-Aware?

    Regards,
    Kent
     
  3. paulsue

    paulsue Guest

    Thank you for your response. Yes, I rebooted after running Ad-aware and the popups seem to have gone away. So far, no problem. Thanks for the help. I will let you know if the gremlins return. I am very appreciative that you are out there to help us.

    Thanks, paulsue
     
  4. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    5,084
    Location:
    North Carolina, USA
    Hi paulsue,

    It is our pleasure!

    Regards,
    Kent
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.