Please, help me get rid of xadsq.offeroptimizer pop-ups !

Discussion in 'adware, spyware & hijack cleaning' started by irenikatche, Jun 15, 2004.

Thread Status:
Not open for further replies.
  1. irenikatche

    irenikatche Registered Member

    Joined:
    Jun 15, 2004
    Posts:
    1
    After executing HijackThis, here is the content of my log file. Please, could you tell me what to fix ?
    Many thanks
    Irenikatche

    Logfile of HijackThis v1.97.7
    Scan saved at 14:59:46, on 15/06/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Network Associates\VirusScan\VsStat.exe
    C:\Program Files\Network Associates\VirusScan\Vshwin32.exe
    C:\Program Files\Network Associates\VirusScan\Avconsol.exe
    C:\Program Files\Network Associates\VirusScan\Webscanx.exe
    C:\Program Files\Fichiers communs\Network Associates\McShield\Mcshield.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\00THotkey.exe
    C:\WINDOWS\System32\igfxtray.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\WINDOWS\LTSMMSG.exe
    C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe
    C:\WINDOWS\System32\TPWRTRAY.EXE
    C:\WINDOWS\System32\TFNF5.exe
    C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
    C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Pinnacle\Pinnacle PCTV Deluxe\Remote\Remoterm.exe
    C:\WINDOWS\NsUpdate.exe
    C:\Program Files\Common files\updater\wupdater.exe
    D:\Music\Winamp3\winampa.exe
    C:\Program Files\ISTsvc\istsvc.exe
    C:\Program Files\Messenger\MSMSGS.EXE
    C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    D:\Program\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files\Pinnacle\Shared Files\Programs\PCLEScheduler.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\Free Downloads Accelerator\fdaagent.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\notpad.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    D:\Program\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.24:8080
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.blazefind.com/
    F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
    O1 - Hosts file is located at: C:\WINDOWS\nsdb\hosts
    O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - C:\WINDOWS\bi.dll
    O2 - BHO: (no name) - {00000EF1-0786-4633-87C6-1AA7A44296DA} - C:\WINDOWS\System32\ddm3dia.dll
    O2 - BHO: (no name) - {000E7270-CC7A-0786-8E7A-DA09B51938A6} - C:\WINDOWS\System32\n3tpa1.dll
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {25C03EA7-E22C-4508-8E3B-2A4BDA508063} - C:\WINDOWS\uxplP.dll
    O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL (file missing)
    O2 - BHO: (no name) - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - c:\progra~1\iesearchbar\iesearchbar.dll
    O2 - BHO: (no name) - {98DE779A-2364-4293-AB71-2B97C61C4640} - C:\PROGRA~1\FREEDO~1\fdahlp99.dll
    O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINDOWS\System32\bridge.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: IE Search Bar - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - c:\progra~1\iesearchbar\iesearchbar.dll
    O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
    O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
    O4 - HKLM\..\Run: [PmProxy] C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe
    O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
    O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
    O4 - HKLM\..\Run: [NDSTray.exe] "C:\Program Files\Toshiba\ConfigFree\NDSTray.exe"
    O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [PCTVRemote] C:\Program Files\Pinnacle\Pinnacle PCTV Deluxe\Remote\Remoterm.exe
    O4 - HKLM\..\Run: [NsUpdate] C:\WINDOWS\NsUpdate.exe UPDATE
    O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe
    O4 - HKLM\..\Run: [Belt] C:\WINDOWS\Belt.exe
    O4 - HKLM\..\Run: [WinampAgent] "D:\Music\Winamp3\winampa.exe"
    O4 - HKLM\..\Run: [ixdx1os] C:\WINDOWS\sFT27.exe
    O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
    O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe
    O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load
    O4 - HKLM\..\Run: [systray] C:\WINDOWS\System32\a.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
    O4 - HKCU\..\Run: [Yahoo! Pager] D:\Program\Yahoo!\Messenger\ypager.exe -quiet
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Pinnacle PCTV Scheduler.lnk = ?
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D542CD17-A50C-4021-A830-8D32EDC419D1}: Domain = ICRISATSC
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D542CD17-A50C-4021-A830-8D32EDC419D1}: NameServer = 192.168.0.246
     
    irenikatche, Jun 15, 2004
    #1
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,491
    Location:
    Netherlands
    hi irenikatche,

    Check the items listed below in HijackThis, close all windows except HijackThis and click Fix checked:

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.blazefind.com/

    O1 - Hosts file is located at: C:\WINDOWS\nsdb\hosts
    O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - C:\WINDOWS\bi.dll
    O2 - BHO: (no name) - {00000EF1-0786-4633-87C6-1AA7A44296DA} - C:\WINDOWS\System32\ddm3dia.dll
    O2 - BHO: (no name) - {000E7270-CC7A-0786-8E7A-DA09B51938A6} - C:\WINDOWS\System32\n3tpa1.dll

    O2 - BHO: (no name) - {25C03EA7-E22C-4508-8E3B-2A4BDA508063} - C:\WINDOWS\uxplP.dll
    O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL (file missing)
    O2 - BHO: (no name) - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - c:\progra~1\iesearchbar\iesearchbar.dll

    O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINDOWS\System32\bridge.dll

    O3 - Toolbar: IE Search Bar - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - c:\progra~1\iesearchbar\iesearchbar.dll

    O4 - HKLM\..\Run: [NsUpdate] C:\WINDOWS\NsUpdate.exe UPDATE
    O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe
    O4 - HKLM\..\Run: [Belt] C:\WINDOWS\Belt.exe

    O4 - HKLM\..\Run: [ixdx1os] C:\WINDOWS\sFT27.exe
    O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
    O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe
    O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load
    O4 - HKLM\..\Run: [systray] C:\WINDOWS\System32\a.exe

    Then reboot into safe mode and delete:
    C:\WINDOWS\nsdb <= entire folder
    C:\program files\iesearchbar <= entire folder
    C:\Program Files\Common files\updater <= entire folder
    C:\WINDOWS\Belt.exe
    C:\Program Files\ISTsvc <= entire folder
    C:\Program Files\Power Scan <= entire folder
    C:\WINDOWS\System32\bridge.dll

    Then download update and run AdAware as described here:
    https://www.wilderssecurity.com/showthread.php?t=15913

    Regards,

    Pieter
    C:\WINDOWS\System32\a.exe
     
    Pieter_Arntz, Jun 15, 2004
    #2
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...