xlime.offeroptimizer.com

I really don't know what else to do... I've been at it for 4 hours now. I got home from a post-prom party late this morning, and found the computer completely ****ed. I wasn't on it at all yesterday, only my little sister was. I got home, sat down, and went to open up Internet Explorer, and as I did, a whole bunch of other IE windows popped up, some of them with ads, most of them automatically popping up, closing and doing it all over. The only way I could stop it was by shutting down IE. I tried a couple times to use IE, and found that sometimes it would only hit me with one pop up when I loaded a page, and so I managed to eventually make it to a forum in my favorite places and make a post asking for help.

I already have Ad-Aware, and I've ran that. A friend of mine downloaded Spybot Search and Destroy for me and sent it to me via AIM, so I've used that now too. Then I managed to (took me 6 tries) get to TrendMicro's Housecall Virus scanner. It told me I had a couple small trojans, which I took care of all except one. I don't know if it has any bearing on this bigger difficulty of mine, but that trojan is IEFEATS.A, and the file is msiesh.dll, which I cannot delete, because it says its in use. So, I've used Ad-Aware, Spybot, and TrendMicro. But this keeps happening. After I use Task Manager to close IE, to get rid of all the pop ups, one of the processes called SVCHOST starts taking up 100% of my system resources, so after I have to close the thing down, I can't do anything at any sort of practical speed. I tried using System Restore, went back in time about a week, but that hasnt helped. I've tried adding the offeroptimizer stuff to my restricted sites, but that hasn't helped, now the things still pop up in the task bar, I just dont the pop up ad... but because those are constantly coming up in the task bar, I can't do anything in the screen that I want to be active in. I really don't know what else to do... Any sort of help would be greatly appreciated. Thank you.



Logfile of HijackThis v1.97.7
Scan saved at 11:27:00 PM, on 5/9/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\LXSUPMON.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
C:\Program Files\Aim95\aim.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Panicware\Pop-Up Stopper\dpps2.exe
C:\Documents and Settings\William M. Townsend\My Documents\filelib\TheGr8Thinker\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/ymsgr/defaults/sb/*http://www.yahoo.com/ext/search/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.charter.msn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://findloss.com/home.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://findloss.com/srchasst.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://findloss.com/srchasst.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://findloss.com/srchasst.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://findloss.com/home.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = http://findloss.com/srchasst.html
O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\twaintec.dll
O2 - BHO: (no name) - {FD9BC004-8331-4457-B830-4759FF704C22} - C:\Documents and Settings\Colleen Townsend\Application Data\iefeatsl\msiesh.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Global Startup: Greetings Workshop Reminders.lnk = C:\Program Files\Greetings Workshop\GWREMIND.EXE
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Photo Express Calendar Checker SE.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
O9 - Extra button: AIM (HKLM)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_41.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/borris/us/win/QuickTimeInstaller.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/208c58cc741044183406/netzip/RdxIE601.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/binGame/ZAxRcMgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v5.cab
O19 - User stylesheet: c:\windows\system.css

 

Hi Hasekbowstome,

have only Hijackthis running and fix :

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://findloss.com/home.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://findloss.com/srchasst.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://findloss.com/srchasst.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://findloss.com/srchasst.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://findloss.com/home.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = http://findloss.com/srchasst.html

O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\twaintec.dll
O2 - BHO: (no name) - {FD9BC004-8331-4457-B830-4759FF704C22} - C:\Documents and Settings\Colleen Townsend\Application Data\iefeatsl\msiesh.dll

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocach...etup1.0.0.8.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/208c58c...ip/RdxIE601.cab

O19 - User stylesheet: c:\windows\system.css

Make sure hidden files/folders are set to show : Here's How

Restart PC after doing so and remove :

C:\Documents and Settings\Colleen Townsend\Application Data\iefeats\ <- this folder
c:\windows\system.css <- this file

Then download this program :

CWShredder

Open -> 'fix' -> click 'next'

Hope this helps

Cheers,