|
|
| Release List | Reviews | Shop | Join | News | DVD Giveaways | Video Games | Advertise |
| DVD Reviews | Theatrical Reviews | Adult DVD Reviews | Video Game Reviews | Price Search | Buy Stuff Here |
|
|
|
|||||||
| Tech Talk Discuss PC Hardware, Software, Internet and Other Technology |
 |
|
|
Thread Tools |
08-17-04, 06:07 PM
|
#1 |
|
Member
Join Date: Oct 2002
Location: New York
Posts: 225
|
how to get rid of internet optimizer fully?
i ran adaware se, spybot & bazooka
bazooka & adaware se both detected it. i tried to manually remove using bazookas instructions. but it came back. so i had adaware se remove it (even in safe mode). but it came back. this is the 4th time removing it from the computer. is there anyway to find out how it is getting on the computer? thanks ethan |
|
|
08-17-04, 06:10 PM
|
#2 |
|
Member
Join Date: Oct 2002
Location: New York
Posts: 225
|
this is my hijack this log
Logfile of HijackThis v1.97.7 Scan saved at 7:09:52 PM, on 8/17/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe C:\Program Files\NavNT\defwatch.exe C:\Program Files\NavNT\rtvscan.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\system32\fxssvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\ltmsg.exe C:\Program Files\Logitech\iTouch\iTouch.exe C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE C:\Program Files\NavNT\vptray.exe C:\documents and settings\george\local settings\temp\kzJcE8z0.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\documents and settings\nicky's\local settings\temp\FdPcW.exe C:\WINDOWS\System32\MsgSys.EXE C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\SpywareGuard\sgmain.exe C:\Program Files\America Online 9.0\waol.exe C:\Program Files\SpywareGuard\sgbhp.exe C:\Program Files\America Online 9.0\shellmon.exe C:\Program Files\America Online 9.0\aolwbspd.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\PROGRA~1\Valve\Steam\Steam.exe C:\Documents and Settings\George\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\System32\SearchBar.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://espn.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Nick, Huy & Lotus are losers!!! R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.dellnet.com/ R3 - Default URLSearchHook is missing O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar_en_2.0.108-big.dll O2 - BHO: (no name) - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - (no file) O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\Nicky's\Local Settings\Temp\Due5.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar_en_2.0.108-big.dll O3 - Toolbar: SuperBar - {E422765E-1C15-40AF-8D18-243F2D60DCB9} - C:\Program Files\_SUPERBAR\_SUPERBAR.dll (file missing) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9 O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [kzJcE8z0] C:\documents and settings\george\local settings\temp\kzJcE8z0.exe O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe O4 - HKLM\..\Run: [FdPcW] C:\documents and settings\nicky's\local settings\temp\FdPcW.exe O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe" O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\Steam.exe -silent O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O9 - Extra button: Short Message (HKLM) O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM) O9 - Extra button: AIM (HKLM) O9 - Extra button: PartyPoker.com (HKLM) O9 - Extra 'Tools' menuitem: PartyPoker.com (HKLM) O9 - Extra button: Real.com (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM) O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{8E06C947-EFA8-44B5-9F2C-C484C445E7B1}: NameServer = 205.188.146.146 |
|
|
|
08-17-04, 06:26 PM
|
#3 |
|
DVD Talk Hero
Join Date: Jan 2002
Location: Overpricedville, OR
Posts: 36,733
|
http://www.kephyr.com/spywarescanner...er/index.phtml
I would strongly suggest you get something like Pest Patrol to watchout for stuff like this. X:\Program Files\Optimize If you have a folder in your Program Files like this, remove it.
__________________
Blu-ray Titles: ~380 | HD DVD Titles: ~323 "I don't sell airplane parts. I've never sold airplane parts." |
|
|
|
08-17-04, 06:29 PM
|
#4 |
|
Member
Join Date: Oct 2002
Location: New York
Posts: 225
|
i did, i removed it 4 times already, it just keeps coming back
the freeware version of pest patrol only detects spyware, doesnt remove it...anything else i can do? |
|
|
|
08-17-04, 06:30 PM
|
#5 | |
|
DVD Talk Gold Edition
Join Date: Jun 2004
Location: Houston, Tx.
Posts: 2,699
|
Quote:
1st Bring up the task manager via ctrl alt del Look for the following entries (the 04 keys listed by HijackThis): FdPcW optimize kzJcE8z0 If any or all exit, highligh and select end process. Click YES to the warning messege 2nd Run HiJackThis again and select all of these items and let Hijackthis Fix Them once fix, Re-Boot, and re-run HiJackThis and repost a current log C:\documents and settings\george\local settings\temp\kzJcE8z0.exe C:\documents and settings\nicky's\local settings\temp\FdPcW.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\System32\SearchBar.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - Default URLSearchHook is missing O2 - BHO: (no name) - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - (no file) O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\Nicky's\Local Settings\Temp\Due5.dll O3 - Toolbar: SuperBar - {E422765E-1C15-40AF-8D18-243F2D60DCB9} - C:\Program Files\_SUPERBAR\_SUPERBAR.dll (file missing) O4 - HKLM\..\Run: [kzJcE8z0] C:\documents and settings\george\local settings\temp\kzJcE8z0.exe O4 - HKLM\..\Run: [FdPcW] C:\documents and settings\nicky's\local settings\temp\FdPcW.exe O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
__________________
Have Spyware/Popups? Read me first! |
|
|
|
|
08-17-04, 06:57 PM
|
#6 |
|
Member
Join Date: Oct 2002
Location: New York
Posts: 225
|
heres the updated log...looks like its finally gone...thanks shelby
Logfile of HijackThis v1.97.7 Scan saved at 7:51:03 PM, on 8/17/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe C:\Program Files\NavNT\defwatch.exe C:\Program Files\NavNT\rtvscan.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\system32\fxssvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\ltmsg.exe C:\Program Files\Logitech\iTouch\iTouch.exe C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE C:\Program Files\NavNT\vptray.exe C:\WINDOWS\System32\MsgSys.EXE C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\SpywareGuard\sgmain.exe C:\Program Files\SpywareGuard\sgbhp.exe C:\WINDOWS\System32\wuauclt.exe C:\Documents and Settings\George\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://espn.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Nick, Huy & Lotus are losers!!! R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.dellnet.com/ O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar_en_2.0.108-big.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar_en_2.0.108-big.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9 O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\Steam.exe -silent O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O9 - Extra button: Short Message (HKLM) O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM) O9 - Extra button: AIM (HKLM) O9 - Extra button: PartyPoker.com (HKLM) O9 - Extra 'Tools' menuitem: PartyPoker.com (HKLM) O9 - Extra button: Real.com (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM) O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab |
|
|
|
08-17-04, 07:08 PM
|
#7 |
|
DVD Talk Gold Edition
Join Date: Jun 2004
Location: Houston, Tx.
Posts: 2,699
|
Looks Clean now!
Run a scan with Adaware and see if it picks anything up this time You are running an older version of HiJackThis. You can get the current version from here: http://www.majorgeeks.com/download3155.html Keep all of your programs updated! SpywareBlaster had an defintion update 1 or 2 days ag
__________________
Have Spyware/Popups? Read me first! Last edited by 68ShelbyGT500KR; 08-17-04 at 07:10 PM. |
|
|
|
08-17-04, 07:23 PM
|
#8 |
|
Member
Join Date: Oct 2002
Location: New York
Posts: 225
|
sweet, again thanks for the help
|
|
|
|
08-17-04, 07:26 PM
|
#9 | |
|
DVD Talk Gold Edition
Join Date: Jun 2004
Location: Houston, Tx.
Posts: 2,699
|
Quote:
__________________
Have Spyware/Popups? Read me first! |
|
|
|
|
| Thread Tools | |
|
|
