|
| ||
| Another hotoffers hijacking problem.. My start up page is being hijacked to hotoffer.com, and of course, everytime I want to go to yahoo or google or any other major search enjine, I get redirected to hotoffers.com. There is this I guard antispyware that keep popping up once in a while which I never installed.. Here is my logfile for hijackthias..Any help will be greatly appreciated. As you can se, i am using version 1.98.2, and I hope it would not make a lot of difference.. Logfile of HijackThis v1.98.2 Scan saved at 4:03:19 PM, on 3/12/2005 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\scheduler.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe C:\WINNT\Explorer.EXE C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe C:\WINNT\system32\igfxtray.exe C:\WINNT\system32\hkcmd.exe C:\WINNT\system32\carpserv.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\Media Pass\MediaPassK.exe C:\Program Files\Media Pass\MediaPass.exe C:\Meraj\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotoffers.info/195/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=proxy.cyber.net.pk:8080;http=proxy.cyber.net.pk:8080 R3 - URLSearchHook: transURL Class - {C7EDAB2E-D7F9-11D8-BA48-C79B0C409D70} - C:\WINNT\System32\SEARCH~1.DLL O1 - Hosts: 69.50.173.4 lycos.com O1 - Hosts: 69.50.173.4 amazon.com O1 - Hosts: 69.50.173.4 www.amazon.com O1 - Hosts: 69.50.173.4 aol.com O1 - Hosts: 69.50.173.4 www.aol.com O1 - Hosts: 69.50.173.4 earthlink.net O1 - Hosts: 69.50.173.4 www.earthlink.net O1 - Hosts: 69.50.173.4 ebay.com O1 - Hosts: 69.50.173.4 www.ebay.com O1 - Hosts: 69.50.173.4 go.com O1 - Hosts: 69.50.173.4 www.go.com O1 - Hosts: 69.50.173.4 icq.com O1 - Hosts: 69.50.173.4 www.icq.com O1 - Hosts: 69.50.173.4 lycos.com O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [CARPService] carpserv.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb05.exe O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe O4 - HKLM\..\Run: [Service Scheduler] scheduler.exe O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe O4 - HKLM\..\Run: [Win Drivers SSL] hpws.exe O4 - HKLM\..\Run: [Media Pass] C:\Program Files\Media Pass\MediaPassK.exe O4 - HKLM\..\Run: [ulcnulqr] C:\WINNT\ulcnulqr.exe O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe O4 - HKLM\..\RunServices: [Service Scheduler] scheduler.exe O4 - HKLM\..\RunServices: [Win Drivers SSL] hpws.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [AIM] C:\Program Files\Netscape\Communicator\Program\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [Win Drivers SSL] hpws.exe O4 - HKCU\..\RunServices: [Win Drivers SSL] hpws.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe O9 - Extra 'Tools' menuitem: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\Netscape\Communicator\Program\AIM\aim.exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll O9 - Extra button: Microsoft AntiSpyware helper - {166AB7E0-5E62-4F7A-B199-07124C06AA51} - (no file) (HKCU) O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {166AB7E0-5E62-4F7A-B199-07124C06AA51} - (no file) (HKCU) O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/game...s/y/dot8_x.cab O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/game...s/y/pote_x.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab |
| ||
| Re: Another hotoffers hijacking problem.. Okay, I downloaded the new version of hijackthis, and here is the new log file.. Logfile of HijackThis v1.99.1 Scan saved at 4:53:00 PM, on 3/12/2005 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\scheduler.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe C:\WINNT\Explorer.EXE C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe C:\WINNT\system32\igfxtray.exe C:\WINNT\system32\hkcmd.exe C:\WINNT\system32\carpserv.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\Media Pass\MediaPassK.exe C:\Program Files\Media Pass\MediaPass.exe C:\Meraj\hijackthis199\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotoffers.info/195/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=proxy.cyber.net.pk:8080;http=proxy.cyber.net.pk:8080 R3 - URLSearchHook: transURL Class - {C7EDAB2E-D7F9-11D8-BA48-C79B0C409D70} - C:\WINNT\System32\SEARCH~1.DLL O1 - Hosts: 69.50.173.4 lycos.com O1 - Hosts: 69.50.173.4 amazon.com O1 - Hosts: 69.50.173.4 www.amazon.com O1 - Hosts: 69.50.173.4 aol.com O1 - Hosts: 69.50.173.4 www.aol.com O1 - Hosts: 69.50.173.4 earthlink.net O1 - Hosts: 69.50.173.4 www.earthlink.net O1 - Hosts: 69.50.173.4 ebay.com O1 - Hosts: 69.50.173.4 www.ebay.com O1 - Hosts: 69.50.173.4 go.com O1 - Hosts: 69.50.173.4 www.go.com O1 - Hosts: 69.50.173.4 icq.com O1 - Hosts: 69.50.173.4 www.icq.com O1 - Hosts: 69.50.173.4 lycos.com O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [CARPService] carpserv.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb05.exe O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe O4 - HKLM\..\Run: [Service Scheduler] scheduler.exe O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe O4 - HKLM\..\Run: [Win Drivers SSL] hpws.exe O4 - HKLM\..\Run: [Media Pass] C:\Program Files\Media Pass\MediaPassK.exe O4 - HKLM\..\Run: [ulcnulqr] C:\WINNT\ulcnulqr.exe O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe O4 - HKLM\..\RunServices: [Service Scheduler] scheduler.exe O4 - HKLM\..\RunServices: [Win Drivers SSL] hpws.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [AIM] C:\Program Files\Netscape\Communicator\Program\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [Win Drivers SSL] hpws.exe O4 - HKCU\..\RunServices: [Win Drivers SSL] hpws.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe O9 - Extra 'Tools' menuitem: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\Netscape\Communicator\Program\AIM\aim.exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll O9 - Extra button: Microsoft AntiSpyware helper - {166AB7E0-5E62-4F7A-B199-07124C06AA51} - (no file) (HKCU) O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {166AB7E0-5E62-4F7A-B199-07124C06AA51} - (no file) (HKCU) O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/game...s/y/dot8_x.cab O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/game...s/y/pote_x.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll O23 - Service: AVSync Manager (AvSynMgr) - Network Associates, Inc. - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe O23 - Service: Service Scheduler - Unknown owner - C:\WINNT\system32\scheduler.exe" -service (file missing) O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe |
| ||
| Re: Another hotoffers hijacking problem.. Please delete your temporary files by deleting all files and folders that are in those folders (do not delete the temp folder itself) like for example C:\WINDOWS\Temp\ C:\Temp\ C:\Documents and Settings\username\Local Settings\Temp\ Also delete your Temporary Internet Files, be sure to also select delete all offline content. Do a virus scan Please do an online scan, 2 would be better, Micro World http://www.mwti.net/antivirus/free_utilities.asp Trend Micro http://housecall.trendmicro.com/hous...start_corp.asp Make sure that you choose "fix" or "clean". . ,,,,,,,,,,,,,,,,,,,,,,,,,, Download then unzip and run CWShredder to clean up clicking "FIX" to have it remove all it finds. CWShredder available from these places :- http://www.aluriasoftware.com/tools/cwshredder.zip Or this as a full download without any unzipping required http://www.downloads.subratam.org/CWShredder.exe http://www.spywareinfo.com/downloads...CWShredder.exe We have found that some of the CWS infections can be removed better from safe mode, rather than normal mode. To get to safe mode use the F8 key while booting the machine. Detailed instructions from :- HERE ,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, Then please do this since it’s better to use automated tools to get rid of the bad stuff use these 2 programs first before doing the final cleaning with HJT First use Spybot S&D. (Version 1.3) Spybot Unzip, and update. Install the updates and run. Delete all that it marks in red. Reboot Then it’s time for Ad-Aware Ad-Aware Install and update by using the globe icon. Restart your computer and run Ad-Aware. Press scan now and select drives and/or partitions to be scanned. When done select all and click next. Remove all checked items and then reboot your computer. Please go to this page and read the instructions for how to configure Spybot S&D & Ad-Aware How To Setup Spybot SD and Ad-Aware ,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, Reboot and post a new HiJackThis log. |
| ||
| Re: Another hotoffers hijacking problem.. With the new hijackthis log, please post another log from silent runners. There is a file that reinstalls this infection that hijackthis cannot see. Make sure that you post the entire log. Go here and download and run Silent Runners.vbs. It generates a log, please post the information back in this thread. |
| ||
| Re: Another hotoffers hijacking problem.. First of all, thanks to both of you for such prompt replies. I am in the process of doing what you two suggested, and will post the results. There is something that I ran into earlier, and it is happening again. When I ws downloading the new version of HJT, it would download the zipped file, but when I would try to extract the exe file, it would run the Winzip, but the file is not extracted. It tells me that the exe file does not exist. I tried 4-5 different sites. Finally, it did extract the file, but by mistake I deleted it after runnnig the fist scan. Now, when I am trying to download it again, it is doing th same thing. The older version did not give me any problem...Any idea? I will do what you two suggested in the meantime. Thanks again for prompt replies! |
| ||
| Re: Another hotoffers hijacking problem.. Quote:
|
| ||
| Re: Another hotoffers hijacking problem.. I tried this too earlier when I was having trouble unzipping the file, but it gives me this message.. "C:\WINNT\SYSTEM32\AUTOEXEC.NT. The system file is not suitable for running MS-DOS and Microsoft Windows applications. Choose "Clsoe" to terminate the application." |
| ||
| Re: Another hotoffers hijacking problem.. Okay, so I did everything that was asked, and here are the new logs of HJT and Silentvbrunner. 1) Deleted all the subfolders and files under temp folders.. 2)Scanned the computer 3)Ran CWShredder.. 4)Ran Spybot -- I haverun Spybot a few times over the last few days, and I fix everything, and then when I run it again a couple of things keep appearing. Viewpointand Window ADTool 5) Rna Ad-aware -- Same with this. A couple of things, SahAgent and IEHijacker, keep appearing no matter how many times I have fixed it.. HJT Log - I just could not unzip the latest version, so here is th elog from the older version: Logfile of HijackThis v1.98.2 Scan saved at 3:42:32 PM, on 3/13/2005 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\scheduler.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe C:\WINNT\Explorer.EXE C:\WINNT\system32\igfxtray.exe C:\WINNT\system32\hkcmd.exe C:\WINNT\system32\carpserv.exe C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb05.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\WINNT\system32\hpws.exe C:\Program Files\Media Pass\MediaPassK.exe C:\Program Files\Media Pass\MediaPass.exe C:\Meraj\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotoffers.info/195/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=proxy.cyber.net.pk:8080;http=proxy.cyber.net.pk:8080 O1 - Hosts: 69.50.173.4 lycos.com O1 - Hosts: 69.50.173.4 amazon.com O1 - Hosts: 69.50.173.4 www.amazon.com O1 - Hosts: 69.50.173.4 aol.com O1 - Hosts: 69.50.173.4 www.aol.com O1 - Hosts: 69.50.173.4 earthlink.net O1 - Hosts: 69.50.173.4 www.earthlink.net O1 - Hosts: 69.50.173.4 ebay.com O1 - Hosts: 69.50.173.4 www.ebay.com O1 - Hosts: 69.50.173.4 go.com O1 - Hosts: 69.50.173.4 www.go.com O1 - Hosts: 69.50.173.4 icq.com O1 - Hosts: 69.50.173.4 www.icq.com O1 - Hosts: 69.50.173.4 lycos.com O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [CARPService] carpserv.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb05.exe O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe O4 - HKLM\..\Run: [Service Scheduler] scheduler.exe O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe O4 - HKLM\..\Run: [Win Drivers SSL] hpws.exe O4 - HKLM\..\Run: [Media Pass] C:\Program Files\Media Pass\MediaPassK.exe O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe O4 - HKLM\..\Run: [gah95on6] C:\WINNT\system32\gah95on6.exe O4 - HKLM\..\RunServices: [Service Scheduler] scheduler.exe O4 - HKLM\..\RunServices: [Win Drivers SSL] hpws.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [AIM] C:\Program Files\Netscape\Communicator\Program\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [Win Drivers SSL] hpws.exe O4 - HKCU\..\RunServices: [Win Drivers SSL] hpws.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe O9 - Extra 'Tools' menuitem: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\Netscape\Communicator\Program\AIM\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll O9 - Extra button: Microsoft AntiSpyware helper - {166AB7E0-5E62-4F7A-B199-07124C06AA51} - (no file) (HKCU) O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {166AB7E0-5E62-4F7A-B199-07124C06AA51} - (no file) (HKCU) O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/game...s/y/dot8_x.cab O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/game...s/y/pote_x.cab O16 - DPF: Yahoo! Reversi - http://download.games.yahoo.com/game...ts/y/rt0_x.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{24FD0D6D-131B-44BA-90C7-E338E1350D53}: NameServer = 202.163.96.3 202.163.96.4 O17 - HKLM\System\CS2\Services\Tcpip\..\{24FD0D6D-131B-44BA-90C7-E338E1350D53}: NameServer = 202.163.96.3 202.163.96.4 SilentVBRunner Log: "Silent Runners.vbs", revision 32, http://www.silentrunners.org/ Operating System: Windows 2000 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "MsnMsgr" = ""C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background" [MS] "AIM" = "C:\Program Files\Netscape\Communicator\Program\AIM\aim.exe -cnetwait.odl" ["America Online, Inc."] "Yahoo! Pager" = "C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet" ["Yahoo! Inc."] "Win Drivers SSL" = "hpws.exe" [null data] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "Synchronization Manager" = "mobsync.exe /logon" [MS] "IgfxTray" = "C:\WINNT\system32\igfxtray.exe" ["Intel Corporation"] "HotKeysCmds" = "C:\WINNT\system32\hkcmd.exe" ["Intel Corporation"] "LoadQM" = "loadqm.exe" [MS] "CARPService" = "carpserv.exe" ["Conexant Systems"] "HPDJ Taskbar Utility" = "C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb05.exe" ["HP"] "Smapp" = "C:\Program Files\Analog Devices\SoundMAX\Smtray.exe" ["Analog Devices, Inc."] "Service Scheduler" = "scheduler.exe" [null data] "ViewMgr" = "C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe" ["Viewpoint Corporation"] "Win Drivers SSL" = "hpws.exe" [null data] "Media Pass" = "C:\Program Files\Media Pass\MediaPassK.exe" [null data] "Security iGuard" = "C:\Program Files\Security iGuard\Security iGuard.exe" [file not found] "gah95on6" = "C:\WINNT\system32\gah95on6.exe" [file not found] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx" [empty string] {53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided) -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension" -> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext" -> {CLSID}\InProcServer32\(Default) = "C:\WINNT\System32\hticons.dll" ["Hilgraeve, Inc."] "{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] "{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] "{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] "{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] "{5464D816-CF16-4784-B9F3-75C0DB52B499}" = "Yahoo! Mail" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\YAHOO!\Common\ymmapi.dll" ["Yahoo! Inc."] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\ INFECTION WARNING! "{12345678-0000-0010-8000-00AAFF6D2EA4}" = "Sysctl Desktop Handler" -> {CLSID}\InProcServer32\(Default) = "C:\WINNT\System32\systr.dll" [null data] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ INFECTION WARNING! igfxcui\DLLName = "igfxsrvc.dll" ["Intel Corporation"] Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ "SCRNSAVE.EXE" = "C:\WINNT\system32\ssstars.scr" [MS] Startup items in "Administrator" & "All Users" startup folders: --------------------------------------------------------------- C:\Documents and Settings\All Users\Start Menu\Programs\Startup "Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l" [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ AVSync Manager, AvSynMgr, ""C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe"" ["Network Associates, Inc."] McShield, McShield, ""C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe"" ["Network Associates, Inc."] Service Scheduler, Service Scheduler, ""C:\WINNT\system32\scheduler.exe" -service" [null data] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\rnr20.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: C:\WINNT\system32\CSLSP.DLL ["Networks Associates Technologies, Inc."], 01 - 13, 27 %SystemRoot%\system32\msafd.dll [MS], 14 - 16, 19 - 26 %SystemRoot%\system32\rsvpsp.dll [MS], 17 - 18 ---------- This report excludes default entries except where indicated. To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. ---------- Hope to hear from you guys... |
| ||
| Re: Another hotoffers hijacking problem.. Hi mastermirage. =============== Download the newest version of HiJackThis; version 1.99.1. Go for the self-extracting version. Then repost your log, either now, or after following the steps in the solution (if provided in this post). This version has features that might be more helpful in 'cleaning' up your system. =============== Run HiJackThis then: 1. Click "Config..." 2. Click "Misc Tools" 3. Click "Open Process manager" - Next, while holding down the CTRL key, locate (if present) and click on (highlight) each of the following: C:\WINNT\system32\hpws.exe Now double-check and make sure that only those item(s) above are highlighted, then click "Kill process". Now, click "Refresh", check again, and repeat this step if any remain. =============== Run HiJackThis and click "Scan", then check(tick) the following, if present: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotoffers.info/195/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank O1 - Hosts: 69.50.173.4 lycos.com O1 - Hosts: 69.50.173.4 amazon.com O1 - Hosts: 69.50.173.4 www.amazon.com O1 - Hosts: 69.50.173.4 aol.com O1 - Hosts: 69.50.173.4 www.aol.com O1 - Hosts: 69.50.173.4 earthlink.net O1 - Hosts: 69.50.173.4 www.earthlink.net O1 - Hosts: 69.50.173.4 ebay.com O1 - Hosts: 69.50.173.4 www.ebay.com O1 - Hosts: 69.50.173.4 go.com O1 - Hosts: 69.50.173.4 www.go.com O1 - Hosts: 69.50.173.4 icq.com O1 - Hosts: 69.50.173.4 www.icq.com O1 - Hosts: 69.50.173.4 lycos.com ...(Verify that these ip addresses are for your isp's DNS Servers, if so, don't 'fix' these.) O4 - HKLM\..\Run: [Win Drivers SSL] hpws.exe O4 - HKLM\..\RunServices: [Win Drivers SSL] hpws.exe O4 - HKCU\..\Run: [Win Drivers SSL] hpws.exe O4 - HKCU\..\RunServices: [Win Drivers SSL] hpws.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{24FD0D6D-131B-44BA-90C7-E338E1350D53}: NameServer = 202.163.96.3 202.163.96.4 O17 - HKLM\System\CS2\Services\Tcpip\..\{24FD0D6D-131B-44BA-90C7-E338E1350D53}: NameServer = 202.163.96.3 202.163.96.4 ...(Verify that these ip addresses are for your isp's DNS Servers, if so, don't 'fix' these.) Now, with all windows closed except HiJackThis, click "Fix checked". =============== Locate and delete the following item(s), if present. Make sure your able to view system and hidden files/ folders: files... C:\WINDOWS\System32\systr.dll C:\WINNT\system32\hpws.exe Search for... hpws.exe ...using "Start | Search...". - Note that some of these file(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them from "Safe Mode". =============== Post back a new log after rebooting and let me know how everything goes. |
| ||
| Re: Another hotoffers hijacking problem.. Hello Crunchie, Thanks for all the help... Deleted everything that you asked. Systr.dll does not let me delete it, not even in the safe mode. I tried to delete it through HJT giving it an option of deleting the file on the reboot, but it is still there. There is also an applicaiton with the same name running in the same directory. I delete it, and it comes back.. It has started to remind me of one of my ex-gf....a pain in the ass to get rid of.. :evil: One thing that does no thappen is that it at least lets me go to yahoo and the other search engines. Earlier, it used to redirect me to hotoffer.com if I would try to go to any search engine. Same thing with this line: R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotoffers.info/195/ I delete it, and it comes back. Logfile of HijackThis v1.99.0 Scan saved at 2:37:03 AM, on 3/14/2005 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\scheduler.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe C:\WINNT\Explorer.EXE C:\WINNT\system32\igfxtray.exe C:\WINNT\system32\hkcmd.exe C:\WINNT\system32\carpserv.exe C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb05.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\Media Pass\MediaPassK.exe C:\Program Files\Media Pass\MediaPass.exe C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotoffers.info/195/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=proxy.cyber.net.pk:8080;http=proxy.cyber.net.pk:8080 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [CARPService] carpserv.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb05.exe O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe O4 - HKLM\..\Run: [Service Scheduler] scheduler.exe O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe O4 - HKLM\..\Run: [Media Pass] C:\Program Files\Media Pass\MediaPassK.exe O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe O4 - HKLM\..\Run: [gah95on6] C:\WINNT\system32\gah95on6.exe O4 - HKLM\..\RunServices: [Service Scheduler] scheduler.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [AIM] C:\Program Files\Netscape\Communicator\Program\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe O9 - Extra 'Tools' menuitem: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\Netscape\Communicator\Program\AIM\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll O9 - Extra button: Microsoft AntiSpyware helper - {166AB7E0-5E62-4F7A-B199-07124C06AA51} - (no file) (HKCU) O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {166AB7E0-5E62-4F7A-B199-07124C06AA51} - (no file) (HKCU) O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/game...s/y/dot8_x.cab O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/game...s/y/pote_x.cab O16 - DPF: Yahoo! Reversi - http://download.games.yahoo.com/game...ts/y/rt0_x.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{24FD0D6D-131B-44BA-90C7-E338E1350D53}: NameServer = 202.163.96.3 202.163.96.4 O17 - HKLM\System\CS2\Services\Tcpip\..\{24FD0D6D-131B-44BA-90C7-E338E1350D53}: NameServer = 202.163.96.3 202.163.96.4 O23 - Service: AVSync Manager - Network Associates, Inc. - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe O23 - Service: Logical Disk Manager Administrative Service - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: McShield - Unknown - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe O23 - Service: Service Scheduler - Unknown - C:\WINNT\system32\scheduler.exe O23 - Service: SoundMAX Agent Service - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe |
| All times are GMT -4. The time now is 4:42 am. |
Forum system based on vBulletin Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
©2003 - 2009 DaniWeb® LLC