Viruses, Spyware and other Nasties RSS Viruses, Spyware and other Nasties RSS

Hotoffers get me mad !!

Reply
1 2 Last »

Join Date: Mar 2005
Posts: 12
Reputation: Dreadlord is an unknown quantity at this point 
Solved Threads: 0
Dreadlord Dreadlord is offline Offline
Newbie Poster

Hotoffers get me mad !!

 
0
  #1
Mar 10th, 2005
Hi folk

I have this hotoffers since 2 days now.. and it is really iritating me indeed

I have followed the advise in the previous topics, but it seems I just can't get rid off..

sometimes it is gones, for like an hour and 2 and then it come back..

it seems that this I guard program has been installed as well, I remove it (from the remove manager in windows) but it comes back also

please help help help, I'm at 2 inch to trash this bloody laptop !!


thanx in advance for you all guys


Stefany

ps: here is my hi jack log

Logfile of HijackThis v1.99.1
Scan saved at 08:38:42, on 11/03/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender8\vsserv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\pctspk.exe
C:\progra~1\softwin\bitdef~1\bdmcon.exe
C:\Program Files\Softwin\BitDefender8\bdoesrv.exe
C:\progra~1\softwin\bitdef~1\bdnagent.exe
C:\Program Files\Softwin\BitDefender8\bdswitch.exe
C:\Program Files\QuickTime\qttask.exe
D:\localhost\easyphp.exe
C:\Program Files\NETGEAR\WG511\Utility\WG511WLU.exe
C:\WINDOWS\svchost.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\utilities\Skype\Phone\Skype.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
D:\LOCALH~1\MySql\bin\mysqld.exe
C:\Program Files\Realtek\Rtl8180\RtlWake.exe
C:\Program Files\Trillian\trillian.exe
C:\Documents and Settings\Greg\Menu Démarrer\Programmes\Démarrage\winupdate87741453[1].exe
C:\WINDOWS\TEMP\q1272325.exe
D:\eudora\Eudora.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Greg\Bureau\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotoffers.info/192/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [BDMCon] C:\progra~1\softwin\bitdef~1\bdmcon.exe
O4 - HKLM\..\Run: [BDOESRV] C:\Program Files\Softwin\BitDefender8\\bdoesrv.exe
O4 - HKLM\..\Run: [BDNewsAgent] C:\progra~1\softwin\bitdef~1\bdnagent.exe
O4 - HKLM\..\Run: [BDSwitchAgent] C:\Program Files\Softwin\BitDefender8\\bdswitch.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EasyPHP] "D:\localhost\easyphp.exe"
O4 - HKLM\..\Run: [WG511WLU] C:\Program Files\NETGEAR\WG511\Utility\WG511WLU.exe -hide
O4 - HKLM\..\Run: [ap9h4qmo] C:\WINDOWS\System32\ap9h4qmo.exe
O4 - HKLM\..\Run: [Setup experation] C:\WINDOWS\svchost.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\utilities\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O4 - Startup: winupdate87741453[1].exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: RtlWake.lnk = ?
O9 - Extra button: Microsoft AntiSpyware helper - {15A525AD-7517-4C6A-8082-F6B4A1DF7351} - C:\WINDOWS\System32\wldr.dll
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {15A525AD-7517-4C6A-8082-F6B4A1DF7351} - C:\WINDOWS\System32\wldr.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Microsoft AntiSpyware helper - {15A525AD-7517-4C6A-8082-F6B4A1DF7351} - C:\WINDOWS\System32\wldr.dll (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {15A525AD-7517-4C6A-8082-F6B4A1DF7351} - C:\WINDOWS\System32\wldr.dll (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {166588D0-6632-42D1-AEB1-85D096FBE18F} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {166588D0-6632-42D1-AEB1-85D096FBE18F} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {439C2698-AD10-425A-AEC0-3B3CEE35F0CC} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {439C2698-AD10-425A-AEC0-3B3CEE35F0CC} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {6C7FD7BE-0A8D-449F-B037-CEB0EA04AEFC} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {6C7FD7BE-0A8D-449F-B037-CEB0EA04AEFC} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {BA8E3E9F-EF44-4438-9E86-2B150B1A5A49} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {BA8E3E9F-EF44-4438-9E86-2B150B1A5A49} - (no file) (HKCU)
O15 - Trusted IP range: 206.161.125.149
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone
O16 - DPF: {11120607-1001-1111-1000-110199901123} - ms-its:mhtml:file://c:\default.mht!http://www.hotoffers.info/pc/dropper.chm::/dropper.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender8\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
Reply With Quote Quick reply to this message  
Join Date: Mar 2005
Posts: 12
Reputation: Dreadlord is an unknown quantity at this point 
Solved Threads: 0
Dreadlord Dreadlord is offline Offline
Newbie Poster

Re: Hotoffers get me mad !!

 
0
  #2
Mar 10th, 2005
if that's help anybody I have putted the log of silence runner

thanx in advance for your help

Steffy

"Silent Runners.vbs", revision 32, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "C:\WINDOWS\System32\ctfmon.exe" [MS]
"Skype" = ""C:\Program Files\utilities\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."]
"Windows Service" = "C:\WINDOWS\System32\pd14.exe" [null data]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"ATIModeChange" = "Ati2mdxx.exe" ["ATI Technologies, Inc."]
"ATIPTA" = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" ["ATI Technologies, Inc."]
"SynTPLpr" = "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" ["Synaptics, Inc."]
"SynTPEnh" = "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" ["Synaptics, Inc."]
"PCTVOICE" = "pctspk.exe" [empty string]
"BDMCon" = "C:\progra~1\softwin\bitdef~1\bdmcon.exe" ["SOFTWIN S.R.L."]
"BDOESRV" = "C:\Program Files\Softwin\BitDefender8\\bdoesrv.exe" [null data]
"BDNewsAgent" = "C:\progra~1\softwin\bitdef~1\bdnagent.exe" [null data]
"BDSwitchAgent" = "C:\Program Files\Softwin\BitDefender8\\bdswitch.exe" [null data]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"EasyPHP" = ""D:\localhost\easyphp.exe"" ["EasyPHP"]
"WG511WLU" = "C:\Program Files\NETGEAR\WG511\Utility\WG511WLU.exe -hide" [" "]
"ap9h4qmo" = "C:\WINDOWS\System32\ap9h4qmo.exe" [file not found]
"Setup experation" = "C:\WINDOWS\svchost.exe" [null data]
"Windows Service" = "C:\WINDOWS\System32\pd14.exe" [null data]

HKLM\Software\Microsoft\Active Setup\Installed Components\
>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}\(Default) = "Outlook Express"
\StubPath = "C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx" [empty string]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}" = "Eudora's Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "D:\eudora\EuShlExt.dll" ["Qualcomm Inc."]
"{2F603045-309F-11CF-9774-0020AFD0CFF6}" = "Synaptics Control Panel"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Synaptics\SynTP\SynTPCpl.dll" ["Synaptics, Inc."]
"{D653647D-D607-4DF6-A5B8-48D2BA195F7B}" = "BitDefender Antivirus v8"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Softwin\BitDefender8\bdshelxt.dll" ["SOFTWIN S.R.L."]
"{2F25CF20-C569-11D1-B94C-00608CB45480}" = "TextPad"
-> {CLSID}\InProcServer32\(Default) = "\\Stb-b3bl9d70vgx\laptop backup\Program Files\utilities\ text pad 4\System\shellext.dll" [file not found]
"{63542C48-9552-494A-84F7-73AA6A7C99C1}" = "OpenOffice Property Sheet Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\OpenOffice.org1.1.0\program\shlxthdl.dll" ["Sun Microsystems, Inc."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\utilities\compression\WinRAR\rarext.dll" [null data]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\
INFECTION WARNING! "{12345678-0000-0010-8000-00AAFF6D2EA4}" = "Sysctl Desktop Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\systr.dll" [null data]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\
INFECTION WARNING! "AppInit_DLLs" = "sockspy.dll" [null data]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\
INFECTION WARNING! "Shell" = "explorer.exe C:\WINDOWS\System32\netdc.exe" [MS]


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]


Startup items in "Greg" & "All Users" startup folders:
------------------------------------------------------

C:\Documents and Settings\Greg\Menu Démarrer\Programmes\Démarrage
"Trillian" -> shortcut to: "C:\Program Files\Trillian\trillian.exe" ["Cerulean Studios"]
"winupdate87741453[1].exe" [null data]

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
"Acrobat Assistant" -> shortcut to: "C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe" ["Adobe Systems Inc."]
"Adobe Gamma Loader" -> shortcut to: "C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]
"RtlWake" -> shortcut to: "C:\Program Files\Realtek\Rtl8180\RtlWake.exe" [empty string]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\System32\Ati2evxx.exe" ["ATI Technologies Inc."]
BitDefender Communicator, XCOMM, "C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe /service" ["Softwin"]
BitDefender Scan Server, bdss, "C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe /service" [null data]
BitDefender Virus Shield, VSSERV, "C:\Program Files\Softwin\BitDefender8\vsserv.exe /service" [null data]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\System32\wdfmgr.exe" [MS]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 21
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


----------
This report excludes default entries except where indicated.
To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
----------
Reply With Quote Quick reply to this message  
Join Date: Feb 2004
Posts: 9,982
Reputation: crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold 
Solved Threads: 754
Moderator
Featured Poster
crunchie's Avatar
crunchie crunchie is offline Offline
Spyware Killer

Re: Hotoffers get me mad !!

 
0
  #3
Mar 11th, 2005
Run Hijackthis and go to the process viewer by going to Config, Misc Tools, Process Viewer, to unload all instances of the following running processes;
C:\WINDOWS\svchost.exe
C:\Documents and Settings\Greg\Menu Démarrer\Programmes\Démarrage\winupdate87741453[1].exe
C:\WINDOWS\TEMP\q1272325.exe


Scan with hijackthis and tick the boxes next to all the following entries, then close all browser and explorer windows and hit the "Fix checked" button.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotoffers.info/192/

O4 - HKLM\..\Run: [ap9h4qmo] C:\WINDOWS\System32\ap9h4qmo.exe
O4 - HKLM\..\Run: [Setup experation] C:\WINDOWS\svchost.exe
O4 - Startup: winupdate87741453[1].exe

O15 - Trusted IP range: 206.161.125.149

O16 - DPF: {11120607-1001-1111-1000-110199901123} - ms-its:mhtml:file://c:\default.mht!http://www.hotoffers.info/pc/dropper.chm::/dropper.exe

Reboot into safe mode following the instructions here and navigate to and delete the following if found:

C:\WINDOWS\System32\pd14.exe
C:\WINDOWS\svchost.exe
C:\WINDOWS\System32\systr.dll
C:\WINDOWS\System32\netdc.exe
C:\Documents and Settings\Greg\Menu Démarrer\Programmes\Démarrage\winupdate87741453[1].exe

C:\WINDOWS\TEMP contents only

Reboot normally after doing the above, rescan with hijackthis, then post that log here please.

Download, install and keep updated, Spywareblaster from www.javacoolsoftware.com to help keep your system clean.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Reply With Quote Quick reply to this message  
Join Date: Aug 2004
Posts: 780
Reputation: OurNation is an unknown quantity at this point 
Solved Threads: 9
OurNation's Avatar
OurNation OurNation is offline Offline
Master Poster

Re: Hotoffers get me mad !!

 
0
  #4
Mar 11th, 2005
Side note (wasn't in crunchies post):Close all running processes before scaning with HJT.
PETA People for the Eating of Tasty Animals.


FireFox
Hijack This
Ad-Aware
Hijack this tutorial
Microsoft AntiSpyware
CompUchat
Reply With Quote Quick reply to this message  
Join Date: Mar 2005
Posts: 12
Reputation: Dreadlord is an unknown quantity at this point 
Solved Threads: 0
Dreadlord Dreadlord is offline Offline
Newbie Poster

Re: Hotoffers get me mad !!

 
0
  #5
Mar 11th, 2005
Dear Crunchie

first of all, thanx very much for your support and most welcomed help

I did follow all your instruction although

1° I could not delette systr.dll but I have been able to rename it
2° did not find netdc.exe, but I'm sure I did erase this one during a previous attend to eradicate this hotoffers

here is the log of hijackthis

as you can see, this hotoffers seems to stick

what shall I do

thanx again and thanx in advance for yer help

Stef

Logfile of HijackThis v1.99.1
Scan saved at 20:40:35, on 11/03/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender8\vsserv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\pctspk.exe
C:\progra~1\softwin\bitdef~1\bdmcon.exe
C:\Program Files\Softwin\BitDefender8\bdoesrv.exe
C:\progra~1\softwin\bitdef~1\bdnagent.exe
C:\Program Files\Softwin\BitDefender8\bdswitch.exe
C:\Program Files\QuickTime\qttask.exe
D:\localhost\easyphp.exe
C:\Program Files\NETGEAR\WG511\Utility\WG511WLU.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\utilities\Skype\Phone\Skype.exe
D:\LOCALH~1\MySql\bin\mysqld.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Realtek\Rtl8180\RtlWake.exe
C:\Program Files\Trillian\trillian.exe
D:\eudora\Eudora.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Greg\Bureau\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotoffers.info/192/
F2 - REG:system.ini: Shell=explorer.exe C:\WINDOWS\System32\netdc.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [BDMCon] C:\progra~1\softwin\bitdef~1\bdmcon.exe
O4 - HKLM\..\Run: [BDOESRV] C:\Program Files\Softwin\BitDefender8\\bdoesrv.exe
O4 - HKLM\..\Run: [BDNewsAgent] C:\progra~1\softwin\bitdef~1\bdnagent.exe
O4 - HKLM\..\Run: [BDSwitchAgent] C:\Program Files\Softwin\BitDefender8\\bdswitch.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EasyPHP] "D:\localhost\easyphp.exe"
O4 - HKLM\..\Run: [WG511WLU] C:\Program Files\NETGEAR\WG511\Utility\WG511WLU.exe -hide
O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\utilities\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Windows Service] C:\WINDOWS\System32\pd14.exe
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: RtlWake.lnk = ?
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Microsoft AntiSpyware helper - {15A525AD-7517-4C6A-8082-F6B4A1DF7351} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {15A525AD-7517-4C6A-8082-F6B4A1DF7351} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {166588D0-6632-42D1-AEB1-85D096FBE18F} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {166588D0-6632-42D1-AEB1-85D096FBE18F} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {439C2698-AD10-425A-AEC0-3B3CEE35F0CC} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {439C2698-AD10-425A-AEC0-3B3CEE35F0CC} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {6C7FD7BE-0A8D-449F-B037-CEB0EA04AEFC} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {6C7FD7BE-0A8D-449F-B037-CEB0EA04AEFC} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {BA8E3E9F-EF44-4438-9E86-2B150B1A5A49} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {BA8E3E9F-EF44-4438-9E86-2B150B1A5A49} - (no file) (HKCU)
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender8\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
Reply With Quote Quick reply to this message  
Join Date: Aug 2004
Posts: 780
Reputation: OurNation is an unknown quantity at this point 
Solved Threads: 9
OurNation's Avatar
OurNation OurNation is offline Offline
Master Poster

Re: Hotoffers get me mad !!

 
0
  #6
Mar 11th, 2005
Originally Posted by OurNation
Side note (wasn't in crunchies post):Close all running processes before scaning with HJT.
A quote from me a few minutes prior. That means even Internet browsers.
PETA People for the Eating of Tasty Animals.


FireFox
Hijack This
Ad-Aware
Hijack this tutorial
Microsoft AntiSpyware
CompUchat
Reply With Quote Quick reply to this message  
Join Date: Mar 2005
Posts: 12
Reputation: Dreadlord is an unknown quantity at this point 
Solved Threads: 0
Dreadlord Dreadlord is offline Offline
Newbie Poster

Re: Hotoffers get me mad !!

 
0
  #7
Mar 11th, 2005
Thanx you very much Our nation,

how do I close all running process

I did control alt del and close everything

but obviously from the new log there is still some left

here is the new log

thanx much in advance for your help

Stephany

Logfile of HijackThis v1.99.1
Scan saved at 21:13:20, on 11/03/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\pctspk.exe
C:\Program Files\Softwin\BitDefender8\bdoesrv.exe
C:\progra~1\softwin\bitdef~1\bdnagent.exe
C:\Program Files\Softwin\BitDefender8\bdswitch.exe
C:\Program Files\QuickTime\qttask.exe
D:\localhost\easyphp.exe
C:\Program Files\NETGEAR\WG511\Utility\WG511WLU.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\utilities\Skype\Phone\Skype.exe
D:\LOCALH~1\MySql\bin\mysqld.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Realtek\Rtl8180\RtlWake.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender8\vsserv.exe
c:\progra~1\softwin\bitdef~1\bdmcon.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Documents and Settings\Greg\Bureau\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://
F2 - REG:system.ini: Shell=explorer.exe C:\WINDOWS\System32\netdc.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [BDMCon] C:\progra~1\softwin\bitdef~1\bdmcon.exe
O4 - HKLM\..\Run: [BDOESRV] C:\Program Files\Softwin\BitDefender8\\bdoesrv.exe
O4 - HKLM\..\Run: [BDNewsAgent] C:\progra~1\softwin\bitdef~1\bdnagent.exe
O4 - HKLM\..\Run: [BDSwitchAgent] C:\Program Files\Softwin\BitDefender8\\bdswitch.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EasyPHP] "D:\localhost\easyphp.exe"
O4 - HKLM\..\Run: [WG511WLU] C:\Program Files\NETGEAR\WG511\Utility\WG511WLU.exe -hide
O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\utilities\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Windows Service] C:\WINDOWS\System32\pd14.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: RtlWake.lnk = ?
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Microsoft AntiSpyware helper - {15A525AD-7517-4C6A-8082-F6B4A1DF7351} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {15A525AD-7517-4C6A-8082-F6B4A1DF7351} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {166588D0-6632-42D1-AEB1-85D096FBE18F} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {166588D0-6632-42D1-AEB1-85D096FBE18F} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {439C2698-AD10-425A-AEC0-3B3CEE35F0CC} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {439C2698-AD10-425A-AEC0-3B3CEE35F0CC} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {6C7FD7BE-0A8D-449F-B037-CEB0EA04AEFC} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {6C7FD7BE-0A8D-449F-B037-CEB0EA04AEFC} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {BA8E3E9F-EF44-4438-9E86-2B150B1A5A49} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {BA8E3E9F-EF44-4438-9E86-2B150B1A5A49} - (no file) (HKCU)
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender8\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
Reply With Quote Quick reply to this message  
Join Date: Aug 2004
Posts: 780
Reputation: OurNation is an unknown quantity at this point 
Solved Threads: 9
OurNation's Avatar
OurNation OurNation is offline Offline
Master Poster

Re: Hotoffers get me mad !!

 
0
  #8
Mar 11th, 2005
Ok (not to be sarcastic) click on every thing at the bottom of your screen (on the tool bar) and on the upper right hand corner theres a big red X click it and click all the big red X's you can find.... Simple put theres nothing hiding just run HJT by itself with out firefox or IE running or computer games ect.
PETA People for the Eating of Tasty Animals.


FireFox
Hijack This
Ad-Aware
Hijack this tutorial
Microsoft AntiSpyware
CompUchat
Reply With Quote Quick reply to this message  
Join Date: Mar 2005
Posts: 12
Reputation: Dreadlord is an unknown quantity at this point 
Solved Threads: 0
Dreadlord Dreadlord is offline Offline
Newbie Poster

Re: Hotoffers get me mad !!

 
0
  #9
Mar 11th, 2005
don't really understand what the Big X's do mean.. sorry for my english..

but I assume that you refer to the bottom right corner where is the clock and volume setting

so I closed everything I could there

here is the new log

hotoffers still there also

there is reference to

O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe

but I did removed this I guard, but seems to come back to

and hotoffers stoped for a while but has came back

thanx very very much in advance for all your help

Stef



Logfile of HijackThis v1.99.1
Scan saved at 21:53:50, on 11/03/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\pctspk.exe
C:\Program Files\Softwin\BitDefender8\bdoesrv.exe
C:\progra~1\softwin\bitdef~1\bdnagent.exe
C:\Program Files\Softwin\BitDefender8\bdswitch.exe
C:\Program Files\NETGEAR\WG511\Utility\WG511WLU.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Realtek\Rtl8180\RtlWake.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender8\vsserv.exe
C:\WINDOWS\System32\rundll32.exe
C:\Documents and Settings\Greg\Bureau\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotoffers.info/192/
O1 - Hosts: 69.50.173.3 lycos.com www.lycos.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [BDMCon] C:\progra~1\softwin\bitdef~1\bdmcon.exe
O4 - HKLM\..\Run: [BDOESRV] C:\Program Files\Softwin\BitDefender8\\bdoesrv.exe
O4 - HKLM\..\Run: [BDNewsAgent] C:\progra~1\softwin\bitdef~1\bdnagent.exe
O4 - HKLM\..\Run: [BDSwitchAgent] C:\Program Files\Softwin\BitDefender8\\bdswitch.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EasyPHP] "D:\localhost\easyphp.exe"
O4 - HKLM\..\Run: [WG511WLU] C:\Program Files\NETGEAR\WG511\Utility\WG511WLU.exe -hide
O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\utilities\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: RtlWake.lnk = ?
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Microsoft AntiSpyware helper - {15A525AD-7517-4C6A-8082-F6B4A1DF7351} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {15A525AD-7517-4C6A-8082-F6B4A1DF7351} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {166588D0-6632-42D1-AEB1-85D096FBE18F} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {166588D0-6632-42D1-AEB1-85D096FBE18F} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {439C2698-AD10-425A-AEC0-3B3CEE35F0CC} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {439C2698-AD10-425A-AEC0-3B3CEE35F0CC} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {6C7FD7BE-0A8D-449F-B037-CEB0EA04AEFC} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {6C7FD7BE-0A8D-449F-B037-CEB0EA04AEFC} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {BA8E3E9F-EF44-4438-9E86-2B150B1A5A49} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {BA8E3E9F-EF44-4438-9E86-2B150B1A5A49} - (no file) (HKCU)
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender8\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
Reply With Quote Quick reply to this message  
Join Date: Feb 2004
Posts: 9,982
Reputation: crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold 
Solved Threads: 754
Moderator
Featured Poster
crunchie's Avatar
crunchie crunchie is offline Offline
Spyware Killer

Re: Hotoffers get me mad !!

 
0
  #10
Mar 11th, 2005
Go here and download and run Silent Runners.vbs. It generates a log, please post the information back in this thread.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Reply With Quote Quick reply to this message  
Reply
1 2 Last »

Quick Reply to Thread
This thread is more than three months old.
Perhaps start a new thread instead?
Message:



Other Threads in the Viruses, Spyware and other Nasties Forum
Thread Tools Search this Thread



adware anti-malware anti-virussitesaccessissue antivirus apple attack audio avg backtoschoolspeech bar blackhat botnet botnets censorship china commercial conficker connect control cyber cybercrime cyberwarfare ddos domains education email europe exam exploit facebook fake fancheckvirus gaming gtaiv halloween hijack hosting internet iphone kaspersky legal logfiles malware mcafee mega-d messagelabs microsoft mobile msn nazi news obama onlinethreats paedophile panel parents patch phishing police policeprovirusmba-mblockedinternetaccess president privacy pro problem redirect redirecting report research risk rogueantivirus samhain sans scareware search security seopoisoning sites software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec system teen translate trojan unabletoaccessanti-virussites unwanted update usa virus viruses vista war warning windows worm yahoo zeroday
About Us | Contact Us | Advertise | DaniWeb | Acceptable Use Policy | RSS Feed

©2003 - 2009 DaniWeb® LLC