 |  |  |  |  |  |  |  |
I have a problem with Hotoffers too
 |
I could not get away from hotoffers I tried everything and I tried to clean the files that I saw in this forums but it did not work. Can u help me???
Also I'm pasting the log file of Hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 22:04:12, on 12.03.2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Norton AntiVirus\navapsvc.exe
D:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\ZONELABS\vsmon.exe
D:\Program Files\GlobespanVirata\Adsl\dslstat.exe
D:\Program Files\GlobespanVirata\Adsl\dslagent.exe
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\Program Files\Crystal Internet Meter\cimeter.exe
D:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
D:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
D:\WINDOWS\System32\devldr32.exe
D:\Program Files\ICQLite\ICQLite.exe
D:\WINDOWS\explorer.exe
D:\Program Files\NoAdware3\NoAdware3.exe
D:\Program Files\Maxthon\Maxthon.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Documents and Settings\Gungor\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotoffers.info/179/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mcafee.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R3 - URLSearchHook: transURL Class - {C7EDAB2E-D7F9-11D8-BA48-C79B0C409D70} - D:\WINDOWS\System32\SEARCH~1.DLL
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - D:\WINDOWS\nem220.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BL Class - {28F65FCB-D130-11D8-BA48-8BE0C49AF370} - D:\WINDOWS\System32\popup_bl.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [DSLSTATEXE] D:\Program Files\GlobespanVirata\Adsl\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] D:\Program Files\GlobespanVirata\Adsl\dslagent.exe
O4 - HKLM\..\Run: [ccApp] D:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] D:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Advanced Tools Check] D:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Crystal Internet Meter] D:\Program Files\Crystal Internet Meter\cimeter.exe
O4 - HKLM\..\RunServices: [Windows Update] WUpdate32.exe
O4 - HKLM\..\RunServices: [NTSF MICROSOFT SYSTEM] ntsf.exe
O4 - HKLM\..\RunServices: [NAV Auto Protect] navprotect.exe
O4 - HKLM\..\RunServices: [NAV Auto Updates] navupdaterx.exe
O4 - HKLM\..\RunServices: [McAfee Windows Protection] mcafee32.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunServices: [Windows Update] WUpdate32.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] D:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: ZoneAlarm Pro.lnk = D:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: ICQ 4 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O14 - IERESET.INF: START_PAGE_URL=http://www.mcafee.com
O16 - DPF: {0FC8B38E-9293-424C-9D0E-CE60775679CF} (SubClassEditCtrlContainer Class) - https://sube.garanti.com.tr/lib/JaguarEditControl.CAB
O16 - DPF: {53B8B406-42E4-4DD3-96E7-9DEC8CEB3DD8} (ICQVideoControl Class) - http://xtraz.icq.com/xtraz/activex/ICQVideoControl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1106159167730
O16 - DPF: {8FA9D107-547B-4DBC-9D88-FABD891EDB0A} (shizmoo Class) - http://playroom.icq.com/odyssey_web11.cab
O16 - DPF: {FB48C7B0-EB66-4BE6-A1C5-9DDF3C37249A} (MCSendMessageHandler Class) - http://xtraz.icq.com/xtraz/activex/MISBH.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F24B84D0-48F3-4EC8-B3DE-BDCD8DD9BB32}: NameServer = 195.175.37.14 195.175.37.69
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - D:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - D:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - D:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - D:\WINDOWS\system32\ZONELABS\vsmon.exe
O23 - Service: Windows 32-bit PnP Driver (winpnp32) - Unknown owner - D:\WINDOWS\System32\winpnp32.exe (file missing)
Also I'm pasting the log file of Hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 22:04:12, on 12.03.2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Norton AntiVirus\navapsvc.exe
D:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\ZONELABS\vsmon.exe
D:\Program Files\GlobespanVirata\Adsl\dslstat.exe
D:\Program Files\GlobespanVirata\Adsl\dslagent.exe
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\Program Files\Crystal Internet Meter\cimeter.exe
D:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
D:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
D:\WINDOWS\System32\devldr32.exe
D:\Program Files\ICQLite\ICQLite.exe
D:\WINDOWS\explorer.exe
D:\Program Files\NoAdware3\NoAdware3.exe
D:\Program Files\Maxthon\Maxthon.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Documents and Settings\Gungor\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotoffers.info/179/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mcafee.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R3 - URLSearchHook: transURL Class - {C7EDAB2E-D7F9-11D8-BA48-C79B0C409D70} - D:\WINDOWS\System32\SEARCH~1.DLL
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - D:\WINDOWS\nem220.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BL Class - {28F65FCB-D130-11D8-BA48-8BE0C49AF370} - D:\WINDOWS\System32\popup_bl.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [DSLSTATEXE] D:\Program Files\GlobespanVirata\Adsl\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] D:\Program Files\GlobespanVirata\Adsl\dslagent.exe
O4 - HKLM\..\Run: [ccApp] D:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] D:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Advanced Tools Check] D:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Crystal Internet Meter] D:\Program Files\Crystal Internet Meter\cimeter.exe
O4 - HKLM\..\RunServices: [Windows Update] WUpdate32.exe
O4 - HKLM\..\RunServices: [NTSF MICROSOFT SYSTEM] ntsf.exe
O4 - HKLM\..\RunServices: [NAV Auto Protect] navprotect.exe
O4 - HKLM\..\RunServices: [NAV Auto Updates] navupdaterx.exe
O4 - HKLM\..\RunServices: [McAfee Windows Protection] mcafee32.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunServices: [Windows Update] WUpdate32.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] D:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: ZoneAlarm Pro.lnk = D:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: ICQ 4 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O14 - IERESET.INF: START_PAGE_URL=http://www.mcafee.com
O16 - DPF: {0FC8B38E-9293-424C-9D0E-CE60775679CF} (SubClassEditCtrlContainer Class) - https://sube.garanti.com.tr/lib/JaguarEditControl.CAB
O16 - DPF: {53B8B406-42E4-4DD3-96E7-9DEC8CEB3DD8} (ICQVideoControl Class) - http://xtraz.icq.com/xtraz/activex/ICQVideoControl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1106159167730
O16 - DPF: {8FA9D107-547B-4DBC-9D88-FABD891EDB0A} (shizmoo Class) - http://playroom.icq.com/odyssey_web11.cab
O16 - DPF: {FB48C7B0-EB66-4BE6-A1C5-9DDF3C37249A} (MCSendMessageHandler Class) - http://xtraz.icq.com/xtraz/activex/MISBH.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F24B84D0-48F3-4EC8-B3DE-BDCD8DD9BB32}: NameServer = 195.175.37.14 195.175.37.69
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - D:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - D:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - D:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - D:\WINDOWS\system32\ZONELABS\vsmon.exe
O23 - Service: Windows 32-bit PnP Driver (winpnp32) - Unknown owner - D:\WINDOWS\System32\winpnp32.exe (file missing)
My hubby copied his ie folder in his registry and pasted into mine, (after renaming my original in case anything went horribly wrong and I had a girly screaming fit lol) worked a treat handy only if you have 2 pcs with the same os, just had to adjust home pages etc but no more blank!!! Norton lead you to a clean up recipe, have you tried that? Which is where hubby got the idea, Also my norton antivirus went spammy had to re install.
•
•
Join Date: Feb 2004
Posts: 10,096
Reputation: 
Solved Threads: 766
Hi Unlimited.
-
When we're done cleaning off your system, i'd recommend that you install all the critical windows updates available from Microsoft, upto service pack 1. This will help to make your system more secure and prevent many 'problems' from reoccuring in the future.
===============
Download, unzip to your desktop CWShredder and run it, then:
1. Click "Check For Update"
(If an update isn't available, skip to step #4.)
2. Click "Click here to Download the upate".
3. When the new version has been downloaded, click "Save".
4. Click "Fix ->"
===============
Now, let's open a command prompt and unregister the dll(s) we're going to remove, by entering the following:
regsvr32 /u popup_bl.dll
It's ok, if these aren't found or 'error' out. If you want, just copy and paste the individual lines to the command prompt to save on the typing.
===============
Run HiJackThis and click "Scan", then check(tick) the following, if present:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotoffers.info/179/
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - D:\WINDOWS\nem220.dll (file missing)
O2 - BHO: BL Class - {28F65FCB-D130-11D8-BA48-8BE0C49AF370} - D:\WINDOWS\System32\popup_bl.dll
O4 - HKLM\..\RunServices: [Windows Update] WUpdate32.exe
O4 - HKLM\..\RunServices: [NTSF MICROSOFT SYSTEM] ntsf.exe
O4 - HKLM\..\RunServices: [NAV Auto Protect] navprotect.exe
O4 - HKLM\..\RunServices: [NAV Auto Updates] navupdaterx.exe
O4 - HKLM\..\RunServices: [McAfee Windows Protection] mcafee32.exe
O4 - HKCU\..\RunServices: [Windows Update] WUpdate32.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
...(Unless you've set these with a anti-spyware program like SpyBot's Immunize feature, have HiJackThis fix this.)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{F24B84D0-48F3-4EC8-B3DE-BDCD8DD9BB32}: NameServer = 195.175.37.14 195.175.37.69
...(Verify that these ip addresses are for your isp's DNS Servers, if so, don't 'fix' these.)
Now, with all windows closed except HiJackThis, click "Fix checked".
===============
Locate and delete the following item(s), if present. Make sure your able to view system and hidden files/ folders:
files...
D:\WINDOWS\System32\popup_bl.dll
Search for...
WUpdate32.exe
ntsf.exe
navprotect.exe
navupdaterx.exe
mcafee32.exe
...using "Start | Search...".
-
Note that some of these file(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them from "Safe Mode".
===============
Go here and download and run Silent Runners.vbs. It generates a log, please post the information back in this thread.
===============
Post back a new log after rebooting and let me know how everything goes.
-
When we're done cleaning off your system, i'd recommend that you install all the critical windows updates available from Microsoft, upto service pack 1. This will help to make your system more secure and prevent many 'problems' from reoccuring in the future.
===============
Download, unzip to your desktop CWShredder and run it, then:
1. Click "Check For Update"
(If an update isn't available, skip to step #4.)
2. Click "Click here to Download the upate".
3. When the new version has been downloaded, click "Save".
4. Click "Fix ->"
===============
Now, let's open a command prompt and unregister the dll(s) we're going to remove, by entering the following:
regsvr32 /u popup_bl.dll
It's ok, if these aren't found or 'error' out. If you want, just copy and paste the individual lines to the command prompt to save on the typing.
===============
Run HiJackThis and click "Scan", then check(tick) the following, if present:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotoffers.info/179/
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - D:\WINDOWS\nem220.dll (file missing)
O2 - BHO: BL Class - {28F65FCB-D130-11D8-BA48-8BE0C49AF370} - D:\WINDOWS\System32\popup_bl.dll
O4 - HKLM\..\RunServices: [Windows Update] WUpdate32.exe
O4 - HKLM\..\RunServices: [NTSF MICROSOFT SYSTEM] ntsf.exe
O4 - HKLM\..\RunServices: [NAV Auto Protect] navprotect.exe
O4 - HKLM\..\RunServices: [NAV Auto Updates] navupdaterx.exe
O4 - HKLM\..\RunServices: [McAfee Windows Protection] mcafee32.exe
O4 - HKCU\..\RunServices: [Windows Update] WUpdate32.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
...(Unless you've set these with a anti-spyware program like SpyBot's Immunize feature, have HiJackThis fix this.)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{F24B84D0-48F3-4EC8-B3DE-BDCD8DD9BB32}: NameServer = 195.175.37.14 195.175.37.69
...(Verify that these ip addresses are for your isp's DNS Servers, if so, don't 'fix' these.)
Now, with all windows closed except HiJackThis, click "Fix checked".
===============
Locate and delete the following item(s), if present. Make sure your able to view system and hidden files/ folders:
files...
D:\WINDOWS\System32\popup_bl.dll
Search for...
WUpdate32.exe
ntsf.exe
navprotect.exe
navupdaterx.exe
mcafee32.exe
...using "Start | Search...".
-
Note that some of these file(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them from "Safe Mode".
===============
Go here and download and run Silent Runners.vbs. It generates a log, please post the information back in this thread.
===============
Post back a new log after rebooting and let me know how everything goes.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Opera AVAST anti-virus Comodo Firewall Spywareblaster
|
Similar Threads
- Specialgoods.info infection (Viruses, Spyware and other Nasties)
- HotOffers Hijack using Windows 95 (Viruses, Spyware and other Nasties)
- hijacked: hotoffers.com pop-up and search engine (Viruses, Spyware and other Nasties)
- Hotoffers Hijack!!!!! (Viruses, Spyware and other Nasties)
- Hotoffers problem (Viruses, Spyware and other Nasties)
- Another HotOffers Hijack (HJT log incl) (Viruses, Spyware and other Nasties)
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: HotOffers Hijack using Windows 95
- Next Thread: still having problems after hotoffers issue
| Thread Tools | Search this Thread |
Latest Viruses, Spyware and other Nasties Posts
Related Forum Features
Tag cloud for Viruses, Spyware and other Nasties
acrobat adobe adware anti-malware anti-virussitesaccessissue antivirus apple attack avg backtoschoolspeech bar blackhat botnet botnets censorship china commercial conficker connect control cyber cybercrime cyberwarfare ddos education email europe exam exploit fake fancheckvirus gaming gtaiv halloween herss.exe hijack hosting internet iphone kaspersky legal malware mcafee messagelabs microsoft mobile msn nazi news obama onlinethreats paedophile parents patch pdf phishing police policeprovirusmba-mblockedinternetaccess president pro problem redirect report research risk rogueantivirus rootkit samhain sans search security seopoisoning sites software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec system teen threat translate trojan unabletoaccessanti-virussites unwanted update usa virus viruses vista volume vulnerability war warning windows worm yahoo zero-day zeroday
