Hi, I'm one of the many people who has the hotoffers spyware problem. I don't have a clue how to handle this problem so here's my Hijack logfile:

Logfile of HijackThis v1.99.1
Scan saved at 20:25:50, on 9-3-2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Winamp3\winampa.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Documents and Settings\Siegfried Loidts\Bureaublad\HijackThis.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O17 - HKLM\System\CCS\Services\Tcpip\..\{1B81E13E-D51D-4849-B53A-DD2E714954E9}: NameServer =,
O17 - HKLM\System\CS1\Services\Tcpip\..\{1B81E13E-D51D-4849-B53A-DD2E714954E9}: NameServer =,
O17 - HKLM\System\CS2\Services\Tcpip\..\{1B81E13E-D51D-4849-B53A-DD2E714954E9}: NameServer =,
O20 - Winlogon Notify: draw32 - C:\WINNT\SYSTEM32\draw32.dll
O23 - Service: Logical Disk Manager Administrative-service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe

Thx in advance

Recommended Answers

All 2 Replies

Hi spadbal.


We'll need to unload Spybot's Teatimer before we begin. To do this, right-click on the icon in the quick launch toolbar at the bottom on the screen, then select "Exit".


Run HiJackThis then:

1. Click "Config..."
2. Click "Misc Tools"
3. Click "Open Process manager"


Next, while holding down the CTRL key, locate (if present) and click on (highlight) each of the following:


Now double-check and make sure that only those item(s) above are highlighted, then click "Kill process". Now, click "Refresh", check again, and repeat this step if any remain.


Run HiJackThis and click "Scan", then check(tick) the following, if present:

O20 - Winlogon Notify: draw32 - C:\WINNT\SYSTEM32\draw32.dll

Now, with all windows closed except HiJackThis, click "Fix checked".


Locate and delete the following item(s), if present. Make sure your able to view system and hidden files/ folders:




Note that some of these file(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them from "Safe Mode".


Post back a new log, and let me know how everything goes.

Hey Crunchie, thx for your help. I decided to reinstall Windows because I accidentally deleted an essenatial Windows file. Thx anyway.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, learning, and sharing knowledge.