Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Hotoffers.com [CLOSED]

Started by h8null , Mar 20 2005 03:16 AM

  • This topic is locked This topic is locked

#1
h8null
Posted 20 March 2005 - 03:16 AM

h8null

    New Member

  • Member
  • Pip
  • 7 posts
sorry last time i uploaded the logs.....here it goes again

Platform: Windows 98 SE (Win9x 4.10.2222A)

[full path to filename] [file version] [company name]
C:\WINDOWS\SYSTEM\KERNEL32.DLL 4.10.0.2222 Microsoft Corporation
C:\WINDOWS\SYSTEM\MSGSRV32.EXE 4.10.0.2222 Microsoft Corporation
C:\WINDOWS\SYSTEM\MPREXE.EXE 4.10.0.1998 Microsoft Corporation
C:\WINDOWS\SYSTEM\MSTASK.EXE 4.71.1972.1 Microsoft Corporation
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSRTE.EXE 9.0.0.10 Networks Associates Technology, Inc
C:\WINDOWS\SYSTEM\mmtask.tsk 4.3.0.1998 Microsoft Corporation
C:\WINDOWS\EXPLORER.EXE 4.72.3110.1 Microsoft Corporation
C:\WINDOWS\SYSTEM\SYSTRAY.EXE 4.10.0.2222 Microsoft Corporation
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOTDD01.EXE 1.0.0.1 Hewlett-Packard
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHLD.EXE 9.0.0.7 Networks Associates Technology, Inc
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE 5.0.0.2 McAfee, Inc
C:\WINDOWS\ptsnoop.exe
C:\PROGRAM FILES\MCAFEE\MCAFEE ANTISPYWARE\MSSCLI.EXE 1.0.1117.0 Network Associates, Inc.
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSESCN.EXE 9.0.0.8 Networks Associates Technology, Inc
C:\WINDOWS\SYSTEM\STIMON.EXE 4.10.0.2222 Microsoft Corporation
C:\WINDOWS\SYSTEM\WMIEXE.EXE 5.0.1755.1 Microsoft Corporation
C:\PROGRAM FILES\MSN APPS\UPDATER\01.02.3000.1001\HI\MSNAPPAU.EXE 1.2.3000.1001 Microsoft Corporation
C:\WINDOWS\SYSTEM\SPOOL32.EXE 4.10.0.1998 Microsoft Corporation
C:\WINDOWS\RUNDLL32.EXE 4.10.0.1998 Microsoft Corporation
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSFTSN.EXE 9.0.0.0 Networks Associates Technology, Inc
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE 6.0.2800.1106 Microsoft Corporation
C:\WINDOWS\SYSTEM\DDHELP.EXE 4.9.0.900 Microsoft Corporation
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE 6.0.2800.1106 Microsoft Corporation
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE 1.98.0.2 Soeperman Enterprises Ltd.



Logfile of HijackThis v1.98.2
Scan saved at 2:38:32 PM, on 3/20/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSRTE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOTDD01.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHLD.EXE
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE
C:\WINDOWS\ptsnoop.exe
C:\PROGRAM FILES\MCAFEE\MCAFEE ANTISPYWARE\MSSCLI.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSESCN.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\MSN APPS\UPDATER\01.02.3000.1001\HI\MSNAPPAU.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSFTSN.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotoffers.info/253/
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\HI\MSNTB.DLL (file missing)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHL.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [McRegWiz] C:\Program Files\McAfee.com\Agent\McRegWiz.exe /autorun
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\MCAFEE.COM\VSO\MCMNHDLR.EXE" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "C:\PROGRA~1\MCAFEE.COM\VSO\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\MCAFEE.COM\AGENT\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGENT\MCUPDATE.EXE
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
O4 - HKLM\..\Run: [_AntiSpyware] C:\PROGRAM FILES\MCAFEE\MCAFEE ANTISPYWARE\MssCli.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [Srv32 spool service] C:\WINDOWS\System\spoolsrv32.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [McVsRte] C:\PROGRA~1\MCAFEE.COM\VSO\mcvsrte.exe /embedding
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRAM FILES\YAHOO!\MESSENGER\ypager.exe -quiet
O4 - HKCU\..\Run: [winltmpv] c:\windows\nvsvwc.exe
O4 - HKCU\..\Run: [Srv32 spool service] C:\WINDOWS\System\spoolsrv32.exe
O4 - HKCU\..\RunServices: [Yahoo! Pager] C:\PROGRAM FILES\YAHOO!\MESSENGER\ypager.exe -quiet
O4 - HKCU\..\RunServices: [winltmpv] c:\windows\nvsvwc.exe
O4 - HKCU\..\RunServices: [Srv32 spool service] C:\WINDOWS\System\spoolsrv32.exe
O8 - Extra context menu item: Download with FlashGet - F:\PROGRAM FILES\FLASHGET\jc_link.htm
O8 - Extra context menu item: Download All with FlashGet - F:\PROGRAM FILES\FLASHGET\jc_all.htm
O8 - Extra context menu item: Download using LeechGet Wizard - file://D:\PROGRAM FILES\LEECHGET 2004\\Wizard.html
O8 - Extra context menu item: Download using LeechGet - file://D:\PROGRAM FILES\LEECHGET 2004\\AddUrl.html
O8 - Extra context menu item: Parse with LeechGet - file://D:\PROGRAM FILES\LEECHGET 2004\\Parser.html
O8 - Extra context menu item: Download with Go!Zilla - file://C:\PROGRAM FILES\GO!ZILLA\download-with-gozilla.html
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
  • 0

Advertisements

#2
Daemon
Posted 20 March 2005 - 04:25 AM

Daemon

    Security Expert

  • Retired Staff
  • 4,356 posts
  • MVP
Please open HJT>Config>Misc Tools and update to v1.99.1

Go here and run online scans (all), allow them to delete whatever they find:

TrendMicro HouseCall
eTrust AntiVirus Web Scanner
Panda ActiveScan
Bitdefender
Command on Demand

Reboot when done. Rescan with HJT and post a new log here so that any remnants can be removed manually.
  • 0

#3
h8null
Posted 20 March 2005 - 07:02 AM

h8null

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
performed the scans as suggested


here are the running processes

Process list saved on 6:28:10 PM, on 3/20/05
Platform: Windows 98 SE (Win9x 4.10.2222A)

[pid] [full path to filename] [file version] [company name]
-3148783 C:\WINDOWS\SYSTEM\KERNEL32.DLL 4.10.0.2222 Microsoft Corporation
-24331 C:\WINDOWS\SYSTEM\MSGSRV32.EXE 4.10.0.2222 Microsoft Corporation
-18587 C:\WINDOWS\SYSTEM\MPREXE.EXE 4.10.0.1998 Microsoft Corporation
-110811 C:\WINDOWS\SYSTEM\mmtask.tsk 4.3.0.1998 Microsoft Corporation
-117287 C:\WINDOWS\SYSTEM\MSTASK.EXE 4.71.1972.1 Microsoft Corporation
-88535 C:\WINDOWS\EXPLORER.EXE 4.72.3110.1 Microsoft Corporation
-154855 C:\WINDOWS\SYSTEM\SYSTRAY.EXE 4.10.0.2222 Microsoft Corporation
-254939 C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOTDD01.EXE 1.0.0.1 Hewlett-Packard
-250599 C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHLD.EXE 9.0.0.7 Networks Associates Technology, Inc
-206135 C:\PROGRAM FILES\MCAFEE\MCAFEE ANTISPYWARE\MSSCLI.EXE 1.0.1117.0 Network Associates, Inc.
-132835 C:\WINDOWS\SYSTEM\STIMON.EXE 4.10.0.2222 Microsoft Corporation
-360295 C:\PROGRAM FILES\YAHOO!\MESSENGER\YMSGR_TRAY.EXE
-427075 C:\WINDOWS\SYSTEM\WMIEXE.EXE 5.0.1755.1 Microsoft Corporation
-360047 C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE 6.0.2800.1106 Microsoft Corporation
-588627 C:\WINDOWS\SYSTEM\SPOOL32.EXE 4.10.0.1998 Microsoft Corporation
-395203 C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE 1.99.0.1 Soeperman Enterprises Ltd.


Logfile of HijackThis v1.99.1
Scan saved at 6:27:45 PM, on 3/20/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOTDD01.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHLD.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE ANTISPYWARE\MSSCLI.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YMSGR_TRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotoffers.info/253/
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\HI\MSNTB.DLL (file missing)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHL.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [McRegWiz] C:\Program Files\McAfee.com\Agent\McRegWiz.exe /autorun
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\MCAFEE.COM\VSO\MCMNHDLR.EXE" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "C:\PROGRA~1\MCAFEE.COM\VSO\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\MCAFEE.COM\AGENT\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGENT\McUpdate.exe
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
O4 - HKLM\..\Run: [_AntiSpyware] C:\PROGRAM FILES\MCAFEE\MCAFEE ANTISPYWARE\MssCli.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [Srv32 spool service] C:\WINDOWS\System\spoolsrv32.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [McVsRte] C:\PROGRA~1\MCAFEE.COM\VSO\mcvsrte.exe /embedding
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRAM FILES\YAHOO!\MESSENGER\ypager.exe -quiet
O4 - HKCU\..\Run: [winltmpv] c:\windows\nvsvwc.exe
O4 - HKCU\..\Run: [Srv32 spool service] C:\WINDOWS\System\spoolsrv32.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SPYSWEEPER.EXE" /0
O4 - HKCU\..\RunOnce: [CleanUp!] C:\PROGRAM FILES\CLEANUP!\CLEANUP.exe /WindowsRestart
O4 - HKCU\..\RunServicesOnce: [CleanUp!] C:\PROGRAM FILES\CLEANUP!\CLEANUP.exe /WindowsRestart
O8 - Extra context menu item: Download with FlashGet - F:\PROGRAM FILES\FLASHGET\jc_link.htm
O8 - Extra context menu item: Download All with FlashGet - F:\PROGRAM FILES\FLASHGET\jc_all.htm
O8 - Extra context menu item: Download using LeechGet Wizard - file://D:\PROGRAM FILES\LEECHGET 2004\\Wizard.html
O8 - Extra context menu item: Download using LeechGet - file://D:\PROGRAM FILES\LEECHGET 2004\\AddUrl.html
O8 - Extra context menu item: Parse with LeechGet - file://D:\PROGRAM FILES\LEECHGET 2004\\Parser.html
O8 - Extra context menu item: Download with Go!Zilla - file://C:\PROGRAM FILES\GO!ZILLA\download-with-gozilla.html
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefend...bitdefender.cab
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) - http://www.commandon...cabs/cssweb.cab

please help
  • 0

#4
Daemon
Posted 20 March 2005 - 07:14 AM

Daemon

    Security Expert

  • Retired Staff
  • 4,356 posts
  • MVP
You are running HijackThis from the Desktop; please create a new folder for it and move the program into the new folder

Make sure that you have no browser windows open as this could prevent the fix from working properly. Open HijackThis, scan and when complete, remove the following entries by checking the box to the left and clicking 'fixed checked':

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotoffers.info/253/
O4 - HKLM\..\Run: [Srv32 spool service] C:\WINDOWS\System\spoolsrv32.exe
O4 - HKCU\..\Run: [winltmpv] c:\windows\nvsvwc.exe
O4 - HKCU\..\Run: [Srv32 spool service] C:\WINDOWS\System\spoolsrv32.exe

Exit HijackThis when done. Reboot into Safe Mode by tapping F8 after the BIOS has loaded. Using Windows Explorer, find and delete the following:

C:\WINDOWS\System\spoolsrv32.exe
c:\windows\nvsvwc.exe

Exit Explorer and reboot into Normal Mode. Rescan with HijackThis and post a new log here.
  • 0

#5
h8null
Posted 20 March 2005 - 11:59 AM

h8null

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
I am sorry to say that the home page still is hotoffers.com even though i tried to change it....Here is the new log


Logfile of HijackThis v1.99.1
Scan saved at 11:21:35 PM, on 3/20/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOTDD01.EXE
C:\WINDOWS\ptsnoop.exe
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YMSGR_TRAY.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\DESKTOP\HIJACK\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotoffers.info/253/
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\HI\MSNTB.DLL (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRAM FILES\YAHOO!\MESSENGER\ypager.exe -quiet
O4 - HKCU\..\RunServices: [Yahoo! Pager] C:\PROGRAM FILES\YAHOO!\MESSENGER\ypager.exe -quiet
O4 - HKCU\..\RunOnce: [CleanUp!] C:\PROGRAM FILES\CLEANUP!\CLEANUP.exe /WindowsRestart
O4 - HKCU\..\RunServicesOnce: [CleanUp!] C:\PROGRAM FILES\CLEANUP!\CLEANUP.exe /WindowsRestart
O8 - Extra context menu item: Download with FlashGet - F:\PROGRAM FILES\FLASHGET\jc_link.htm
O8 - Extra context menu item: Download All with FlashGet - F:\PROGRAM FILES\FLASHGET\jc_all.htm
O8 - Extra context menu item: Download using LeechGet Wizard - file://D:\PROGRAM FILES\LEECHGET 2004\\Wizard.html
O8 - Extra context menu item: Download using LeechGet - file://D:\PROGRAM FILES\LEECHGET 2004\\AddUrl.html
O8 - Extra context menu item: Parse with LeechGet - file://D:\PROGRAM FILES\LEECHGET 2004\\Parser.html
O8 - Extra context menu item: Download with Go!Zilla - file://C:\PROGRAM FILES\GO!ZILLA\download-with-gozilla.html
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefend...bitdefender.cab
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) - http://www.commandon...cabs/cssweb.cab
  • 0

#6
Daemon
Posted 20 March 2005 - 12:10 PM

Daemon

    Security Expert

  • Retired Staff
  • 4,356 posts
  • MVP
Persistent huh? The usual suspects that bring this back aren't showing in your log. Do this for me. Click here to download eScan's mwav application. Double-click it to run it, select all local drives, scan all files, press 'scan' and when it is completed, anything found will be displayed in the lower pane. Highlight it, CTRL C and paste it in your next reply.
  • 0

#7
h8null
Posted 20 March 2005 - 06:33 PM

h8null

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
it doesnt seem to be responding in my 98. Is it ok if i run the program in xp and do the same/???
  • 0

#8
h8null
Posted 21 March 2005 - 10:48 AM

h8null

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
someone please helpp
  • 0

#9
Daemon
Posted 21 March 2005 - 12:53 PM

Daemon

    Security Expert

  • Retired Staff
  • 4,356 posts
  • MVP
Do you have a dual boot? Two hard drives? Your Win98 system is the one infected - please provide more information about the 'doesnt seem to be responding'
  • 0

#10
Daemon
Posted 27 March 2005 - 03:53 AM

Daemon

    Security Expert

  • Retired Staff
  • 4,356 posts
  • MVP
Do you still require help - if so do this. Download and run Silent Runners.vbs from HERE

It generates a log, please post the information back in this thread
  • 0

#11
regulator
Posted 29 March 2005 - 07:44 AM

regulator

    Member

  • Member
  • PipPip
  • 33 posts
h8null ... I am having the same problem as you. I have also posted a topic on this ... the web add is: http://www.geekstogo...nfo-t14051.html ... you might want to check here just in case someone has help for me.
  • 0

#12
Daemon
Posted 23 July 2005 - 07:52 AM

Daemon

    Security Expert

  • Retired Staff
  • 4,356 posts
  • MVP
Due to inactivity this topic will be closed.

If you need this topic reopened, please email the moderating team - be sure to include the address of the thread and the name you posted under.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP