Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Help me to remove hotoffer P_L_E_S_E

Started by skywalker , Apr 22 2005 09:55 AM

  • Please log in to reply

#1
skywalker
Posted 22 April 2005 - 09:55 AM

skywalker

    New Member

  • Member
  • Pip
  • 3 posts
My Laptop infected with hotoffer spyware and there are all sex ads on the display background, which I have try with Spybot Search & Destroy and Spy remover but failed. I also try as instructions from other topics but failed also.

This laptop is belong to my company and I have to choose a conner to seat in the office to avoide other people looking onto my laptop's display.

PLEASE HELP ME OUT!
Below is the logs of hijack this.


Logfile of HijackThis v1.99.1
Scan saved at 10:44:56 PM, on 4/22/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\msdtc.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\System32\drivers\CDAC11BA.EXE
C:\WINNT\system32\crypserv.exe
C:\PROGRA~1\NavNT\DefWatch.exe
C:\WINNT\System32\mnmsrvc.exe
C:\PROGRA~1\NavNT\rtvscan.exe
C:\Program Files\Common Files\OPC Foundation\OPCENUM.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\System32\locator.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\Slave.exe
C:\WINNT\System32\snmp.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\pctspk.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\NavNT\vptray.exe
C:\WINNT\system32\PRPCUI.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotoffers.info/066/
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_5_5_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\MSDXM.OCX
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_5_5_0.dll
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\NavNT\vptray.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKCU\..\Run: [Internat.exe] internat.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} -
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = tp1.ad1.tetrapak.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{5A4496C2-E847-46C5-84B6-B52AEB95C9FD}: NameServer = 203.162.0.11 203.162.4.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = tp1.ad1.tetrapak.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = tp1.ad1.tetrapak.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = tp1.ad1.tetrapak.com
O20 - Winlogon Notify: NavLogon - C:\WINNT\System32\NavLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINNT\System32\drivers\CDAC11BA.EXE
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINNT\SYSTEM32\crypserv.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\NavNT\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Harmony - Rockwell Software Inc. - C:\PROGRA~1\ROCKWE~1\RSCOMMON\RSOBSERV.EXE
O23 - Service: IA Analysing v2.0 (IACtrl) - Unknown owner - C:\Program Files\Pointdev\Ideal Administration\IACtrl.exe (file missing)
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\NavNT\rtvscan.exe
O23 - Service: OPCEnum - Unknown owner - C:\Program Files\Common Files\OPC Foundation\OPCENUM.EXE
O23 - Service: RSLinx - Rockwell Software, Inc. - C:\PROGRA~1\ROCKWE~1\RSLINX\RSLINX.EXE
O23 - Service: RA Server (Slave) - TWD Industries, LLC - C:\WINNT\Slave.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\WINNT\Pointdev\VNC\WinVNC.exe" -service (file missing)
  • 0

Advertisements

#2
RKinner
Posted 22 April 2005 - 10:32 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
I think Spybot may be causing part of your problem. Let's turn it off temporarily: run HijackThis again (Scan Only is all we need) and check the boxes in front of its two processes and then Fix Checked. Ignore any warnings. Tell it Yes or OK.

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

Reboot, run HijackThis again (Scan Only is all we need) and then check the boxes in front of these and press Fix Checked.
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotoffers.info/066/
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} -

These last two are remote control services that allow you OR someone you don't know to access your PC. If you did not put them there then check them too.

O23 - Service: RA Server (Slave) - TWD Industries, LLC - C:\WINNT\Slave.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\WINNT\Pointdev\VNC\WinVNC.exe" -service (file missing)

Run the HijackThis scan a second time. Did any of the ones we removed come back?

If I understand you correctly your desktop is ugly too. Start, Settings, Control Panel, Display, and on the Background page change the wallpaper to something else then press Apply. Switch to the Web tab and uncheck the Show Web Content on My Active Desktop. OK.

Let me know if you can't change your desktop and also post a new HijackThis log.

Ron
  • 0

#3
skywalker
Posted 24 April 2005 - 08:01 AM

skywalker

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Dear Ron,

I have followed your instrutions and removed some. Unfortunately for me that three points below still remains though I tried to remove them in safe mode:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotoffers.info/066/
O23 - Service: RA Server (Slave) - TWD Industries, LLC - C:\WINNT\Slave.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\WINNT\Pointdev\VNC\WinVNC.exe" -service (file missing)

Please help me!
Thank you in advance


Hereafter my newest log:
Logfile of HijackThis v1.99.1
Scan saved at 7:07:56 PM, on 4/24/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\msdtc.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\System32\drivers\CDAC11BA.EXE
C:\PROGRA~1\NavNT\DefWatch.exe
C:\WINNT\System32\mnmsrvc.exe
C:\PROGRA~1\NavNT\rtvscan.exe
C:\Program Files\Common Files\OPC Foundation\OPCENUM.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\System32\locator.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\Slave.exe
C:\WINNT\System32\snmp.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\pctspk.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\NavNT\vptray.exe
C:\WINNT\system32\PRPCUI.exe
C:\WINNT\system32\internat.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotoffers.info/066/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\MSDXM.OCX
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\NavNT\vptray.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKCU\..\Run: [Internat.exe] internat.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = tp1.ad1.tetrapak.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = tp1.ad1.tetrapak.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = tp1.ad1.tetrapak.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = tp1.ad1.tetrapak.com
O20 - Winlogon Notify: NavLogon - C:\WINNT\System32\NavLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINNT\System32\drivers\CDAC11BA.EXE
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINNT\SYSTEM32\crypserv.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\NavNT\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Harmony - Rockwell Software Inc. - C:\PROGRA~1\ROCKWE~1\RSCOMMON\RSOBSERV.EXE
O23 - Service: IA Analysing v2.0 (IACtrl) - Unknown owner - C:\Program Files\Pointdev\Ideal Administration\IACtrl.exe (file missing)
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\NavNT\rtvscan.exe
O23 - Service: OPCEnum - Unknown owner - C:\Program Files\Common Files\OPC Foundation\OPCENUM.EXE
O23 - Service: RA Server (Slave) - TWD Industries, LLC - C:\WINNT\Slave.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\WINNT\Pointdev\VNC\WinVNC.exe" -service (file missing)
  • 0

#4
RKinner
Posted 24 April 2005 - 12:54 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Rereading your original post:

To get rid of the stuff in the background try:

Start, Settings, Control Panel, Display which should bring up the Display Properties-Background page. Checnge the wallpaper to something else. Now select the Web tab. On the Web tab there should be a box in front of Show Web Content on My Active Desktop. Uncheck the box. OK.

If unable to get into Display Properties try:

Start, Run, regedit, OK to bring up the registry editor.

find HKey_Current_User->Software ->Microsoft->Windows->CurrentVersion>policies (Hit the + sign in front of each Key as you find them. That will open up the subkeys.)

Under Policies is usually an entry named System. If you find it highlight it and press the Delete key. Then OK. Close the program and reboot. then try the Display Properies again.

For the two O23 entries:

O23 - Service: RA Server (Slave) - TWD Industries, LLC - C:\WINNT\Slave.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\WINNT\Pointdev\VNC\WinVNC.exe" -service (file missing)

Start then right click on My Computer and press Manage. In the new window
Service and Applications then Services. In the right pane scroll down and find
the RA Server . Double click on it and and then set the Start Type
to Disabled. Then OK. Repeat for WinVNC Server.

Then run HijackThis again and check the three that didn't go away before and then reboot.

If hotoffers is still there then I hope you have a fast link. You will need to download and run mwave.exe from:

http://www.spywarein...wnload/mwav.exe

This will unpack itself and install itself. Just accept the defaults then run it. It will take hours to run but should get rid of your hotoffers.

Ron
  • 0

#5
skywalker
Posted 01 May 2005 - 01:07 AM

skywalker

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Dear Ron,

I have scanned my laptop by MWAV then found:

File C:\WINNT\System32\param32.dll infected by "not-a-virus:AdWare.Serpo.j" Virus. Action Taken: No Action Taken.

and kill Param32.dll by Killbox. Then use Hijackthis to remove Hottoffer.com
SUSCESSFULLY.

I can change wallpaper though Control panel/display but righ button of mouse has been disable in desktop & windows explorer. I can not open property of my computer also.

Please help me!
My MWAV log:
File C:\WINNT\Pointdev\VNC\WinVNC.exe tagged as not-a-virus:RiskWare.RemoteAdmin.WinVNC-based.b. No Action Taken.
File System Found infected by "Alexa Spyware/Adware" Virus. Action Taken: No Action Taken.
File C:\WINNT\ms1.exe infected by "Trojan-Clicker.Win32.Spywad.b" Virus. Action Taken: No Action Taken.
File C:\WINNT\ms3.exe infected by "Trojan-Dropper.Win32.Small.vn" Virus. Action Taken: No Action Taken.
File C:\WINNT\popup.html infected by "Trojan-Clicker.Win32.Spywad.b" Virus. Action Taken: No Action Taken.
File C:\WINNT\_MSRSTRT.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\WINNT\G infected by "BkCln.Unknown" Virus. Action Taken: No Action Taken.
File C:\WINNT\O infected by "BkCln.Unknown" Virus. Action Taken: No Action Taken.
File C:\WINNT\U infected by "BkCln.Unknown" Virus. Action Taken: No Action Taken.
File C:\WINNT\system32\Cup.exe infected by "Trojan-Clicker.Win32.Spywad.b" Virus. Action Taken: No Action Taken.

Logfile of HijackThis v1.99.1
Scan saved at 12:21:20 PM, on 5/1/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\msdtc.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\System32\drivers\CDAC11BA.EXE
C:\WINNT\system32\crypserv.exe
C:\PROGRA~1\NavNT\DefWatch.exe
C:\WINNT\System32\mnmsrvc.exe
C:\PROGRA~1\NavNT\rtvscan.exe
C:\Program Files\Common Files\OPC Foundation\OPCENUM.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\System32\locator.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\Slave.exe
C:\WINNT\System32\snmp.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\pctspk.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\NavNT\vptray.exe
C:\WINNT\system32\PRPCUI.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fpt.vn/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\MSDXM.OCX
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\NavNT\vptray.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKCU\..\Run: [Internat.exe] internat.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = tp1.ad1.tetrapak.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = tp1.ad1.tetrapak.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = tp1.ad1.tetrapak.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = tp1.ad1.tetrapak.com
O20 - Winlogon Notify: NavLogon - C:\WINNT\System32\NavLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINNT\System32\drivers\CDAC11BA.EXE
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINNT\SYSTEM32\crypserv.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\NavNT\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Harmony - Rockwell Software Inc. - C:\PROGRA~1\ROCKWE~1\RSCOMMON\RSOBSERV.EXE
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\NavNT\rtvscan.exe
O23 - Service: OPCEnum - Unknown owner - C:\Program Files\Common Files\OPC Foundation\OPCENUM.EXE
O23 - Service: RA Server (Slave) - TWD Industries, LLC - C:\WINNT\Slave.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\WINNT\Pointdev\VNC\WinVNC.exe" -service (file missing)
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP