1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Hijack this Log /known pt snoop etc

Discussion in 'Earlier Versions of Windows' started by Filewasp, Apr 23, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. Filewasp

    Filewasp Thread Starter

    Joined:
    Sep 12, 2003
    Messages:
    664
    Great, My friend at the pub has been mis-behaving. I ran spybot and adaware, (spybot found 36 badies) there seems to be some other ones I am missing and would think this should be a quick fix, however his cd burnerr was not recognised. If you my friends can let me know what ever else I should fix, I will do so and submit another log after and then try to run the burner. Thank you much. Here is the log:

    Logfile of HijackThis v1.97.7
    Scan saved at 10:25:20 PM, on 4/22/04
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\EVNTSVC.EXE
    C:\WINDOWS\ptsnoop.exe
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\HIJACKTHIS\HIJACKTHIS.EXE

    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb02.exe
    O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
    O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
    O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
    O4 - HKLM\..\RunOnce: [SpyBotSnD] "C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\SPYBOTSD.EXE" /autocheck
    O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\LimeShop\System\Temp\limeshop_script0.htm
    O9 - Extra button: Free Surfer (HKLM)
    O9 - Extra 'Tools' menuitem: Free Surfer (HKLM)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38099.8316782407
    O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2002121801/housecall.antivirus.com/housecall/xscan53.cab
     
  2. Filewasp

    Filewasp Thread Starter

    Joined:
    Sep 12, 2003
    Messages:
    664
    I fixed O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
    and did not see on the second hijack log the mention of the C:\WINDOWS\ptsnoop.exe
    one reboot spybot automatically ran wwhich I thought was odd, but when I had shut down I recieved a frozen screen that basically said:
    Windows referss to SYSTEM.INI but divice file no longer exists. If you want to use the application associated with this device file try reinstalling the device file. Try reinstalling that application to replace the missing file. vsdata95.vxd press any key.

    I rebooted by powering off (no option on that one) and ended up with the spybot scan (which found nothing) exited off of that and went on line. seems odd to me but just trying to clear this machine of malware. I will go to housecall now and see what that brings. Thanks ahead of it all. Steve
     
  3. Filewasp

    Filewasp Thread Starter

    Joined:
    Sep 12, 2003
    Messages:
    664
    No viruses will check back Friday 5 pm Washington State / California zone time.
     
  4. Lobos

    Lobos

    Joined:
    Mar 22, 2004
    Messages:
    248
  5. Filewasp

    Filewasp Thread Starter

    Joined:
    Sep 12, 2003
    Messages:
    664
    Thanks Lobos, I suppose I can re-apply that entry through the HiJack program if you are correct. It is surprising that I am now getting the prompt at boot up saying the vsdata95.vxd file is missing! Opps! Just tring to be helpful to my friend, but perhaps I need to research how to use the back up on the HijackThis program to re-enter the ptsnoop.exe entry. Gosh, I though I was getting this down. Will ponder it in the A.M. Thank you for your entry on this. Need my sleep.
     
  6. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/223090

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice