Hijack this Log /known pt snoop etc

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Filewasp

Thread Starter
Joined
Sep 12, 2003
Messages
664
Great, My friend at the pub has been mis-behaving. I ran spybot and adaware, (spybot found 36 badies) there seems to be some other ones I am missing and would think this should be a quick fix, however his cd burnerr was not recognised. If you my friends can let me know what ever else I should fix, I will do so and submit another log after and then try to run the burner. Thank you much. Here is the log:

Logfile of HijackThis v1.97.7
Scan saved at 10:25:20 PM, on 4/22/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\EVNTSVC.EXE
C:\WINDOWS\ptsnoop.exe
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb02.exe
O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
O4 - HKLM\..\RunOnce: [SpyBotSnD] "C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\SPYBOTSD.EXE" /autocheck
O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\LimeShop\System\Temp\limeshop_script0.htm
O9 - Extra button: Free Surfer (HKLM)
O9 - Extra 'Tools' menuitem: Free Surfer (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38099.8316782407
O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2002121801/housecall.antivirus.com/housecall/xscan53.cab
 

Filewasp

Thread Starter
Joined
Sep 12, 2003
Messages
664
I fixed O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
and did not see on the second hijack log the mention of the C:\WINDOWS\ptsnoop.exe
one reboot spybot automatically ran wwhich I thought was odd, but when I had shut down I recieved a frozen screen that basically said:
Windows referss to SYSTEM.INI but divice file no longer exists. If you want to use the application associated with this device file try reinstalling the device file. Try reinstalling that application to replace the missing file. vsdata95.vxd press any key.

I rebooted by powering off (no option on that one) and ended up with the spybot scan (which found nothing) exited off of that and went on line. seems odd to me but just trying to clear this machine of malware. I will go to housecall now and see what that brings. Thanks ahead of it all. Steve
 

Filewasp

Thread Starter
Joined
Sep 12, 2003
Messages
664
No viruses will check back Friday 5 pm Washington State / California zone time.
 

Filewasp

Thread Starter
Joined
Sep 12, 2003
Messages
664
Thanks Lobos, I suppose I can re-apply that entry through the HiJack program if you are correct. It is surprising that I am now getting the prompt at boot up saying the vsdata95.vxd file is missing! Opps! Just tring to be helpful to my friend, but perhaps I need to research how to use the back up on the HijackThis program to re-enter the ptsnoop.exe entry. Gosh, I though I was getting this down. Will ponder it in the A.M. Thank you for your entry on this. Need my sleep.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top