1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

ptsnoop.exe help

Discussion in 'Virus & Other Malware Removal' started by sanderstead, Oct 14, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. sanderstead

    sanderstead Thread Starter

    Joined:
    Oct 14, 2003
    Messages:
    10
    can some help me! trying to find out what i need to get rid of, i have ptsnoop.exe on my computer. i went to msconfig and clicked on the wni.ini tab and turn it off but it still there.

    can some one read this for me, and help me out. so that i will not erase something that might damage my computer.

    Logfile of HijackThis v1.97.3
    Scan saved at 7:45:26 PM, on 10/14/2003
    Platform: Windows 98 Gold (Win9x 4.10.1998)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\AVSYNMGR.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
    C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\VSSTAT.EXE
    C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\VSHWIN32.EXE
    C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\AVCONSOL.EXE
    C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\WEBSCANX.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\MY DOCUMENTS\MY PICTURES\HIJACKTHIS.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.earthlink.net/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://193.125.201.50
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie/button/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.earthlink.net/partner/more/msie/button/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by EarthLink
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://193.125.201.50
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://start.earthlink.net/channel/START
    R3 - Default URLSearchHook is missing
    F1 - win.ini: run=hpfsched
    O1 - Hosts: 193.125.201.50 msn.com
    O1 - Hosts: 193.125.201.50 search.msn.com
    O1 - Hosts: 193.125.201.50 auto.search.msn.com
    O1 - Hosts: 193.125.201.50 ie.search.msn.com
    O1 - Hosts: 193.125.201.46 thehun.net
    O1 - Hosts: 193.125.201.46 www.thehun.net
    O1 - Hosts: 193.125.201.46 thehun.com
    O1 - Hosts: 193.125.201.46 www.thehun.com
    O1 - Hosts: 193.125.201.50 sitefinder.verisign.com
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: (no name) - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - (no file)
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [POINTER] point32.exe
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [McAfeeVirusScanService] C:\Program Files\Network Associates\VirusScan\AVSYNMGR.EXE
    O4 - HKCU\..\Run: [E6TaskPanel] "C:\PROGRAM FILES\EARTHLINK TOTALACCESS\TASKPANL.EXE" -winstart
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O13 - DefaultPrefix: http://193.125.201.50/?trk=
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

    thanks
     
  2. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    sanderstead

    Welcome to TSG!

    I don't see ptsnoop in your log.

    Run Hijack This again and put a check by these. Close all browser windows and "Fix checked"

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://193.125.201.50

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://193.125.201.50

    R3 - Default URLSearchHook is missing

    F1 - win.ini: run=hpfsched

    O1 - Hosts: 193.125.201.50 msn.com
    O1 - Hosts: 193.125.201.50 search.msn.com
    O1 - Hosts: 193.125.201.50 auto.search.msn.com
    O1 - Hosts: 193.125.201.50 ie.search.msn.com
    O1 - Hosts: 193.125.201.46 thehun.net
    O1 - Hosts: 193.125.201.46 www.thehun.net
    O1 - Hosts: 193.125.201.46 thehun.com
    O1 - Hosts: 193.125.201.46 www.thehun.com
    O1 - Hosts: 193.125.201.50 sitefinder.verisign.com

    O3 - Toolbar: (no name) - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - (no file)

    O13 - DefaultPrefix: http://193.125.201.50/?trk=
    ___________________________________________________

    If you did not place these restrictions on IE yourself fix these two:

    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    ____________________________________________________


    Restart your computer
     
  3. sanderstead

    sanderstead Thread Starter

    Joined:
    Oct 14, 2003
    Messages:
    10
    thank you! flrman1

    can you also help me with this, too?

    StartupList report, 10/14/2003, 9:19:04 PM
    StartupList version: 1.52
    Started from : C:\MY DOCUMENTS\MY PICTURES\HIJACKTHIS.EXE
    Detected: Windows 98 Gold (Win9x 4.10.1998)
    Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    * Using default options
    ==================================================

    Running processes:

    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\AVSYNMGR.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\MY DOCUMENTS\MY PICTURES\HIJACKTHIS.EXE

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    ScanRegistry = C:\WINDOWS\scanregw.exe /autorun
    TaskMonitor = C:\WINDOWS\taskmon.exe
    SystemTray = SysTray.Exe
    LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    POINTER = point32.exe

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

    LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    McAfeeVirusScanService = C:\Program Files\Network Associates\VirusScan\AVSYNMGR.EXE

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run

    E6TaskPanel = "C:\PROGRAM FILES\EARTHLINK TOTALACCESS\TASKPANL.EXE" -winstart

    --------------------------------------------------

    Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

    Shell=Explorer.exe
    SCRNSAVE.EXE=
    drivers=mmsystem.dll power.drv

    --------------------------------------------------

    C:\WINDOWS\WININIT.BAK listing:
    (Created 14/10/2003, 19:4:28)

    [Rename]
    NUL=c:\windows\downloaded program files\maconnect.inf
    NUL=c:\windows\downloaded program files\maconnect.dll
    NUL=c:\windows\downloaded program files\istactivex.inf
    NUL=c:\windows\downloaded program files\istactivex.dll

    --------------------------------------------------

    C:\AUTOEXEC.BAT listing:

    C:\PROGRA~1\COMMON~1\NETWOR~1\VIRUSS~1\40~1.XX\scan.exe C:\
    IF ERRORLEVEL 1 PAUSE

    --------------------------------------------------


    Enumerating Browser Helper Objects:

    (no name) - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

    --------------------------------------------------

    Enumerating Download Program Files:

    [Shockwave Flash Object]
    InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX
    CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

    --------------------------------------------------

    Enumerating ShellServiceObjectDelayLoad items:

    WebCheck: C:\WINDOWS\SYSTEM\WEBCHECK.DLL

    --------------------------------------------------
    End of report, 3,599 bytes
    Report generated in 0.092 seconds

    Command line options:
    /verbose - to add additional info on each section
    /complete - to include empty sections and unsuspicious data
    /full - to include several rarely-important sections
    /force9x - to include Win9x-only startups even if running on WinNT
    /forcent - to include WinNT-only startups even if running on Win9x
    /forceall - to include all Win9x and WinNT startups, regardless of platform
    /history - to list version history only
     
  4. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    Everything looks OK to me.
     
  5. sanderstead

    sanderstead Thread Starter

    Joined:
    Oct 14, 2003
    Messages:
    10
    :) :) :) :) :) :D :D
    everything working great, thank you for all your help.
     
  6. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    My Pleasure :)

    Happy surfing! :D
     
  7. sanderstead

    sanderstead Thread Starter

    Joined:
    Oct 14, 2003
    Messages:
    10
    could you also help me with my work computer to see if there is anything that i might get rid of here too.

    thanks

    Logfile of HijackThis v1.97.3
    Scan saved at 10:00:04 AM, on 10/15/2003
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\AVSYNMGR.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\SYSTEM\HPZSTATX.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\HPJETDSC.EXE
    C:\JAM1\HIJACKTHIS.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.2.1:80
    R3 - Default URLSearchHook is missing
    F1 - win.ini: run=hpfsched
    O1 - Hosts: 207.44.240.65 ads.x10.com
    O1 - Hosts: 207.44.240.65 images.x10.com
    O1 - Hosts: 207.44.240.65 count.exitexchange.com
    O1 - Hosts: 207.44.240.65 servedby.netadvertising.com
    O1 - Hosts: 207.44.240.65 images.trafficmp.com
    O1 - Hosts: 207.44.240.65 ad.uk.doubleclick.net
    O1 - Hosts: 207.44.240.65 ad.ca.doubleclick.net
    O1 - Hosts: 207.44.240.65 ads.specificpop.com
    O1 - Hosts: 207.44.240.65 ads.specificclick.com
    O1 - Hosts: 207.44.240.65 ads.popupsponsor.com
    O1 - Hosts: 207.44.240.65 adfarm.mediaplex.com
    O1 - Hosts: 207.44.240.65 media.fastclick.net
    O1 - Hosts: 207.44.240.65 media1.fastclick.net
    O1 - Hosts: 207.44.240.65 media19.fastclick.net
    O1 - Hosts: 207.44.240.65 media28.fastclick.net
    O1 - Hosts: 207.44.240.65 media29.fastclick.net
    O1 - Hosts: 207.44.240.65 media39.fastclick.net
    O1 - Hosts: 207.44.240.65 adserv.internetfuel.com
    O1 - Hosts: 207.44.240.65 www.satellitepop.com
    O1 - Hosts: 207.44.240.65 count.exitexchange.com
    O1 - Hosts: 207.44.240.65 z1.adserver.com
    O1 - Hosts: 207.44.240.65 view.atdmt.com
    O1 - Hosts: 207.44.240.65 servedfor.valuead.com
    O1 - Hosts: 207.44.240.65 banners.valuead.com
    O1 - Hosts: 207.44.240.65 img.mediaplex.com
    O1 - Hosts: 207.44.240.65 ln.doubleclick.net
    O1 - Hosts: 207.44.240.65 m2.doubleclick.net
    O1 - Hosts: 207.44.240.65 m.doubleclick.net
    O1 - Hosts: 207.44.240.65 ad.doubleclick.net
    O1 - Hosts: 207.44.240.65 media28.fastclick.net
    O1 - Hosts: 207.44.240.65 media39.fastclick.net
    O1 - Hosts: 207.44.240.65 media.fastclick.net
    O1 - Hosts: 207.44.240.65 popuptraffic.com
    O1 - Hosts: 207.44.240.65 leader.linkexchange.com
    O1 - Hosts: 207.44.240.65 rad.msn.com
    O1 - Hosts: 207.44.240.65 view.atdmt.com
    O1 - Hosts: 207.44.240.65 iv.doubleclick.net
    O1 - Hosts: 207.44.240.65 focusin.ads.targetnet.com
    O1 - Hosts: 207.44.240.65 a.tribalfusion.com
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [ICONFIG] C:\IMAGEM~1\ICONFIG.EXE "Software\SanDisk Corporation\SanDisk ImageMate"
    O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
    O4 - HKLM\..\Run: [POINTER] point32.exe
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [McAfeeVirusScanService] c:\Program Files\Network Associates\VirusScan\AVSYNMGR.EXE
    O4 - HKCU\..\Run: [HP JetDiscovery] HPJETDSC.EXE
    O9 - Extra button: Yahoo! Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\AutoCAD 2000i\AcPreview.ocx
    O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\AutoCAD 2000i\AcDcToday.ocx
    O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred Control) - file://C:\AutoCAD 2000i\InstFred.ocx
    O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37894.2526851852
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB

    StartupList report, 10/15/2003, 10:00:48 AM
    StartupList version: 1.52
    Started from : C:\JAM1\HIJACKTHIS.EXE
    Detected: Windows 98 SE (Win9x 4.10.2222A)
    Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    * Using default options
    ==================================================

    Running processes:

    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\AVSYNMGR.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\SYSTEM\HPZSTATX.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\HPJETDSC.EXE
    C:\JAM1\HIJACKTHIS.EXE
    C:\WINDOWS\NOTEPAD.EXE

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    ScanRegistry = c:\windows\scanregw.exe /autorun
    TaskMonitor = c:\windows\taskmon.exe
    SystemTray = SysTray.Exe
    LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    ICONFIG = C:\IMAGEM~1\ICONFIG.EXE "Software\SanDisk Corporation\SanDisk ImageMate"
    mdac_runonce = C:\WINDOWS\SYSTEM\runonce.exe
    POINTER = point32.exe

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

    LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    McAfeeVirusScanService = c:\Program Files\Network Associates\VirusScan\AVSYNMGR.EXE

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run

    HP JetDiscovery = HPJETDSC.EXE

    --------------------------------------------------

    File association entry for .SCR:
    HKEY_CLASSES_ROOT\scr_auto_file\shell\open\command

    (Default) = c:\windows\NOTEPAD.EXE "%1"

    --------------------------------------------------

    Load/Run keys from C:\WINDOWS\WIN.INI:

    load=
    run=hpfsched

    --------------------------------------------------

    Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

    Shell=Explorer.exe
    SCRNSAVE.EXE=
    drivers=mmsystem.dll power.drv

    --------------------------------------------------

    C:\WINDOWS\WININIT.INI listing:
    (Created 15/10/2003, 8:21:56)

    [rename]
    NUL=c:\windows\TEMP\GLB1A2B.EXE

    --------------------------------------------------

    C:\WINDOWS\WININIT.BAK listing:
    (Created 15/10/2003, 8:16:0)

    [Rename]
    NUL=c:\windows\gatorplugin.log
    NUL=c:\windows\gatoruninstaller_cme_u.log
    NUL=c:\windows\gatoruninstaller_cme.log
    NUL=c:\windows\gatorpdpsetup.log
    NUL=c:\windows\system\rules.dat
    NUL=c:\windows\system\winstart001.exe
    NUL=c:\windows\system\sysreg.exe
    NUL=c:\windows\system\sbsrch_v2.dll
    NUL=c:\windows\system\bho2.dll
    NUL=c:\windows\system\msnie.dll
    NUL=c:\windows\system\hbinst.exe
    NUL=c:\windows\cookies\[email protected][2].txt
    NUL=c:\windows\cookies\[email protected][1].txt
    NUL=c:\windows\cookies\[email protected][2].txt
    NUL=c:\windows\cookies\[email protected][2].txt
    NUL=c:\windows\cookies\[email protected][1].txt
    NUL=c:\windows\cookies\[email protected][1].txt
    NUL=c:\windows\cookies\[email protected][2].txt
    NUL=c:\windows\cookies\[email protected][1].txt
    NUL=c:\windows\cookies\[email protected][1].txt
    NUL=c:\windows\cookies\[email protected][1].txt
    NUL=c:\windows\cookies\[email protected][2].txt
    NUL=c:\windows\cookies\[email protected][2].txt
    NUL=c:\windows\cookies\[email protected][1].txt
    NUL=c:\windows\cookies\[email protected][2].txt
    NUL=c:\windows\cookies\[email protected][1].txt
    NUL=c:\windows\cookies\[email protected][1].txt
    NUL=c:\windows\cookies\[email protected][2].txt
    NUL=c:\windows\cookies\[email protected][1].txt
    NUL=c:\windows\system\sbsrch_v22.dll
    NUL=c:\windows\system\owmngr.exe

    --------------------------------------------------

    C:\AUTOEXEC.BAT listing:

    SET PATH=%PATH%;C:\PROGRA~1\COMMON~1\AUTODE~1;C:\PROGRA~1\COMMON~1\FOLIOS~1
    c:\PROGRA~1\COMMON~1\NETWOR~1\VIRUSS~1\40~1.XX\scan.exe c:\
    IF ERRORLEVEL 1 PAUSE

    --------------------------------------------------


    Enumerating Browser Helper Objects:

    (no name) - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

    --------------------------------------------------

    Enumerating Download Program Files:

    [CV3 Class]
    InProcServer32 = C:\WINDOWS\SYSTEM\WUV3IS.DLL
    CODEBASE = http://windowsupdate.microsoft.com/R1044/V31Controls/x86/w98/en/actsetup.cab

    [Shockwave Flash Object]
    InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX
    CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

    [QuickTime Object]
    InProcServer32 = C:\WINDOWS\SYSTEM\QTPLUGIN.OCX
    CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab

    [AcPreview Control]
    InProcServer32 = C:\WINDOWS\DOWNLO~1\CONFLICT.1\ACPREV~1.OCX
    CODEBASE = file://C:\AutoCAD 2000i\AcPreview.ocx

    [AcDcToday Control]
    InProcServer32 = C:\WINDOWS\DOWNLO~1\CONFLICT.1\ACDCTO~1.OCX
    CODEBASE = file://C:\AutoCAD 2000i\AcDcToday.ocx

    [InstaFred Control]
    InProcServer32 = C:\WINDOWS\DOWNLO~1\CONFLICT.1\INSTFRED.OCX
    CODEBASE = file://C:\AutoCAD 2000i\InstFred.ocx

    [InstallShield International Setup Player]
    InProcServer32 = c:\WINDOWS\DOWNLO~1\ISETUP.DLL
    CODEBASE = http://www.installengine.com/engine/isetup.cab

    [Update Class]
    InProcServer32 = C:\WINDOWS\SYSTEM\IUCTL.DLL
    CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37894.2526851852

    [{33564D57-0000-0010-8000-00AA00389B71}]
    CODEBASE = http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB

    --------------------------------------------------

    Enumerating ShellServiceObjectDelayLoad items:

    WebCheck: C:\WINDOWS\SYSTEM\WEBCHECK.DLL

    --------------------------------------------------
    End of report, 6,614 bytes
    Report generated in 0.103 seconds

    Command line options:
    /verbose - to add additional info on each section
    /complete - to include empty sections and unsuspicious data
    /full - to include several rarely-important sections
    /force9x - to include Win9x-only startups even if running on WinNT
    /forcent - to include WinNT-only startups even if running on Win9x
    /forceall - to include all Win9x and WinNT startups, regardless of platform
    /history - to list version history only
     
  8. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    Run Hijack This again and put a check by these. Close all browser windows and "Fix checked"

    R3 - Default URLSearchHook is missing

    F1 - win.ini: run=hpfsched

    O1 - Hosts: 207.44.240.65 ads.x10.com
    O1 - Hosts: 207.44.240.65 images.x10.com
    O1 - Hosts: 207.44.240.65 count.exitexchange.com
    O1 - Hosts: 207.44.240.65 servedby.netadvertising.com
    O1 - Hosts: 207.44.240.65 images.trafficmp.com
    O1 - Hosts: 207.44.240.65 ad.uk.doubleclick.net
    O1 - Hosts: 207.44.240.65 ad.ca.doubleclick.net
    O1 - Hosts: 207.44.240.65 ads.specificpop.com
    O1 - Hosts: 207.44.240.65 ads.specificclick.com
    O1 - Hosts: 207.44.240.65 ads.popupsponsor.com
    O1 - Hosts: 207.44.240.65 adfarm.mediaplex.com
    O1 - Hosts: 207.44.240.65 media.fastclick.net
    O1 - Hosts: 207.44.240.65 media1.fastclick.net
    O1 - Hosts: 207.44.240.65 media19.fastclick.net
    O1 - Hosts: 207.44.240.65 media28.fastclick.net
    O1 - Hosts: 207.44.240.65 media29.fastclick.net
    O1 - Hosts: 207.44.240.65 media39.fastclick.net
    O1 - Hosts: 207.44.240.65 adserv.internetfuel.com
    O1 - Hosts: 207.44.240.65 www.satellitepop.com
    O1 - Hosts: 207.44.240.65 count.exitexchange.com
    O1 - Hosts: 207.44.240.65 z1.adserver.com
    O1 - Hosts: 207.44.240.65 view.atdmt.com
    O1 - Hosts: 207.44.240.65 servedfor.valuead.com
    O1 - Hosts: 207.44.240.65 banners.valuead.com
    O1 - Hosts: 207.44.240.65 img.mediaplex.com
    O1 - Hosts: 207.44.240.65 ln.doubleclick.net
    O1 - Hosts: 207.44.240.65 m2.doubleclick.net
    O1 - Hosts: 207.44.240.65 m.doubleclick.net
    O1 - Hosts: 207.44.240.65 ad.doubleclick.net
    O1 - Hosts: 207.44.240.65 media28.fastclick.net
    O1 - Hosts: 207.44.240.65 media39.fastclick.net
    O1 - Hosts: 207.44.240.65 media.fastclick.net
    O1 - Hosts: 207.44.240.65 popuptraffic.com
    O1 - Hosts: 207.44.240.65 leader.linkexchange.com
    O1 - Hosts: 207.44.240.65 rad.msn.com
    O1 - Hosts: 207.44.240.65 view.atdmt.com
    O1 - Hosts: 207.44.240.65 iv.doubleclick.net
    O1 - Hosts: 207.44.240.65 focusin.ads.targetnet.com
    O1 - Hosts: 207.44.240.65 a.tribalfusion.com

    O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe

    Restart your computer.
     
  9. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/172002

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice