TheTechGuide Forum
General Category => Tech Clinic => Topic started by: ababyspice on March 13, 2005, 05:07:51 PM
-
Please could someone help me with how to deal with this hikack file. Here is the log
Logfile of HijackThis v1.99.1
Scan saved at 21:53:26, on 13/03/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.51 (5.51.4807.2300)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\PTSNOOP.EXE
C:\WINDOWS\STARTER.EXE
C:\WINDOWS\MK9805.EXE
C:\PROGRAM FILES\MSN APPS\UPDATER\01.02.3000.1001\EN-GB\MSNAPPAU.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\HJT\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.iesearch.freeserve.net/iesearch/default.htm (http://\"http://www.iesearch.freeserve.net/iesearch/default.htm\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ntlworld.com/ (http://\"http://www.ntlworld.com/\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Freeserve
F1 - win.ini: load=PTSNOOP.EXE
O2 - BHO: WaveHelper Class - {EA7F9A52-0A05-11D2-98C5-00104B7229C2} - C:\PROGRAM FILES\WAVETOP\BIN\WAVEIE.DLL
O2 - BHO: (no name) - {64AF335C-C21D-5DB0-8753-60550DA82D49} - C:\WINDOWS\SYSTEM\WCFCW.DLL
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-GB\MSNTB.DLL
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\PROGRAM FILES\MSN APPS\ST\01.02.3000.1002\EN-XU\STMAIN.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-GB\MSNTB.DLL
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [CHotKey] mk9805.exe
O4 - HKLM\..\Run: [msnappau] "c:\program files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe"
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [MMSystem] C:\WINDOWS\rundll32.exe "c:\windows\system\mmsystem.dll"", RunDll32
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [MMSystem] C:\WINDOWS\rundll32.exe "c:\windows\system\mmsystem.dll"", RunDll32
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Freeserve - {546D6D80-1E9E-11D3-B65B-88215C0F8173} - http://www.freeserve.net/ (http://\"http://www.freeserve.net/\") (file missing) (HKCU)
O12 - Plugin for .wav: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.ntlworld.com/
O16 - DPF: Win32 Classes - file://c:\windows\Java\classes\win32ie4.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/23e69482cc1bb3...ip/RdxIE601.cab (http://\"http://software-dl.real.com/23e69482cc1bb3f51a06/netzip/RdxIE601.cab\")
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-beta.trendmicro.com/housecall/xscan60.cab (http://\"http://housecall-beta.trendmicro.com/housecall/xscan60.cab\")
O18 - Protocol: wavetop - (no CLSID) - (no file)
-
Sorry for the delay, can you do me a favor
Open Hijackthis>>Open Misc Tools Section>>Open Hosts file Manager
Click OPEN IN NOTEPAD
Copy and paste back the results from the notepad file back here
Could you also let me know if you see any of these files on your hard drive
Exact spelling in the exact locations
You may have to set windows to show hidden files and folders
* Open My Computer.
* Select the View menu and click Folder Options.
* Select the View Tab.
* In the Hidden files section select Show all files.
* Uncheck Hide Extensions for known file types
* Click OK.
c:\windows\system\explorer.exe
c:\windows\system\iexplore.exe
c:\windows\system\userinit32.exe
c:\funny.exe
-
I had to delete my hosts file so this is what it says now;
Logfile of HijackThis v1.99.1
Scan saved at 19:06:02, on 16/05/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.51 (5.51.4807.2300)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\PTSNOOP.EXE
C:\WINDOWS\STARTER.EXE
C:\WINDOWS\MK9805.EXE
C:\PROGRAM FILES\MSN APPS\UPDATER\01.02.3000.1001\EN-GB\MSNAPPAU.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\MMTTGLZZ.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\HJT\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.iesearch.freeserve.net/iesearch/default.htm (http://\"http://www.iesearch.freeserve.net/iesearch/default.htm\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ntlworld.com/ (http://\"http://www.ntlworld.com/\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Freeserve
F1 - win.ini: load=PTSNOOP.EXE
O2 - BHO: WaveHelper Class - {EA7F9A52-0A05-11D2-98C5-00104B7229C2} - C:\PROGRAM FILES\WAVETOP\BIN\WAVEIE.DLL
O2 - BHO: (no name) - {64AF335C-C21D-5DB0-8753-60550DA82D49} - C:\WINDOWS\SYSTEM\WCFCW.DLL
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.4000.1001\EN-GB\MSNTB.DLL
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\PROGRAM FILES\MSN APPS\ST\01.02.3000.1002\EN-XU\STMAIN.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.4000.1001\EN-GB\MSNTB.DLL
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [CHotKey] mk9805.exe
O4 - HKLM\..\Run: [msnappau] "c:\program files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe"
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [MMSystem] C:\WINDOWS\rundll32.exe "c:\windows\system\mmsystem.dll"", RunDll32
O4 - HKLM\..\Run: [usbn] C:\WINDOWS\system32\usbn.exe -go -c7 -w1
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [MMSystem] C:\WINDOWS\rundll32.exe "c:\windows\system\mmsystem.dll"", RunDll32
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Freeserve - {546D6D80-1E9E-11D3-B65B-88215C0F8173} - http://www.freeserve.net/ (http://\"http://www.freeserve.net/\") (file missing) (HKCU)
O12 - Plugin for .wav: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.ntlworld.com/
O16 - DPF: Win32 Classes - file://c:\windows\Java\classes\win32ie4.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab (http://\"http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab\")
O16 - DPF: {45231111-1111-1111-1111-111111113458} - file://C:\WINDOWS\Tempor~1\Content.IE5\0XM3W1EZ\epl7[1].cab
O18 - Protocol: wavetop - (no CLSID) - (no file)
Also, I haven't got any of those files on the computer anymore, I found them all and delted them and also changed the boot.ini to point to the correct place rather than the temp file c:\windows\system\explorer.exe
PS I'm really sorry for the delay, I was struggling to find time to sort this and then I couldn't work out how to get any replies to my message!!!!
-
Closing this topic, stick with your other post please