11-9-2009: Sorry for the inconvenience. We finally upgraded to vBulletin 3 !!
See you there,
Larry

---

New HJT log File

Go to the Tech-Forums Discussion Home Page

---

Posted by: Nodrog

I am rather new to this, and as such have had a hard time with this my search now thing. I got this Forum from doing a google search and now am throwing myself at the forum users mercy!

Here is my log file. Any help in getting rid of MySearchNow will be greatly appreciated.

Logfile of HijackThis v1.99.1
Scan saved at 11:22:01 AM, on 26/04/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSGPLUS.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\PTSNOOP.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\HJT\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [url]http://www.djvuhqwhaoywazgbqgegsts.com/KhYulCQCdKdJricTelkBQwo2bl0lIMr0uP0ANUoVLqf1s2/BXjzR1bg7//Hf83CH.jsp[/url]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://www.google.ca/[/url]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*[url]http://my.yahoo.com[/url][/url]
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [url]http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*[url]http://www.yahoo.com[/url][/url]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = [url]http://www.google.ca/[/url]
R3 - URLSearchHook: (no name) - - (no file)
F1 - win.ini: load=ptsnoop.exe
O2 - BHO: (no name) - {5341A9ED-EA06-2426-FB12-725DE4FC8FB8} - C:\WINDOWS\PROFILES\GORD\APPLICATION DATA\MEMO GREAT HEART\4 VIEW.EXE
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: (no name) - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - (no file)
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [cselmxwnyg] c:\windows\system\cselmxwnyg.exe
O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
O4 - HKLM\..\Run: [Platform Glue Dupe Dvd] C:\WINDOWS\Profiles\Gord\Application Data\Isobashplatformglue\Bias roam.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [MessengerPlus3] "C:\Program Files\MSN Messenger\MsgPlus.exe"
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MSN Messenger\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [tooldrv] C:\WINDOWS\PROFILES\GORD\APPLIC~1\STOREN~1\BalmGre
y.exe
O4 - HKCU\..\RunServices: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\RunServices: [MessengerPlus3] "C:\Program Files\MSN Messenger\MsgPlus.exe" /WinStart
O4 - HKCU\..\RunServices: [tooldrv] C:\WINDOWS\PROFILES\GORD\APPLIC~1\STOREN~1\BalmGre
y.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\WINZIP\WZQKPICK.EXE
O4 - Startup: Check For Dope Wars Updates.lnk = C:\Program Files\Dopewars\WiseUpdt.exe
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - [url]http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab[/url]
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - [url]http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab[/url]
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - [url]http://chat.yahoo.com/cab/yacsui.cab[/url]

---

Posted by: Warez Monster

Remove entries at your own risk

C:\WINDOWS\PTSNOOP.EXE running process. (PTSNOOP.EXE)
Troj/Ptsnoop This is a nasty process! You should fix it and try to delete it manually!

R3 - URLSearchHook: (no name) - - (no file) Should be fixed if you do not know the application or if no application is mentioned. Should be fixed if you do not know this application.

F1 - win.ini: load=ptsnoop.exe F1 - win.ini: load=ptsnoop.exe the following information has been found about this entry: .

O3 - Toolbar: (no name) - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - (no file) Entries found in this registry zone are potentially nasty. This application ([0494D0D9-F8E0-41ad-92A3-14154ECE70AC] - Result: 0494D0D9-F8E0-41ad-92A3-14154ECE70AC) has been checked. If the name is made up of random letters, found in the folder 'Application Data' and the kind is 'Unknown' , it should be fixed. Must be fixed!

---

Please Visit the Online Configurator, Email Hosting, Internet Marketing , Computer Schools , Software for Real Estate , AAOutlook , Search Engine Site