HijackThis Log

Discussion in 'Windows Desktop Systems' started by paul2-0-0-2, Sep 6, 2004.

  1. paul2-0-0-2

    paul2-0-0-2 Moderator

    Messages:
    979
    Logfile of HijackThis v1.98.2

    PHP:
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C
    :\WINDOWS\system32\winlogon.exe
    C
    :\WINDOWS\system32\services.exe
    C
    :\WINDOWS\system32\lsass.exe
    C
    :\WINDOWS\System32\Ati2evxx.exe
    C
    :\WINDOWS\system32\svchost.exe
    C
    :\WINDOWS\System32\svchost.exe
    C
    :\Program Files\Ahead\InCD\InCDsrv.exe
    C
    :\WINDOWS\system32\spoolsv.exe
    C
    :\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C
    :\Program Files\Norton Internet Security\NISUM.EXE
    C
    :\Program Files\Norton Internet Security\ccPxySvc.exe
    C
    :\Program Files\Norton AntiVirus\navapsvc.exe
    C
    :\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C
    :\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
    C
    :\WINDOWS\system32\Ati2evxx.exe
    C
    :\WINDOWS\Explorer.EXE
    C
    :\Program Files\Analog Devices\SoundMAX\SMTray.exe
    C
    :\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C
    :\Program Files\Common Files\Symantec Shared\ccApp.exe
    C
    :\Program Files\Messenger Plus3\MsgPlus.exe
    C
    :\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    C
    :\WINDOWS\System32\taskswitch.exe
    C
    :\Program Files\Ahead\InCD\InCD.exe
    C
    :\Program Files\iTunes\iTunesHelper.exe
    C
    :\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
    C
    :\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
    C
    :\Program Files\iPod\bin\iPodService.exe
    C
    :\Program Files\Yahoo!\Messenger\ypager.exe
    C
    :\Program Files\Messenger\msmsgs.exe
    C
    :\WINDOWS\System32\ctfmon.exe
    C
    :\Program Files\MSN Messenger\msnmsgr.exe
    C
    :\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
    C
    :\Program Files\Palick Soft\SIGuardian\SIGuardian.exe
    C
    :\Program Files\MSN Messenger\msnmsgr.exe
    C
    :\Program Files\xchat\xchat.exe
    C
    :\Program Files\MSN Messenger\msnmsgr.exe
    C
    :\Program Files\Mozilla Firefox\firefox.exe
    C
    :\Documents and Settings\CHAND-z\Desktop\hijackthis\HijackThis.exe
    C
    :\WINDOWS\System32\notepad.exe

    R1 
    HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [url]http://format.packardbell.com/cgi-bin/redirect/?country=UK&range=AD&phase=6&key=SEARCH[/url]
    R1 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL file://C:\APPS\IE\offline\uk.htm
    R1 HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext "C:\Program Files\Outlook Express\msimn.exe"
    R1 HKCU\Software\Microsoft\Internet Explorer\Main,Window Title Packard Bell
    O2 
    BHOYahooCompanion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
    O2 
    BHOAcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 
    BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 
    BHOIeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
    O2 
    BHOCNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 
    Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 
    ToolbarNorton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 
    Toolbar: &YahooCompanion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
    O3 
    ToolbarFlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
    O4 
    HKLM\..\Run: [SmappC:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    O4 
    HKLM\..\Run: [ATIModeChangeAti2mdxx.exe
    O4 
    HKLM\..\Run: [ATIPTAC:\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 
    HKLM\..\Run: [ccApp"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 HKLM\..\Run: [ccRegVfy"C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 HKLM\..\Run: [MessengerPlus3"C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
    O4 HKLM\..\Run: [SunJavaUpdateSchedC:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    O4 
    HKLM\..\Run: [TkBellExe"C:\Program Files\K-Lite Codec Pack\real\Update_OB\realsched.exe" -osboot
    O4 
    HKLM\..\Run: [CoolSwitchC:\WINDOWS\System32\taskswitch.exe
    O4 
    HKLM\..\Run: [NeroFilterCheckC:\WINDOWS\system32\NeroCheck.exe
    O4 
    HKLM\..\Run: [InCDC:\Program Files\Ahead\InCD\InCD.exe
    O4 
    HKLM\..\Run: [iTunesHelperC:\Program Files\iTunes\iTunesHelper.exe
    O4 
    HKLM\..\Run: [DataLayerC:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
    O4 
    HKLM\..\Run: [PCSuiteTrayApplicationC:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
    O4 
    HKCU\..\Run: [Symantec NetDriver MonitorC:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 
    HKCU\..\Run: [YahooPagerC:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 
    HKCU\..\Run: [MSMSGS"C:\Program Files\Messenger\msmsgs.exe" /background
    O4 
    HKCU\..\Run: [MessengerPlus3"C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
    O4 
    HKCU\..\Run: [ctfmon.exeC:\WINDOWS\System32\ctfmon.exe
    O4 
    HKCU\..\Run: [msnmsgr"C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 
    StartupPowerReg Scheduler V3.exe
    O4 
    StartupSIGuardian.lnk C:\Program Files\Palick Soft\SIGuardian\SIGuardian.exe
    O4 
    StartupStreamload Downloader.lnk C:\Program Files\SlDB\SlDB.exe
    O4 
    StartupStreamload Uploader.lnk C:\Program Files\Streamload\StreamMgr.exe
    O4 
    - Global StartupAdobe Gamma Loader.exe.lnk C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 
    - Global StartupAdobe Gamma Loader.lnk C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O6 
    HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 
    HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 
    Extra context menu item: &YahooSearch file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 Extra context menu itemDownload All by FlashGet C:\Program Files\FlashGet\jc_all.htm
    O8 
    Extra context menu itemDownload using FlashGet C:\Program Files\FlashGet\jc_link.htm
    O8 
    Extra context menu itemYahoo! &Dictionary file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 Extra context menu itemYahoo! &Maps file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O9 Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 
    Extra 'Tools' menuitemSun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 
    Extra buttonMessenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
    O9 
    Extra 'Tools' menuitemYahooMessenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
    O9 
    Extra buttonReal.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 
    Extra buttonFlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O9 
    Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O9 
    Extra buttonMessenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 
    Extra 'Tools' menuitemMessenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 
    Extra buttonMessenger Addon - {FB5F1911-F110-11d2-BB9E-00C04F795683} - [url]http://messenger.ipfox.com[/url] (file missing)
    O9 Extra 'Tools' menuitem: &Messenger Addon - {FB5F1911-F110-11d2-BB9E-00C04F795683} - [url]http://messenger.ipfox.com[/url] (file missing)
    O14 IERESET.INFSTART_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
    O16 DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - [url]http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab[/url]
    O16 DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - [url]http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab28578.cab[/url]
    O16 DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - [url]http://messenger.zone.msn.com/binary/MineSweeper.cab28578.cab[/url]
    O16 DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - [url]http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab[/url]
    O16 DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - [url]http://messenger.zone.msn.com/binary/ZIntro.cab28578.cab[/url]
    O16 DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - [url]http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab[/url]
     
  2. paul2-0-0-2

    paul2-0-0-2 Moderator

    Messages:
    979
    StartupList Report

    PHP:
    Listing of startup folders:

    Shell folders Startup:
    [
    C:\Documents and Settings\CHAND-z\Start Menu\Programs\Startup]
    PowerReg Scheduler V3.exe
    SIGuardian
    .lnk C:\Program Files\Palick Soft\SIGuardian\SIGuardian.exe
    Streamload Downloader
    .lnk C:\Program Files\SlDB\SlDB.exe
    Streamload Uploader
    .lnk C:\Program Files\Streamload\StreamMgr.exe

    Shell folders Common Startup
    :
    [
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
    Adobe Gamma Loader.exe.lnk C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    Adobe Gamma Loader
    .lnk C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

    --------------------------------------------------

    Checking Windows NT UserInit:

    [
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    UserInit C:\WINDOWS\system32\userinit.exe,

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    Smapp 
    C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    ATIModeChange 
    Ati2mdxx.exe
    ATIPTA 
    C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
    ccApp 
    "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    ccRegVfy "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    MessengerPlus3 "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
    SunJavaUpdateSched C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    TkBellExe 
    "C:\Program Files\K-Lite Codec Pack\real\Update_OB\realsched.exe" -osboot
    CoolSwitch 
    C:\WINDOWS\System32\taskswitch.exe
    NeroFilterCheck 
    C:\WINDOWS\system32\NeroCheck.exe
    InCD 
    C:\Program Files\Ahead\InCD\InCD.exe
    iTunesHelper 
    C:\Program Files\iTunes\iTunesHelper.exe
    DataLayer 
    C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
    PCSuiteTrayApplication 
    C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

    Register Homesite
    +.exe "C:\Program Files\Macromedia\HomeSite+\Homesite+.exe" /REGSERVER

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run

    Sonic RecordNow
    ! = 
    Symantec NetDriver Monitor C:\PROGRA~1\SYMNET~1\SNDMon.exe
    Yahoo
    Pager C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    MSMSGS 
    "C:\Program Files\Messenger\msmsgs.exe" /background
    MessengerPlus3 
    "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
    ctfmon
    .exe C:\WINDOWS\System32\ctfmon.exe
    msnmsgr 
    "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

    --------------------------------------------------

    Shell screensaver key from C:\WINDOWS\SYSTEM.INI:

    Shell=*INI section not found*
    SCRNSAVE.EXE=*INI section not found*
    drivers=*INI section not found*

    Shell screensaver key from Registry:

    Shell=Explorer.exe
    SCRNSAVE
    .EXE=C:\WINDOWS\System32\logon.scr
    drivers
    =*Registry value not found*

    Policies Shell key:

    HKCU\..\PoliciesShell=*Registry key not found*
    HKLM\..\PoliciesShell=*Registry value not found*

    --------------------------------------------------


    Enumerating Browser Helper Objects:

    (
    no name) - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll - {02478D38-C3F9-4efb-9B51-7695ECA05670}
    (
    no name) - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
    (
    no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
    (
    no name) - C:\PROGRA~1\FlashGet\jccatch.dll - {A5366673-E8CA-11D3-9CD9-0090271D075B}
    (
    no name) - C:\Program Files\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}

    --------------------------------------------------

    Enumerating Task Scheduler jobs:

    Norton AntiVirus Scan my computer.job
    Registration reminder 2.job
    Registration reminder 3.job
    Symantec NetDetect
    .job

    --------------------------------------------------

    Enumerating Download Program Files:

    [
    Checkers Class]
    InProcServer32 C:\WINDOWS\Downloaded Program Files\msgrchkr.dll
    CODEBASE 
    = [url]http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab[/url]

    [MessengerStatsClient Class]
    InProcServer32 C:\WINDOWS\Downloaded Program Files\MessengerStatsPAClient.dll
    CODEBASE 
    = [url]http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab28578.cab[/url]

    [Minesweeper Flags Class]
    InProcServer32 C:\WINDOWS\Downloaded Program Files\minesweeper.dll
    CODEBASE 
    = [url]http://messenger.zone.msn.com/binary/MineSweeper.cab28578.cab[/url]

    [MessengerStatsClient Class]
    InProcServer32 C:\WINDOWS\Downloaded Program Files\messengerstatsclient.dll
    CODEBASE 
    = [url]http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab[/url]

    [{9F1C11AA-197B-4942-BA54-47A8489BB47F}]
    CODEBASE = [url]http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38189.2077777778[/url]

    [ZoneIntro Class]
    InProcServer32 C:\WINDOWS\Downloaded Program Files\ZIntro.ocx
    CODEBASE 
    = [url]http://messenger.zone.msn.com/binary/ZIntro.cab28578.cab[/url]

    [YAddBook Class]
    InProcServer32 C:\PROGRA~1\Yahoo!\Common\yaddbook.dll
    CODEBASE 
    = [url]http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab[/url]

    --------------------------------------------------

    Enumerating Windows NT logon/logoff scripts:
    *
    No scripts set to run*

    Windows NT checkdisk command:
    BootExecute autocheck autochk *

    Windows NT 'Wininit.ini':
    PendingFileRenameOperationsC:\DOCUME~1\CHAND-z\LOCALS~1\Temp\GLB1A2B.EXE||E:\System Volume Information\_restore{98E46F0A-9DA1-4258-92C4-7CCAE5D21E6E}\RP61\A0006005.exe => C:\DOCUME~1\CHAND-z\LOCALS~1\Temp\temp.fr20B9|E:\System Volume Information\_restore{98E46F0A-9DA1-4258-92C4-7CCAE5D21E6E}\RP61\A0006006.exe => C:\DOCUME~1\CHAND-z\LOCALS~1\Temp\temp.frC463||O

    --------------------------------------------------

    Enumerating ShellServiceObjectDelayLoad items:

    PostBootReminderC:\WINDOWS\system32\SHELL32.dll
    CDBurn
    C:\WINDOWS\system32\SHELL32.dll
    WebCheck
    C:\WINDOWS\System32\webcheck.dll
    SysTray
    C:\WINDOWS\System32\stobject.dll
     
  3. Tittles

    Tittles Dabba Dooba Political User

    Messages:
    6,344
    Location:
    Muskegon, Michigan
    just gotta say that your sig and ava r hot. I love her i wanna do her so bad.


    anyway...ummm i never know much about the log thing but if it was mine i would have that half that crap gone. My log has like 5-6 things.
     
  4. paul2-0-0-2

    paul2-0-0-2 Moderator

    Messages:
    979
    lol yes shes Hot, Sig & AV are Quality Bk made them :)

    Nar should be more than 6 i think :rolleyes:
     
  5. paul2-0-0-2

    paul2-0-0-2 Moderator

    Messages:
    979
    Guess there nothing wrong then?????? :eek:
     
  6. LordOfLA

    LordOfLA Godlike!

    Messages:
    7,027
    Location:
    Maidenhead, Berkshire, UK
    not that I can see might want to trim down your startups but looks like stuff you installed yourself
     
  7. j79zlr

    j79zlr Glaanies script monkey Political User

    Messages:
    2,725
    Location:
    Chicago
    I can't read it, why did you paste it as PHP code?
     
  8. paul2-0-0-2

    paul2-0-0-2 Moderator

    Messages:
    979
    Yes lol know about the Start up stuff quite a Bit but stuff i know

    I think its easier to see in PHP lol i can see it better than just pasteing it anyway
     
  9. paul2-0-0-2

    paul2-0-0-2 Moderator

    Messages:
    979
    Running processes:
    C:WINDOWSSystem32smss.exe
    C:WINDOWSsystem32winlogon.exe
    C:WINDOWSsystem32services.exe
    C:WINDOWSsystem32lsass.exe
    C:WINDOWSSystem32Ati2evxx.exe
    C:WINDOWSsystem32svchost.exe
    C:WINDOWSSystem32svchost.exe
    C:program FilesAheadInCDInCDsrv.exe
    C:WINDOWSsystem32spoolsv.exe
    C:program FilesCommon FilesSymantec SharedccEvtMgr.exe
    C:program FilesNorton Internet SecurityNISUM.EXE
    C:program FilesNorton Internet SecurityccPxySvc.exe
    C:program FilesNorton AntiVirusnavapsvc.exe
    C:program FilesAnalog DevicesSoundMAXSMAgent.exe
    C:program FilesVirtual CD v4 SDKsystemvcssecs.exe
    C:WINDOWSsystem32Ati2evxx.exe
    C:WINDOWSExplorer.EXE
    C:program FilesAnalog DevicesSoundMAXSMTray.exe
    C:ATI TechnologiesATI Control Panelatiptaxx.exe
    C:program FilesCommon FilesSymantec SharedccApp.exe
    C:program FilesMessenger Plus! 3MsgPlus.exe
    C:program FilesJavaj2re1.4.2_04binjusched.exe
    C:WINDOWSSystem32taskswitch.exe
    C:program FilesAheadInCDInCD.exe
    C:program FilesiTunesiTunesHelper.exe
    C:pROGRA~1COMMON~1PCSuiteDATALA~1DATALA~1.EXE
    C:pROGRA~1NokiaNOKIAP~1TRAYAP~1.EXE
    C:program FilesiPodbiniPodService.exe
    C:program FilesYahoo!Messengerypager.exe
    C:program FilesMessengermsmsgs.exe
    C:WINDOWSSystem32ctfmon.exe
    C:program FilesMSN Messengermsnmsgr.exe
    C:pROGRA~1COMMON~1PCSuiteServicesSERVIC~1.EXE
    C:program FilesPalick SoftSIGuardianSIGuardian.exe
    C:program FilesMSN Messengermsnmsgr.exe
    C:program Filesxchatxchat.exe
    C:program FilesMSN Messengermsnmsgr.exe
    C:program FilesMozilla Firefoxfirefox.exe
    C:Documents and SettingsCHAND-zDesktophijackthisHijackThis.exe
    C:WINDOWSSystem32notepad.exe

    R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://format.packardbell.com/cgi-bin/redirect/?country=UK&range=AD&phase=6&key=SEARCH
    R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = file://C:\APPS\IE\offline\uk.htm
    R1 - HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
    R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Window Title = Packard Bell
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:pROGRA~1Yahoo!COMPAN~1Installscpnycomp5_3_12_0.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:program FilesAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:pROGRA~1SPYBOT~1SDHelper.dll
    O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:pROGRA~1FlashGetjccatch.dll
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:program FilesNorton AntiVirusNavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSystem32msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:program FilesNorton AntiVirusNavShExt.dll
    O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:pROGRA~1Yahoo!COMPAN~1Installscpnycomp5_3_12_0.dll
    O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:pROGRA~1FlashGetfgiebar.dll
    O4 - HKLM..Run: [Smapp] C:program FilesAnalog DevicesSoundMAXSMTray.exe
    O4 - HKLM..Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM..Run: [ATIPTA] C:ATI TechnologiesATI Control Panelatiptaxx.exe
    O4 - HKLM..Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM..Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM..Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
    O4 - HKLM..Run: [SunJavaUpdateSched] C:program FilesJavaj2re1.4.2_04binjusched.exe
    O4 - HKLM..Run: [TkBellExe] "C:\Program Files\K-Lite Codec Pack\real\Update_OB\realsched.exe" -osboot
    O4 - HKLM..Run: [CoolSwitch] C:WINDOWSSystem32taskswitch.exe
    O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
    O4 - HKLM..Run: [InCD] C:program FilesAheadInCDInCD.exe
    O4 - HKLM..Run: [iTunesHelper] C:program FilesiTunesiTunesHelper.exe
    O4 - HKLM..Run: [DataLayer] C:pROGRA~1COMMON~1PCSuiteDATALA~1DATALA~1.EXE
    O4 - HKLM..Run: [PCSuiteTrayApplication] C:pROGRA~1NokiaNOKIAP~1TRAYAP~1.EXE
    O4 - HKCU..Run: [Symantec NetDriver Monitor] C:pROGRA~1SYMNET~1SNDMon.exe
    O4 - HKCU..Run: [Yahoo! Pager] C:program FilesYahoo!Messengerypager.exe -quiet
    O4 - HKCU..Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU..Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSSystem32ctfmon.exe
    O4 - HKCU..Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - Startup: PowerReg Scheduler V3.exe
    O4 - Startup: SIGuardian.lnk = C:program FilesPalick SoftSIGuardianSIGuardian.exe
    O4 - Startup: Streamload Downloader.lnk = C:program FilesSlDBSlDB.exe
    O4 - Startup: Streamload Uploader.lnk = C:program FilesStreamloadStreamMgr.exe
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
    O6 - HKCUSoftwarePoliciesMicrosoftInternet ExplorerRestrictions present
    O6 - HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl Panel present
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Download All by FlashGet - C:program FilesFlashGetjc_all.htm
    O8 - Extra context menu item: Download using FlashGet - C:program FilesFlashGetjc_link.htm
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:WINDOWSSystem32msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:WINDOWSSystem32msjava.dll
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:program FilesYahoo!Messengeryhexbmes0521.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:program FilesYahoo!Messengeryhexbmes0521.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:WINDOWSSystem32Shdocvw.dll
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:pROGRA~1FlashGetflashget.exe
    O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:pROGRA~1FlashGetflashget.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:program FilesMessengerMSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:program FilesMessengerMSMSGS.EXE
    O9 - Extra button: Messenger Addon - {FB5F1911-F110-11d2-BB9E-00C04F795683} - http://messenger.ipfox.com (file missing)
    O9 - Extra 'Tools' menuitem: &Messenger Addon - {FB5F1911-F110-11d2-BB9E-00C04F795683} - http://messenger.ipfox.com (file missing)
    O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab28578.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab28578.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab28578.cab
    O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
     
  10. paul2-0-0-2

    paul2-0-0-2 Moderator

    Messages:
    979
    Listing of startup folders:

    Shell folders Startup:
    [C:Documents and SettingsCHAND-zStart MenuProgramsStartup]
    PowerReg Scheduler V3.exe
    SIGuardian.lnk = C:program FilesPalick SoftSIGuardianSIGuardian.exe
    Streamload Downloader.lnk = C:program FilesSlDBSlDB.exe
    Streamload Uploader.lnk = C:program FilesStreamloadStreamMgr.exe

    Shell folders Common Startup:
    [C:Documents and SettingsAll UsersStart MenuProgramsStartup]
    Adobe Gamma Loader.exe.lnk = C:program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
    Adobe Gamma Loader.lnk = C:program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe

    --------------------------------------------------

    Checking Windows NT UserInit:

    [HKLMSoftwareMicrosoftWindows NTCurrentVersionWinlogon]
    UserInit = C:WINDOWSsystem32userinit.exe,

    --------------------------------------------------

    Autorun entries from Registry:
    HKLMSoftwareMicrosoftWindowsCurrentVersionRun

    Smapp = C:program FilesAnalog DevicesSoundMAXSMTray.exe
    ATIModeChange = Ati2mdxx.exe
    ATIPTA = C:ATI TechnologiesATI Control Panelatiptaxx.exe
    ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    ccRegVfy = "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    MessengerPlus3 = "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
    SunJavaUpdateSched = C:program FilesJavaj2re1.4.2_04binjusched.exe
    TkBellExe = "C:\Program Files\K-Lite Codec Pack\real\Update_OB\realsched.exe" -osboot
    CoolSwitch = C:WINDOWSSystem32taskswitch.exe
    NeroFilterCheck = C:WINDOWSsystem32NeroCheck.exe
    InCD = C:program FilesAheadInCDInCD.exe
    iTunesHelper = C:program FilesiTunesiTunesHelper.exe
    DataLayer = C:pROGRA~1COMMON~1PCSuiteDATALA~1DATALA~1.EXE
    PCSuiteTrayApplication = C:pROGRA~1NokiaNOKIAP~1TRAYAP~1.EXE

    --------------------------------------------------

    Autorun entries from Registry:
    HKLMSoftwareMicrosoftWindowsCurrentVersionRunOnceEx

    Register Homesite+.exe = "C:\Program Files\Macromedia\HomeSite+\Homesite+.exe" /REGSERVER

    --------------------------------------------------

    Autorun entries from Registry:
    HKCUSoftwareMicrosoftWindowsCurrentVersionRun

    Sonic RecordNow! =
    Symantec NetDriver Monitor = C:pROGRA~1SYMNET~1SNDMon.exe
    Yahoo! Pager = C:program FilesYahoo!Messengerypager.exe -quiet
    MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background
    MessengerPlus3 = "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
    ctfmon.exe = C:WINDOWSSystem32ctfmon.exe
    msnmsgr = "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

    --------------------------------------------------

    Shell & screensaver key from C:WINDOWSSYSTEM.INI:

    Shell=*INI section not found*
    SCRNSAVE.EXE=*INI section not found*
    drivers=*INI section not found*

    Shell & screensaver key from Registry:

    Shell=Explorer.exe
    SCRNSAVE.EXE=C:WINDOWSSystem32logon.scr
    drivers=*Registry value not found*

    Policies Shell key:

    HKCU..Policies: Shell=*Registry key not found*
    HKLM..Policies: Shell=*Registry value not found*

    --------------------------------------------------


    Enumerating Browser Helper Objects:

    (no name) - C:pROGRA~1Yahoo!COMPAN~1Installscpnycomp5_3_12_0.dll - {02478D38-C3F9-4efb-9B51-7695ECA05670}
    (no name) - C:program FilesAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
    (no name) - C:pROGRA~1SPYBOT~1SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
    (no name) - C:pROGRA~1FlashGetjccatch.dll - {A5366673-E8CA-11D3-9CD9-0090271D075B}
    (no name) - C:program FilesNorton AntiVirusNavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}

    --------------------------------------------------

    Enumerating Task Scheduler jobs:

    Norton AntiVirus - Scan my computer.job
    Registration reminder 2.job
    Registration reminder 3.job
    Symantec NetDetect.job

    --------------------------------------------------

    Enumerating Download Program Files:

    [Checkers Class]
    InProcServer32 = C:WINDOWSDownloaded Program Filesmsgrchkr.dll
    CODEBASE = http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab

    [MessengerStatsClient Class]
    InProcServer32 = C:WINDOWSDownloaded Program FilesMessengerStatsPAClient.dll
    CODEBASE = http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab28578.cab

    [Minesweeper Flags Class]
    InProcServer32 = C:WINDOWSDownloaded Program Filesminesweeper.dll
    CODEBASE = http://messenger.zone.msn.com/binary/MineSweeper.cab28578.cab

    [MessengerStatsClient Class]
    InProcServer32 = C:WINDOWSDownloaded Program Filesmessengerstatsclient.dll
    CODEBASE = http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab

    [{9F1C11AA-197B-4942-BA54-47A8489BB47F}]
    CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38189.2077777778

    [ZoneIntro Class]
    InProcServer32 = C:WINDOWSDownloaded Program FilesZIntro.ocx
    CODEBASE = http://messenger.zone.msn.com/binary/ZIntro.cab28578.cab

    [YAddBook Class]
    InProcServer32 = C:pROGRA~1Yahoo!Commonyaddbook.dll
    CODEBASE = http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab

    --------------------------------------------------

    Enumerating Windows NT logon/logoff scripts:
    *No scripts set to run*

    Windows NT checkdisk command:
    BootExecute = autocheck autochk *

    Windows NT 'Wininit.ini':
    PendingFileRenameOperations: C:DOCUME~1CHAND-zLOCALS~1TempGLB1A2B.EXE||E:System Volume Information_restore{98E46F0A-9DA1-4258-92C4-7CCAE5D21E6E}RP61A0006005.exe => C:DOCUME~1CHAND-zLOCALS~1Temptemp.fr20B9|E:System Volume Information_restore{98E46F0A-9DA1-4258-92C4-7CCAE5D21E6E}RP61A0006006.exe => C:DOCUME~1CHAND-zLOCALS~1Temptemp.frC463||O

    --------------------------------------------------

    Enumerating ShellServiceObjectDelayLoad items:

    PostBootReminder: C:WINDOWSsystem32SHELL32.dll
    CDBurn: C:WINDOWSsystem32SHELL32.dll
    WebCheck: C:WINDOWSSystem32webcheck.dll
    SysTray: C:WINDOWSSystem32stobject.dll