• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

HijackThis Log

#1
Logfile of HijackThis v1.98.2

PHP:
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\WINDOWS\System32\taskswitch.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Palick Soft\SIGuardian\SIGuardian.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\xchat\xchat.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\CHAND-z\Desktop\hijackthis\HijackThis.exe
C:\WINDOWS\System32\notepad.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [url]http://format.packardbell.com/cgi-bin/redirect/?country=UK&range=AD&phase=6&key=SEARCH[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\uk.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\K-Lite Codec Pack\real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: SIGuardian.lnk = C:\Program Files\Palick Soft\SIGuardian\SIGuardian.exe
O4 - Startup: Streamload Downloader.lnk = C:\Program Files\SlDB\SlDB.exe
O4 - Startup: Streamload Uploader.lnk = C:\Program Files\Streamload\StreamMgr.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Messenger Addon - {FB5F1911-F110-11d2-BB9E-00C04F795683} - [url]http://messenger.ipfox.com[/url] (file missing)
O9 - Extra 'Tools' menuitem: &Messenger Addon - {FB5F1911-F110-11d2-BB9E-00C04F795683} - [url]http://messenger.ipfox.com[/url] (file missing)
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - [url]http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab[/url]
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - [url]http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab28578.cab[/url]
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - [url]http://messenger.zone.msn.com/binary/MineSweeper.cab28578.cab[/url]
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - [url]http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab[/url]
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - [url]http://messenger.zone.msn.com/binary/ZIntro.cab28578.cab[/url]
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - [url]http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab[/url]
 
#2
StartupList Report

PHP:
Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\CHAND-z\Start Menu\Programs\Startup]
PowerReg Scheduler V3.exe
SIGuardian.lnk = C:\Program Files\Palick Soft\SIGuardian\SIGuardian.exe
Streamload Downloader.lnk = C:\Program Files\SlDB\SlDB.exe
Streamload Uploader.lnk = C:\Program Files\Streamload\StreamMgr.exe

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Smapp = C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
ATIModeChange = Ati2mdxx.exe
ATIPTA = C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
ccRegVfy = "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
MessengerPlus3 = "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
SunJavaUpdateSched = C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
TkBellExe = "C:\Program Files\K-Lite Codec Pack\real\Update_OB\realsched.exe" -osboot
CoolSwitch = C:\WINDOWS\System32\taskswitch.exe
NeroFilterCheck = C:\WINDOWS\system32\NeroCheck.exe
InCD = C:\Program Files\Ahead\InCD\InCD.exe
iTunesHelper = C:\Program Files\iTunes\iTunesHelper.exe
DataLayer = C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
PCSuiteTrayApplication = C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

Register Homesite+.exe = "C:\Program Files\Macromedia\HomeSite+\Homesite+.exe" /REGSERVER

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

Sonic RecordNow! = 
Symantec NetDriver Monitor = C:\PROGRA~1\SYMNET~1\SNDMon.exe
Yahoo! Pager = C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background
MessengerPlus3 = "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
ctfmon.exe = C:\WINDOWS\System32\ctfmon.exe
msnmsgr = "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\logon.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll - {02478D38-C3F9-4efb-9B51-7695ECA05670}
(no name) - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
(no name) - C:\PROGRA~1\FlashGet\jccatch.dll - {A5366673-E8CA-11D3-9CD9-0090271D075B}
(no name) - C:\Program Files\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Norton AntiVirus - Scan my computer.job
Registration reminder 2.job
Registration reminder 3.job
Symantec NetDetect.job

--------------------------------------------------

Enumerating Download Program Files:

[Checkers Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\msgrchkr.dll
CODEBASE = [url]http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab[/url]

[MessengerStatsClient Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MessengerStatsPAClient.dll
CODEBASE = [url]http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab28578.cab[/url]

[Minesweeper Flags Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\minesweeper.dll
CODEBASE = [url]http://messenger.zone.msn.com/binary/MineSweeper.cab28578.cab[/url]

[MessengerStatsClient Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\messengerstatsclient.dll
CODEBASE = [url]http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab[/url]

[{9F1C11AA-197B-4942-BA54-47A8489BB47F}]
CODEBASE = [url]http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38189.2077777778[/url]

[ZoneIntro Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\ZIntro.ocx
CODEBASE = [url]http://messenger.zone.msn.com/binary/ZIntro.cab28578.cab[/url]

[YAddBook Class]
InProcServer32 = C:\PROGRA~1\Yahoo!\Common\yaddbook.dll
CODEBASE = [url]http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab[/url]

--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: C:\DOCUME~1\CHAND-z\LOCALS~1\Temp\GLB1A2B.EXE||E:\System Volume Information\_restore{98E46F0A-9DA1-4258-92C4-7CCAE5D21E6E}\RP61\A0006005.exe => C:\DOCUME~1\CHAND-z\LOCALS~1\Temp\temp.fr20B9|E:\System Volume Information\_restore{98E46F0A-9DA1-4258-92C4-7CCAE5D21E6E}\RP61\A0006006.exe => C:\DOCUME~1\CHAND-z\LOCALS~1\Temp\temp.frC463||O

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll
 

Tittles

Dabba Dooba
Political User
#3
just gotta say that your sig and ava r hot. I love her i wanna do her so bad.


anyway...ummm i never know much about the log thing but if it was mine i would have that half that crap gone. My log has like 5-6 things.
 
#8
Yes lol know about the Start up stuff quite a Bit but stuff i know

I think its easier to see in PHP lol i can see it better than just pasteing it anyway
 
#9
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSSystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:program FilesAheadInCDInCDsrv.exe
C:WINDOWSsystem32spoolsv.exe
C:program FilesCommon FilesSymantec SharedccEvtMgr.exe
C:program FilesNorton Internet SecurityNISUM.EXE
C:program FilesNorton Internet SecurityccPxySvc.exe
C:program FilesNorton AntiVirusnavapsvc.exe
C:program FilesAnalog DevicesSoundMAXSMAgent.exe
C:program FilesVirtual CD v4 SDKsystemvcssecs.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSExplorer.EXE
C:program FilesAnalog DevicesSoundMAXSMTray.exe
C:ATI TechnologiesATI Control Panelatiptaxx.exe
C:program FilesCommon FilesSymantec SharedccApp.exe
C:program FilesMessenger Plus! 3MsgPlus.exe
C:program FilesJavaj2re1.4.2_04binjusched.exe
C:WINDOWSSystem32taskswitch.exe
C:program FilesAheadInCDInCD.exe
C:program FilesiTunesiTunesHelper.exe
C:pROGRA~1COMMON~1PCSuiteDATALA~1DATALA~1.EXE
C:pROGRA~1NokiaNOKIAP~1TRAYAP~1.EXE
C:program FilesiPodbiniPodService.exe
C:program FilesYahoo!Messengerypager.exe
C:program FilesMessengermsmsgs.exe
C:WINDOWSSystem32ctfmon.exe
C:program FilesMSN Messengermsnmsgr.exe
C:pROGRA~1COMMON~1PCSuiteServicesSERVIC~1.EXE
C:program FilesPalick SoftSIGuardianSIGuardian.exe
C:program FilesMSN Messengermsnmsgr.exe
C:program Filesxchatxchat.exe
C:program FilesMSN Messengermsnmsgr.exe
C:program FilesMozilla Firefoxfirefox.exe
C:Documents and SettingsCHAND-zDesktophijackthisHijackThis.exe
C:WINDOWSSystem32notepad.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://format.packardbell.com/cgi-bin/redirect/?country=UK&range=AD&phase=6&key=SEARCH
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = file://C:\APPS\IE\offline\uk.htm
R1 - HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Window Title = Packard Bell
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:pROGRA~1Yahoo!COMPAN~1Installscpnycomp5_3_12_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:program FilesAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:pROGRA~1SPYBOT~1SDHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:pROGRA~1FlashGetjccatch.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:program FilesNorton AntiVirusNavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSystem32msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:program FilesNorton AntiVirusNavShExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:pROGRA~1Yahoo!COMPAN~1Installscpnycomp5_3_12_0.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:pROGRA~1FlashGetfgiebar.dll
O4 - HKLM..Run: [Smapp] C:program FilesAnalog DevicesSoundMAXSMTray.exe
O4 - HKLM..Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM..Run: [ATIPTA] C:ATI TechnologiesATI Control Panelatiptaxx.exe
O4 - HKLM..Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM..Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM..Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM..Run: [SunJavaUpdateSched] C:program FilesJavaj2re1.4.2_04binjusched.exe
O4 - HKLM..Run: [TkBellExe] "C:\Program Files\K-Lite Codec Pack\real\Update_OB\realsched.exe" -osboot
O4 - HKLM..Run: [CoolSwitch] C:WINDOWSSystem32taskswitch.exe
O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 - HKLM..Run: [InCD] C:program FilesAheadInCDInCD.exe
O4 - HKLM..Run: [iTunesHelper] C:program FilesiTunesiTunesHelper.exe
O4 - HKLM..Run: [DataLayer] C:pROGRA~1COMMON~1PCSuiteDATALA~1DATALA~1.EXE
O4 - HKLM..Run: [PCSuiteTrayApplication] C:pROGRA~1NokiaNOKIAP~1TRAYAP~1.EXE
O4 - HKCU..Run: [Symantec NetDriver Monitor] C:pROGRA~1SYMNET~1SNDMon.exe
O4 - HKCU..Run: [Yahoo! Pager] C:program FilesYahoo!Messengerypager.exe -quiet
O4 - HKCU..Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU..Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSSystem32ctfmon.exe
O4 - HKCU..Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: SIGuardian.lnk = C:program FilesPalick SoftSIGuardianSIGuardian.exe
O4 - Startup: Streamload Downloader.lnk = C:program FilesSlDBSlDB.exe
O4 - Startup: Streamload Uploader.lnk = C:program FilesStreamloadStreamMgr.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
O6 - HKCUSoftwarePoliciesMicrosoftInternet ExplorerRestrictions present
O6 - HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl Panel present
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download All by FlashGet - C:program FilesFlashGetjc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:program FilesFlashGetjc_link.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:WINDOWSSystem32msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:WINDOWSSystem32msjava.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:program FilesYahoo!Messengeryhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:program FilesYahoo!Messengeryhexbmes0521.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:WINDOWSSystem32Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:pROGRA~1FlashGetflashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:pROGRA~1FlashGetflashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:program FilesMessengerMSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:program FilesMessengerMSMSGS.EXE
O9 - Extra button: Messenger Addon - {FB5F1911-F110-11d2-BB9E-00C04F795683} - http://messenger.ipfox.com (file missing)
O9 - Extra 'Tools' menuitem: &Messenger Addon - {FB5F1911-F110-11d2-BB9E-00C04F795683} - http://messenger.ipfox.com (file missing)
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab28578.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab28578.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab28578.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
 
#10
Listing of startup folders:

Shell folders Startup:
[C:Documents and SettingsCHAND-zStart MenuProgramsStartup]
PowerReg Scheduler V3.exe
SIGuardian.lnk = C:program FilesPalick SoftSIGuardianSIGuardian.exe
Streamload Downloader.lnk = C:program FilesSlDBSlDB.exe
Streamload Uploader.lnk = C:program FilesStreamloadStreamMgr.exe

Shell folders Common Startup:
[C:Documents and SettingsAll UsersStart MenuProgramsStartup]
Adobe Gamma Loader.exe.lnk = C:program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
Adobe Gamma Loader.lnk = C:program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLMSoftwareMicrosoftWindows NTCurrentVersionWinlogon]
UserInit = C:WINDOWSsystem32userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLMSoftwareMicrosoftWindowsCurrentVersionRun

Smapp = C:program FilesAnalog DevicesSoundMAXSMTray.exe
ATIModeChange = Ati2mdxx.exe
ATIPTA = C:ATI TechnologiesATI Control Panelatiptaxx.exe
ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
ccRegVfy = "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
MessengerPlus3 = "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
SunJavaUpdateSched = C:program FilesJavaj2re1.4.2_04binjusched.exe
TkBellExe = "C:\Program Files\K-Lite Codec Pack\real\Update_OB\realsched.exe" -osboot
CoolSwitch = C:WINDOWSSystem32taskswitch.exe
NeroFilterCheck = C:WINDOWSsystem32NeroCheck.exe
InCD = C:program FilesAheadInCDInCD.exe
iTunesHelper = C:program FilesiTunesiTunesHelper.exe
DataLayer = C:pROGRA~1COMMON~1PCSuiteDATALA~1DATALA~1.EXE
PCSuiteTrayApplication = C:pROGRA~1NokiaNOKIAP~1TRAYAP~1.EXE

--------------------------------------------------

Autorun entries from Registry:
HKLMSoftwareMicrosoftWindowsCurrentVersionRunOnceEx

Register Homesite+.exe = "C:\Program Files\Macromedia\HomeSite+\Homesite+.exe" /REGSERVER

--------------------------------------------------

Autorun entries from Registry:
HKCUSoftwareMicrosoftWindowsCurrentVersionRun

Sonic RecordNow! =
Symantec NetDriver Monitor = C:pROGRA~1SYMNET~1SNDMon.exe
Yahoo! Pager = C:program FilesYahoo!Messengerypager.exe -quiet
MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background
MessengerPlus3 = "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
ctfmon.exe = C:WINDOWSSystem32ctfmon.exe
msnmsgr = "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

--------------------------------------------------

Shell & screensaver key from C:WINDOWSSYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:WINDOWSSystem32logon.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU..Policies: Shell=*Registry key not found*
HKLM..Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:pROGRA~1Yahoo!COMPAN~1Installscpnycomp5_3_12_0.dll - {02478D38-C3F9-4efb-9B51-7695ECA05670}
(no name) - C:program FilesAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:pROGRA~1SPYBOT~1SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
(no name) - C:pROGRA~1FlashGetjccatch.dll - {A5366673-E8CA-11D3-9CD9-0090271D075B}
(no name) - C:program FilesNorton AntiVirusNavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Norton AntiVirus - Scan my computer.job
Registration reminder 2.job
Registration reminder 3.job
Symantec NetDetect.job

--------------------------------------------------

Enumerating Download Program Files:

[Checkers Class]
InProcServer32 = C:WINDOWSDownloaded Program Filesmsgrchkr.dll
CODEBASE = http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab

[MessengerStatsClient Class]
InProcServer32 = C:WINDOWSDownloaded Program FilesMessengerStatsPAClient.dll
CODEBASE = http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab28578.cab

[Minesweeper Flags Class]
InProcServer32 = C:WINDOWSDownloaded Program Filesminesweeper.dll
CODEBASE = http://messenger.zone.msn.com/binary/MineSweeper.cab28578.cab

[MessengerStatsClient Class]
InProcServer32 = C:WINDOWSDownloaded Program Filesmessengerstatsclient.dll
CODEBASE = http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab

[{9F1C11AA-197B-4942-BA54-47A8489BB47F}]
CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38189.2077777778

[ZoneIntro Class]
InProcServer32 = C:WINDOWSDownloaded Program FilesZIntro.ocx
CODEBASE = http://messenger.zone.msn.com/binary/ZIntro.cab28578.cab

[YAddBook Class]
InProcServer32 = C:pROGRA~1Yahoo!Commonyaddbook.dll
CODEBASE = http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab

--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: C:DOCUME~1CHAND-zLOCALS~1TempGLB1A2B.EXE||E:System Volume Information_restore{98E46F0A-9DA1-4258-92C4-7CCAE5D21E6E}RP61A0006005.exe => C:DOCUME~1CHAND-zLOCALS~1Temptemp.fr20B9|E:System Volume Information_restore{98E46F0A-9DA1-4258-92C4-7CCAE5D21E6E}RP61A0006006.exe => C:DOCUME~1CHAND-zLOCALS~1Temptemp.frC463||O

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:WINDOWSsystem32SHELL32.dll
CDBurn: C:WINDOWSsystem32SHELL32.dll
WebCheck: C:WINDOWSSystem32webcheck.dll
SysTray: C:WINDOWSSystem32stobject.dll
 

Members online

No members online now.

Latest posts

Latest profile posts

Hello, is there anybody in there? Just nod if you can hear me ...
Xie
What a long strange trip it's been. =)

Forum statistics

Threads
61,961
Messages
673,239
Members
89,014
Latest member
sanoravies