Logfile of HijackThis v1.99.0
Scan saved at 6:05:37 PM, on 4/4/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Network Monitor\netmon.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\services.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ahead\InCD\InCD.exe
C:\WINDOWS\System32\sched.exe
C:\windows\mousepad8.exe
C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\Program Files\Yahoo!\YPSR\ypsr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Documents and Settings\Valentin I. Vangelov\My Documents\My Skype Received Files\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customiz…
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customiz…
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://start.shaw.ca/start/enca/addons/s…
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.c…
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.shaw.ca
R1 – HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.shaw.ca/start/enca/addons/s…
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.c…
R1 – HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customiz…
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by SHAW Internet
R3 – Default URLSearchHook is missing
O3 – Toolbar: &Radio – {8E718888-423F-11D2-876E-00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O3 – Toolbar: Shaw Toolbar – {97720f21-6D88-4958-8AD3-83C12D86ADC7} – C:\PROGRA~1\shaw\bin\toolbar\shawbar.dll
O3 – Toolbar: Yahoo! Toolbar – {EF99BD32-C1FB-11D2-892F-0090271D4F88} – C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.d…
O4 – HKLM\..\Run: [CountrySelection] pctptt.exe
O4 – HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 – HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
O4 – HKLM\..\Run: [shawnotify] c:\progra~1\shaw\update\updateloader.exe /notify
O4 – HKLM\..\Run: [Microsoft schedule] sched.exe
O4 – HKLM\..\Run: [keyboard] C:\windows\keyboard8.exe
O4 – HKLM\..\Run: [mousepad] C:\windows\mousepad8.exe
O4 – HKLM\..\Run: [newname] C:\windows\newname8.exe
O4 – HKLM\..\RunServices: [Microsoft schedule] sched.exe
O4 – HKCU\..\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background
O4 – HKCU\..\Run: [Error Safe] “C:\Program Files\Error Safe Free\ers.exe” /min
O4 – HKCU\..\Run: [Yahoo! Pager] “C:\Program Files\Yahoo!\Messenger\ypager.exe” -quiet
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 – Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O9 – Extra button: Related – {c95fe080-8f5d-11d2-a20b-00aa003c157a} – C:\WINDOWS\web\related.htm
O9 – Extra ‘Tools’ menuitem: Show &Related Links – {c95fe080-8f5d-11d2-a20b-00aa003c157a} – C:\WINDOWS\web\related.htm
O9 – Extra button: Yahoo! Messenger – {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} – C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 – Extra ‘Tools’ menuitem: Yahoo! Messenger – {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} – C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 – Extra button: Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 – Extra ‘Tools’ menuitem: Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O12 – Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 – DPF: Yahoo! Chess – http://download.games.yahoo.com/games/cl…
O16 – DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) – http://us.dl1.yimg.com/download.yahoo.co…
O16 – DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} (MSN Money Charting) – http://moneycentral.msn.com/cabs/pmupd80…
O23 – Service: Network Monitor – Unknown – C:\Program Files\Network Monitor\netmon.exe
O23 – Service: W2k PCtel speaker phone – PCtel, Inc. – C:\WINDOWS\system32\pctspk.exe
O23 – Service: Microsoft Windows Update Service – Unknown – C:\WINDOWS\services.exe
Delete it all.Those are sometimes viruses.
Well it depends on what is on your PC, You dont wanna mess around with your registery Unless someone is there and they know what is on your PC, I f I knew I could tell you but you should take it to a professional, but none of it seems too threateing except some of the toolbars. Hope this helped