StartupList report, 8/10/2007, 11:20:41 PM StartupList version: 1.52 Started from : E:\warez\warez\XPEi\HijackThis.EXE Detected: Windows XP SP2 (WinNT 5.01.2600) Detected: Internet Explorer v7.00 (7.00.6000.16414) * Using default options ================================================== Running processes: D:\windows\System32\smss.exe D:\windows\system32\winlogon.exe D:\windows\system32\services.exe D:\windows\system32\lsass.exe D:\windows\system32\svchost.exe D:\windows\System32\svchost.exe D:\windows\system32\spoolsv.exe D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe d:\program files\mcafee.com\agent\mcdetect.exe d:\PROGRA~1\mcafee.com\vso\mcshield.exe D:\windows\system32\nvsvc32.exe D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe D:\windows\system32\svchost.exe D:\windows\Explorer.EXE D:\Program Files\McAfee.com\VSO\mcvsshld.exe d:\progra~1\mcafee.com\vso\mcvsescn.exe d:\program files\mcafee.com\agent\mcagent.exe D:\Program Files\McAfee.com\VSO\oasclnt.exe D:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe D:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe D:\windows\VM303_STI.EXE D:\WINDOWS\system32\ctfmon.exe D:\WINDOWS\SYSTEM32\CTXFISPI.EXE D:\windows\system32\fuknkrfs.exe <--------------- (this file) D:\Program Files\Stardock\ObjectDock\ObjectDock.exe D:\windows\system32\rundll32.exe D:\Program Files\Mozilla Firefox\firefox.exe D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe D:\Program Files\Ipswitch\WS_FTP Professional\wsftpgui.exe E:\warez\warez\XPEi\HijackThis.exe D:\windows\system32\NOTEPAD.EXE -------------------------------------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = D:\WINDOWS\system32\userinit.exe, -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run VSOCheckTask = "D:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask VirusScan Online = D:\Program Files\McAfee.com\VSO\mcvsshld.exe OASClnt = D:\Program Files\McAfee.com\VSO\oasclnt.exe MCAgentExe = d:\PROGRA~1\mcafee.com\agent\mcagent.exe MCUpdateExe = D:\PROGRA~1\mcafee.com\agent\mcupdate.exe AudioDrvEmulator = "D:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "D:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll" VolPanel = "D:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r BigDog303 = D:\windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH) nwiz = nwiz.exe /install NvCplDaemon = RUNDLL32.EXE D:\windows\system32\NvCpl.dll,NvStartup -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run ctfmon.exe = D:\windows\system32\ctfmon.exe -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\Run [AdobeUpdater] = -------------------------------------------------- Load/Run keys from D:\windows\WIN.INI: load=*INI section not found* run=*INI section not found* Load/Run keys from Registry: HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\Windows: load= HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=wbsys.dll -------------------------------------------------- Shell & screensaver key from D:\windows\SYSTEM.INI: Shell=*INI section not found* SCRNSAVE.EXE=*INI section not found* drivers=*INI section not found* Shell & screensaver key from Registry: Shell=Explorer.exe SCRNSAVE.EXE=*Registry value not found* drivers=*Registry value not found* Policies Shell key: HKCU\..\Policies: Shell=*Registry value not found* HKLM\..\Policies: Shell=*Registry value not found* -------------------------------------------------- Enumerating Task Scheduler jobs: MP Scheduled Scan.job -------------------------------------------------- Enumerating Download Program Files: [McAfee.com Operating System Class] InProcServer32 = D:\windows\system32\mcinsctl.dll CODEBASE = [url="http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab"]http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab[/url] [Shockwave Flash Object] InProcServer32 = D:\windows\system32\Macromed\Flash\Flash9b.ocx CODEBASE = [url="http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab"]http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab[/url] -------------------------------------------------- Enumerating Winsock LSP files: NameSpace #4: D:\Program Files\Bonjour\mdnsNSP.dll -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: 0aMCPClient: *Registry key not found* PostBootReminder: D:\windows\system32\SHELL32.dll CDBurn: D:\windows\system32\SHELL32.dll WebCheck: D:\WINDOWS\system32\webcheck.dll SysTray: D:\WINDOWS\system32\stobject.dll WPDShServiceObj: D:\windows\system32\WPDShServiceObj.dll -------------------------------------------------- End of report, 6,506 bytes Report generated in 0.047 seconds