StartupList report, 4/11/2009, 16:11:32 StartupList version: 1.52.2 Started from : C:\Documents and Settings\Graham\My Documents\Downloads\HiJackThis.EXE Detected: Windows XP SP3 (WinNT 5.01.2600) Detected: Internet Explorer v7.00 (7.00.6000.16791) * Using default options ================================================== Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE C:\Program Files\McAfee.com\Agent\mcagent.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\NETGEAR\WG311T\wlancfg5.exe C:\WINDOWS\SYSTEM32\acs.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\program files\common files\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Documents and Settings\Graham\My Documents\Downloads\HiJackThis.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\net.exe -------------------------------------------------- Listing of startup folders: Shell folders Common Startup: [C:\Documents and Settings\All Users\Start Menu\Programs\Startup] NETGEAR WG311T Smart Wizard.lnk = C:\Program Files\NETGEAR\WG311T\wlancfg5.exe -------------------------------------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS\system32\userinit.exe, -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run ATIPTA = C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe CTSysVol = C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe CTDVDDet = C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE AsioReg = REGSVR32.EXE /S CTASIO.DLL mcagent_exe = "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\Run [OptionalComponents] = -------------------------------------------------- Shell & screensaver key from C:\WINDOWS\SYSTEM.INI: Shell=*INI section not found* SCRNSAVE.EXE=*INI section not found* drivers=*INI section not found* Shell & screensaver key from Registry: Shell=Explorer.exe SCRNSAVE.EXE=*Registry value not found* drivers=*Registry value not found* Policies Shell key: HKCU\..\Policies: Shell=*Registry key not found* HKLM\..\Policies: Shell=*Registry value not found* -------------------------------------------------- Enumerating Browser Helper Objects: (no name) - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (no name) - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} (no name) - (no file) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} -------------------------------------------------- Enumerating Task Scheduler jobs: EasyShare Registration Task.job GoogleUpdateTaskUserS-1-5-21-1832651790-4202439031-144032434-1005.job ISP signup reminder 1.job McDefragTask.job McQcTask.job RegCure Program Check.job RegCure.job -------------------------------------------------- Enumerating Download Program Files: [SysProWmi Class] InProcServer32 = C:\WINDOWS\System32\Dell\SystemProfiler\SysPro.ocx CODEBASE = http://support.euro.dell.com/systemprofiler/SysPro.CAB [Microsoft Office Template and Media Control] CODEBASE = http://office.microsoft.com/templates/ieawsdc.cab [Windows Genuine Advantage Validation Tool] InProcServer32 = C:\WINDOWS\system32\legitcheckcontrol.dll CODEBASE = http://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab [Cult3D ActiveX Player] InProcServer32 = C:\WINDOWS\System32\Cult3D\IECult.dll CODEBASE = http://www.cult3d.com/download/cult.cab [csauie1 Control] CODEBASE = http://www.couponreport.net/ftp/v3123/csauie1.cab [Malicious Software Removal Tool] CODEBASE = http://download.microsoft.com/download/b/d/b/bdb4e4ee-63b2-45ff-9d84-33205bf43143/WebCleaner.cab [McAfee.com Operating System Class] InProcServer32 = C:\WINDOWS\System32\mcinsctl.dll CODEBASE = http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,96/mcinsctl.cab [{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}] CODEBASE = http://www.bitdefender.com/scan8/oscan8.cab [McUpdatePortalFactory Class] CODEBASE = http://www.amiuptodate.com/vsc/bin/1,0,0,8/McUpdatePortal.cab [WUWebControl Class] InProcServer32 = C:\WINDOWS\system32\wuweb.dll CODEBASE = http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093807874156 [MUWebControl Class] InProcServer32 = C:\WINDOWS\system32\muweb.dll CODEBASE = http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1123350330093 [Ofoto Upload Manager Class] CODEBASE = http://www.kodakgallery.co.uk/downloads/BUM/BUM_WIN_IE_1/axofupld.cab [Kodak Gallery Easy Upload Manager Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\axofupld.dll CODEBASE = http://www.kodakgallery.co.uk/downloads/BUM/BUM_WIN_IE_2/axofupld.cab [HouseCall Control] CODEBASE = http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab [HPObjectInstaller Class] CODEBASE = http://h30155.www3.hp.com/ediags/gs/install/guidedsolutions.cab [AVXControl Class] CODEBASE = http://threatlevel.pcsecurityshield.com/control/avxnew.dll [CRAVOnline Object] CODEBASE = http://www.ravantivirus.com/scan/ravonline.cab [SassCln Object] CODEBASE = http://www.microsoft.com/security/controls/Sasser/20/SassCln.CAB [ZoneIntro Class] CODEBASE = http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab [DwnldGroupMgr Class] InProcServer32 = C:\WINDOWS\System32\McGDMgr.dll CODEBASE = http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab [Nokia Media Bar] CODEBASE = http://img.euro1.music.nokia.com/installation/MusicManagerPlugin.CAB [Downloader Class] CODEBASE = http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab [ActiveDataInfo Class] CODEBASE = https://www-secure.symantec.com/techsupp/activedata/SymAData.cab [Shockwave Flash Object] InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash10a.ocx CODEBASE = http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab [ActiveDataObj Class] CODEBASE = https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab [PCPitstop Exam] InProcServer32 = C:\WINDOWS\Downloaded Program Files\pcpitstop2.dll CODEBASE = http://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: PostBootReminder: C:\WINDOWS\system32\SHELL32.dll CDBurn: C:\WINDOWS\system32\SHELL32.dll WebCheck: C:\WINDOWS\system32\webcheck.dll SysTray: C:\WINDOWS\System32\stobject.dll WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll -------------------------------------------------- End of report, 8,782 bytes Report generated in 0.125 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only