d33k-hjtstartup

1. StartupList report, 8/2/2011, 1:49:58 PM
2. StartupList version: 1.52.2
3. Started from : C:\Program Files\Trend Micro\HiJackThis\HiJackThis.EXE
4. Detected: Windows XP SP3 (WinNT 5.01.2600)
5. Detected: Internet Explorer v8.00 (8.00.6001.18702)
6. * Using default options
7. ==================================================
8.  
9. Running processes:
10.  
11. C:\WINDOWS\System32\smss.exe
12. C:\WINDOWS\system32\winlogon.exe
13. C:\WINDOWS\system32\services.exe
14. C:\WINDOWS\system32\lsass.exe
15. C:\WINDOWS\system32\Ati2evxx.exe
16. C:\WINDOWS\system32\svchost.exe
17. C:\WINDOWS\System32\svchost.exe
18. C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
19. C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
20. C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
21. C:\WINDOWS\system32\spoolsv.exe
22. C:\WINDOWS\system32\EloSrvce.exe
23. c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
24. C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
25. C:\Program Files\RealVNC\VNC4\WinVNC4.exe
26. C:\WINDOWS\Explorer.EXE
27. C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
28. C:\Program Files\Analog Devices\Core\smax4pnp.exe
29. C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
30. C:\Program Files\Common Files\Symantec Shared\ccApp.exe
31. C:\WINDOWS\system32\ctfmon.exe
32. C:\WINDOWS\system32\EloDkMon.exe
33. C:\WINDOWS\system32\EloTTray.exe
34. C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
35. C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
36. C:\WINDOWS\system32\NOTEPAD.EXE
37. C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
38.  
39. --------------------------------------------------
40.  
41. Listing of startup folders:
42.  
43. Shell folders Common Startup:
44. [C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
45. info.lnk = C:\planet\bginfo\info.bat
46.  
47. --------------------------------------------------
48.  
49. Checking Windows NT UserInit:
50.  
51. [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
52. UserInit = C:\WINDOWS\system32\userinit.exe
53.  
54. --------------------------------------------------
55.  
56. Autorun entries from Registry:
57. HKLM\Software\Microsoft\Windows\CurrentVersion\Run
58.  
59. SoundMAXPnP = C:\Program Files\Analog Devices\Core\smax4pnp.exe
60. ATICCC = "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
61. ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
62. Adobe Reader Speed Launcher = "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
63. Adobe ARM = "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
64.  
65. --------------------------------------------------
66.  
67. Autorun entries from Registry:
68. HKCU\Software\Microsoft\Windows\CurrentVersion\Run
69.  
70. ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
71.  
72. --------------------------------------------------
73.  
74. Autorun entries in Registry subkeys of:
75. HKLM\Software\Microsoft\Windows\CurrentVersion\Run
76.  
77. [OptionalComponents]
78. =
79.  
80. --------------------------------------------------
81.  
82. Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
83.  
84. Shell=*INI section not found*
85. SCRNSAVE.EXE=*INI section not found*
86. drivers=*INI section not found*
87.  
88. Shell & screensaver key from Registry:
89.  
90. Shell=Explorer.exe
91. SCRNSAVE.EXE=*Registry value not found*
92. drivers=*Registry value not found*
93.  
94. Policies Shell key:
95.  
96. HKCU\..\Policies: Shell=*Registry value not found*
97. HKLM\..\Policies: Shell=*Registry value not found*
98.  
99. --------------------------------------------------
100.  
101.  
102. Enumerating Browser Helper Objects:
103.  
104. AcroIEHelperStub - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll - {18DF081C-E8AD-4283-A596-FA578C2EBDC3}
105.  
106. --------------------------------------------------
107.  
108. Enumerating Task Scheduler jobs:
109.  
110. Ad-Aware Update (Weekly).job
111.  
112. --------------------------------------------------
113.  
114. Enumerating Download Program Files:
115.  
116. [WUWebControl Class]
117. InProcServer32 = C:\WINDOWS\system32\wuweb.dll
118. CODEBASE = http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1282855032343
119.  
120. [MUWebControl Class]
121. InProcServer32 = C:\WINDOWS\system32\muweb.dll
122. CODEBASE = http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1296840871372
123.  
124. [{E2883E8F-472F-4FB0-9522-AC9BF37916A7}]
125. CODEBASE = http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
126.  
127. --------------------------------------------------
128.  
129. Enumerating ShellServiceObjectDelayLoad items:
130.  
131. WebCheck: C:\WINDOWS\system32\webcheck.dll
132. PostBootReminder: C:\WINDOWS\system32\shell32.dll
133. CDBurn: C:\WINDOWS\system32\SHELL32.dll
134. SysTray: C:\WINDOWS\system32\stobject.dll
135.  
136. --------------------------------------------------
137. End of report, 5,263 bytes
138. Report generated in 0.015 seconds
139.  
140. Command line options:
141. /verbose - to add additional info on each section
142. /complete - to include empty sections and unsuspicious data
143. /full - to include several rarely-important sections
144. /force9x - to include Win9x-only startups even if running on WinNT
145. /forcent - to include WinNT-only startups even if running on Win9x
146. /forceall - to include all Win9x and WinNT startups, regardless of platform
147. /history - to list version history only