Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. 
Join 
This topic is locked
StartupList report, 1/2/2010, 12:15:05 AM
StartupList version: 1.52.2
Started from : C:\Program Files\Trend Micro\HijackThis\HijackThis.EXE
Detected: Windows XP SP3 (WinNT 5.01.2600)
Detected: Internet Explorer v7.00 (7.00.6000.16945)
* Using default options
==================================================
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Nexon\MapleStory\npkcmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\VistaDrive\VistaDrive.exe
C:\Program Files\LClock\LClock.exe
C:\Program Files\Xtras\VisualTaskTips\VisualTaskTips.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\SBCLIG~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Xtras\Rainlendar\Rainlendar.exe
C:\Program Files\SBC LightSpeed Self Support Tool\bin\mpbtn.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\FREEDO~1\fdm.exe
C:\Program Files\Alwil Software\Avast4\ashChest.exe
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
--------------------------------------------------
Listing of startup folders:
Shell folders Startup:
[C:\Documents and Settings\Enrique\Start Menu\Programs\Startup]
Fanbase.lnk = C:\Program Files\Fanbase\Fanbase.exe
PowerReg Scheduler V3.exe
Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
Rainlendar.lnk = C:\Program Files\Xtras\Rainlendar\Rainlendar.exe
SBC Self Support Tool.lnk = C:\Program Files\SBC LightSpeed Self Support Tool\bin\matcli.exe
ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
--------------------------------------------------
Checking Windows NT UserInit:
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
VistaDrive = C:\WINDOWS\VistaDrive\VistaDrive.exe
LClock = C:\Program Files\LClock\LClock.exe
VisualTaskTips = C:\Program Files\Xtras\VisualTaskTips\VisualTaskTips.exe
avast! = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
PRISMSVR.EXE = "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY
YBrowser = C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
Motive SmartBridge = C:\PROGRA~1\SBCLIG~1\SMARTB~1\MotiveSB.exe
HPDJ Taskbar Utility = C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
HP Software Update = C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
HP Component Manager = "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
YSearchProtection = "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
ZangoOE = C:\Program Files\Zango\bin\10.3.74.0\OEAddOn.exe
ZangoSA = "C:\Program Files\Zango\bin\10.3.74.0\ZangoSA.exe"
AppleSyncNotifier = C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
iTunesHelper = "C:\Program Files\iTunes\iTunesHelper.exe"
ArcSoft Connection Service = C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
Adobe Reader Speed Launcher = "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TaskSwitchXP = C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
RAM Medic = C:\Program Files\Iomatic\RAM Medic\RAMMedic.exe
ShellToys XP Utility Manager = "C:\Program Files\CFi\ShellToys\CFiShlMan.exe" -start
Free Download Manager = C:\Program Files\Free Download Manager\fdm.exe -autorun
ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
MsnMsgr = "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
Search Protection = C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
Messenger (Yahoo!) = "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
[OptionalComponents]
=
--------------------------------------------------
Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*
Shell & screensaver key from Registry:
Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*
Policies Shell key:
HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*
--------------------------------------------------
Enumerating Browser Helper Objects:
(no name) - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll - {02478D38-C3F9-4EFB-9B51-7695ECA05670}
ShoppingReport - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll - {100EB1FD-D03E-47FD-81F3-EE91287F9465}
AcroIEHelperStub - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll - {18DF081C-E8AD-4283-A596-FA578C2EBDC3}
(no name) - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}
Zango - C:\Program Files\Zango\bin\10.3.74.0\HostIE.dll (file missing) - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B}
(no name) - C:\Program Files\Free Download Manager\iefdmcks.dll - {CC59E0F9-7E43-44FA-9FAA-8377850BF205}
(no name) - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D}
--------------------------------------------------
Enumerating Task Scheduler jobs:
AppleSoftwareUpdate.job
EasyShare Registration Task.job
WGASetup.job
--------------------------------------------------
Enumerating Download Program Files:
[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\system32\Adobe\Director\SwDir.dll
CODEBASE = http://download.macr...director/sw.cab
[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\system32\Adobe\Director\swdir.dll
CODEBASE = http://download.macr...director/sw.cab
[Installation Support]
InProcServer32 = C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll
CODEBASE = C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll
[PowerLoader Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\PowerLoader.dll
CODEBASE = http://powerchalleng...PowerLoader.cab
[DivXBrowserPlugin Object]
InProcServer32 = C:\Program Files\DivX\DivX Web Player\npdivx32.dll
CODEBASE = http://download.divx...owserPlugin.cab
[{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}]
CODEBASE = http://fpdownload.ma...t/ultrashim.cab
[Toontown Installer ActiveX Control]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\ttinst.dll
CODEBASE = http://a.download.to...2.21/ttinst.cab
[Oberon Flash Game Host]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\OberonGameHost.dll
CODEBASE = http://games.myspace...ronGameHost.cab
[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash10a.ocx
CODEBASE = http://fpdownload2.m...ash/swflash.cab
--------------------------------------------------
Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*
Windows NT checkdisk command:
BootExecute = autocheck autochk *
Windows NT 'Wininit.ini':
PendingFileRenameOperations: C:\Program Files\AV\..6O9FFX||C:\Program Files\AV\...WZH1BE|||?
--------------------------------------------------
Enumerating ShellServiceObjectDelayLoad items:
PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll
WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll
--------------------------------------------------
End of report, 10,036 bytes
Report generated in 0.040 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
Help me out here.
I got some files infected so I need help to get rid of the viruses.
