StartupList report, 23/12/2006, 10:54:25 PM StartupList version: 1.52.2 Started from : C:\Documents and Settings\Stefan\My Documents\My Downloads\hijackthis\HijackThis.EXE Detected: Windows XP SP2 (WinNT 5.01.2600) Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180) * Using default options ================================================== Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe C:\PROGRA~1\NORTON~2\NORTON~2\NPROTECT.EXE C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\PROGRA~1\NORTON~2\NORTON~2\SPEEDD~1\NOPDB.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ThpSrv.exe C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe C:\WINDOWS\system32\TODDSrv.exe C:\WINDOWS\SYSTEM32\WISPTIS.EXE C:\WINDOWS\System32\tabbtnu.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\00THotkey.exe C:\Program Files\Toshiba\CrossMenu\CrossMenu.exe C:\WINDOWS\system32\TFNF5.exe C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe C:\Program Files\TOSHIBA\TOSHIBA Rotation Utility\TRot.exe C:\WINDOWS\system32\igfxext.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\SkyTel.EXE C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\TOSHIBA\TouchED\TouchED.Exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe C:\Program Files\Toshiba\ConfigFree\NDSTray.exe C:\WINDOWS\system32\TPSMain.exe C:\WINDOWS\system32\TPSODDCtl.exe C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE C:\Program Files\TOSHIBA\TME3\TMETEMNU.EXE C:\WINDOWS\system32\thpsrv.exe C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe C:\Program Files\Toshiba\Tvs\TvsTray.exe C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe C:\Program Files\TOSHIBA\Acceleration Utilities\TAcelMgr\TAcelMgr.exe C:\WINDOWS\system32\TPSBattM.exe C:\Program Files\TOSHIBA\Acceleration Utilities\Shaker\TSkrMain.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Protector Suite QL\psqltray.exe C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe C:\PROGRA~1\RETROS~1\RETROS~1.1\RetroExpress.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\Toshiba\ConfigFree\CFSServ.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Program Files\Toshiba\ConfigFree\CFXFER.exe C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2007 DVD\EDICT.EXE C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe C:\Program Files\TOSHIBA\Bluetooth Monitor\BtMon2.exe C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe C:\WINDOWS\system32\RAMASST.exe C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe C:\Program Files\Macromedia\Fireworks 8\Fireworks.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\PROGRA~1\RETROS~1\RETROS~1.1\retrorun.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Stefan\My Documents\My Downloads\hijackthis\HijackThis.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -------------------------------------------------- Listing of startup folders: Shell folders Startup: [C:\Documents and Settings\Stefan\Start Menu\Programs\Startup] Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE Shell folders Common Startup: [C:\Documents and Settings\All Users\Start Menu\Programs\Startup] Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe Bluetooth Monitor.lnk = ? Norton GoBack.lnk = C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe -------------------------------------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS\system32\userinit.exe, -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run TabletWizard = C:\WINDOWS\help\SplshWrp.exe igfxtray = C:\WINDOWS\system32\igfxtray.exe igfxhkcmd = C:\WINDOWS\system32\hkcmd.exe igfxpers = C:\WINDOWS\system32\igfxpers.exe 00THotkey = C:\WINDOWS\system32\00THotkey.exe CrossMenu = C:\Program Files\Toshiba\CrossMenu\CrossMenu.exe 000StTHK = 000StTHK.exe TFNF5 = TFNF5.exe SmoothView = C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe TRot.exe = c:\Program Files\TOSHIBA\TOSHIBA Rotation Utility\TRot.exe RTHDCPL = RTHDCPL.EXE SkyTel = SkyTel.EXE Alcmtr = ALCMTR.EXE Apoint = C:\Program Files\Apoint2K\Apoint.exe TouchED = C:\Program Files\TOSHIBA\TouchED\TouchED.Exe AGRSMMSG = AGRSMMSG.exe TosHKCW.exe = "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe" NDSTray.exe = C:\Program Files\Toshiba\ConfigFree\NDSTray.exe TPSMain = TPSMain.exe TPSODDCtl = TPSODDCtl.exe TMESRV.EXE = C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon TMERzCtl.EXE = C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service TOSDCR = TOSDCR.EXE ThpSrv = C:\WINDOWS\system32\thpsrv /logon TFncKy = C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe Tvs = C:\Program Files\Toshiba\Tvs\TvsTray.exe DDWMon = C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe TAcelMgr = C:\Program Files\TOSHIBA\Acceleration Utilities\TAcelMgr\TAcelMgr.exe TSkrMain = C:\Program Files\TOSHIBA\Acceleration Utilities\Shaker\TSkrMain.exe IntelZeroConfig = "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" IntelWireless = "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless PSQLLauncher = "C:\Program Files\Protector Suite QL\launcher.exe" /startup ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" MaxtorOneTouch = C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe RetroExpress = C:\PROGRA~1\RETROS~1\RETROS~1.1\RetroExpress.exe /h CFSServ.exe = C:\Program Files\Toshiba\ConfigFree\CFSServ.exe -NoClient Share-to-Web Namespace Daemon = c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe TabletTip = "C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" /resume osCheck = "C:\Program Files\Norton Internet Security\osCheck.exe" -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run L07AXLRD_751234 = "C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2007 DVD\EDICT.EXE" -m SsAAD.exe = C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe -------------------------------------------------- Shell & screensaver key from C:\WINDOWS\SYSTEM.INI: Shell=*INI section not found* SCRNSAVE.EXE=*INI section not found* drivers=*INI section not found* Shell & screensaver key from Registry: Shell=Explorer.exe SCRNSAVE.EXE=C:\WINDOWS\system32\InsSec.scr drivers=*Registry value not found* Policies Shell key: HKCU\..\Policies: Shell=*Registry value not found* HKLM\..\Policies: Shell=*Registry value not found* -------------------------------------------------- Enumerating Browser Helper Objects: (no name) - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (no name) - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} (no name) - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (no name) - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll - {9030D464-4C02-4ABF-8ECC-5164760863C6} (no name) - (no file) - {92AD85C6-C471-4EF0-B2FE-4F9F5A440D72} Encarta Web Companion Helper Object - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} -------------------------------------------------- Enumerating Task Scheduler jobs: Norton Internet Security - Run Full System Scan - Stefan.job -------------------------------------------------- Enumerating Download Program Files: [Shockwave Flash Object] InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab -------------------------------------------------- Enumerating Windows NT logon/logoff scripts: *No scripts set to run* Windows NT checkdisk command: BootExecute = autocheck autochk * Windows NT 'Wininit.ini': PendingFileRenameOperations: C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec\SyKnAppS\9fd59ec2-4844-4340-b3e8-77b9b675e999_cohcol.wlt|||\ -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: PostBootReminder: C:\WINDOWS\system32\SHELL32.dll CDBurn: C:\WINDOWS\system32\SHELL32.dll WebCheck: C:\WINDOWS\system32\webcheck.dll SysTray: C:\WINDOWS\system32\stobject.dll WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll -------------------------------------------------- End of report, 10,998 bytes Report generated in 0.062 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only