StartupList report, 12/5/2007, 7:48:41 PM StartupList version: 1.52.2 Started from : C:\Documents and Settings\Hassan\My Documents\Downloads\HijackThis.EXE Detected: Windows XP SP2 (WinNT 5.01.2600) Detected: Internet Explorer v7.00 (7.00.6000.16544) * Using default options ================================================== Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\ibmpmsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\brss01a.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Maxtor\Sync\SyncServices.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\McAfee\MBK\MBackMonitor.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee.com\Agent\mcagent.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\WINDOWS\system32\tp4mon.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program Files\Sharp\Sharpdesk\IndexTray.exe C:\Program Files\Sharp\Sharpdesk\SharpTray.exe C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe C:\Program Files\CyberLink\PCM4Everio\EverioService.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Logitech\QuickCam\Quickcam.exe C:\Program Files\SiteAdvisor\6172\SiteAdv.exe C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe C:\Program Files\McAfee\MSK\MskSrver.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\UPS\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe C:\PROGRA~1\Sharp\SHARPD~1\Indexer.exe C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\Program Files\SiteAdvisor\6172\SAService.exe C:\PROGRA~1\MICROS~3\rapimgr.exe C:\Program Files\Sharp\Sharpdesk\sdFTP.exe C:\WINDOWS\system32\svchost.exe C:\UPS\WSTD\Messages\WSTDMessaging.exe C:\Program Files\Mcafee\MWL\MwlSvc.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files\Mcafee\MWL\MwlGui.exe C:\WINDOWS\system32\dllhost.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\WINDOWS\system32\taskmgr.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Hassan\My Documents\Downloads\HijackThis.exe -------------------------------------------------- Listing of startup folders: Shell folders Common Startup: [C:\Documents and Settings\All Users\Start Menu\Programs\Startup] QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe Start Network Scanner Tool.lnk = C:\Program Files\Sharp\Sharpdesk\sdFTP.exe UPS WorldShip Messaging Utility.lnk = C:\UPS\WSTD\Messages\WSTDMessaging.exe UPS WorldShip PLD Reminder Utility.lnk = C:\UPS\WSTD\wstdPldReminder.exe -------------------------------------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS\system32\userinit.exe, -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run TrackPointSrv = tp4mon.exe IgfxTray = C:\WINDOWS\system32\igfxtray.exe HotKeysCmds = C:\WINDOWS\system32\hkcmd.exe Adobe Photo Downloader = "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" IndexTray = "C:\Program Files\Sharp\Sharpdesk\IndexTray.exe" SharpTray = "C:\Program Files\Sharp\Sharpdesk\SharpTray.exe" RemoteControl = "C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe" EverioService = "C:\Program Files\CyberLink\PCM4Everio\EverioService.exe" SunJavaUpdateSched = "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" Adobe Reader Speed Launcher = "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" LogitechCommunicationsManager = "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" LogitechQuickCamRibbon = "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide MWLExe = C:\Program Files\Mcafee\MWL\MWLGuiSt.exe SiteAdvisor = C:\Program Files\SiteAdvisor\6172\SiteAdv.exe McENUI = C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide NWEReboot = NeroFilterCheck = C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe MBkLogOnHook = C:\Program Files\McAfee\MBK\LogOnHook.exe mcagent_exe = C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey mxomssmenu = "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe H/PC Connection Agent = "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" swg = C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe MsnMsgr = "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} = "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\Run [OptionalComponents] = -------------------------------------------------- Shell & screensaver key from C:\WINDOWS\SYSTEM.INI: Shell=*INI section not found* SCRNSAVE.EXE=*INI section not found* drivers=*INI section not found* Shell & screensaver key from Registry: Shell=Explorer.exe SCRNSAVE.EXE=C:\WINDOWS\System32\logon.scr drivers=*Registry value not found* Policies Shell key: HKCU\..\Policies: Shell=*Registry key not found* HKLM\..\Policies: Shell=*Registry value not found* -------------------------------------------------- Enumerating Browser Helper Objects: (no name) - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (no name) - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll - {089FD14D-132B-48FC-8861-0048AE113215} McAntiPhishingBHO - C:\Program Files\McAfee\MSK\mcapbho.dll - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} (no name) - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} (no name) - (no file) - {7E853D72-626A-48EC-A868-BA8D5E23E045} (no name) - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll - {9030D464-4C02-4ABF-8ECC-5164760863C6} (no name) - c:\program files\google\googletoolbar2.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7} (no name) - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -------------------------------------------------- Enumerating Task Scheduler jobs: AppleSoftwareUpdate.job McDefragTask.job McQcTask.job Rescue Reminder for 2HAP1LXT.job -------------------------------------------------- Enumerating Download Program Files: [NetCamPlayerWeb11g Control] InProcServer32 = C:\WINDOWS\DOWNLO~1\NETCAM~1.OCX CODEBASE = http://192.168.2.115/img/NetCamPlayerWeb11g.ocx [Shockwave Flash Object] InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx CODEBASE = http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab -------------------------------------------------- Enumerating Windows NT logon/logoff scripts: *No scripts set to run* Windows NT checkdisk command: BootExecute = autocheck autochk * Windows NT 'Wininit.ini': PendingFileRenameOperations: C:\WINDOWS\TEMP\025947~1.EXE||C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee\MSC\Updates\Installs\1\msk\mcinst.exe||C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee\MSC\Updates\Installs\1\msk\mcinst.exe||C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee\MSC\Updates\Installs\1\msk\mcinst.exe||C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee\MSC\Updates\Installs\1\msk\mcinst.exe -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: PostBootReminder: C:\WINDOWS\system32\SHELL32.dll CDBurn: C:\WINDOWS\system32\SHELL32.dll WebCheck: C:\WINDOWS\system32\webcheck.dll SysTray: C:\WINDOWS\system32\stobject.dll WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll -------------------------------------------------- End of report, 9,936 bytes Report generated in 0.421 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only