StartupList report, 6/21/2005, 11:39:55 AM StartupList version: 1.52 Started from : D:\Documents and Settings\doug\Local Settings\Temp\Temporary Directory 1 for startuplist.zip\StartupList.EXE Detected: Windows XP (WinNT 5.01.2600) Detected: Internet Explorer v6.00 (6.00.2600.0000) * Using default options ================================================== Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\csrss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe D:\WINDOWS\system32\spoolsv.exe D:\Program Files\Symantec AntiVirus\DefWatch.exe D:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe D:\Program Files\Symantec AntiVirus\SavRoam.exe D:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe D:\Program Files\Symantec AntiVirus\Rtvscan.exe D:\WINDOWS\Explorer.EXE D:\Program Files\Common Files\Symantec Shared\ccApp.exe D:\PROGRA~1\SYMANT~1\VPTray.exe D:\Program Files\Microsoft AntiSpyware\gcasServ.exe D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe D:\Program Files\Messenger\msmsgs.exe D:\Program Files\Microsoft Office\Office\OSA.EXE D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE D:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe D:\WINDOWS\System32\wuauclt.exe D:\Documents and Settings\doug\Local Settings\Temp\Temporary Directory 1 for startuplist.zip\StartupList.exe -------------------------------------------------- Listing of startup folders: Shell folders Common Startup: [D:\Documents and Settings\All Users\Start Menu\Programs\Startup] EPSON Status Monitor 3 Environment Check 2.lnk = D:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE Microsoft Find Fast.lnk = D:\Program Files\Microsoft Office\Office\FINDFAST.EXE Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE Office Startup.lnk = D:\Program Files\Microsoft Office\Office\OSA.EXE -------------------------------------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = D:\WINDOWS\system32\userinit.exe, -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run Ink Monitor = D:\Program Files\EPSON\Ink Monitor\InkMonitor.exe ccApp = "D:\Program Files\Common Files\Symantec Shared\ccApp.exe" vptray = D:\PROGRA~1\SYMANT~1\VPTray.exe gcasServ = "D:\Program Files\Microsoft AntiSpyware\gcasServ.exe" SpySweeper = "D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce MicrosoftAntiSpywareCleaner = D:\Program Files\Microsoft AntiSpyware\gcASCleaner.exe -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run MSMSGS = "D:\Program Files\Messenger\msmsgs.exe" /background -------------------------------------------------- Shell & screensaver key from D:\WINDOWS\SYSTEM.INI: Shell=*INI section not found* SCRNSAVE.EXE=*INI section not found* drivers=*INI section not found* Shell & screensaver key from Registry: Shell=Explorer.exe SCRNSAVE.EXE=D:\WINDOWS\System32\logon.scr drivers=*Registry value not found* Policies Shell key: HKCU\..\Policies: Shell=*Registry value not found* HKLM\..\Policies: Shell=*Registry value not found* -------------------------------------------------- Enumerating Download Program Files: [Windows Genuine Advantage Validation Tool] InProcServer32 = D:\WINDOWS\System32\LegitCheckControl.DLL CODEBASE = http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409 [{33564D57-9980-0010-8000-00AA00389B71}] CODEBASE = http://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: PostBootReminder: D:\WINDOWS\system32\SHELL32.dll CDBurn: D:\WINDOWS\system32\SHELL32.dll WebCheck: D:\WINDOWS\System32\webcheck.dll SysTray: D:\WINDOWS\System32\stobject.dll -------------------------------------------------- End of report, 5,172 bytes Report generated in 0.150 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only