StartupList report, 24/08/2008, 17:14:28 StartupList version: 1.52.2 Started from : C:\Program Files\Trend Micro\HijackThis\HijackThis.EXE Detected: Windows XP SP3 (WinNT 5.01.2600) Detected: Internet Explorer v7.00 (7.00.6000.16705) * Using default options ================================================== Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\system32\IoctlSvc.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\Program Files\Vuze\Azureus.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\ezSP_Px.exe C:\PROGRA~1\Yahoo!\YOP\yop.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\btbb_wcm\McciTrayApp.exe C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe C:\WINDOWS\LTSMMSG.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Unlocker\UnlockerAssistant.exe C:\Program Files\iTunes\iTunesHelper.exe C:\PROGRA~1\BTHOME~1\Help\SMARTB~1\BTHelpNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\program files\spybot - search & destroy\teatimer.exe C:\PROGRA~1\Yahoo!\browser\ycommon.exe C:\Program Files\iPod\bin\iPodService.exe C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe C:\WINDOWS\system32\cmd.exe C:\Program Files\Magic Video Converter\avcore.dll C:\WINDOWS\System32\dllhost.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\PROGRA~1\Symantec\Norton AntiVirus\navw32.exe C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe -------------------------------------------------- Listing of startup folders: Shell folders Common Startup: [C:\Documents and Settings\All Users\Start Menu\Programs\Startup] Adobe Gamma Loader.lnk = ? Belkin Wireless USB Utility.lnk = C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe BT Broadband Desktop Help.lnk = C:\Program Files\BT Home Hub\Help\bin\matcli.exe -------------------------------------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS\system32\userinit.exe, -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run nwiz = //~nwiz.exe /installquiet HTpatch = //~c:\windows\htpatch.exe ezShieldProtector for Px = C:\WINDOWS\System32\ezSP_Px.exe StorageGuard = //~c:\program files\veritas software\update manager\sgtray.exe /r EPSON Stylus Photo R340 Series = //~c:\windows\system32\spool\drivers\w32x86\3\e_fatiaje.exe /p30 epson stylus photo r340 series /o6 usb001 /m stylus photo r340 YOP = C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" osCheck = "C:\PROGRA~1\Symantec\osCheck.exe" btbb_wcm_McciTrayApp = C:\Program Files\btbb_wcm\McciTrayApp.exe Symantec PIF AlertEng = "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup YBrowser = C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe LTSMMSG = LTSMMSG.exe btbb_McciTrayApp = C:\Program Files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe SunJavaUpdateSched = "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" UnlockerAssistant = "C:\Program Files\Unlocker\UnlockerAssistant.exe" iTunesHelper = "C:\Program Files\iTunes\iTunesHelper.exe" Motive SmartBridge = C:\PROGRA~1\BTHOME~1\Help\SMARTB~1\BTHelpNotifier.exe -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe SpybotSD TeaTimer = c:\program files\spybot - search & destroy\teatimer.exe Yahoo! Pager = C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\Run [OptionalComponents] = -------------------------------------------------- File association entry for .SCR: HKEY_CLASSES_ROOT\scrfile\shell\open\command (Default) = "%1" %* -------------------------------------------------- Shell & screensaver key from C:\WINDOWS\SYSTEM.INI: Shell=*INI section not found* SCRNSAVE.EXE=*INI section not found* drivers=*INI section not found* Shell & screensaver key from Registry: Shell=Explorer.exe SCRNSAVE.EXE=C:\WINDOWS\System32\sspipes.scr drivers=*Registry value not found* Policies Shell key: HKCU\..\Policies: Shell=*Registry value not found* HKLM\..\Policies: Shell=*Registry value not found* -------------------------------------------------- Enumerating Browser Helper Objects: (no name) - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll - {02478D38-C3F9-4efb-9B51-7695ECA05670} QFX Software KeyScrambler - C:\Program Files\KeyScrambler\KeyScramblerIE.dll - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} (no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F} (no name) - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} (no name) - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (no name) - (no file) - {7E853D72-626A-48EC-A868-BA8D5E23E045} (no name) - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll - {9030D464-4C02-4ABF-8ECC-5164760863C6} (no name) - c:\program files\google\googletoolbar1.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7} (no name) - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (no name) - (no file) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} (no name) - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} -------------------------------------------------- Enumerating Task Scheduler jobs: AppleSoftwareUpdate.job GlaryInitialize.job MP Scheduled Scan.job Norton Security Online - Run Full System Scan - Alan & Tanya.job -------------------------------------------------- Enumerating Download Program Files: [Installation Support] InProcServer32 = C:\Program Files\Yahoo!\Common\Yinsthelper.dll CODEBASE = C:\Program Files\Yahoo!\Common\Yinsthelper.dll [MUCatalogWebControl Class] InProcServer32 = C:\WINDOWS\system32\MicrosoftUpdateCatalogWebControl.dll CODEBASE = http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1218143738375 [MUWebControl Class] InProcServer32 = C:\WINDOWS\system32\muweb.dll CODEBASE = http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1216935541375 -------------------------------------------------- Enumerating Winsock LSP files: NameSpace #4: C:\Program Files\Bonjour\mdnsNSP.dll -------------------------------------------------- Enumerating Windows NT logon/logoff scripts: *No scripts set to run* Windows NT checkdisk command: BootExecute = autocheck autochk * Windows NT 'Wininit.ini': PendingFileRenameOperations: C:\DOCUME~1\ALAN&T~1\LOCALS~1\Temp\_iu14D2N.tmp|||C -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: PostBootReminder: C:\WINDOWS\system32\SHELL32.dll CDBurn: C:\WINDOWS\system32\SHELL32.dll WebCheck: C:\WINDOWS\system32\webcheck.dll SysTray: C:\WINDOWS\System32\stobject.dll -------------------------------------------------- End of report, 9,258 bytes Report generated in 1.985 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only