StartupList report, 12/2/2005, 2:19:59 PM StartupList version: 1.52.2 Started from : D:\hijack\HijackThis.EXE Detected: Windows XP SP2 (WinNT 5.01.2600) Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180) * Using default options * Including empty and uninteresting sections ================================================== Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\Ati2evxx.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\spoolsv.exe D:\WINDOWS\system32\Ati2evxx.exe D:\WINDOWS\Explorer.EXE D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe D:\PROGRA~1\Grisoft\AVG7\avgcc.exe D:\PROGRA~1\Grisoft\AVG7\avgemc.exe D:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe D:\WINDOWS\Logi_MwX.Exe D:\Program Files\Plaxo\2.4.1.5\InstallStub.exe D:\WINDOWS\system32\ctfmon.exe D:\Program Files\CleanMyPC\Registry Cleaner\RCScheduler.exe D:\Program Files\Logitech\SetPoint\SetPoint.exe D:\Program Files\SEC\MagicTune3.6_Client_pivot\GammaTray.exe D:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE D:\Program Files\TechTracker\VersionTracker Pro\VersionTrackerPro.exe D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe D:\WINDOWS\system32\inetsrv\inetinfo.exe D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE D:\WINDOWS\System32\mnmsrvc.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\system32\rundll32.exe D:\WINDOWS\system32\Tablet.exe D:\Program Files\RealVNC\VNC4\WinVNC4.exe D:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE D:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE D:\hijack\HijackThis.exe D:\Program Files\Internet Explorer\iexplore.exe -------------------------------------------------- Listing of startup folders: Shell folders Startup: [D:\Documents and Settings\Richard\Start Menu\Programs\Startup] *No files* Shell folders AltStartup: *Folder not found* User shell folders Startup: *Folder not found* User shell folders AltStartup: *Folder not found* Shell folders Common Startup: [D:\Documents and Settings\All Users\Start Menu\Programs\Startup] Logitech SetPoint.lnk = D:\Program Files\Logitech\SetPoint\SetPoint.exe Color Calibration.lnk = ? MagicTune3.6.lnk = ? VersionTracker Pro.lnk = ? Shell folders Common AltStartup: *Folder not found* User shell folders Common Startup: *Folder not found* User shell folders Alternate Common Startup: *Folder not found* -------------------------------------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = D:\WINDOWS\system32\userinit.exe, [HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon] *Registry key not found* [HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] *Registry value not found* [HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon] *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run ATIPTA = D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe AVG7_CC = D:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP AVG7_EMC = D:\PROGRA~1\Grisoft\AVG7\avgemc.exe NvMixerTray = D:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe Logitech Utility = Logi_MwX.Exe Logitech Hardware Abstraction Layer = KHALMNPR.EXE ATICCC = "D:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce !CleanupNetMeetingDispDriver = "D:\WINDOWS\system32\rundll32.exe" msconf.dll,CleanupNetMeetingDispDriver 0 -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *No values found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run PlaxoUpdate = D:\Program Files\Plaxo\2.4.1.5\InstallStub.exe -a ctfmon.exe = D:\WINDOWS\system32\ctfmon.exe Registry Cleaner Scheduler = "D:\Program Files\CleanMyPC\Registry Cleaner\RCScheduler.exe" /startup -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce *No values found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\Run [AutorunsDisabled] *No values found* [OptionalComponents] *No values found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\Run [AutorunsDisabled] LDM = \Program\ -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- File association entry for .EXE: HKEY_CLASSES_ROOT\exefile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .COM: HKEY_CLASSES_ROOT\comfile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .BAT: HKEY_CLASSES_ROOT\batfile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .PIF: HKEY_CLASSES_ROOT\piffile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .SCR: HKEY_CLASSES_ROOT\scrfile\shell\open\command (Default) = "%1" /S -------------------------------------------------- File association entry for .HTA: HKEY_CLASSES_ROOT\htafile\shell\open\command (Default) = D:\WINDOWS\system32\mshta.exe "%1" %* -------------------------------------------------- File association entry for .TXT: HKEY_CLASSES_ROOT\txtfile\shell\open\command (Default) = %SystemRoot%\system32\NOTEPAD.EXE %1 -------------------------------------------------- Enumerating ICQ Agent Autostart apps: HKCU\Software\Mirabilis\ICQ\Agent\Apps *Registry key not found* -------------------------------------------------- Load/Run keys from D:\WINDOWS\WIN.INI: load=*INI section not found* run=*INI section not found* Load/Run keys from Registry: HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\Windows: load= HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs= -------------------------------------------------- Shell & screensaver key from D:\WINDOWS\SYSTEM.INI: Shell=*INI section not found* SCRNSAVE.EXE=*INI section not found* drivers=*INI section not found* Shell & screensaver key from Registry: Shell=Explorer.exe SCRNSAVE.EXE=*Registry value not found* drivers=*Registry value not found* Policies Shell key: HKCU\..\Policies: Shell=*Registry key not found* HKLM\..\Policies: Shell=*Registry value not found* -------------------------------------------------- Enumerating Browser Helper Objects: (no name) - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -------------------------------------------------- Enumerating Task Scheduler jobs: *No jobs found* -------------------------------------------------- Enumerating Download Program Files: [Microsoft XML Parser for Java] OSD = D:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd [HouseCall Control] InProcServer32 = D:\WINDOWS\DOWNLO~1\xscan60.ocx CODEBASE = http://housecall-beta.trendmicro.com/housecall/xscan60.cab [Macromedia Authorware Web Player Control] InProcServer32 = D:\WINDOWS\system32\macromed\authorwa\awswax.ocx CODEBASE = http://fpdownload.macromedia.com/get/shockwave/cabs/authorware/awswaxd.cab [Shockwave ActiveX Control] InProcServer32 = D:\WINDOWS\system32\Macromed\Director\SwDir.dll CODEBASE = http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab [Windows Genuine Advantage Validation Tool] InProcServer32 = D:\WINDOWS\system32\LegitCheckControl.DLL CODEBASE = http://go.microsoft.com/fwlink/?linkid=39204 [{33564D57-0000-0010-8000-00AA00389B71}] CODEBASE = http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB [Office Update Installation Engine] InProcServer32 = D:\WINDOWS\opuc.dll CODEBASE = http://office.microsoft.com/officeupdate/content/opuc3.cab [WUWebControl Class] InProcServer32 = D:\WINDOWS\system32\wuweb.dll CODEBASE = http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1127074072921 [MUWebControl Class] InProcServer32 = D:\WINDOWS\system32\muweb.dll CODEBASE = http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125951032825 [HouseCall Control] InProcServer32 = D:\WINDOWS\DOWNLO~1\xscan53.ocx CODEBASE = http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab [TWDownloader Class] InProcServer32 = D:\WINDOWS\Downloaded Program Files\TumbleweedDownload.dll CODEBASE = https://epackage1.ups.com/download/TWDownload.cab [StartCon25] InProcServer32 = D:\WINDOWS\DOWNLO~1\STARTC~1.OCX CODEBASE = http://weboffice.scansource.com/ActiveX/StartConf25.cab [Java Plug-in 1.5.0_04] InProcServer32 = D:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab [{9F1C11AA-197B-4942-BA54-47A8489BB47F}] CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38147.3929861111 [Java Plug-in 1.4.0] CODEBASE = http://java.sun.com/update/1.4.0/jinstall-1_4_0-windows-i586.cab [Java Plug-in 1.5.0_01] InProcServer32 = D:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab [Java Plug-in 1.5.0_02] InProcServer32 = D:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab [Java Plug-in 1.5.0_04] InProcServer32 = D:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab [Shockwave Flash Object] InProcServer32 = D:\WINDOWS\system32\Macromed\Flash\Flash8.ocx CODEBASE = http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab -------------------------------------------------- Enumerating Winsock LSP files: NameSpace #1: D:\WINDOWS\System32\mswsock.dll NameSpace #2: D:\WINDOWS\System32\winrnr.dll NameSpace #3: D:\WINDOWS\System32\mswsock.dll Protocol #1: D:\WINDOWS\system32\mswsock.dll Protocol #2: D:\WINDOWS\system32\mswsock.dll Protocol #3: D:\WINDOWS\system32\mswsock.dll Protocol #4: D:\WINDOWS\system32\rsvpsp.dll Protocol #5: D:\WINDOWS\system32\rsvpsp.dll Protocol #6: D:\WINDOWS\system32\mswsock.dll Protocol #7: D:\WINDOWS\system32\mswsock.dll Protocol #8: D:\WINDOWS\system32\mswsock.dll Protocol #9: D:\WINDOWS\system32\mswsock.dll Protocol #10: D:\WINDOWS\system32\mswsock.dll Protocol #11: D:\WINDOWS\system32\mswsock.dll Protocol #12: D:\WINDOWS\system32\mswsock.dll Protocol #13: D:\WINDOWS\system32\mswsock.dll Protocol #14: D:\WINDOWS\system32\mswsock.dll Protocol #15: D:\WINDOWS\system32\mswsock.dll Protocol #16: D:\WINDOWS\system32\mswsock.dll Protocol #17: D:\WINDOWS\system32\mswsock.dll -------------------------------------------------- Enumerating Windows NT logon/logoff scripts: *No scripts set to run* Windows NT checkdisk command: BootExecute = autocheck autochk * Windows NT 'Wininit.ini': PendingFileRenameOperations: *Registry value not found* -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: PostBootReminder: D:\WINDOWS\system32\SHELL32.dll CDBurn: D:\WINDOWS\system32\SHELL32.dll WebCheck: D:\WINDOWS\system32\webcheck.dll SysTray: D:\WINDOWS\system32\stobject.dll -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run *Registry key not found* -------------------------------------------------- End of report, 17,631 bytes Report generated in 0.031 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only