StartupList report, 25/01/2006, 17:25:29 StartupList version: 1.52.2 Started from : C:\Program Files\HijackThis\HijackThis.EXE Detected: Windows XP SP2 (WinNT 5.01.2600) Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180) * Using default options ================================================== Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\WINDOWS\system32\cisvc.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\WINDOWS\System32\DVDRAMSV.exe C:\Program Files\Roxio\GoBack\GBPoll.exe C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE C:\WINDOWS\system32\twatdog.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\TOSHIBA\DualPointUtility\TEDTray.exe C:\WINDOWS\system32\TFNF5.exe C:\Program Files\Symantec AntiVirus\SavRoam.exe C:\WINDOWS\system32\TPWRTRAY.EXE C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE C:\WINDOWS\System32\ezSP_Px.exe C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~2\VPTray.exe C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\SlipStream Web Accelerator\slipcore.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\PROGRA~1\FILEST~1\TURBOB~1\tbksche.exe C:\PROGRA~1\FILEST~1\TURBOB~1\TBKNTService.exe C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsmnt.exe C:\Program Files\Roxio\GoBack\GBTray.exe C:\WINDOWS\system32\RAMASST.exe C:\Program Files\SlipStream Web Accelerator\slipgui.exe C:\Program Files\MemoKit\memokit2.exe C:\Program Files\RealVNC\WinVNC\WinVNC.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\ntvdm.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\system32\cidaemon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE C:\Program Files\Microsoft Office\Office10\WINWORD.EXE C:\Program Files\HijackThis\HijackThis.exe -------------------------------------------------- Listing of startup folders: Shell folders Startup: [C:\Documents and Settings\Administrator\Start Menu\Programs\Startup] MemoKit.lnk = C:\Program Files\MemoKit\mk.exe Shell folders Common Startup: [C:\Documents and Settings\All Users\Start Menu\Programs\Startup] Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe CleanSweep Smart Sweep-Internet Sweep.LNK = C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsmnt.exe GoBack.lnk = C:\Program Files\Roxio\GoBack\GBTray.exe Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe SlipStream Web Accelerator.lnk = C:\Program Files\SlipStream Web Accelerator\slipgui.exe -------------------------------------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS\system32\userinit.exe, -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run TridentWatchDog = twatdog.exe Apoint = C:\Program Files\Apoint2K\Apoint.exe DpUtil = C:\Program Files\TOSHIBA\DualPointUtility\TEDTray.exe TFNF5 = TFNF5.exe Tpwrtray = TPWRTRAY.EXE TFncKy = C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe /Type 24 TosHKCW.exe = "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe" TMESRV.EXE = C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon TMERzCtl.EXE = C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service TMEEJME.EXE = C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE TMESBS.EXE = C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE /Client ezShieldProtector for Px = C:\WINDOWS\System32\ezSP_Px.exe WinVNC = "C:\Program Files\RealVNC\WinVNC\WinVNC.exe" -servicehelper PmProxy = C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe GhostStartTrayApp = C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" vptray = C:\PROGRA~1\SYMANT~2\VPTray.exe BluetoothAuthenticationAgent = rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent SlipStream = "C:\Program Files\SlipStream Web Accelerator\slipcore.exe" Zone Labs Client = C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Google Desktop Search = "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background TurboBackup = C:\PROGRA~1\FILEST~1\TURBOB~1\tbksche.exe -s -------------------------------------------------- Load/Run keys from C:\WINDOWS\WIN.INI: load=*INI section not found* run=*INI section not found* Load/Run keys from Registry: HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\Windows: load= HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=apitrap.dll -------------------------------------------------- Shell & screensaver key from C:\WINDOWS\SYSTEM.INI: Shell=*INI section not found* SCRNSAVE.EXE=*INI section not found* drivers=*INI section not found* Shell & screensaver key from Registry: Shell=Explorer.exe SCRNSAVE.EXE=C:\WINDOWS\system32\logon.scr drivers=*Registry value not found* Policies Shell key: HKCU\..\Policies: Shell=*Registry key not found* HKLM\..\Policies: Shell=*Registry value not found* -------------------------------------------------- Enumerating Browser Helper Objects: (no name) - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (no name) - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F} Google Desktop Search Capture - C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll - {7c1ce531-09e9-4fc5-9803-1c2956615786} (no name) - c:\program files\google\googletoolbar1.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7} (no name) - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll - {AE7CD045-E861-484f-8273-0445EE161910} -------------------------------------------------- Enumerating Task Scheduler jobs: Norton SystemWorks One Button Checkup.job Registration reminder 1.job Registration reminder 2.job Registration reminder 3.job -------------------------------------------------- Enumerating Download Program Files: [HouseCall Control] InProcServer32 = C:\WINDOWS\DOWNLO~1\xscan60.ocx CODEBASE = http://housecall60.trendmicro.com/housecall/xscan60.cab [PCPitstop Utility] InProcServer32 = C:\WINDOWS\Downloaded Program Files\PCPitstop.dll CODEBASE = http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB [Office Update Installation Engine] InProcServer32 = C:\WINDOWS\opuc.dll CODEBASE = http://office.microsoft.com/officeupdate/content/opuc3.cab [WUWebControl Class] InProcServer32 = C:\WINDOWS\system32\wuweb.dll CODEBASE = http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1096137977716 [Symantec RuFSI Utility Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\rufsi.dll CODEBASE = http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab [Microsoft Office XP Professional Step by Step Interactive] InProcServer32 = C:\WINDOWS\Downloaded Program Files\mitm0026.dll CODEBASE = file://D:\CD\setup\mitm0026.cab [Anonymizer Anti-Spyware Scanner] InProcServer32 = C:\WINDOWS\Downloaded Program Files\WebAAS.dll CODEBASE = http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab [{9F1C11AA-197B-4942-BA54-47A8489BB47F}] CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37903.2978703704 [Shockwave Flash Object] InProcServer32 = C:\WINDOWS\system32\macromed\flash\Flash.ocx CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab -------------------------------------------------- Enumerating Winsock LSP files: NameSpace #4: C:\WINDOWS\system32\wshbth.dll Protocol #1: C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork1.dll Protocol #2: C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork1.dll Protocol #3: C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork1.dll Protocol #10: C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork1.dll -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: PostBootReminder: C:\WINDOWS\system32\SHELL32.dll CDBurn: C:\WINDOWS\system32\SHELL32.dll WebCheck: C:\WINDOWS\System32\webcheck.dll SysTray: C:\WINDOWS\System32\stobject.dll -------------------------------------------------- End of report, 11 691 bytes Report generated in 0,070 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only