StartupList report, 5/15/2006, 8:50:29 PM StartupList version: 1.52.2 Started from : C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.EXE Detected: Windows XP SP2 (WinNT 5.01.2600) Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180) * Using default options ================================================== Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\spoolsv.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\WINNT\Explorer.EXE c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\SK9910DM.EXE C:\WINNT\GWMDMMSG.exe C:\WINNT\System32\hkcmd.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\ScanSoft\OmniPageSE\opware32.exe C:\PROGRA~1\PESTPA~1\PPControl.exe C:\WINNT\system32\ZoneLabs\vsmon.exe C:\PROGRA~1\PESTPA~1\PPMemCheck.exe C:\PROGRA~1\PESTPA~1\CookiePatrol.exe C:\Program Files\McAfee\QuickClean\PlgUni.exe C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Eisenworld\PCBackup\ABScheduler.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe C:\WINNT\system32\svchost.exe C:\Program Files\gofluent\goSoft2004\goSoft.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe C:\WINNT\System32\wbem\wmiapsrv.exe c:\progra~1\mcafee.com\vso\mcvsftsn.exe C:\WINNT\System32\svchost.exe C:\Program Files\Messenger\msmsgs.exe C:\WINNT\System32\HPZipm12.exe C:\Program Files\Yahoo!\Messenger\YPager.exe C:\Program Files\Microsoft Office\Office\Winword.exe C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe -------------------------------------------------- Listing of startup folders: Shell folders Startup: [C:\Documents and Settings\Owner\Start Menu\Programs\Startup] Microsoft Office Shortcut Bar.Lnk = C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE WKCALREM.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe Shell folders Common Startup: [C:\Documents and Settings\All Users\Start Menu\Programs\Startup] HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe Microsoft Works Calendar Reminders.lnk = ? -------------------------------------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINNT\system32\userinit.exe, -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run Hot Key Kbd 9910 Daemon = SK9910DM.EXE GWMDMMSG = GWMDMMSG.exe IgfxTray = C:\WINNT\System32\igfxtray.exe HotKeysCmds = C:\WINNT\System32\hkcmd.exe Keyboard Preload Check = C:\OEMDRVRS\KEYB\Preload.exe /DEVID: /CLASS:Keyboard /RunValue:"Keyboard Preload Check" GWMDMpi = C:\WINNT\GWMDMpi.exe AdaptecDirectCD = "c:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime Omnipage = C:\Program Files\ScanSoft\OmniPageSE\opware32.exe PestPatrol Control Center = C:\PROGRA~1\PESTPA~1\PPControl.exe PPMemCheck = C:\PROGRA~1\PESTPA~1\PPMemCheck.exe CookiePatrol = C:\PROGRA~1\PESTPA~1\CookiePatrol.exe Imonitor = "C:\Program Files\McAfee\QuickClean\PlgUni.exe" /START VSOCheckTask = "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask VirusScan Online = "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" MCAgentExe = c:\PROGRA~1\mcafee.com\agent\mcagent.exe MCUpdateExe = c:\PROGRA~1\mcafee.com\agent\mcupdate.exe WinPatrol = C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe SunJavaUpdateSched = C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe HP Component Manager = "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" PCBackup Scheduler = C:\Program Files\Eisenworld\PCBackup\ABScheduler.exe NeroFilterCheck = C:\WINNT\system32\NeroCheck.exe HP Software Update = C:\Program Files\HP\HP Software Update\HPWuSchd2.exe goSoft = (Default) = Zone Labs Client = C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run McAfee.InstantUpdate.Monitor = "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR msnmsgr = "C:\Program Files\MSN Messenger\msnmsgr.exe" /background NBJ = "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" gosoft = C:\Program Files\gofluent\goSoft2004\goStart.exe mini -------------------------------------------------- Shell & screensaver key from C:\WINNT\SYSTEM.INI: Shell=*INI section not found* SCRNSAVE.EXE=*INI section not found* drivers=*INI section not found* Shell & screensaver key from Registry: Shell=Explorer.exe SCRNSAVE.EXE=C:\WINNT\System32\logon.scr drivers=*Registry value not found* Policies Shell key: HKCU\..\Policies: Shell=*Registry key not found* HKLM\..\Policies: Shell=*Registry value not found* -------------------------------------------------- Enumerating Browser Helper Objects: (no name) - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (no name) - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (no name) - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} (no name) - c:\program files\google\googletoolbar2.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7} (no name) - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -------------------------------------------------- Enumerating Download Program Files: [McAfee.com Operating System Class] InProcServer32 = C:\WINNT\System32\mcinsctl.dll CODEBASE = http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab [Yahoo! Webcam Upload Wrapper] InProcServer32 = C:\WINNT\Downloaded Program Files\yuplapp.dll CODEBASE = http://chat.yahoo.com/cab/yuplapp.cab [DwnldGroupMgr Class] InProcServer32 = C:\WINNT\System32\McGDMgr.dll CODEBASE = http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab [Shockwave Flash Object] InProcServer32 = C:\WINNT\system32\Macromed\Flash\Flash8.ocx CODEBASE = http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab [Live Collaboration] InProcServer32 = C:\WINNT\DOWNLO~1\RntX.dll CODEBASE = https://liveca04.custhelp.com/7503-b146h-quicken/rnl/java/RntX.cab -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: PostBootReminder: C:\WINNT\system32\SHELL32.dll CDBurn: C:\WINNT\system32\SHELL32.dll WebCheck: C:\WINNT\System32\webcheck.dll SysTray: C:\WINNT\System32\stobject.dll -------------------------------------------------- End of report, 8,395 bytes Report generated in 0.203 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only