Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Need help figuring out what to remove!

Started by Tabitha08 , Jul 30 2008 09:57 AM

  • Please log in to reply

#1
Tabitha08
Posted 30 July 2008 - 09:57 AM

Tabitha08

    New Member

  • Member
  • Pip
  • 1 posts
StartupList report, 7/30/2008, 10:47:19 AM
StartupList version: 1.52.2
Started from : D:\Program Files\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v7.00 (7.00.6000.16674)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\LTSMMSG.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
D:\Program Files\QuickTime\QTTask.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe
D:\Program Files\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\Tabitha \Start Menu\Programs\Startup]
PowerReg Scheduler.exe

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
SWYDM Chat.LNK = C:\Program Files\SWYDM Chat Enhanced Edition\swydmcht.exe
VAIO Action Setup (Server).lnk = ?

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\System32\Userinit.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

LTSMMSG = LTSMMSG.exe
SiS Tray =
SiS KHooker = C:\WINDOWS\System32\khooker.exe
ZTgServerSwitch = c:\program files\support.com\client\bin\tgcmd.exe /server
QuickFinder Scheduler = "C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE"
WINSTA~1.EXE = C:\WINDOWS\System\WINSTA~1.EXE -b
BIOVIP = C:\WINDOWS\BIOVIP.exe
AGRSMMSG = AGRSMMSG.exe
ashMaiSv = C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
NetscapeClient =
SunJavaUpdateSched = "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
Adobe Reader Speed Launcher = "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
AppleSyncNotifier = C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
QuickTime Task = "D:\Program Files\QuickTime\QTTask.exe" -atboottime
iTunesHelper = "D:\Program Files\iTunes\iTunesHelper.exe"
TMRUBottedTray = "C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe"

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

msnmsgr = "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
boltzap = D:\DOWNLOADS\BoltZap.exe
am = D:\downloads\BoltZap.exe
ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
=

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = %1

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=
SCRNSAVE.EXE=C:\WINDOWS\System32\DONTTO~1.SCR
drivers=

Shell & screensaver key from Registry:

Shell=explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - (no file) - {02478D38-C3F9-4efb-9B51-7695ECA05670}
(no name) - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
(no name) - (no file) - {7E853D72-626A-48EC-A868-BA8D5E23E045}
(no name) - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll - {9030D464-4C02-4ABF-8ECC-5164760863C6}
(no name) - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll - {A7327C09-B521-4EDB-8509-7D2660C9EC98}
(no name) - C:\Program Files\Windows Live Toolbar\msntb.dll - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}

--------------------------------------------------

Enumerating Task Scheduler jobs:

AppleSoftwareUpdate.job
Check Updates for Windows Live Toolbar.job
RegistrySmart Scheduled Scan.job

--------------------------------------------------

Enumerating Download Program Files:

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\system32\Macromed\Director\SwDir.dll
CODEBASE = http://download.macr...director/sw.cab

[Windows Genuine Advantage Validation Tool]
InProcServer32 = C:\WINDOWS\system32\legitcheckcontrol.dll
CODEBASE = http://go.microsoft....k/?linkid=39204

[AimSp32 Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\aimsp32.dll
CODEBASE = http://makeover.subs...ve/makeover.cab

[MSSecurityAdvisor Class]
InProcServer32 = C:\WINDOWS\System32\mssecadv.dll
CODEBASE = http://download.micr...b?1084415038593

[{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}]
CODEBASE = http://ak.exe.imgfar...etup1.0.1.0.cab

[TmHcmsX Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\TmHcmsX.ocx
CODEBASE = http://www.trendsecu...vex/TmHcmsX.CAB

[Trend Micro ActiveX Scan Agent 6.6]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\CONFLICT.1\Housecall_ActiveX.dll
CODEBASE = http://housecall65.t...ivex/hcImpl.cab

[Installation Support]
InProcServer32 = C:\Program Files\Yahoo!\Common\Yinsthelper.dll
CODEBASE = C:\Program Files\Yahoo!\Common\Yinsthelper.dll

[Microsoft PID Sniffer]
InProcServer32 = C:\WINDOWS\system32\odc.dll
CODEBASE = https://support.micr...ActiveX/odc.cab

[Office Update Installation Engine]
InProcServer32 = C:\WINDOWS\opuc.dll
CODEBASE = http://office.micros...ontent/opuc.cab

[{41F17733-B041-4099-A042-B518BB6A408C}]
CODEBASE = http://a1540.g.akama...meInstaller.exe

[MySpace Uploader Control]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MySpaceUploader.ocx
CODEBASE = http://lads.myspace....ploader1006.cab

[MSN Photo Upload Tool]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll
CODEBASE = http://gfx1.hotmail....es/MSNPUpld.cab

[LightSurfUploadCtl Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\LightSurfUploadControl.dll
CODEBASE = http://pictures.spri...loadControl.cab

[WUWebControl Class]
InProcServer32 = C:\WINDOWS\system32\wuweb.dll
CODEBASE = http://update.micros...b?1124137649687

[ExentInf Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\exentctl_0_0_0_1.ocx
CODEBASE = http://us.games2.yim...ctl_0_0_0_1.ocx

[MUWebControl Class]
InProcServer32 = C:\WINDOWS\system32\muweb.dll
CODEBASE = http://update.micros...b?1124137435218

[Trend Micro ActiveX Scan Agent 6.5]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\Housecall_ActiveX.dll
CODEBASE = http://housecall65.t...ivex/hcImpl.cab

[HouseCall Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\xscan53.ocx
CODEBASE = http://a840.g.akamai...all/xscan53.cab

[{77E32299-629F-43C6-AB77-6A1E6D7663F6}]
CODEBASE = http://www.nick.com/.../GrooveAX27.cab

[SurroundVideoCtrl Object]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MSSurVid.ocx
CODEBASE = http://autos.msn.com...id/MSSurVid.cab

[Shutterfly Picture Upload Plugin]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\sfuploadplugin.ocx
CODEBASE = http://web1.shutterf...ds/Uploader.cab

[ActiveScan Installer Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\asinst.dll
CODEBASE = http://www.pandasoft.../as5/asinst.cab

[{9F1C11AA-197B-4942-BA54-47A8489BB47F}]
CODEBASE = http://v4.windowsupd...7594.5112384259

[MsnMessengerSetupDownloadControl Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.ocx
CODEBASE = http://messenger.msn...pDownloader.cab

[MSN Games - Installer]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\ZIntro.ocx
CODEBASE = http://cdn2.zone.msn...ro.cab56649.cab

[{B9191F79-5613-4C76-AA2A-398534BB8999}]
CODEBASE = http://us.dl1.yimg.c...utocomplete.cab

[ExteriorSurround Object]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\Outside.ocx
CODEBASE = http://autos.msn.com...ior/Outside.cab

[{BD11A280-2E73-11CF-B6CF-00AA00A74DAF}]
CODEBASE = http://www.talkingbu...uddyinstall.exe

[cpbrxpie Control]
InProcServer32 = C:\WINDOWS\cpbrxpie.ocx
CODEBASE = http://a19.g.akamai....20/cpbrxpie.cab

[ArkDownloader Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\ArkDownloader.dll
CODEBASE = http://www.arkadium....kDownloader.dll

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx
CODEBASE = http://download.macr...ash/swflash.cab

[CarPoint Auto-Pricer Control]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\AutoPricer.ocx
CODEBASE = http://autos.msn.com.../autopricer.cab

[PopCapLoader Object]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\popcaploader.dll
CODEBASE = http://download.game...aploader_v5.cab

[Yahoo! Webcam Viewer Wrapper]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\yvwrctl.dll
CODEBASE = http://chat.yahoo.com/cab/yvwrctl.cab

[HeartbeatCtl Class]
InProcServer32 = C:\WINDOWS\DOWNLO~1\hrtbeat.ocx
CODEBASE = http://fdl.msn.com/z...s/heartbeat.cab

[McFreeScan Class]
InProcServer32 = C:\WINDOWS\McAfee.com\FreeScan\mcfscan.dll
CODEBASE = http://download.mcaf...377/mcfscan.cab

[MSN Chat Control 4.5]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MSNChat45.ocx
CODEBASE = http://chat.msn.com/bin/msnchat45.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #4: C:\Program Files\Bonjour\mdnsNSP.dll

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll
WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll

--------------------------------------------------
End of report, 12,939 bytes
Report generated in 0.062 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP