StartupList version: 1.52.2
Started from : D:\Program Files\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v7.00 (7.00.6000.16674)
* Using default options
==================================================
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\LTSMMSG.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
D:\Program Files\QuickTime\QTTask.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe
D:\Program Files\HijackThis.exe
--------------------------------------------------
Listing of startup folders:
Shell folders Startup:
[C:\Documents and Settings\Tabitha \Start Menu\Programs\Startup]
PowerReg Scheduler.exe
Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
SWYDM Chat.LNK = C:\Program Files\SWYDM Chat Enhanced Edition\swydmcht.exe
VAIO Action Setup (Server).lnk = ?
--------------------------------------------------
Checking Windows NT UserInit:
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\System32\Userinit.exe
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LTSMMSG = LTSMMSG.exe
SiS Tray =
SiS KHooker = C:\WINDOWS\System32\khooker.exe
ZTgServerSwitch = c:\program files\support.com\client\bin\tgcmd.exe /server
QuickFinder Scheduler = "C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE"
WINSTA~1.EXE = C:\WINDOWS\System\WINSTA~1.EXE -b
BIOVIP = C:\WINDOWS\BIOVIP.exe
AGRSMMSG = AGRSMMSG.exe
ashMaiSv = C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
NetscapeClient =
SunJavaUpdateSched = "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
Adobe Reader Speed Launcher = "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
AppleSyncNotifier = C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
QuickTime Task = "D:\Program Files\QuickTime\QTTask.exe" -atboottime
iTunesHelper = "D:\Program Files\iTunes\iTunesHelper.exe"
TMRUBottedTray = "C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe"
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
msnmsgr = "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
boltzap = D:\DOWNLOADS\BoltZap.exe
am = D:\downloads\BoltZap.exe
ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
[OptionalComponents]
=
--------------------------------------------------
File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command
(Default) = %1
--------------------------------------------------
Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
Shell=
SCRNSAVE.EXE=C:\WINDOWS\System32\DONTTO~1.SCR
drivers=
Shell & screensaver key from Registry:
Shell=explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*
Policies Shell key:
HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*
--------------------------------------------------
Enumerating Browser Helper Objects:
(no name) - (no file) - {02478D38-C3F9-4efb-9B51-7695ECA05670}
(no name) - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
(no name) - (no file) - {7E853D72-626A-48EC-A868-BA8D5E23E045}
(no name) - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll - {9030D464-4C02-4ABF-8ECC-5164760863C6}
(no name) - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll - {A7327C09-B521-4EDB-8509-7D2660C9EC98}
(no name) - C:\Program Files\Windows Live Toolbar\msntb.dll - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
--------------------------------------------------
Enumerating Task Scheduler jobs:
AppleSoftwareUpdate.job
Check Updates for Windows Live Toolbar.job
RegistrySmart Scheduled Scan.job
--------------------------------------------------
Enumerating Download Program Files:
[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\system32\Macromed\Director\SwDir.dll
CODEBASE = http://download.macr...director/sw.cab
[Windows Genuine Advantage Validation Tool]
InProcServer32 = C:\WINDOWS\system32\legitcheckcontrol.dll
CODEBASE = http://go.microsoft....k/?linkid=39204
[AimSp32 Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\aimsp32.dll
CODEBASE = http://makeover.subs...ve/makeover.cab
[MSSecurityAdvisor Class]
InProcServer32 = C:\WINDOWS\System32\mssecadv.dll
CODEBASE = http://download.micr...b?1084415038593
[{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}]
CODEBASE = http://ak.exe.imgfar...etup1.0.1.0.cab
[TmHcmsX Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\TmHcmsX.ocx
CODEBASE = http://www.trendsecu...vex/TmHcmsX.CAB
[Trend Micro ActiveX Scan Agent 6.6]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\CONFLICT.1\Housecall_ActiveX.dll
CODEBASE = http://housecall65.t...ivex/hcImpl.cab
[Installation Support]
InProcServer32 = C:\Program Files\Yahoo!\Common\Yinsthelper.dll
CODEBASE = C:\Program Files\Yahoo!\Common\Yinsthelper.dll
[Microsoft PID Sniffer]
InProcServer32 = C:\WINDOWS\system32\odc.dll
CODEBASE = https://support.micr...ActiveX/odc.cab
[Office Update Installation Engine]
InProcServer32 = C:\WINDOWS\opuc.dll
CODEBASE = http://office.micros...ontent/opuc.cab
[{41F17733-B041-4099-A042-B518BB6A408C}]
CODEBASE = http://a1540.g.akama...meInstaller.exe
[MySpace Uploader Control]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MySpaceUploader.ocx
CODEBASE = http://lads.myspace....ploader1006.cab
[MSN Photo Upload Tool]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll
CODEBASE = http://gfx1.hotmail....es/MSNPUpld.cab
[LightSurfUploadCtl Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\LightSurfUploadControl.dll
CODEBASE = http://pictures.spri...loadControl.cab
[WUWebControl Class]
InProcServer32 = C:\WINDOWS\system32\wuweb.dll
CODEBASE = http://update.micros...b?1124137649687
[ExentInf Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\exentctl_0_0_0_1.ocx
CODEBASE = http://us.games2.yim...ctl_0_0_0_1.ocx
[MUWebControl Class]
InProcServer32 = C:\WINDOWS\system32\muweb.dll
CODEBASE = http://update.micros...b?1124137435218
[Trend Micro ActiveX Scan Agent 6.5]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\Housecall_ActiveX.dll
CODEBASE = http://housecall65.t...ivex/hcImpl.cab
[HouseCall Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\xscan53.ocx
CODEBASE = http://a840.g.akamai...all/xscan53.cab
[{77E32299-629F-43C6-AB77-6A1E6D7663F6}]
CODEBASE = http://www.nick.com/.../GrooveAX27.cab
[SurroundVideoCtrl Object]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MSSurVid.ocx
CODEBASE = http://autos.msn.com...id/MSSurVid.cab
[Shutterfly Picture Upload Plugin]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\sfuploadplugin.ocx
CODEBASE = http://web1.shutterf...ds/Uploader.cab
[ActiveScan Installer Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\asinst.dll
CODEBASE = http://www.pandasoft.../as5/asinst.cab
[{9F1C11AA-197B-4942-BA54-47A8489BB47F}]
CODEBASE = http://v4.windowsupd...7594.5112384259
[MsnMessengerSetupDownloadControl Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.ocx
CODEBASE = http://messenger.msn...pDownloader.cab
[MSN Games - Installer]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\ZIntro.ocx
CODEBASE = http://cdn2.zone.msn...ro.cab56649.cab
[{B9191F79-5613-4C76-AA2A-398534BB8999}]
CODEBASE = http://us.dl1.yimg.c...utocomplete.cab
[ExteriorSurround Object]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\Outside.ocx
CODEBASE = http://autos.msn.com...ior/Outside.cab
[{BD11A280-2E73-11CF-B6CF-00AA00A74DAF}]
CODEBASE = http://www.talkingbu...uddyinstall.exe
[cpbrxpie Control]
InProcServer32 = C:\WINDOWS\cpbrxpie.ocx
CODEBASE = http://a19.g.akamai....20/cpbrxpie.cab
[ArkDownloader Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\ArkDownloader.dll
CODEBASE = http://www.arkadium....kDownloader.dll
[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx
CODEBASE = http://download.macr...ash/swflash.cab
[CarPoint Auto-Pricer Control]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\AutoPricer.ocx
CODEBASE = http://autos.msn.com.../autopricer.cab
[PopCapLoader Object]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\popcaploader.dll
CODEBASE = http://download.game...aploader_v5.cab
[Yahoo! Webcam Viewer Wrapper]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\yvwrctl.dll
CODEBASE = http://chat.yahoo.com/cab/yvwrctl.cab
[HeartbeatCtl Class]
InProcServer32 = C:\WINDOWS\DOWNLO~1\hrtbeat.ocx
CODEBASE = http://fdl.msn.com/z...s/heartbeat.cab
[McFreeScan Class]
InProcServer32 = C:\WINDOWS\McAfee.com\FreeScan\mcfscan.dll
CODEBASE = http://download.mcaf...377/mcfscan.cab
[MSN Chat Control 4.5]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MSNChat45.ocx
CODEBASE = http://chat.msn.com/bin/msnchat45.cab
--------------------------------------------------
Enumerating Winsock LSP files:
NameSpace #4: C:\Program Files\Bonjour\mdnsNSP.dll
--------------------------------------------------
Enumerating ShellServiceObjectDelayLoad items:
PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll
WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll
--------------------------------------------------
End of report, 12,939 bytes
Report generated in 0.062 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only