StartupList report, 8/29/2004, 3:28:59 PM
StartupList version: 1.52
Started from : C:\Documents and Settings\Owner\My Documents\HijackThis.EXE
Detected: Windows XP SP1 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Hewlett-Packard\Digital I'maging\Unload\hpqcmon.exe
C:\Program Files\QuickTi'me\qttask.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\program files\support.com\bin\tgcmd.exe
C:\Program Files\Yahoo!\Parental Controls\YPC.EXE
C:\Program Files\Common Files\WinTools\WToolsA.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\WINDOWS\LTMSG.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\progra~1\intern~1\iexplore.exe
C:\WINDOWS\System32\ccAppw32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\WHATPU~1\WHATPU~1.EXE
C:\Program Files\Sony Handheld\HOTSYNC.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\SBC\Connection Manager\CManager.exe
C:\Program Files\TrueAssistant\TrueAssistant.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\WinTools\WToolsS.exe
C:\Program Files\Common Files\WinTools\WSup.exe
C:\PROGRA~1\BROADJ~1\CORREC~1\CCD.exe
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\Documents and Settings\Owner\My Documents\HijackThis.exe
--------------------------------------------------
Listing of startup folders:
Shell folders Startup:
[C:\Documents and Settings\Owner\Start Menu\Programs\Startup]
Connection Manager.lnk = C:\Program Files\SBC\Connection Manager\CManager.exe
TrueAssistant.lnk = C:\Program Files\TrueAssistant\TrueAssistant.exe
Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
hp center UI.lnk = C:\Program Files\hp center\137903\Shadow\ShadowBar.exe
hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
--------------------------------------------------
Checking Windows NT UserInit:
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\System32\Userinit.exe
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
hpsysdrv = c:\windows\system\hpsysdrv.exe
NvCplDaemon = RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
KBD = C:\HP\KBD\KBD.EXE
Recguard = C:\WINDOWS\SMINST\RECGUARD.EXE
IgfxTray = C:\WINDOWS\System32\igfxtray.exe
HotKeysCmds = C:\WINDOWS\System32\hkcmd.exe
PS2 = C:\WINDOWS\system32\ps2.exe
NAV Agent = c:\PROGRA~1\NORTON~1\navapw32.exe
checkti'me = c:\program files\HPSelect\Frontend\ct.exe
StorageGuard = "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
nwiz = nwiz.exe /install
HPDJ Taskbar Utility = C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
dla = C:\WINDOWS\system32\dla\tfswctrl.exe
CamMonitor = c:\Program Files\Hewlett-Packard\Digital I'maging\Unload\hpqcmon.exe
QuickTi'me Task = "C:\Program Files\QuickTi'me\qttask.exe" -atbootti'me
YBrowser = C:\Program Files\Yahoo!\browser\ybrwicon.exe
BJCFD = C:\Program Files\BroadJump\Client Foundation\CFD.exe
tgcmdprovidersbc = "c:\program files\support.com\bin\tgcmd.exe" /server /startmonitor /deaf /nosystray
Symantec Configuration Loader = ccAppw32.exe
Bait film = C:\PROGRA~1\Ai'mKEE~1\BITSBAGS.exe
ltourstart.exe = C:\WINDOWS\System32\ltourstart.exe
YPC = C:\Program Files\Yahoo!\Parental Controls\YPC.EXE
csrs = C:\WINDOWS\System32\csrs.exe
New.net Startup = rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
WinTools = C:\Program Files\Common Files\WinTools\WToolsA.exe
SunJavaUpdateSched = C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
LTMSG = LTMSG.exe 7
heck bird online bows = C:\Documents and Settings\All Users\Application Data\support clock heck bird\Shi'm Burn.exe
TV Media = C:\Program Files\TV Media\Tvm.exe
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
Symantec Configuration Loader = ccAppw32.exe
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
ctfmon.exe = C:\WINDOWS\System32\ctfmon.exe
Yahoo! Pager = C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
ltourstart.exe = C:\WINDOWS\System32\ltourstart.exe
SpySweeper = "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /1
MsnMsgr = "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
WhatPulse = C:\PROGRA~1\WHATPU~1\WHATPU~1.EXE
TV Media = C:\Program Files\TV Media\Tvm.exe
--------------------------------------------------
Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*
Shell & screensaver key from Registry:
Shell=explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*
Policies Shell key:
HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*
--------------------------------------------------
Enumerating Browser Helper Objects:
(no name) - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll - {02478D38-C3F9-4efb-9B51-7695ECA05670}
(no name) - C:\Program Files\NewDotNet\newdotnet6_30.dll - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E}
(no name) - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll - {87766247-311C-43B4-8499-3D5FEC94A183}
(no name) - C:\PROGRA~1\CAMPSK~1\fordidle.exe - {87AD6F82-9B3C-AF44-E4E9-96A1844D3B3B}
(no name) - c:\program files\google\googletoolbar2.dll (file missing) - {AA58ED58-01DD-4d91-8333-CF10577473F7}
--------------------------------------------------
Enumerating Task Scheduler jobs:
Norton AntiVirus - Scan my computer.job
Symantec NetDetect.job
--------------------------------------------------
Enumerating Download Program Files:
[Checkers Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\msgrchkr.dll
CODEBASE = http://messenger.zon...kr.cab28578.cab
[{01234567-1234-1234-1234-012345678921}]
CODEBASE = http://I'mages.neopets.com/glophone/neoblue5.cab
[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\system32\Macromed\Director\SwDir.dll
CODEBASE = http://download.macr...director/sw.cab
[MSSecurityAdvisor Class]
InProcServer32 = C:\WINDOWS\System32\mssecadv.dll
CODEBASE = http://download.micr...b?1091986135984
[yucsetreg Class]
InProcServer32 = C:\Program Files\Yahoo!\Common\yucconfig.dll
CODEBASE = C:\Program Files\Yahoo!\common\yucconfig.dll
[Minesweeper Flags Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\minesweeper.dll
CODEBASE = http://messenger.zon...er.cab28578.cab
[MiniBugTransporterX Class]
CODEBASE = http://download.weat...Transporter.cab?
[YInstStarter Class]
InProcServer32 = C:\Program Files\Yahoo!\Common\yinsthelper.dll
CODEBASE = C:\Program Files\Yahoo!\common\yinsthelper.dll
[{33564D57-0000-0010-8000-00AA00389B71}]
CODEBASE = http://download.micr...922/wmv9VCM.CAB
[{41F17733-B041-4099-A042-B518BB6A408C}]
CODEBASE = http://a1540.g.akama...meInstaller.exe
[{5C7F15E1-F31A-44FD-AA1A-2EC63AAFFD3A}]
CODEBASE = http://www.atelys.com/src/Speedup.ocx
[Groove Control]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\GrooveAX.dll
CODEBASE = http://www.nick.com/.../GrooveAX27.cab
[AdInstaller Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\ADINST~1.OCX
CODEBASE = http://www.movies.ne...AdInstaller.ocx
[MessengerStatsClient Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\messengerstatsclient.dll
CODEBASE = http://messenger.zon...nt.cab28578.cab
[{8EF27A70-DD04-11D6-B7F6-00A0C9CD5F8A}]
CODEBASE = http://www.quikshield.com/qshsetup.exe
[RegConfig Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\yregcfg.dll
CODEBASE = http://download.yaho...rod/yregcfg.cab
[{9F1C11AA-197B-4942-BA54-47A8489BB47F}]
CODEBASE = http://v4.windowsupd...7772.6578703704
[YahooYMailTo Class]
InProcServer32 = C:\PROGRA~1\Yahoo!\Common\ymmapi20040613.dll
CODEBASE = http://download.yaho...mail/ymmapi.dll
[YAddBook Class]
InProcServer32 = C:\PROGRA~1\Yahoo!\Common\yaddbook.dll
CODEBASE = http://us.dl1.yi'mg.com/download.yahoo...utocomplete.cab
[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\System32\macromed\flash\Flash.ocx
CODEBASE = http://fpdownload.ma...ash/swflash.cab
[{DDFFA75A-E81D-4454-89FC-B9FD0631E726}]
CODEBASE = http://www.bundlewar...veX/DS3/DS3.cab
[{E62A47D8-74B1-4A93-963A-E5E43B7CC5C2}]
CODEBASE = http://www.zuvio.com...te/UCSearch.CAB
[{FFFFFFFF-CACE-BABE-BABE-00AA0055595A}]
CODEBASE = http://www.trueswitc...eInstallSBC.exe
--------------------------------------------------
Enumerating Winsock LSP files:
NameSpace #4: C:\Program Files\NewDotNet\newdotnet6_30.dll
Protocol #1: xfire_lsp_8742.dll (file MISSING)
Protocol #2: xfire_lsp_8742.dll (file MISSING)
Protocol #3: xfire_lsp_8742.dll (file MISSING)
Protocol #4: xfire_lsp_8742.dll (file MISSING)
Protocol #5: xfire_lsp_8742.dll (file MISSING)
Protocol #6: xfire_lsp_8742.dll (file MISSING)
Protocol #7: xfire_lsp_8742.dll (file MISSING)
Protocol #8: xfire_lsp_8742.dll (file MISSING)
Protocol #9: YPCLSP.dll (file MISSING)
Protocol #10: YPCLSP.dll (file MISSING)
Protocol #11: YPCLSP.dll (file MISSING)
Protocol #31: YPCLSP.dll (file MISSING)
Protocol #32: xfire_lsp_8742.dll (file MISSING)
--------------------------------------------------
Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*
Windows NT checkdisk command:
BootExecute = autocheck autochk *
Windows NT 'Wininit.ini':
PendingFileRenameOperations: C:\DOCUME~1\Owner\LOCALS~1\Temp\~616553.tmp|||A
--------------------------------------------------
Enumerating ShellServiceObjectDelayLoad items:
PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll
--------------------------------------------------
End of report, 12,516 bytes
Report generated in 0.172 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-I'mportant sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
edit:sorry move this to where its soposed to be I bet you wouldent like a bunch of small topics though lemony
other edit:how ddid you see stuff you dont know is tht bad?
other other edit:is rundll a viruss it always comes up and bugs me?
other other other edit:I have apsolutly no idea lol
QUOTE
heck bird online bows = C:\Documents and Settings\All Users\Application Data\support clock heck bird\Shi'm Burn.exe
That looks suspicious, but I don't know what's spyware or not lol.
Edited by sin, 29 August 2004 - 02:41 PM.