StartupList report, 1/21/03, 8:25:14 AM
StartupList version: 1.51
Started from : C:\UNZIPPED\STARTUPLIST151[1]\STARTUPLIST.EXE
Detected: Windows 98 SE (Win9x 4.10.2222A)
Detected: Internet Explorer v5.51 SP1 (5.51.4807.2300)
* Using default options
==================================================
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSGLOOP.EXE
C:\WINDOWS\SYSTEM\MSG32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\AMERICA ONLINE 8.0\AOL.EXE
C:\PROGRAM FILES\AMERICA ONLINE 8.0\WAOL.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\UNZIPPED\STARTUPLIST151[1]\STARTUPLIST.EXE
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
RealTray = C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
SystemTray = SysTray.Exe
hpsysdrv = c:\windows\system\hpsysdrv.exe
Keyboard Manager = C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
TaskMonitor = c:\windows\taskmon.exe
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
--------------------------------------------------
File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command
(Default) = "%1"%*
--------------------------------------------------
C:\WINDOWS\WININIT.BAK listing:
(Created 16/1/2003, 20:55:34)
[rename]
NUL=c:\PROGRA~1\COMMON~1\NETWOR~1\VIRUSS~1\40~1.XX\MCSCAN32.DLL
c:\PROGRA~1\COMMON~1\NETWOR~1\VIRUSS~1\40~1.XX\MCSCAN32.DLL=c:\PROGRA~1\COMMON~1\NETWOR~1\VIRUSS~1\40~1.XX\MCSCAN32.1
NUL=C:\WINDOWS\SYSTEM\MCSCAN32.VXD
C:\WINDOWS\SYSTEM\MCSCAN32.VXD=C:\WINDOWS\SYSTEM\MCSCAN32.1
NUL=c:\PROGRA~1\MCAFEE\MCAFEE~1\SDATPACK.LST
c:\PROGRA~1\MCAFEE\MCAFEE~1\SDATPACK.LST=c:\PROGRA~1\MCAFEE\MCAFEE~1\SDATPACK.1
NUL=c:\WINDOWS\TEMP\PENDIN~1.INI
--------------------------------------------------
C:\AUTOEXEC.BAT listing:
path C:\WINDOWS;C:\WINDOWS\COMMAND
call c:\dosboot\drivers.bat
c:\PROGRA~1\COMMON~1\NETWOR~1\VIRUSS~1\40~1.XX\scanpm.exe c:\
IF ERRORLEVEL 1 PAUSE
--------------------------------------------------
Enumerating Task Scheduler jobs:
Tune-up Application Start.job
Maintenance-Defragment programs.job
Maintenance-ScanDisk.job
Maintenance-Disk cleanup.job
--------------------------------------------------
Enumerating Download Program Files:
[HearMe VoiceCREATOR]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\NPEVP.DLL
CODEBASE =
http://vp.hearme.com/products/vp/embedded/plugins/evp.cab
[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX
CODEBASE =
http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
[Ctp Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\AXCTP.DLL
CODEBASE =
http://www.americangreetings.com/create/Install/AxCtp.cab
[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\DIRECTOR\SWDIR.DLL
CODEBASE =
http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
[Label Object]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\IELABEL.OCX
CODEBASE =
http://activex.microsoft.com/controls/iexplorer/x86/ielabel.cab
[FTWL Class]
InProcServer32 = C:\WINDOWS\SYSTEM\FTWEBLAUNCHER.DLL
CODEBASE =
http://download1.firetalk.com/FireTalk/MFT_Test/FTWebLauncher.cab
[Lipstream3 Control]
InProcServer32 = C:\WINDOWS\SYSTEM\LPLIPS.OCX
CODEBASE =
http://lipstream.www.conxion.com/customers/webcamnow/fender.cab
[{5F03EAB4-1AD5-11D4-AE99-0050DAC24E8F}]
CODEBASE =
http://www.iwon.com/ct/in_wn/iwonslot1,0,1,5.cab
[{B5AC24C2-1B3B-11D4-80FD-005004993CCA}]
CODEBASE =
http://toolbar.excite.com/download/exbar.cab
[CV3 Class]
InProcServer32 = C:\WINDOWS\SYSTEM\WUV3IS.DLL
CODEBASE =
http://windowsupdate.microsoft.com/R721/V31Controls/x86/w98/en/actsetup.cab
[MSN Photo Upload Control]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\MSNPUPLD.DLL
CODEBASE =
http://communities.msn.com/scr/MsnPUpld.cab
[Yahoo! WebCam Upload Wrapper]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\YUPLAPP.DLL
CODEBASE =
http://chat.yahoo.com/cab/yuplapp.cab
[WebCoachDownload Class]
InProcServer32 = C:\PROGRAM FILES\COMMON FILES\AOLSHARE\COACH\PLAYER\COACHDM1.DLL
CODEBASE =
http://esupport.aol.com/help/engine/aolcinst.cab
[HouseCall Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\XSCAN53.OCX
CODEBASE =
http://a840.g.akamai.net/7/840/537/20011223/housecall.antivirus.com/housecall/xscan53.cab
[Download Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\VLOADING.DLL
CODEBASE =
http://www.0190-dialer.com/VLoading.cab
--------------------------------------------------
Enumerating Winsock LSP files:
Protocol #1: C:\WINDOWS\SYSTEM\CSLSP.DLL
Protocol #2: C:\WINDOWS\SYSTEM\CSLSP.DLL
Protocol #3: C:\WINDOWS\SYSTEM\CSLSP.DLL
Protocol #4: C:\WINDOWS\SYSTEM\CSLSP.DLL
Protocol #5: C:\WINDOWS\SYSTEM\CSLSP.DLL
Protocol #11: C:\WINDOWS\SYSTEM\CSLSP.DLL
--------------------------------------------------
End of report, 6,435 bytes
Report generated in 0.485 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only