StartupList report, 1/29/03, 11:31:23 PM
StartupList version: 1.50
Started from : C:\WINDOWS\DESKTOP\STARTUPLIST.EXE
Detected: Windows 98 SE (Win9x 4.10.2222A)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\MOUSE_WC.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\IJ75P2PS.EXE
C:\WINDOWS\SYSTEM\HPSJVXD.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\TPPALDR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY 1.1\SPYBOTSD.EXE
C:\PROGRAM FILES\WEBSHOTS\WEBSHOTSTRAY.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\DESKTOP\STARTUPLIST.EXE
--------------------------------------------------
Listing of startup folders:
Shell folders Startup:
[C:\WINDOWS\Start Menu\Programs\StartUp]
Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
World Time.lnk = C:\Program Files\World Time\worldtime.exe
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Mouse_WC = C:\WINDOWS\Mouse_WC.exe
CompaqPrinTray = PrinTray.exe
StillImageMonitor = C:\WINDOWS\SYSTEM\STIMON.EXE
IJ75P2PSERVER = IJ75P2PS.EXE
HPSCANMonitor = C:\WINDOWS\SYSTEM\hpsjvxd.exe
TaskMonitor = C:\WINDOWS\taskmon.exe
ScanRegistry = C:\WINDOWS\scanregw.exe /autorun
SystemTray = SysTray.Exe
TPP Auto Loader = C:\WINDOWS\TPPALDR.EXE
Norton Auto-Protect = C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
ccApp = C:\Program Files\Common Files\Symantec Shared\ccApp.exe
ccRegVfy = C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
Tweak UI = RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
SpyBotSnD = "C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY 1.1\SPYBOTSD.EXE" /autoclose
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
SchedulingAgent = mstask.exe
ccEvtMgr = C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
ScriptBlocking = "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
Tweak UI = RUNDLL32.EXE TWEAKUI.CPL,TweakLogon
--------------------------------------------------
Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)
[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {89820200-ECBD-11cf-8B85-00AA005B4383}
[>PerUser_MSN_Clean] *
StubPath = C:\WINDOWS\msnmgsr1.exe
[PerUser_LinkBar_URLs] *
StubPath = C:\WINDOWS\COMMAND\sulfnbk.exe /L
[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {44BBA840-CC51-11CF-AAFA-00AA00B6015C}
[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {7790769C-0471-11d2-AF11-00C04FA35D02}
[{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}] *
StubPath = C:\WINDOWS\SYSTEM\updcrl.exe -e -u C:\WINDOWS\SYSTEM\verisignpub1.crl
--------------------------------------------------
Load/Run keys from C:\WINDOWS\WIN.INI:
load=
run=
--------------------------------------------------
Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\SYSTEM\MYSTIF~1.SCR
drivers=mmsystem.dll power.drv
--------------------------------------------------
Checking for EXPLORER.EXE instances:
C:\WINDOWS\Explorer.exe: PRESENT!
C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
--------------------------------------------------
C:\WINDOWS\WININIT.BAK listing:
(Created 29/1/2003, 5:20:32)
[Rename]
NUL=c:\unzipped\fastclick\marlene e.snider@fastclick[1].txt
NUL=c:\windows\cookies\marlene
e.snider@z1.adserver[1].txt
--------------------------------------------------
C:\AUTOEXEC.BAT listing:
@SET CLASSPATH=C:\PROGRA~1\PHOTOD~1.1\ADOBEC~1;C:\Program Files\PhotoDeluxe 2.0\AdobeConnectables
--------------------------------------------------
Checking for superhidden extensions:
.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden
--------------------------------------------------
Enumerating Browser Helper Objects:
NAV Helper - C:\Program Files\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}
(no name) - c:\windows\downloaded program files\conflict.1\googletoolbar_en_1.1.66-deleon.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}
--------------------------------------------------
Enumerating Task Scheduler jobs:
Disk Cleanup.job
Symantec NetDetect.job
Maintenance-Defragment programs.job
Maintenance-ScanDisk.job
scan.job
Norton AntiVirus - Scan my computer.job
--------------------------------------------------
Enumerating Download Program Files:
[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX
CODEBASE =
http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
[CV3 Class]
InProcServer32 = C:\WINDOWS\SYSTEM\WUV3IS.DLL
CODEBASE =
http://windowsupdate.microsoft.com/R1024/V31Controls/x86/w98/en/actsetup.cab
[BBSetup]
InProcServer32 = C:\WINDOWS\SYSTEM\WUV3IS.DLL
CODEBASE =
http://bonzi.www.conxion.com/freebuddy/wd/bbsetup.exe
[GifViewerX Control]
CODEBASE =
http://www.chatbox.com/chatbox/java/GifViewerX.cab
[Yahoo! Audio Conferencing]
InProcServer32 = C:\PROGRAM FILES\YAHOO!\MESSENGER\YACSCOM.DLL
CODEBASE =
http://cs6.chat.yahoo.com/v40/yacscom.cab
[MSN Chat Control 3.0]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\MSNCHAT30.OCX
CODEBASE =
http://fdl.msn.com/public/chat/msnchat3.cab
[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\SHOCKWAVE 8\DOWNLOAD.DLL
CODEBASE =
http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
[MailConfigure Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\MAILCFG.DLL
CODEBASE =
http://supportservices.msn.com/us/oeconfig/MailCfg.cab
[Symantec RuFSI Registry Information Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\RUFSI.DLL
CODEBASE =
http://security2.norton.com/SSC/SharedContent/sc/bin/cabsa.cab
[Symantec AntiVirus scanner]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\AVSNIFF.DLL
CODEBASE =
http://security2.norton.com/SSC/SharedContent/vc/bin/AvSniff.cab
[YInstStarter Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\YINSTHELPER.DLL
CODEBASE =
http://download.yahoo.com/dl/installs/yinst.cab
[MSN File Upload Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\CONFLICT.1\MSNUPLD.DLL
CODEBASE =
http://sc.communities.msn.com/controls/FileUC/MsnUpld.cab
[MSN Photo Upload Tool]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\MSNPUPLD.DLL
CODEBASE =
http://sc.communities.msn.com/controls/PhotoUC/MsnPUpld.cab
[Pixami Image Editor Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\BPIMAG~1.OCX
CODEBASE =
http://www.imagestation.com/common/classes/BPImageEditor.cab
[HouseCall Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\XSCAN53.OCX
CODEBASE =
http://a840.g.akamai.net/7/840/537/2002082001/housecall.antivirus.com/housecall/xscan53.cab
[ActiveDataObj Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\ACTIVEDATA.DLL
CODEBASE =
https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
[Snapfish Fix Photo Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\SNAPFI~1.OCX
CODEBASE =
http://www.snapfish.com/SnapfishImageEditor.cab
[Update Class]
InProcServer32 = C:\WINDOWS\SYSTEM\IUCTL.DLL
CODEBASE =
http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37608.9166087963
[Microsoft Office Tools on the Web Control]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\OUTC.DLL
CODEBASE =
http://dgl.microsoft.com/downloads/outc.cab
--------------------------------------------------
End of report, 9,422 bytes
Report generated in 0.938 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only