StartupList report, 1/20/03, 8:05:48 PM
StartupList version: 1.51
Started from : C:\WINDOWS\DESKTOP\STARTUPLIST.EXE
Detected: Windows 98 Gold (Win9x 4.10.1998)
Detected: Internet Explorer v6.00 (6.00.2600.0000)
==================================================
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\SA3DSRV.EXE
C:\PROGRAM FILES\ENCOMPASS\MONITOR.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\COREL\SUITE8\PROGRAMS\DAD8.EXE
C:\CPQS\BACKWEB\PROGRAM\BACKWEB.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\HPZSTATX.EXE
C:\WINDOWS\DESKTOP\STARTUPLIST.EXE
--------------------------------------------------
Listing of startup folders:
Shell folders Startup:
[C:\WINDOWS\Start Menu\Programs\StartUp]
BackWeb.LNK = C:\CPQS\BackWeb\Program\UserProf.EXE
Corel Desktop Application Director 8.LNK = C:\Corel\Suite8\Programs\DAD8.EXE
NRunOnce.lnk = C:\Program Files\Norton AntiVirus\NRunOnce.exe
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
SystemTray = SysTray.Exe
Watch Dog Program = C:\COMPAQ\INTERNET\WATCHDOG.EXE
BillMinder = C:\QUICKENW\BILLMIND.EXE
NAV DefAlert = C:\PROGRA~1\NORTON~1\DEFALERT.EXE /q
Norton Auto-Protect = C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
Aureal A3D Interactive Audio = sa3dsrv.exe
Scheduling Agent = C:\windows\system\mstask.exe
EncMonitor = C:\Program Files\Encompass\Monitor.exe
SchedulingAgent = mstask.exe
ConfigServices =
--------------------------------------------------
C:\WINDOWS\WININIT.BAK listing:
(Created 15/1/2003, 16:42:24)
[rename]
NUL=C:\WINDOWS\NAVUSTUB.EXE
NUL=C:\PROGRA~1\NORTON~1\DEFANNRS.DLL
NUL=C:\PROGRA~1\NORTON~1\NAVSHELL.DLL
NUL=C:\PROGRA~1\NORTON~1
NUL=C:\PROGRA~1\COMMON~1\SYMANT~1
NUL=C:\PROGRA~1\NORTON~1\DEFANNRS.DLL
NUL=C:\PROGRA~1\NORTON~1
NUL=C:\WINDOWS\TEMP\PFT52E~1\VCSETUP.EXE
C:\Program Files\Symantec\SYMEVNT1.DLL=C:\WINDOWS\SYSTEM\SYMEVNT1.DLL
NUL=C:\WINDOWS\TEMP\_ISTMP23.DIR\002DF6E1._MP
NUL=C:\WINDOWS\TEMP\_ISTMP23.DIR\ZDATAI51.DLL
NUL=C:\WINDOWS\TEMP\_ISTMP23.DIR\_WUTL951.DLL
NUL=C:\WINDOWS\TEMP\_ISTMP24.DIR\_INS5576._MP
NUL=C:\WINDOWS\TEMP\_ISTMP24.DIR\ZDATAI51.DLL
NUL=C:\WINDOWS\TEMP\_ISTMP24.DIR\_WUTL951.DLL
NUL=C:\WINDOWS\TEMP\_ISTMP24.DIR\_INS5576._MP
NUL=C:\WINDOWS\TEMP\_ISTMP24.DIR\ZDATAI51.DLL
NUL=C:\WINDOWS\TEMP\_ISTMP24.DIR\_WUTL951.DLL
NUL=C:\WINDOWS\TEMP\_ISTMP25.DIR\_INS5576._MP
NUL=C:\WINDOWS\TEMP\_ISTMP25.DIR\ZDATAI51.DLL
NUL=C:\WINDOWS\TEMP\_ISTMP25.DIR\_WUTL951.DLL
NUL=C:\WINDOWS\TEMP\_ISTMP23.DIR\_ISTMP0.DIR\CORECOMP.INI
NUL=C:\WINDOWS\TEMP\_ISTMP23.DIR\_ISTMP0.DIR\CTL3D32.DLL
NUL=C:\WINDOWS\TEMP\_ISTMP23.DIR\_ISTMP0.DIR\2E1A6A.DLL
NUL=C:\WINDOWS\TEMP\_ISTMP23.DIR\_ISTMP0.DIR\INSTOPTS.INI
NUL=C:\WINDOWS\TEMP\_ISTMP23.DIR\_ISTMP0.DIR\ISUNINST.EXE
NUL=C:\WINDOWS\TEMP\_ISTMP23.DIR\_ISTMP0.DIR\BBRD1.BMP
NUL=C:\WINDOWS\TEMP\_ISTMP23.DIR\_ISTMP0.DIR\BBRD2.BMP
NUL=C:\WINDOWS\TEMP\_ISTMP23.DIR\_ISTMP0.DIR\BBRD3.BMP
NUL=C:\WINDOWS\TEMP\_ISTMP23.DIR\_ISTMP0.DIR\INST16_1.BMP
NUL=C:\WINDOWS\TEMP\_ISTMP23.DIR\_ISTMP0.DIR\INST16_2.BMP
NUL=C:\WINDOWS\TEMP\_ISTMP23.DIR\_ISTMP0.DIR\INST16_3.BMP
NUL=C:\WINDOWS\TEMP\_ISTMP23.DIR\_ISTMP0.DIR\INST16_4.BMP
NUL=C:\WINDOWS\TEMP\_ISTMP23.DIR\_ISTMP0.DIR\INST16_5.BMP
NUL=C:\WINDOWS\TEMP\_ISTMP23.DIR\_ISTMP0.DIR\INST16_6.BMP
NUL=C:\WINDOWS\TEMP\_ISTMP23.DIR\_ISTMP0.DIR\INST16_7.BMP
NUL=C:\WINDOWS\TEMP\_ISTMP23.DIR\_ISTMP0.DIR\INST16_8.BMP
NUL=C:\WINDOWS\TEMP\_ISTMP23.DIR\_ISTMP0.DIR\INSTALL1.BMP
NUL=C:\WINDOWS\TEMP\_ISTMP23.DIR\_ISTMP0.DIR\INSTALL2.BMP
NUL=C:\WINDOWS\TEMP\_ISTMP23.DIR\_ISTMP0.DIR\INSTALL3.BMP
NUL=C:\WINDOWS\TEMP\_ISTMP23.DIR\_ISTMP0.DIR\INSTALL4.BMP
NUL=C:\WINDOWS\TEMP\_ISTMP23.DIR\_ISTMP0.DIR\INSTALL5.BMP
NUL=C:\WINDOWS\TEMP\_ISTMP23.DIR\_ISTMP0.DIR\INSTALL6.BMP
NUL=C:\WINDOWS\TEMP\_ISTMP23.DIR\_ISTMP0.DIR\INSTALL7.BMP
NUL=C:\WINDOWS\TEMP\_ISTMP23.DIR\_ISTMP0.DIR\INSTALL8.BMP
NUL=C:\WINDOWS\TEMP\_ISTMP23.DIR\_ISTMP0.DIR\LICENSE.TXT
NUL=C:\WINDOWS\TEMP\_ISTMP23.DIR\_ISTMP0.DIR\NAVW32.HLP
NUL=C:\WINDOWS\TEMP\_ISTMP23.DIR\_ISTMP0.DIR\INSTSCAN.DLL
NUL=C:\WINDOWS\TEMP\_ISTMP23.DIR\_ISTMP0.DIR\N32CALL.DLL
NUL=C:\WINDOWS\TEMP\_ISTMP23.DIR\_ISTMP0.DIR\N32USERL.DLL
NUL=C:\WINDOWS\TEMP\_ISTMP23.DIR\_ISTMP0.DIR\NAVEX32A.DLL
NUL=C:\WINDOWS\TEMP\_ISTMP23.DIR\_ISTMP0.DIR\NAVINS95.DLL
NUL=C:\WINDOWS\TEMP\_ISTMP23.DIR\_ISTMP0.DIR\NAVKRNLO.VXD
NUL=C:\WINDOWS\TEMP\_ISTMP23.DIR\_ISTMP0.DIR\S32NAVO.DLL
NUL=C:\WINDOWS\TEMP\_ISTMP23.DIR\_ISTMP0.DIR\VIRSCAN1.DAT
NUL=C:\WINDOWS\TEMP\_ISTMP23.DIR\_ISTMP0.DIR\VIRSCAN2.DAT
NUL=C:\WINDOWS\TEMP\_ISTMP23.DIR\_ISTMP0.DIR\VIRSCAN3.DAT
NUL=C:\WINDOWS\TEMP\_ISTMP23.DIR\_ISTMP0.DIR\VIRSCAN4.DAT
NUL=C:\WINDOWS\TEMP\_ISTMP23.DIR\_ISTMP0.DIR\VALUE.SHL
NUL=C:\WINDOWS\TEMP\_ISTMP23.DIR\_ISTMP0.DIR\2E1A63.DLL
NUL=C:\WINDOWS\TEMP\_ISTMP23.DIR\_ISTMP0.DIR\RESCUE.ISS
NUL=C:\WINDOWS\TEMP\_ISTMP23.DIR\_ISTMP0.DIR\RESQLOG.TXT
NUL=C:\WINDOWS\TEMP\_ISTMP23.DIR\_ISTMP0.DIR\OLEAUT32.DLL
NUL=C:\WINDOWS\TEMP\_ISTMP23.DIR\_ISTMP0.DIR\REGSVR32.EXE
--------------------------------------------------
C:\AUTOEXEC.BAT listing:
C:\PROGRA~1\MCAFEE\VIRUSS~1\SCANPM.EXE C:\
ban /nc
ndisban
redirall
arswait
z:login
SET BLASTER=A220 I5 D1
IF EXIST C:\CPQS\BACKWEB\BWSETUP.BAT CALL C:\CPQS\BACKWEB\BWSETUP.BAT
ECHO bw_workgroup=,"Service Connection">>%DSHD%\CPQS\BACKWEB\USERPROF.DAT
IF EXIST \PIPOST.BAT CALL \PIPOST.BAT
IF EXIST \PIPOST.BAT DEL \PIPOST.BAT
\CPQS\TOOLS\MINIFER2.EXE CREV=,200 LANG=,"EN"
c:\windows\system\verflop.com
c:\windows\system\verflop.com
--------------------------------------------------
Enumerating Browser Helper Objects:
(no name) - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
--------------------------------------------------
Enumerating Task Scheduler jobs:
Tune-up Application Start.job
Maintenance-Defragment programs.job
Maintenance-ScanDisk.job
Maintenance-Disk cleanup.job
Symantec NetDetect.job
--------------------------------------------------
Enumerating Download Program Files:
[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\SWFLASH.OCX
CODEBASE =
http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
[QDiagHUpdateObj Class]
InProcServer32 = C:\WINDOWS\SYSTEM\QDIAGH.OCX
CODEBASE =
http://h30043.www3.hp.com/dj/qdiagh.cab?223
[InstallShield International Setup Player]
InProcServer32 = c:\WINDOWS\DOWNLO~1\ISETUP.DLL
CODEBASE =
http://diagnostics.support.hp.com/motivedocs/ces/ishield/isetup.cab
[ActiveDataObj Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\ACTIVEDATA.DLL
CODEBASE =
https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
[symsupportutil]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\ACTIVEDATA.DLL
CODEBASE =
https://www-secure.symantec.com/techsupp/activedata/symsupportutil.CAB
OSD = C:\WINDOWS\Downloaded Program Files\OSD34.OSD
[Symantec RuFSI Registry Information Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\RUFSI.DLL
CODEBASE =
http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab
[Symantec AntiVirus scanner]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\AVSNIFF.DLL
CODEBASE =
http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
[HouseCall Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\XSCAN53.OCX
CODEBASE =
http://a840.g.akamai.net/7/840/537/2003011601/housecall.antivirus.com/housecall/xscan53.cab
--------------------------------------------------
End of report, 8,618 bytes
Report generated in 0.379 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only