StartupList report, 14/08/2005, 23:47:38 StartupList version: 1.52 Started from : C:\Documents and Settings\Administrator\Desktop\StartupList.EXE Detected: Windows 2000 SP4 (WinNT 5.00.2195) Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106) * Using default options ================================================== Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\Ati2evxx.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\WINNT\System32\svchost.exe C:\UGSPLM\I-DEAS11\sec\lmgrd.exe C:\UGSPLM\I-DEAS11\Iona\OrbixE2A\asp\5.1\bin\itconfig_rep.exe C:\UGSPLM\I-DEAS11\sec\eds_id11.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\stisvc.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\svchost.exe C:\UGSPLM\I-DEAS11\Iona\OrbixE2A\asp\5.1\bin\itlocator.exe C:\WINNT\system32\Ati2evxx.exe C:\WINNT\Explorer.EXE C:\UGSPLM\I-DEAS11\Iona\OrbixE2A\asp\5.1\bin\itnode_daemon.exe C:\UGSPLM\I-DEAS11\Iona\OrbixE2A\asp\5.1\bin\itnaming.exe C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Office Mouse\moffice.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Program Files\Office Mouse\MOUSE32A.DAT C:\WINNT\SOUNDMAN.EXE C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe C:\WINNT\system32\internat.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\WINNT\system32\winpnp.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\Program Files\OLYMPUS\CAMEDIA Master 4.1\CM_camera.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Administrator\Desktop\StartupList.exe -------------------------------------------------- Listing of startup folders: Shell folders Common Startup: [C:\Documents and Settings\All Users\Start Menu\Programs\Startup] Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe CAMEDIA Master.lnk = C:\Program Files\OLYMPUS\CAMEDIA Master 4.1\CM_camera.exe Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE -------------------------------------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINNT\system32\userinit.exe, -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run Synchronization Manager = mobsync.exe /logon HPDJ Taskbar Utility = C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe StorageGuard = "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r RemoteControl = "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" SunJavaUpdateSched = C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (Default) = ATICCC = "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime FLMOFFICE4DMOUSE = C:\Program Files\Office Mouse\moffice.exe AVG7_CC = C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP AVG7_EMC = C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe SoundMan = SOUNDMAN.EXE NeroFilterCheck = C:\WINNT\system32\NeroCheck.exe SpeedTouch USB Diagnostics = "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon Windows PNP = winpnp.exe WINDOWS SYSTEM = botzor.exe csm Win Updates = csm.exe -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices Windows PNP = winpnp.exe WINDOWS SYSTEM = botzor.exe csm Win Updates = csm.exe -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run internat.exe = internat.exe Google Desktop Search = "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup NBJ = "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" Windows PNP = winpnp.exe -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices Windows PNP = winpnp.exe -------------------------------------------------- Shell & screensaver key from C:\WINNT\SYSTEM.INI: Shell=*INI section not found* SCRNSAVE.EXE=*INI section not found* drivers=*INI section not found* Shell & screensaver key from Registry: Shell=Explorer.exe SCRNSAVE.EXE=*Registry value not found* drivers=*Registry value not found* Policies Shell key: HKCU\..\Policies: Shell=*Registry key not found* HKLM\..\Policies: Shell=*Registry value not found* -------------------------------------------------- Enumerating Browser Helper Objects: (no name) - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (no name) - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll - {AE7CD045-E861-484f-8273-0445EE161910} -------------------------------------------------- Enumerating Download Program Files: [HouseCall Control] InProcServer32 = C:\WINNT\DOWNLO~1\xscan60.ocx CODEBASE = http://housecall60.trendmicro.com/housecall/xscan60.cab [WUWebControl Class] InProcServer32 = C:\WINNT\system32\wuweb.dll CODEBASE = http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1124040838625 [Update Class] InProcServer32 = C:\WINNT\System32\iuctl.dll CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38210.4716435185 [Shockwave Flash Object] InProcServer32 = C:\WINNT\system32\macromed\flash\Flash.ocx CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab -------------------------------------------------- Enumerating Winsock LSP files: Protocol #1: C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork1.dll Protocol #2: C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork1.dll Protocol #8: C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork1.dll -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: Network.ConnectionTray: C:\WINNT\system32\NETSHELL.dll WebCheck: C:\WINNT\system32\webcheck.dll SysTray: stobject.dll -------------------------------------------------- End of report, 7,791 bytes Report generated in 0.046 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only