startuplight log from merijn.org

  1. 27-02-2005  #1
    slvrgtr
    slvrgtr is offline Newbie

    startuplight log from merijn.org

    i'm not sure if this is relevant but i've downloaded this in response to some dubious happenings when I start windows. is there anything malicious starting up with windows and is there anything I can do to remove them?


    StartupList report, 2/27/2005, 5:30:54 PM
    StartupList version: 1.52
    Started from : C:\Documents and Settings\Phil.JJIMENEZ\Desktop\StartupList.EXE
    Detected: Windows XP (WinNT 5.01.2600)
    Detected: Internet Explorer v6.00 (6.00.2600.0000)
    * Using default options
    ==================================================

    Running processes:

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2D 1.EXE
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
    C:\Program Files\Java\jre1.5.0\bin\jusched.exe
    C:\WINDOWS\System32\ctfmon.exe
    c:\program files\mcafee.com\agent\mcagent.exe
    C:\Program Files\Muiltmedia keyboard utility\1.3\KbdAp32A.exe
    C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
    C:\WINDOWS\System32\PackethSvc.exe
    C:\WINDOWS\System32\cisvc.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\WINDOWS\system32\pctspk.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\Program Files\iPod\bin\iPodService.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\Program Files\America Online 9.0d\waol.exe
    C:\Program Files\America Online 9.0d\shellmon.exe
    C:\Program Files\Common Files\Aol\aoltpspd.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\System32\cidaemon.exe
    C:\Program Files\XoftSpy\XoftSpy.exe
    C:\WINDOWS\explorer.exe
    C:\Documents and Settings\Phil.JJIMENEZ\Desktop\StartupList.exe

    --------------------------------------------------

    Checking Windows NT UserInit:

    [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    UserInit = C:\WINDOWS\SYSTEM32\Userinit.exe,

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    HotKeysCmds = C:\WINDOWS\System32\hkcmd.exe
    WorksFUD =
    Microsoft Works Portfolio = C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
    srmclean = C:\Cpqs\Scom\srmclean.exe
    TkBellExe = C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
    EPSON Stylus C84 Series = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2D 1.EXE /P23 "EPSON Stylus C84 Series" /O5 "LPT1:" /M "Stylus C84"
    FLMK08KB = C:\Program Files\Muiltmedia keyboard utility\1.3\MMKEYBD.EXE
    ViewMgr = C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    STOPzilla = "C:\Program Files\STOPzilla!\Stopzilla.exe" /autorun
    AOLDialer = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    Pure Networks Port Magic = "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
    PCBG = C:\PROGRA~1\INTRIG~1\pcbodyguard.exe /start
    MCUpdateExe = C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    Microsoft Works Update Detection = C:\Program Files\Microsoft Works\WkDetect.exe
    IgfxTray = C:\WINDOWS\System32\igfxtray.exe
    iTunesHelper = C:\Program Files\iTunes\iTunesHelper.exe
    VSOCheckTask = "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    VirusScan Online = "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
    MCAgentExe = c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    AOL Spyware Protection = "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
    SunJavaUpdateSched = C:\Program Files\Java\jre1.5.0\bin\jusched.exe

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run

    (Default) =
    ctfmon.exe = C:\WINDOWS\System32\ctfmon.exe

    --------------------------------------------------

    Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

    Shell=*INI section not found*
    SCRNSAVE.EXE=*INI section not found*
    drivers=*INI section not found*

    Shell & screensaver key from Registry:

    Shell=Explorer.exe
    SCRNSAVE.EXE=C:\DOCUME~1\PHIL~1.JJI\Desktop\PHIL'S ~1\MISCEL~1\DARWIN~1.SCR
    drivers=*Registry value not found*

    Policies Shell key:

    HKCU\..\Policies: Shell=*Registry key not found*
    HKLM\..\Policies: Shell=*Registry value not found*

    --------------------------------------------------


    Enumerating Browser Helper Objects:

    (no name) - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
    (no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
    (no name) - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll - {A7327C09-B521-4EDB-8509-7D2660C9EC98}

    --------------------------------------------------

    Enumerating Task Scheduler jobs:

    AA9D70C0918AE538.job
    McAfee.com Update Check (JJIMENEZ-Judy).job
    McAfee.com Update Check (JJIMENEZ-Nik).job
    McAfee.com Update Check (JJIMENEZ-Phil).job
    McAfee.com Update Check (JJIMENEZ-Ted).job
    Registration reminder 1.job
    Registration reminder 2.job
    Registration reminder 3.job
    XoftSpy.job

    --------------------------------------------------

    Enumerating Download Program Files:

    [HS_live Control]
    InProcServer32 = C:\WINDOWS\System32\HS_live.ocx
    CODEBASE = http://install.homestead.com/~site/I...ve/HS_live.cab

    [ILINCInstall73 Class]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\iLinci76.dll
    CODEBASE = http://12.152.253.41/autotest/download/iLinci76.dll

    [{11111111-2222-3333-4444-555555555555}]
    CODEBASE = https://www.taxsimple.com/citrix/federal.CAB

    [Shockwave ActiveX Control]
    InProcServer32 = C:\WINDOWS\system32\Macromed\Director\SwDir.dll
    CODEBASE = http://download.macromedia.com/pub/s...ctor/swdir.cab

    [Tax$imple]
    InProcServer32 = C:\WINDOWS\System32\MSJAVA.DLL
    CODEBASE = https://www.taxsimple.com/citrix/tax$imple.cab

    [YInstStarter Class]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\yinsthelper.dll
    CODEBASE = http://download.yahoo.com/dl/installs/yinst0401.cab

    [AOL Content Update]
    InProcServer32 = C:\Program Files\Common Files\AolCoach\en_en\GTDownAO_106.ocx
    CODEBASE = http://esupport.aol.com/help/acp2/en...ach_core_1.cab

    [Office Update Installation Engine]
    InProcServer32 = C:\WINDOWS\opuc.dll
    CODEBASE = http://office.microsoft.com/officeup...ntent/opuc.cab

    [QDiagAOLCCUpdateObj Class]
    InProcServer32 = C:\WINDOWS\System32\qdiagcc.ocx
    CODEBASE = http://aolcc.aol.com/computercheckup/qdiagcc.cab

    [McAfee.com Operating System Class]
    InProcServer32 = C:\WINDOWS\System32\mcinsctl.dll
    CODEBASE = http://download.av.aol.com/molbin/sh...3/mcinsctl.cab

    [{88D758A3-D33B-45FD-91E3-67749B4057FA}]
    CODEBASE = http://dm.screensavers.com/dm/instal...sinstaller.cab

    [{9F1C11AA-197B-4942-BA54-47A8489BB47F}]
    CODEBASE = http://v4.windowsupdate.microsoft.co...208.5566203704

    [IEAnimBehaviorFactory Class]
    InProcServer32 = C:\PROGRA~1\COMMON~1\MICROS~1\MSORun\MSORUN.DLL
    CODEBASE = http://download.microsoft.com/downlo...-US/msorun.cab

    [{B9191F79-5613-4C76-AA2A-398534BB8999}]
    CODEBASE = http://us.dl1.yimg.com/download.yaho...tocomplete.cab

    [View22RTE Class]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\View22RTE.dll
    CODEBASE = http://66.242.36.104/app/view22RTE.cab

    [DwnldGroupMgr Class]
    InProcServer32 = C:\WINDOWS\System32\McGDMgr.dll
    CODEBASE = http://download.av.aol.com/molbin/sh...20/mcgdmgr.cab

    [Downloader Class]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\dwnldr.dll
    CODEBASE = http://www.stopzilla.com/_download/A...ler/dwnldr.cab

    [Shockwave Flash Object]
    InProcServer32 = C:\WINDOWS\System32\macromed\flash\Flash.ocx
    CODEBASE = http://download.macromedia.com/pub/s...sh/swflash.cab

    [PWLNINST Control]
    InProcServer32 = C:\WINDOWS\PWLN\pwlninst.ocx
    CODEBASE = http://plato.whvcorp.net/pathways/pw...b/pwlninst.cab

    --------------------------------------------------

    Enumerating ShellServiceObjectDelayLoad items:

    PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
    CDBurn: C:\WINDOWS\system32\SHELL32.dll
    WebCheck: *Registry key not found*
    SysTray: C:\WINDOWS\System32\stobject.dll

    --------------------------------------------------
    End of report, 9,224 bytes
    Report generated in 0.562 seconds

    Command line options:
    /verbose - to add additional info on each section
    /complete - to include empty sections and unsuspicious data
    /full - to include several rarely-important sections
    /force9x - to include Win9x-only startups even if running on WinNT
    /forcent - to include WinNT-only startups even if running on Win9x
    /forceall - to include all Win9x and WinNT startups, regardless of platform
    /history - to list version history only

  3. 16-03-2005  #2
    owen
    owen is offline D-A-L Team Member (UK)
    Save 20% on AVG Internet Security 2012 Suite!
    Hiya,
    Sorry about the long response time, if you still require help could you post a fresh log.
+ Reply to Thread
« Hijack this Log plus one other problem. | StartPage-DU.dll Issue...help!!! »