Code:
StartupList report, 10/26/2006, 3:06:55 PM
StartupList version: 1.52
Started from : C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Desktop\StartupList.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
==================================================
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\ISSVC.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\System32\svchost.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\D-Link AirPlus G\AirPlus.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\BearShare\BearShare.EXE
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Desktop\BearDiag.exe
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Desktop\StartupList.exe
--------------------------------------------------
Listing of startup folders:
Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
D-Link AirPlus G Configuration Utility.lnk = ?
HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
--------------------------------------------------
Checking Windows NT UserInit:
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
ehTray = C:\WINDOWS\ehome\ehtray.exe
SunJavaUpdateSched = C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
hpsysdrv = c:\windows\system\hpsysdrv.exe
High Definition Audio Property Page Shortcut = HDAudPropShortcut.exe
HotKeysCmds = C:\WINDOWS\system32\hkcmd.exe
AGRSMMSG = AGRSMMSG.exe
HPHUPD06 = c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
HPHmon06 = C:\WINDOWS\system32\hphmon06.exe
KBD = C:\HP\KBD\KBD.EXE
TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
Recguard = C:\WINDOWS\SMINST\RECGUARD.EXE
ccApp = "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
URLLSTCK.exe = c:\Program Files\Norton Internet Security\UrlLstCk.exe
PS2 = C:\WINDOWS\system32\ps2.exe
SoundMan = SOUNDMAN.EXE
AlcWzrd = ALCWZRD.EXE
Alcmtr = ALCMTR.EXE
LSBWatcher = c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
Windows Registry Repair Pro = C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 6
MsnMsgr = "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
BitTorrent = "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
STYLEXP = C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
Yahoo! Pager = "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
--------------------------------------------------
Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*
Shell & screensaver key from Registry:
Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\logon.scr
drivers=*Registry value not found*
Policies Shell key:
HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*
--------------------------------------------------
Enumerating Browser Helper Objects:
(no name) - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll - {9030D464-4C02-4ABF-8ECC-5164760863C6}
(no name) - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}
--------------------------------------------------
Enumerating Task Scheduler jobs:
HP DArC Task #Hewlett-Packard#7900#CN38U221J4EV.job
HP Usg Daily.job
Norton AntiVirus - Run Full System Scan - HP_Administrator.job
Norton SystemWorks One Button Checkup.job
Symantec Drmc.job
Symantec NetDetect.job
--------------------------------------------------
Enumerating Download Program Files:
[YInstStarter Class]
InProcServer32 = C:\Program Files\Yahoo!\Common\yinsthelper.dll
CODEBASE = C:\Program Files\Yahoo!\Common\yinsthelper.dll
[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx
CODEBASE = http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
--------------------------------------------------
Enumerating ShellServiceObjectDelayLoad items:
PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll
--------------------------------------------------
End of report, 7,394 bytes
Report generated in 0.063 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only Code:
Current task list information for JESSICASCOMPUTE, running WIN_XP, Service Pack 2, build 2600
Details collected on 2006/10/26 15:06:51
PID Process Name File Version Pk Mem Usg. Command line that invoked task
0 System Idle Process 0.0.0.0 0Mb ><
4 System 0.0.0.0 2.39Mb ><
620 smss.exe 5.1.2600.2180 0.47Mb >\SystemRoot\System32\smss.exe<
672 csrss.exe 0.0.0.0 4.07Mb ><
696 winlogon.exe 5.1.2600.2180 9.95Mb >winlogon.exe<
744 services.exe 5.1.2600.2180 4.05Mb >C:\WINDOWS\system32\services.exe<
756 lsass.exe 5.1.2600.2180 6.13Mb >C:\WINDOWS\system32\lsass.exe<
924 svchost.exe 5.1.2600.2180 4.8Mb >C:\WINDOWS\system32\svchost -k DcomLaunch<
992 svchost.exe 0.0.0.0 4.45Mb ><
1032 svchost.exe 5.1.2600.2180 30.56Mb >C:\WINDOWS\System32\svchost.exe -k netsvcs<
1124 svchost.exe 0.0.0.0 3Mb ><
1216 svchost.exe 0.0.0.0 7.04Mb ><
1516 explorer.exe 6.0.2900.2180 28.91Mb >C:\WINDOWS\Explorer.EXE<
1592 ccProxy.exe 103.0.2.10 12.55Mb >"c:\Program Files\Common Files\Symantec Shared\ccProxy.exe"<
1608 ccSetMgr.exe 103.0.2.10 6.3Mb >"c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"<
1620 ISSVC.exe 8.0.0.64 7.59Mb >"c:\Program Files\Norton Internet Security\ISSVC.exe"<
1632 navapsvc.exe 11.0.2.4 13.27Mb >"c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe"<
1644 SNDSrvc.exe 5.4.2.17 4.58Mb >"c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"<
1668 SPBBCSvc.exe 1.0.1.47 5.29Mb >"c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe"<
1748 ccEvtMgr.exe 103.0.2.10 6.65Mb >"c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"<
2036 spoolsv.exe 5.1.2600.2180 4.55Mb >C:\WINDOWS\system32\spoolsv.exe<
268 ehRecvr.exe 5.1.2700.2230 8.68Mb >C:\WINDOWS\eHome\ehRecvr.exe<
340 ehSched.exe 5.1.2700.2180 3.06Mb >C:\WINDOWS\eHome\ehSched.exe<
396 LSSrvc.exe 1.0.13.1 1.38Mb >"c:\Program Files\Common Files\LightScribe\LSSrvc.exe"<
436 MDM.EXE 7.0.9466.0 2.57Mb >"C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"<
1316 SymWSC.exe 2005.1.0.111 8.34Mb >"c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe"<
2216 dllhost.exe 5.1.2600.2180 5.79Mb >C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}<
2588 alg.exe 0.0.0.0 3.18Mb ><
2840 ehtray.exe 5.1.2700.2180 4.24Mb >"C:\WINDOWS\ehome\ehtray.exe" <
2848 jusched.exe 5.0.30.7 1.56Mb >"C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" <
2856 hpsysdrv.exe 1.7.0.0 1.64Mb >"C:\windows\system\hpsysdrv.exe" <
2948 hkcmd.exe 3.0.0.3971 3.71Mb >"C:\WINDOWS\system32\hkcmd.exe" <
2960 AGRSMMSG.exe 2.1.41.10 2.19Mb >"C:\WINDOWS\AGRSMMSG.exe" <
3040 hphmon06.exe 6.0.72.0 3.78Mb >"C:\WINDOWS\system32\hphmon06.exe" <
3048 kbd.exe 1.0.2.0 5.01Mb >"C:\HP\KBD\KBD.EXE" <
3148 ehmsas.exe 5.1.2700.2180 3.35Mb >C:\WINDOWS\eHome\ehmsas.exe -Embedding<
3184 ccApp.exe 103.0.2.10 30.36Mb >"C:\Program Files\Common Files\Symantec Shared\ccApp.exe" <
3280 SOUNDMAN.EXE 1.0.0.14 2.57Mb >"C:\WINDOWS\SOUNDMAN.EXE" <
3304 ALCWZRD.EXE 1.1.0.14 6.25Mb >"C:\WINDOWS\ALCWZRD.EXE" <
3356 ALCMTR.EXE 1.5.0.0 3.05Mb >"C:\WINDOWS\ALCMTR.EXE" <
3380 svchost.exe 5.1.2600.2180 3.1Mb >C:\WINDOWS\System32\svchost.exe -k HTTPFilter<
3388 LSBurnWatcher.exe 4.10.14.0 3.03Mb >"C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" <
3408 qttask.exe 6.5.1.17 2.05Mb >"C:\Program Files\QuickTime\qttask.exe" -atboottime<
3428 ctfmon.exe 5.1.2600.2180 2.91Mb >"C:\WINDOWS\system32\ctfmon.exe" <
3608 msnmsgr.exe 8.0.812.0 38.43Mb >"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background<
3852 AIRPLUS.exe 1.0.0.0 4.84Mb >"C:\Program Files\D-Link AirPlus G\AirPlus.exe" <
3888 Updates from HP.exe 2.0.0.1 7.7Mb >"C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe" -startup<
3352 svchost.exe 5.1.2600.2180 3.45Mb >C:\WINDOWS\system32\svchost.exe -k usnsvc<
4572 IEXPLORE.EXE 6.0.2900.2180 48Mb >"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding<
4172 BearShare.EXE 5.0.2.3 25.98Mb >"C:\Program Files\BearShare\BearShare.EXE" <
2392 BearDiag.exe 1.99.13.0 10.28Mb >"C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Desktop\BearDiag.exe" <
1196 wmiprvse.exe 0.0.0.0 7.08Mb ><
BearShare library folder information for JESSICASCOMPUTE, running WIN_XP, Service Pack 2, build 2600
Details collected on 2006/10/26 15:07:46
Volume in drive C is HP_PAVILION
Volume Serial Number is 2CCD-1DA7
Directory of C:\Program Files\BearShare\db
10/26/2006 03:07 PM <DIR> .
10/26/2006 03:07 PM <DIR> ..
10/26/2006 03:07 PM 1,361,560 BearShareHostiles.zip
09/09/2006 10:59 PM 3,103 config.bin
10/21/2006 10:14 PM 114,640 connect.txt
10/21/2006 10:14 PM 2,144 gwebcache.dat
09/09/2006 11:08 PM 3,692 Hostiles.old
04/30/2006 08:37 PM 10,384,336 Hostiles.txt
10/21/2006 10:14 PM 0 Hostiles-Chat.txt
10/26/2006 03:06 PM 806,912 library.2.db
10/26/2006 03:04 PM 806,912 library.2.db.lastgoodload.bak
10/26/2006 03:06 PM 806,912 library.db
10/26/2006 03:04 PM 806,912 library.db.lastgoodload.bak
10/21/2006 10:14 PM 19 searches.ini
12 File(s) 15,097,142 bytes
2 Dir(s) 125,202,690,048 bytes free Code:
Firewall information for JESSICASCOMPUTE, running WIN_XP, Service Pack 2, build 2600
Details collected on 2006/10/26 15:07:49
Default gateway is 192.168.0.1
Domain profile configuration:
-------------------------------------------------------------------
Operational mode = Enable
Exception mode = Enable
Multicast/broadcast response mode = Enable
Notification mode = Enable
Service configuration for Domain profile:
Mode Customized Name
-------------------------------------------------------------------
Enable No File and Printer Sharing
Allowed programs configuration for Domain profile:
Mode Name / Program
-------------------------------------------------------------------
Enable Remote Assistance / C:\WINDOWS\system32\sessmgr.exe
Enable iTunes / C:\Program Files\iTunes\iTunes.exe
Enable Windows Live Messenger 8.0 / C:\Program Files\MSN Messenger\msnmsgr.exe
Enable Windows Live Messenger 8.0 (Phone) / C:\Program Files\MSN Messenger\msncall.exe
Port configuration for Domain profile:
Port Protocol Mode Name
-------------------------------------------------------------------
139 TCP Enable NetBIOS Session Service
445 TCP Enable SMB over TCP
137 UDP Enable NetBIOS Name Service
138 UDP Enable NetBIOS Datagram Service
Standard profile configuration (current):
-------------------------------------------------------------------
Operational mode = Disable
Exception mode = Enable
Multicast/broadcast response mode = Enable
Notification mode = Enable
Service configuration for Standard profile:
Mode Customized Name
-------------------------------------------------------------------
Enable No File and Printer Sharing
Allowed programs configuration for Standard profile:
Mode Name / Program
-------------------------------------------------------------------
Enable Remote Assistance / C:\WINDOWS\system32\sessmgr.exe
Enable BackWeb for Pavilion / C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
Enable Earthlink / C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
Enable Windows Live Messenger 8.0 / C:\Program Files\MSN Messenger\msnmsgr.exe
Enable Windows Live Messenger 8.0 (Phone) / C:\Program Files\MSN Messenger\msncall.exe
Enable BitTorrent / C:\Program Files\BitTorrent\bittorrent.exe
Enable LimeWire / C:\Program Files\LimeWire\LimeWire.exe
Enable Yahoo! Messenger / C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
Enable Yahoo! FT Server / C:\Program Files\Yahoo!\Messenger\YServer.exe
Port configuration for Standard profile:
Port Protocol Mode Name
-------------------------------------------------------------------
139 TCP Enable NetBIOS Session Service
445 TCP Enable SMB over TCP
137 UDP Enable NetBIOS Name Service
138 UDP Enable NetBIOS Datagram Service
Log configuration:
-------------------------------------------------------------------
File location = C:\WINDOWS\pfirewall.log
Max file size = 4096 KB
Dropped packets = Disable
Connections = Disable
Local Area Connection firewall configuration:
-------------------------------------------------------------------
Operational mode = Enable
Wireless Network Connection firewall configuration:
-------------------------------------------------------------------
Operational mode = Enable
1394 Connection firewall configuration:
-------------------------------------------------------------------
Operational mode = Enable