StartupList report, 16/11/2007, 6:41:40 PM StartupList version: 1.52.2 Started from : D:\softwares\UFFICIO\HijackThis\HiJackThis_v2.EXE Detected: Windows Vista (WinNT 6.00.1904) Detected: Internet Explorer v7.00 (7.00.6000.16546) * Using default options ================================================== Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\RtHDVCpl.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe C:\Windows\System32\rundll32.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Windows\System32\rundll32.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Grisoft\AVG7\avgcc.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\System32\spool\drivers\w32x86\3\E_FATICAP.EXE C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Internet Explorer\ieuser.exe D:\softwares\UFFICIO\HijackThis\HiJackThis_v2.exe -------------------------------------------------- Listing of startup folders: Shell folders Common Startup: [C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup] Adobe Reader Speed Launch.lnk.disabled Adobe Reader Synchronizer.lnk.disabled Bluetooth.lnk = ? -------------------------------------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\Windows\system32\userinit.exe, -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run SMSERIAL = C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe SynTPEnh = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe RtHDVCpl = RtHDVCpl.exe QPService = "C:\Program Files\HP\QuickPlay\QPService.exe" NvSvc = RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart NvCplDaemon = RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup NvMediaCenter = RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit CognizanceTS = rundll32.exe c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll,RegisterModule ZoneAlarm Client = "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" avgnt = "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min AVG7_CC = C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP IAAnotif = C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe HP Health Check Scheduler = C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run WindowsWelcomeCenter = rundll32.exe oobefldr.dll,ShowWelcomeCenter ehTray.exe = C:\Windows\ehome\ehTray.exe WMPNSCFG = C:\Program Files\Windows Media Player\WMPNSCFG.exe EPSON Stylus CX5500 Series = C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICAP.EXE /FU "C:\Windows\TEMP\E_SA67F.tmp" /EF "HKCU" -------------------------------------------------- Load/Run keys from C:\Windows\WIN.INI: load=*INI section not found* run=*INI section not found* Load/Run keys from Registry: HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\Windows: load= HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=APSHook.dll -------------------------------------------------- Shell & screensaver key from C:\Windows\SYSTEM.INI: Shell=*INI section not found* SCRNSAVE.EXE=*INI section not found* drivers=*INI section not found* Shell & screensaver key from Registry: Shell=explorer.exe SCRNSAVE.EXE=C:\Windows\system32\logon.scr drivers=*Registry value not found* Policies Shell key: HKCU\..\Policies: Shell=*Registry key not found* HKLM\..\Policies: Shell=*Registry value not found* -------------------------------------------------- Enumerating Browser Helper Objects: Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} (no name) - C:\Program Files\Java\jre1.6.0\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (no name) - (no file) - {7E853D72-626A-48EC-A868-BA8D5E23E045} (no name) - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll - {9030D464-4C02-4ABF-8ECC-5164760863C6} (no name) - c:\program files\google\googletoolbar2.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7} (no name) - C:\Program Files\Windows Live Toolbar\msntb.dll - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} VeriSoft Access Manager - c:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} -------------------------------------------------- Enumerating Task Scheduler jobs: Check Updates for Windows Live Toolbar.job User_Feed_Synchronization-{A25BBF61-2328-4E07-9298-560B2BADA4E1}.job User_Feed_Synchronization-{C6247023-BB47-45D5-BF84-9C84A8CB17B0}.job -------------------------------------------------- Enumerating Download Program Files: [TmHcmsX Control] InProcServer32 = C:\Windows\DOWNLO~1\TmHcmsX.ocx CODEBASE = http://www.trendsecure.com/framework/control/en-US/activex/TmHcmsX.CAB -------------------------------------------------- Enumerating Winsock LSP files: NameSpace #1: C:\Windows\system32\NLAapi.dll NameSpace #4: C:\Windows\system32\napinsp.dll NameSpace #5: C:\Windows\system32\pnrpnsp.dll NameSpace #6: C:\Windows\system32\pnrpnsp.dll NameSpace #7: C:\Windows\system32\wshbth.dll -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: WebCheck: C:\Windows\system32\webcheck.dll -------------------------------------------------- End of report, 7,918 bytes Report generated in 0.031 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only