StartupList report, 2008-04-14, 21:38:24 StartupList version: 1.52.2 Started from : C:\Program Files\Trend Micro\HijackThis\HijackThis.EXE Detected: Windows XP SP2 (WinNT 5.01.2600) Detected: Internet Explorer v7.00 (7.00.6000.16640) * Using default options ================================================== Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe C:\WINDOWS\system32\pctspk.exe C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe C:\Program Files\Logitech\QuickCam10\QuickCam10.exe C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\DIGStream\digstream.exe C:\Program Files\ESPNRunTime\DIGServices.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\System32\Ati2evxx.exe C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\NOTEPAD.EXE -------------------------------------------------- Listing of startup folders: Shell folders Common Startup: [C:\Documents and Settings\All Users\Start Menu\Programs\Startup] Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE -------------------------------------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS\system32\userinit.exe, -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot SunJavaUpdateSched = C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime PCTVOICE = pctspk.exe LVCOMSX = "C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe" LogitechQuickCamRibbon = "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide LogitechCommunicationsManager = "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" iTunesHelper = "C:\Program Files\iTunes\iTunesHelper.exe" DIGStream = C:\Program Files\DIGStream\digstream.exe DIGServices = C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24 ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" ATIPTA = C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe ATIModeChange = Ati2mdxx.exe AVG7_CC = C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe msnmsgr = "C:\Program Files\MSN Messenger\msnmsgr.exe" /background -------------------------------------------------- Shell & screensaver key from C:\WINDOWS\SYSTEM.INI: Shell=*INI section not found* SCRNSAVE.EXE=*INI section not found* drivers=*INI section not found* Shell & screensaver key from Registry: Shell=Explorer.exe SCRNSAVE.EXE=C:\WINDOWS\System32\ssmypics.scr drivers=*Registry value not found* Policies Shell key: HKCU\..\Policies: Shell=*Registry value not found* HKLM\..\Policies: Shell=*Registry value not found* -------------------------------------------------- Enumerating Browser Helper Objects: (no name) - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} (no name) - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll - {3049C3E9-B461-4BC5-8870-4C09146192CA} CitiUS Shared Browser Helper Object - C:\WINDOWS\system32\BhoCitUS.dll - {387EDF53-1CF2-4523-BC2F-13462651BE8C} (no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F} (no name) - (no file) - {7C109800-A5D5-438F-9640-18D17E168B88} -------------------------------------------------- Enumerating Task Scheduler jobs: AppleSoftwareUpdate.job -------------------------------------------------- Enumerating Download Program Files: [QuickTime Object] InProcServer32 = C:\Program Files\QuickTime\QTPlugin.ocx CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab [Windows Genuine Advantage Validation Tool] InProcServer32 = C:\WINDOWS\system32\LegitCheckControl.DLL CODEBASE = http://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab [{41564D57-9980-0010-8000-00AA00389B71}] CODEBASE = http://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab [MySpace Uploader Control] InProcServer32 = C:\WINDOWS\Downloaded Program Files\MySpaceUploader.ocx CODEBASE = http://lads.myspace.com/upload/MySpaceUploader1005.cab [MSN Photo Upload Tool] InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll CODEBASE = http://by106fd.bay106.hotmail.msn.com/resources/MsnPUpld.cab [Facebook Photo Uploader 4 Control] InProcServer32 = C:\WINDOWS\Downloaded Program Files\ImageUploader4.ocx CODEBASE = http://upload.facebook.com/controls/FacebookPhotoUploader3.cab [WUWebControl Class] InProcServer32 = C:\WINDOWS\system32\wuweb.dll CODEBASE = http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1146480349245 [MUWebControl Class] InProcServer32 = C:\WINDOWS\system32\muweb.dll CODEBASE = http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1208030585228 [Shutterfly Picture Upload Plugin] InProcServer32 = C:\WINDOWS\Downloaded Program Files\sfuploadplugin.ocx CODEBASE = http://web1.shutterfly.com/downloads/Uploader.cab [MsnMessengerSetupDownloadControl Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.ocx CODEBASE = http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab [Shockwave Flash Object] InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab [AxRUploadControl Object] InProcServer32 = C:\WINDOWS\Downloaded Program Files\AxRUploadServer.dll CODEBASE = http://www.imagestation.com/common/classes/SonyISUpload.cab?v=1,0,0,37 [McFreeScan Class] InProcServer32 = C:\WINDOWS\McAfee.com\FreeScan\mcfscan.dll CODEBASE = http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5262/mcfscan.cab -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: PostBootReminder: C:\WINDOWS\system32\SHELL32.dll CDBurn: C:\WINDOWS\system32\SHELL32.dll WebCheck: C:\WINDOWS\system32\webcheck.dll SysTray: C:\WINDOWS\System32\stobject.dll -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run ht0iWRSxYe = C:\Documents and Settings\All Users\Application Data\vqfatwde\lwtszqja.exe -------------------------------------------------- End of report, 8,992 bytes Report generated in 0.050 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only