StartupList report, 5/3/2008, 1:52:55 PM StartupList version: 1.52.2 Started from : C:\Program Files\Trend Micro\HijackThis\HijackThis.EXE Detected: Windows XP SP2 (WinNT 5.01.2600) Detected: Internet Explorer v7.00 (7.00.6000.16640) * Using default options ================================================== Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE C:\Program Files\Canon\Memory Card Utility\iP6220D\PDUiP6220DMon.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\NoAds\NoAds.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\SpywareDetector\SDService.exe C:\Program Files\SpywareDetector\SDSystemTray.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\NOTEPAD.EXE -------------------------------------------------- Listing of startup folders: Shell folders Common Startup: [C:\Documents and Settings\All Users\Start Menu\Programs\Startup] Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe -------------------------------------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = c:\windows\system32\userinit.exe, -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run SystemTray = SysTray.Exe LVCOMS = C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE PDUiP6220DMon = C:\Program Files\Canon\Memory Card Utility\iP6220D\PDUiP6220DMon.exe AVG7_CC = C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP SunJavaUpdateSched = "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" ZoneAlarm Client = "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" SystemTraySD = C:\Program Files\SpywareDetector\SDSystemTray.exe -AUTO SDAutoLiveupdate = C:\Program Files\SpywareDetector\LiveUpdateSD.exe -AUTO -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run NoAds = "C:\Program Files\NoAds\NoAds.exe" ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe swg = C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe H/PC Connection Agent = "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background -------------------------------------------------- Shell & screensaver key from C:\WINDOWS\SYSTEM.INI: Shell=*INI section not found* SCRNSAVE.EXE=*INI section not found* drivers=*INI section not found* Shell & screensaver key from Registry: Shell=Explorer.exe SCRNSAVE.EXE=*Registry value not found* drivers=*Registry value not found* Policies Shell key: HKCU\..\Policies: Shell=*Registry key not found* HKLM\..\Policies: Shell=*Registry value not found* -------------------------------------------------- Enumerating Browser Helper Objects: (no name) - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (no name) - C:\Program Files\Yahoo!\Common\yiesrvc.dll - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} (no name) - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (no name) - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -------------------------------------------------- Enumerating Task Scheduler jobs: Tune-up Application Start.job PCHealth Scheduler for Data Collection.job Check Updates for Windows Live Toolbar.job -------------------------------------------------- Enumerating Download Program Files: [Installation Support] InProcServer32 = C:\Program Files\Yahoo!\Common\Yinsthelper.dll CODEBASE = C:\Program Files\Yahoo!\Common\Yinsthelper.dll [{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}] CODEBASE = http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: PostBootReminder: C:\WINDOWS\system32\SHELL32.dll CDBurn: C:\WINDOWS\system32\SHELL32.dll WebCheck: C:\WINDOWS\system32\webcheck.dll SysTray: C:\WINDOWS\system32\stobject.dll WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll -------------------------------------------------- End of report, 5,993 bytes Report generated in 0.240 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only