StartupList report, 24/05/2008, 11:09:06 AM StartupList version: 1.52.2 Started from : C:\Program Files\Trend Micro\HijackThis\HijackThis.EXE Detected: Windows Vista (WinNT 6.00.1904) Detected: Internet Explorer v7.00 (7.00.6000.16643) * Using default options ================================================== Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe C:\Program Files\Java\jre1.6.0\bin\jusched.exe C:\WINDOWS\System32\rundll32.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe C:\Windows\system32\wuauclt.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Windows\system32\NOTEPAD.EXE C:\Windows\system32\SearchFilterHost.exe -------------------------------------------------- Listing of startup folders: Shell folders Common Startup: [C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup] Bluetooth.lnk = ? Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe -------------------------------------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\Windows\system32\userinit.exe, -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run SynTPEnh = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe HP Health Check Scheduler = C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe SunJavaUpdateSched = "C:\Program Files\Java\jre1.6.0\bin\jusched.exe" NvSvc = RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart NvCplDaemon = RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup NvMediaCenter = RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit HP Software Update = C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe ISUSPM Startup = C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup Kernel and Hardware Abstraction Layer = KHALMNPR.EXE Adobe Reader Speed Launcher = "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" QuickTime Task = "C:\Program Files\QuickTime\QTTask.exe" -atboottime iTunesHelper = "C:\Program Files\iTunes\iTunesHelper.exe" SynTPStart = C:\Program Files\Synaptics\SynTP\SynTPStart.exe AVG8_TRAY = C:\PROGRA~1\AVG\AVG8\avgtray.exe -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run ehTray.exe = C:\Windows\ehome\ehTray.exe MsnMsgr = "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background ISUSPM Startup = C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup SpybotSD TeaTimer = C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe Sidebar = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\Run [OptionalComponents] = -------------------------------------------------- Load/Run keys from C:\Windows\WIN.INI: load=*INI section not found* run=*INI section not found* Load/Run keys from Registry: HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\Windows: load= HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=avgrsstx.dll -------------------------------------------------- Shell & screensaver key from C:\Windows\SYSTEM.INI: Shell=*INI section not found* SCRNSAVE.EXE=*INI section not found* drivers=*INI section not found* Shell & screensaver key from Registry: Shell=explorer.exe SCRNSAVE.EXE=C:\Windows\system32\ssBranded.scr drivers=*Registry value not found* Policies Shell key: HKCU\..\Policies: Shell=*Registry key not found* HKLM\..\Policies: Shell=*Registry value not found* -------------------------------------------------- Enumerating Browser Helper Objects: (no name) - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} WormRadar.com IESiteBlocker.NavFilter - C:\Program Files\AVG\AVG8\avgssie.dll - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F} (no name) - C:\Program Files\Java\jre1.6.0\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (no name) - (no file) - {7E853D72-626A-48EC-A868-BA8D5E23E045} (no name) - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll - {9030D464-4C02-4ABF-8ECC-5164760863C6} (no name) - c:\program files\google\googletoolbar2.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7} -------------------------------------------------- Enumerating Task Scheduler jobs: User_Feed_Synchronization-{9FCF8E5C-F769-477B-B10B-CC9851028469}.job -------------------------------------------------- Enumerating Download Program Files: [MSN Photo Upload Tool] InProcServer32 = C:\Windows\Downloaded Program Files\MsnPUpld.dll CODEBASE = http://gfx1.hotmail.com/mail/w2/resources/VistaMSNPUplden-au.cab [UnoCtrl Class] InProcServer32 = C:\Windows\Downloaded Program Files\GAME_UNO1.dll CODEBASE = http://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cab [MessengerStatsClient Class] InProcServer32 = C:\Windows\Downloaded Program Files\MessengerStatsPAClient.dll CODEBASE = http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab [GoPetsWeb Control] InProcServer32 = C:\Windows\DOWNLO~1\GOPETS~1.OCX CODEBASE = https://secure.gopetslive.com/dev/GoPetsWeb.cab -------------------------------------------------- Enumerating Winsock LSP files: NameSpace #1: C:\Windows\system32\NLAapi.dll NameSpace #4: C:\Windows\system32\napinsp.dll NameSpace #5: C:\Windows\system32\pnrpnsp.dll NameSpace #6: C:\Windows\system32\pnrpnsp.dll NameSpace #7: C:\Windows\system32\wshbth.dll NameSpace #8: C:\Program Files\Bonjour\mdnsNSP.dll -------------------------------------------------- Enumerating Windows NT logon/logoff scripts: *No scripts set to run* Windows NT checkdisk command: BootExecute = autocheck autochk * Windows NT 'Wininit.ini': PendingFileRenameOperations: C:\Windows\TEMP\symlcsv1.exe||C:\Program Files\Grisoft\AVG7\avgse.dll.install_backup -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: WebCheck: C:\Windows\system32\webcheck.dll -------------------------------------------------- End of report, 9,065 bytes Report generated in 0.156 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only