StartupList report, 2/1/2009, 11:13:05 AM StartupList version: 1.52.2 Started from : C:\Program Files\Trend Micro\HijackThis\HijackThis.EXE Detected: Windows Vista SP1 (WinNT 6.00.1905) Detected: Internet Explorer v7.00 (7.00.6001.18000) * Using default options ================================================== Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\ehome\ehtray.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe -------------------------------------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\Windows\system32\userinit.exe, -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx (Default) = -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run WMPNSCFG = C:\Program Files\Windows Media Player\WMPNSCFG.exe ehTray.exe = C:\Windows\ehome\ehTray.exe -------------------------------------------------- Load/Run keys from C:\Windows\WIN.INI: load=*INI section not found* run=*INI section not found* Load/Run keys from Registry: HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\Windows: load= HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL -------------------------------------------------- Shell & screensaver key from C:\Windows\SYSTEM.INI: Shell=*INI section not found* SCRNSAVE.EXE=*INI section not found* drivers=*INI section not found* Shell & screensaver key from Registry: Shell=explorer.exe SCRNSAVE.EXE=C:\Windows\system32\Mystify.scr drivers=*Registry value not found* Policies Shell key: HKCU\..\Policies: Shell=*Registry key not found* HKLM\..\Policies: Shell=*Registry value not found* -------------------------------------------------- Enumerating Browser Helper Objects: (no name) - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll - {02478D38-C3F9-4EFB-9B51-7695ECA05670} (no name) - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (no name) - c:\PROGRA~1\mcafee\msk\mcapbho.dll - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} (no name) - c:\Program Files\Java\jre1.6.0\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} (no name) - c:\program files\google\googletoolbar1.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7} (no name) - C:\Program Files\BAE\BAE.dll - {CA6319C0-31B7-401E-A518-A07C3DB8F777} -------------------------------------------------- Enumerating Task Scheduler jobs: ErrorSmart Scheduled Scan.job McDefragTask.job McQcTask.job RegCure Program Check.job RegCure.job User_Feed_Synchronization-{B411B467-2A58-4A80-AD97-E8F5060F8C0E}.job -------------------------------------------------- Enumerating Download Program Files: [Windows Genuine Advantage Validation Tool] InProcServer32 = C:\Windows\system32\LegitCheckControl.DLL CODEBASE = http://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab [YInstStarter Class] InProcServer32 = C:\PROGRA~1\Yahoo!\Common\yinsthelper.dll CODEBASE = C:\Program Files\Yahoo!\Common\yinsthelper.dll [CMV5 Class] InProcServer32 = C:\Windows\Downloaded Program Files\CpnMgr.dll CODEBASE = http://eversave.coupons.smartsource.com/download/cscmv5X.cab [{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}] CODEBASE = http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab [{D27CDB6E-AE6D-11CF-96B8-444553540000}] CODEBASE = http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab -------------------------------------------------- Enumerating Winsock LSP files: NameSpace #1: C:\Windows\system32\NLAapi.dll NameSpace #2: C:\Windows\system32\napinsp.dll NameSpace #3: C:\Windows\system32\pnrpnsp.dll NameSpace #4: C:\Windows\system32\pnrpnsp.dll NameSpace #7: C:\Program Files\Bonjour\mdnsNSP.dll -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: WebCheck: C:\Windows\system32\webcheck.dll -------------------------------------------------- End of report, 6,123 bytes Report generated in 0.125 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only