StartupList report, 19/02/2009, 9:28:36 AM StartupList version: 1.52.2 Started from : C:\Users\Jack Ponte\Desktop\hijackthis.EXE Detected: Windows Vista SP1 (WinNT 6.00.1905) Detected: Internet Explorer v7.00 (7.00.6001.18000) * Using default options ================================================== Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Java\jre1.6.0\bin\jusched.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\WINDOWS\System32\rundll32.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\HP Connections\6811507\Program\HP Connections.exe C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Users\Jack Ponte\Downloads\hijackthis.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Users\Jack Ponte\Desktop\hijackthis.exe C:\WINDOWS\System32\notepad.exe C:\Windows\system32\SearchFilterHost.exe -------------------------------------------------- Listing of startup folders: Shell folders Common Startup: [C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup] HP Connections.lnk = C:\Program Files\HP Connections\6811507\Program\HP Connections.exe -------------------------------------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\Windows\system32\userinit.exe, -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run SynTPEnh = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe QPService = "C:\Program Files\HP\QuickPlay\QPService.exe" HP Health Check Scheduler = C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe SunJavaUpdateSched = "C:\Program Files\Java\jre1.6.0\bin\jusched.exe" HP Software Update = C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe avast! = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe NvCplDaemon = RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup NvMediaCenter = RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit Adobe Reader Speed Launcher = "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" iTunesHelper = "C:\Program Files\iTunes\iTunesHelper.exe" QuickTime Task = "C:\Program Files\QuickTime\QTTask.exe" -atboottime -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Sidebar = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun cdloader = "C:\Users\Jack Ponte\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\Run [OptionalComponents] = -------------------------------------------------- Shell & screensaver key from C:\Windows\SYSTEM.INI: Shell=*INI section not found* SCRNSAVE.EXE=*INI section not found* drivers=*INI section not found* Shell & screensaver key from Registry: Shell=explorer.exe SCRNSAVE.EXE=C:\Windows\system32\scrnsave.scr drivers=*Registry value not found* Policies Shell key: HKCU\..\Policies: Shell=*Registry key not found* HKLM\..\Policies: Shell=*Registry value not found* -------------------------------------------------- Enumerating Browser Helper Objects: (no name) - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (no name) - C:\Program Files\Java\jre1.6.0\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -------------------------------------------------- Enumerating Task Scheduler jobs: Ad-Aware Update (Weekly).job -------------------------------------------------- Enumerating Winsock LSP files: NameSpace #1: C:\Windows\system32\NLAapi.dll NameSpace #2: C:\Windows\system32\napinsp.dll NameSpace #3: C:\Windows\system32\pnrpnsp.dll NameSpace #4: C:\Windows\system32\pnrpnsp.dll -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: WebCheck: C:\Windows\system32\webcheck.dll -------------------------------------------------- End of report, 5,473 bytes Report generated in 0.047 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only