StartupList report, 2/28/2009, 8:58:22 PM StartupList version: 1.52.2 Started from : C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.EXE Detected: Windows Vista SP1 (WinNT 6.00.1905) Detected: Internet Explorer v7.00 (7.00.6001.18000) * Using default options ================================================== Running processes: C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files (x86)\steam\Steam.exe C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe -------------------------------------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = userinit.exe -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run eRecoveryService = SunJavaUpdateSched = "C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe" osCheck = "C:\Program Files (x86)\Norton 360\osCheck.exe" ccApp = "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe" Camera Assistant Software = "C:\Program Files\Camera Assistant Software for Gateway\traybar.exe" Adobe Reader Speed Launcher = "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Aim6 = ehTray.exe = C:\Windows\ehome\ehTray.exe -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\Run [OptionalComponents] = -------------------------------------------------- File association entry for .HTA: HKEY_CLASSES_ROOT\htafile\shell\open\command (Default) = C:\Windows\SysWOW64\mshta.exe "%1" %* -------------------------------------------------- Shell & screensaver key from C:\Windows\SYSTEM.INI: Shell=*INI section not found* SCRNSAVE.EXE=*INI section not found* drivers=*INI section not found* Shell & screensaver key from Registry: Shell=explorer.exe SCRNSAVE.EXE=C:\Windows\system32\logon.scr drivers=*Registry value not found* Policies Shell key: HKCU\..\Policies: Shell=*Registry key not found* HKLM\..\Policies: Shell=*Registry value not found* -------------------------------------------------- Enumerating Browser Helper Objects: (no name) - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} NCO 2.0 IE BHO - C:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} Symantec Intrusion Prevention - C:\PROGRA~2\COMMON~1\SYMANT~1\IDS\IPSBHO.dll - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} (no name) - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (no name) - (no file) - {7E853D72-626A-48EC-A868-BA8D5E23E045} (no name) - C:\Program Files (x86)\Mininova-Vuze\tbMin0.dll - {d51d388b-f5dc-471a-a1ce-5e2d671091c0} -------------------------------------------------- Enumerating Download Program Files: [System Requirements Lab Class] InProcServer32 = C:\Windows\Downloaded Program Files\sysreqlab3.dll CODEBASE = http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab OSD = C:\Windows\Downloaded Program Files\SysReqLab3.osd [compid Class] InProcServer32 = C:\Windows\Downloaded Program Files\gwCID.dll CODEBASE = http://support.gateway.com/support/serialharvest/gwCID.CAB -------------------------------------------------- Enumerating Winsock LSP files: NameSpace #1: C:\Windows\system32\NLAapi.dll NameSpace #2: C:\Windows\system32\napinsp.dll NameSpace #3: C:\Windows\system32\pnrpnsp.dll NameSpace #4: C:\Windows\system32\pnrpnsp.dll -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: WebCheck: C:\Windows\SysWOW64\webcheck.dll -------------------------------------------------- End of report, 4,798 bytes Report generated in 0.031 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only