StartupList report, 9/15/2009, 1:21:25 PM StartupList version: 1.52.2 Started from : C:\Program Files\Trend Micro\HijackThis\HijackThis.EXE Detected: Windows Vista SP2 (WinNT 6.00.1906) Detected: Internet Explorer v8.00 (8.00.6001.18813) * Using default options ================================================== Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\D-Link\Wireless G WUA-1340\AirGCFG.exe C:\Windows\RtHDVCpl.exe C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\System32\mobsync.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe C:\Program Files\Adobe\Reader 9.0\Reader\AcroBroker.exe C:\Windows\system32\NOTEPAD.EXE -------------------------------------------------- Listing of startup folders: Shell folders Common Startup: [C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup] HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe -------------------------------------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\Windows\system32\userinit.exe, -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run mcagent_exe = "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey D-Link Wireless G WUA-1340 = C:\Program Files\D-Link\Wireless G WUA-1340\AirGCFG.exe (Default) = RtHDVCpl = RtHDVCpl.exe ANIWZCS2Service = C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe StartCCC = "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\Run [OptionalComponents] = -------------------------------------------------- Shell & screensaver key from C:\Windows\SYSTEM.INI: Shell=*INI section not found* SCRNSAVE.EXE=*INI section not found* drivers=*INI section not found* Shell & screensaver key from Registry: Shell=explorer.exe SCRNSAVE.EXE=C:\Windows\system32\ssBranded.scr drivers=*Registry value not found* Policies Shell key: HKCU\..\Policies: Shell=*Registry key not found* HKLM\..\Policies: Shell=*Registry value not found* -------------------------------------------------- Enumerating Browser Helper Objects: (no name) - (no file) - {02478D38-C3F9-4efb-9B51-7695ECA05670} AcroIEHelperStub - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} (no name) - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll - {3049C3E9-B461-4BC5-8870-4C09146192CA} scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} (no name) - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll - {9030D464-4C02-4ABF-8ECC-5164760863C6} (no name) - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} (no name) - C:\Program Files\Java\jre6\bin\jp2ssv.dll - {DBC80044-A445-435b-BC74-9C25C1C588A9} -------------------------------------------------- Enumerating Task Scheduler jobs: McDefragTask.job McQcTask.job -------------------------------------------------- Enumerating Download Program Files: [{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}] CODEBASE = http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab [Shockwave Flash Object] InProcServer32 = C:\Windows\system32\Macromed\Flash\Flash10c.ocx CODEBASE = http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab [{E2883E8F-472F-4FB0-9522-AC9BF37916A7}] CODEBASE = http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab -------------------------------------------------- Enumerating Winsock LSP files: NameSpace #1: C:\Windows\system32\NLAapi.dll NameSpace #2: C:\Windows\system32\napinsp.dll NameSpace #3: C:\Windows\system32\pnrpnsp.dll NameSpace #4: C:\Windows\system32\pnrpnsp.dll NameSpace #5: C:\Program Files\Bonjour\mdnsNSP.dll -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: WebCheck: C:\Windows\System32\webcheck.dll -------------------------------------------------- End of report, 5,508 bytes Report generated in 0.063 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only