StartupList report, 5/2/2010, 5:16:16 PM StartupList version: 1.52.2 Started from : C:\Program Files\Trend Micro\HijackThis\HijackThis.EXE Detected: Windows XP SP3 (WinNT 5.01.2600) Detected: Internet Explorer v8.00 (8.00.6001.18702) * Using default options * Including empty and uninteresting sections ================================================== Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe c:\Program Files\Microsoft Security Essentials\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Dantz\Retrospect\retrorun.exe C:\WINDOWS\system32\java.exe C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\WINDOWS\system32\fxssvc.exe C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Dell Support Center\bin\sprtcmd.exe C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\WINDOWS\V0500Mon.exe C:\Program Files\Microsoft Security Essentials\msseces.exe C:\Program Files\RegServe\RSListener.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe -------------------------------------------------- Listing of startup folders: Shell folders Startup: [C:\Documents and Settings\Barry Basten\Start Menu\Programs\Startup] *No files* Shell folders AltStartup: *Folder not found* User shell folders Startup: *Folder not found* User shell folders AltStartup: *Folder not found* Shell folders Common Startup: [C:\Documents and Settings\All Users\Start Menu\Programs\Startup] *No files* Shell folders Common AltStartup: *Folder not found* User shell folders Common Startup: *Folder not found* User shell folders Alternate Common Startup: *Folder not found* -------------------------------------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS\system32\userinit.exe, [HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon] *Registry key not found* [HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] *Registry value not found* [HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon] *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run DellSupportCenter = "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter YSearchProtection = "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" nmctxth = "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" SunJavaUpdateSched = "C:\Program Files\Common Files\Java\Java Update\jusched.exe" CLMLServer = "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe" DiscWizardMonitor.exe = C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe AcronisTimounterMonitor = C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe Seagate Scheduler2 Service = "C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe" GrooveMonitor = "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" Adobe Reader Speed Launcher = "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" Adobe ARM = "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" V0500Mon.exe = C:\WINDOWS\V0500Mon.exe MSSE = "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey RSListener = C:\Program Files\RegServe\RSListener.exe -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce *No values found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *No values found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background YSearchProtection = C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce *No values found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\Run [AutorunsDisabled] LWBMOUSE = C:\Program Files\NASDAK\OmniMouse Driver\4.0\MOUSE32A.EXE hpqSRMon = C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [OptionalComponents] = -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\Run [AutorunsDisabled] Messenger (Yahoo!) = "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet Search Protection = C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- File association entry for .EXE: HKEY_CLASSES_ROOT\exefile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .COM: HKEY_CLASSES_ROOT\comfile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .BAT: HKEY_CLASSES_ROOT\batfile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .PIF: HKEY_CLASSES_ROOT\piffile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .SCR: HKEY_CLASSES_ROOT\scrfile\shell\open\command (Default) = "%1" /S -------------------------------------------------- File association entry for .HTA: HKEY_CLASSES_ROOT\htafile\shell\open\command (Default) = C:\WINDOWS\system32\mshta.exe "%1" %* -------------------------------------------------- File association entry for .TXT: HKEY_CLASSES_ROOT\txtfile\shell\open\command (Default) = %SystemRoot%\system32\NOTEPAD.EXE %1 -------------------------------------------------- Enumerating ICQ Agent Autostart apps: HKCU\Software\Mirabilis\ICQ\Agent\Apps *Registry key not found* -------------------------------------------------- Load/Run keys from C:\WINDOWS\WIN.INI: load=*INI section not found* run=*INI section not found* Load/Run keys from Registry: HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\Windows: load= HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs= -------------------------------------------------- Shell & screensaver key from C:\WINDOWS\SYSTEM.INI: Shell=*INI section not found* SCRNSAVE.EXE=*INI section not found* drivers=*INI section not found* Shell & screensaver key from Registry: Shell=Explorer.exe SCRNSAVE.EXE=C:\WINDOWS\System32\logon.scr drivers=*Registry value not found* Policies Shell key: HKCU\..\Policies: Shell=*Registry key not found* HKLM\..\Policies: Shell=*Registry value not found* -------------------------------------------------- Enumerating Browser Helper Objects: (no name) - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll - {02478D38-C3F9-4efb-9B51-7695ECA05670} HP Print Enhancer - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll - {0347C33E-8762-4905-BF09-768834316C61} AcroIEHelperStub - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} (no name) - (no file) - {1A1DAC8C-074D-440F-8707-7009A672D7D1} Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} (no name) - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} (no name) - C:\Program Files\ONLINE-TV\tbONL1.dll - {a8baaddd-ab98-4cdb-84cc-3c9ed9f38d1e} (no name) - c:\program files\google\googletoolbar2.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7} (no name) - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} MapQuest Toolbar Loader - C:\Program Files\MapQuest Toolbar\mapquesttb.dll - {bd3fd433-147a-482e-a192-614f26e2310c} (no name) - C:\Program Files\Java\jre6\bin\jp2ssv.dll - {DBC80044-A445-435b-BC74-9C25C1C588A9} JQSIEStartDetectorImpl - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} (no name) - C:\Program Files\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -------------------------------------------------- Enumerating Task Scheduler jobs: MP Scheduled Scan.job User_Feed_Synchronization-{A3A43AAF-2B30-4CE7-979A-3F836CB262DC}.job -------------------------------------------------- Enumerating Download Program Files: [SysProWmi Class] InProcServer32 = C:\WINDOWS\system32\Dell\SystemProfiler\SysPro.ocx CODEBASE = http://support.dell.com/systemprofiler/SysPro.CAB [Windows Genuine Advantage Validation Tool] InProcServer32 = C:\WINDOWS\system32\legitcheckcontrol.dll CODEBASE = http://go.microsoft.com/fwlink/?linkid=39204 [Installation Support] InProcServer32 = C:\Program Files\Yahoo!\Common\Yinsthelper.dll CODEBASE = C:\Program Files\Yahoo!\Common\Yinsthelper.dll [DLM Control] InProcServer32 = C:\WINDOWS\DOWNLO~1\DOWNLO~1.OCX CODEBASE = http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab [LinkedIn ContactFinderControl] InProcServer32 = C:\WINDOWS\DOWNLO~1\LINKED~1.DLL CODEBASE = http://www.linkedin.com/cab/LinkedInContactFinderControl.cab [System Requirements Lab Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\sysreqlab_ind.dll CODEBASE = http://www.srtest.com/srl_bin/sysreqlab_ind.cab OSD = C:\WINDOWS\Downloaded Program Files\sysreqlab.osd [Windows Live Safety Center Base Module] InProcServer32 = C:\WINDOWS\Downloaded Program Files\wlscBase.dll CODEBASE = http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab [MUWebControl Class] InProcServer32 = C:\WINDOWS\system32\muweb.dll CODEBASE = http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1126919496607 [{7530BFB8-7293-4D34-9923-61A11451AFC5}] CODEBASE = http://download.eset.com/special/eos/OnlineScanner.cab [Java Plug-in 1.6.0_20] InProcServer32 = C:\Program Files\Java\jre6\bin\jp2iexp.dll CODEBASE = http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab [{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}] CODEBASE = http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab [Java Plug-in 1.4.2] InProcServer32 = C:\Program Files\Java\jre6\bin\jp2iexp.dll CODEBASE = http://java.sun.com/update/1.4.2/jinstall-1_4_2-windows-i586.cab [Java Plug-in 1.6.0_03] InProcServer32 = C:\Program Files\Java\jre6\bin\jp2iexp.dll CODEBASE = http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab [Java Plug-in 1.6.0_20] InProcServer32 = C:\Program Files\Java\jre6\bin\jp2iexp.dll CODEBASE = http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab [Java Plug-in 1.6.0_20] InProcServer32 = C:\Program Files\Java\jre6\bin\npjpi160_20.dll CODEBASE = http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab [{D1E7CBDA-E60E-4970-A01C-37301EF7BF98}] CODEBASE = http://service.intelcapabilitiesforum.net/rankmypc/scan/FMSI.cab [Shockwave Flash Object] InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash10d.ocx CODEBASE = http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab [{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}] InProcServer32 = C:\Program Files\WebEx\ieatgpc.dll [{E2883E8F-472F-4FB0-9522-AC9BF37916A7}] CODEBASE = http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab -------------------------------------------------- Enumerating Winsock LSP files: NameSpace #1: C:\WINDOWS\System32\mswsock.dll NameSpace #2: C:\WINDOWS\System32\winrnr.dll NameSpace #3: C:\WINDOWS\System32\mswsock.dll Protocol #1: C:\WINDOWS\system32\mswsock.dll Protocol #2: C:\WINDOWS\system32\mswsock.dll Protocol #3: C:\WINDOWS\system32\mswsock.dll Protocol #4: C:\WINDOWS\system32\mswsock.dll Protocol #5: C:\WINDOWS\system32\mswsock.dll Protocol #6: C:\WINDOWS\system32\mswsock.dll Protocol #7: C:\WINDOWS\system32\mswsock.dll Protocol #8: C:\WINDOWS\system32\mswsock.dll Protocol #9: C:\WINDOWS\system32\mswsock.dll Protocol #10: C:\WINDOWS\system32\mswsock.dll Protocol #11: C:\WINDOWS\system32\mswsock.dll Protocol #12: C:\WINDOWS\system32\mswsock.dll Protocol #13: C:\WINDOWS\system32\mswsock.dll Protocol #14: C:\WINDOWS\system32\mswsock.dll Protocol #15: C:\WINDOWS\system32\mswsock.dll Protocol #16: C:\WINDOWS\system32\rsvpsp.dll Protocol #17: C:\WINDOWS\system32\rsvpsp.dll -------------------------------------------------- Enumerating Windows NT logon/logoff scripts: *No scripts set to run* Windows NT checkdisk command: BootExecute = autocheck autochk * Windows NT 'Wininit.ini': PendingFileRenameOperations: *Registry value not found* -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: PostBootReminder: C:\WINDOWS\system32\SHELL32.dll CDBurn: C:\WINDOWS\system32\SHELL32.dll WebCheck: C:\WINDOWS\system32\webcheck.dll SysTray: C:\WINDOWS\System32\stobject.dll WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll UPnPMonitor: C:\WINDOWS\system32\upnpui.dll -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run *Registry key not found* -------------------------------------------------- End of report, 20,543 bytes Report generated in 0.032 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only