StartupList report, 6/28/2007, 7:03:17 PM
StartupList version: 1.52.2
Started from : C:\Documents and Settings\jennifer.JENYPC.000\My Documents\hijackthis[1]1\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v7.00 (7.00.6000.16414)
* Using default options
==================================================
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\FBMSOF~1\ZEROSP~1\ZeroSpyware LE.exe
C:\Program Files\FBM Software\ZeroSpyware Limited Edition\FileDeleter.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\audiochk.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\jennifer.JENYPC.000\My Documents\hijackthis[1]1\HijackThis.exe
--------------------------------------------------
Listing of startup folders:
Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Digital Line Detect.lnk = ?
Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
--------------------------------------------------
Checking Windows NT UserInit:
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
IntelWireless = "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
DVDLauncher = "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
dla = C:\WINDOWS\system32\dla\tfswctrl.exe
igfxtray = C:\WINDOWS\system32\igfxtray.exe
igfxhkcmd = C:\WINDOWS\system32\hkcmd.exe
igfxpers = C:\WINDOWS\system32\igfxpers.exe
IntelliPoint = "C:\Program Files\Microsoft IntelliPoint\point32.exe"
Zone Labs Client = "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
audiochk.exe = C:\WINDOWS\system32\audiochk.exe
AVG7_CC = "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
ISUSPM Startup = C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
ZoneAlarm Client = "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
Windows Defender = "C:\Program Files\Windows Defender\MSASCui.exe" -hide
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
ZSLEScheduler = RunDll32.exe "C:\PROGRA~1\FBMSOF~1\ZEROSP~1\ZSScheduler.dll", runScheduler C:\PROGRA~1\FBMSOF~1\ZEROSP~1\
--------------------------------------------------
Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*
Shell & screensaver key from Registry:
Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*
Policies Shell key:
HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*
--------------------------------------------------
Enumerating Browser Helper Objects:
(no name) - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - (no file) - {0A87E45F-537A-40B4-B812-E2544C21A09F}
(no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
(no name) - C:\WINDOWS\system32\dla\tfswshx.dll - {5CA3D70E-1895-11CF-8E15-001234567890}
--------------------------------------------------
Enumerating Task Scheduler jobs:
MP Scheduled Scan.job
XoftSpySE 2.job
XoftSpySE.job
--------------------------------------------------
Enumerating Download Program Files:
[Windows Genuine Advantage Validation Tool]
InProcServer32 = C:\WINDOWS\system32\LegitCheckControl.DLL
CODEBASE = http://download.micr...heckControl.cab
[ewidoOnlineScan Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\EWIDOO~1.DLL
CODEBASE = http://downloads.ewi...oOnlineScan.cab
[{27EB254C-C724-43B1-8DD8-F3AC9ED761B2}]
CODEBASE = http://client2.tvton...8/TVTStage1.cab
[Java Plug-in 1.4.1_04]
InProcServer32 = C:\Program Files\Java\j2re1.4.1_04\bin\npjpi141_04.dll
CODEBASE = http://bbcollab-prod...e-1_4_1-win.exe
--------------------------------------------------
Enumerating Windows NT logon/logoff scripts:
Windows NT checkdisk command:
BootExecute = autocheck autochk *
Windows NT 'Wininit.ini':
PendingFileRenameOperations: C:\DOCUME~1\JENNIF~1.000\LOCALS~1\Temp\~nsu.tmp\Au_.exe|||C
--------------------------------------------------
Enumerating ShellServiceObjectDelayLoad items:
PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll
WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll
--------------------------------------------------
End of report, 7,222 bytes
Report generated in 0.290 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only