Scribd
Upload
143 views3 pages

Start Up List

This document summarizes the startup programs, browser extensions, and other system settings on a Windows computer. It detects several Garena gaming programs running and configured to start up. The document lists the startup folders, registry autorun entries including for Java and Garena, installed browser helper objects including for Microsoft Lync, and other system details.

Uploaded by

mohamad burhan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
143 views3 pages

Start Up List

This document summarizes the startup programs, browser extensions, and other system settings on a Windows computer. It detects several Garena gaming programs running and configured to start up. The document lists the startup folders, registry autorun entries including for Java and Garena, installed browser helper objects including for Microsoft Lync, and other system details.

Uploaded by

mohamad burhan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 3

StartupList report, 08/11/2019, 21.05.

11
StartupList version: 1.52.2
Started from : C:\Users\Administrator\Documents\HijackThis.EXE
Detected: Unknown Windows (WinNT 6.02.1008)
Detected: Internet Explorer v11.0 (11.00.10586.0000)
* Using default options
==================================================

Running processes:

C:\Program Files (x86)\GBillingClient\gbClientService.exe


C:\ProgramData\GarenaCIG\GarenaCIG.exe
C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
C:\Program Files (x86)\GBillingClient\gbClientApp.exe
C:\Program Files (x86)\GBillingClient\gbClientLocker.exe
C:\Program Files (x86)\GBillingClient\winvnc.exe
D:\Game menu\_PLAYNITE\Playnite.DesktopApp.exe
C:\Program Files (x86)\GBillingClient\cpm.exe
C:\ProgramData\GarenaCIG\GarenaCIG.exe
C:\ProgramData\GarenaCIG\GarenaCIG.exe
D:\Messenger\Garena\Garena\2.0.1909.2618\gxxsvc.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Users\Administrator\Documents\HijackThis.exe
C:\Windows\SysWOW64\notepad.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:


[C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start
Menu\Programs\Startup]
MENU.lnk = D:\Game menu\MENU.exe
Playnite.lnk = D:\Game menu\_PLAYNITE\Playnite.DesktopApp.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\Program Files (x86)\GBillingClient\gbClientLocker.exe,C:\Program
Files (x86)\GBillingClient\gbClientApp.exe,C:\Program Files
(x86)\GBillingClient\gInitTool.exe,

--------------------------------------------------

Autorun entries from Registry:


HKLM\Software\Microsoft\Windows\CurrentVersion\Run

SunJavaUpdateSched = "C:\Program Files (x86)\Common Files\Java\Java


Update\jusched.exe"
gbClientApp = C:\Program Files (x86)\GBillingClient\gbClientApp.exe
GarenaCIG = "C:\ProgramData\GarenaCIG\GarenaCIG.exe" --tray

--------------------------------------------------

Autorun entries from Registry:


HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Discord = C:\Users\Administrator\AppData\Local\Discord\app-0.0.301\Discord.exe

--------------------------------------------------

File association entry for .HTA:


HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-


4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %*

--------------------------------------------------

Shell & screensaver key from C:\Windows\SYSTEM.INI:

Shell=*INI section not found*


SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*


HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Enumerating Browser Helper Objects:

Lync Click to Call BHO - C:\Program Files (x86)\Microsoft


Office\Office15\OCHelper.dll - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA}
URLRedirectionBHO - C:\PROGRA~2\MICROS~2\Office15\URLREDIR.DLL - {B4F3A835-0E21-
4959-BA22-42B3008E02FF}
(no name) - C:\PROGRA~2\MICROS~2\Office15\GROOVEEX.DLL - {D0498E0A-45B7-42AE-A9AA-
ABA463DBD3BF}

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\Windows\system32\napinsp.dll


NameSpace #2: C:\Windows\system32\pnrpnsp.dll
NameSpace #3: C:\Windows\system32\pnrpnsp.dll
NameSpace #4: C:\Windows\system32\NLAapi.dll

--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:

Windows NT 'Wininit.ini':
PendingFileRenameOperations: C:\Program Files (x86)\Google\Update\1.3.33.23||
C:\Program Files
(x86)\Google\Chrome\Temp\scoped_dir10568_756296537\old_chrome.exe||C:\Program Files
(x86)\Google\Chrome\Temp\scoped_dir10568_756296537||C:\Program Files
(x86)\Google\Chrome\Temp||C:\Users\ADMINI~1\AppData\Local\Temp\is-
LTNC7.tmp\OCSetupHlp.dll||C:\Users\ADMINI~1\AppData\Local\Temp\is-LTNC7.tmp|||d

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

WebCheck: *Registry key not found*

--------------------------------------------------
End of report, 5.109 bytes
Report generated in 0,015 seconds

Command line options:


/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

You might also like