Heres the log generated by HijackThis:-
StartupList report, 16/01/2007, 20:48:26
StartupList version: 1.52.2
Started from : C:\Program Files\Hijackthis\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v7.00 (7.00.5730.0011)
* Using default options
==================================================
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
C:\Program Files\Yahoo!\NAV\navapsvc.exe
C:\Program Files\Yahoo!\NAV\IWP\NPFMntor.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE
C:\WINDOWS\system32\atwtusb.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\AGEIA Technologies\TrayIcon.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\vsnpstd.exe
C:\PROGRA~1\BTBROA~1\SMARTB~1\BTHelpNotifier.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\btbb_wcm\McciTrayApp.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\NETGEAR\WPN111\wpn111.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\BT Broadband Desktop Help\bin\mpbtn.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\PROGRA~1\Yahoo!\YOP\secstat.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SSAUTORN.EXE
--------------------------------------------------
Listing of startup folders:
Shell folders Startup:
[C:\Documents and Settings\Matt\Start Menu\Programs\Startup]
Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
BT Broadband Desktop Help.lnk = C:\Program Files\BT Broadband Desktop Help\bin\matcli.exe
Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
NETGEAR WPN111 Smart Wizard.lnk = ?
--------------------------------------------------
Checking Windows NT UserInit:
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Recguard = C:\WINDOWS\SMINST\RECGUARD.EXE
(Default) =
Keyboard Status = C:\PROGRA~1\Medion\KeyStat\KeyStat.exe
High Definition Audio Property Page Shortcut = HDAudPropShortcut.exe
Cmaudio = RunDll32 cmicnfg.cpl,CMICtrlWnd
ATIPTA = C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
AGRSMMSG = AGRSMMSG.exe
RemoteControl = "C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe"
EPSON Stylus Photo R220 Series = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE /P30 "EPSON Stylus Photo R220 Series" /O6 "USB001" /M "Stylus Photo R220"
atwtusb = atwtusb.exe beta
SsAAD.exe = C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
iTunesHelper = "C:\Program Files\iTunes\iTunesHelper.exe"
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
BluetoothAuthenticationAgent = rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
HP Software Update = C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
AGEIA PhysX SysTray = C:\Program Files\AGEIA Technologies\TrayIcon.exe
YBrowser = C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
YOP = C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
snpstd = C:\WINDOWS\vsnpstd.exe
Motive SmartBridge = C:\PROGRA~1\BTBROA~1\SMARTB~1\BTHelpNotifier.exe
btbb_wcm_McciTrayApp = C:\Program Files\btbb_wcm\McciTrayApp.exe
Sony Ericsson PC Suite = "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
Windows Defender = "C:\Program Files\Windows Defender\MSASCui.exe" -hide
NeroFilterCheck = C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
DJSNetCN = C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background
Yahoo! Pager = C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} = "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
--------------------------------------------------
Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*
Shell & screensaver key from Registry:
Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*
Policies Shell key:
HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*
--------------------------------------------------
Enumerating Browser Helper Objects:
(no name) - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll - {02478D38-C3F9-4EFB-9B51-7695ECA05670}
(no name) - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\Program Files\Aladdin Systems\Internet Cleanup\IC3hlpr.dll - {1f0c8547-2639-4c91-b8aa-c7eca24c3163}
(no name) - C:\Program Files\Aladdin Systems\Internet Cleanup\PopFiltr.dll - {1F2E844B-8211-46ff-8262-772F03295CF4}
(no name) - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
(no name) - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}
Norton Personal Firewall - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll - {9ECB9560-04F9-4bbc-943D-298DDF1699E1}
NAV Helper - C:\Program Files\Yahoo!\NAV\NavShExt.dll - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD}
(no name) - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}
(no name) - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D}
--------------------------------------------------
Enumerating Task Scheduler jobs:
MP Scheduled Scan.job
Norton AntiVirus - Run Full System Scan - Matt.job
--------------------------------------------------
Enumerating Download Program Files:
[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\system32\macromed\Director\SwDir.dll
CODEBASE =
http://fpdownload.ma...director/sw.cab[Windows Genuine Advantage Validation Tool]
InProcServer32 = C:\WINDOWS\system32\LegitCheckControl.DLL
CODEBASE =
http://download.micr...heckControl.cab[LSSupCtl Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\LSSupCtl.dll
CODEBASE =
http://www.symantec....sa/LSSupCtl.cab[yucsetreg Class]
InProcServer32 = C:\Program Files\Yahoo!\Common\yucconfig.dll
CODEBASE = C:\Program Files\Yahoo!\common\yucconfig.dll
[Symantec AntiVirus scanner]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\avsniff.dll
CODEBASE =
http://security.syma...bin/AvSniff.cab[YInstStarter Class]
InProcServer32 = C:\Program Files\Yahoo!\Common\yinsthelper1.dll
CODEBASE = C:\Program Files\Yahoo!\common\yinsthelper.dll
[Office Update Installation Engine]
InProcServer32 = C:\WINDOWS\opuc.dll
CODEBASE =
http://office.micros...ntent/opuc3.cab[WUWebControl Class]
InProcServer32 = C:\WINDOWS\system32\wuweb.dll
CODEBASE =
http://v5.windowsupd...b?1084026504781[Symantec RuFSI Utility Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\rufsi.dll
CODEBASE =
http://security.syma...n/bin/cabsa.cab[AxisMediaControl Class]
InProcServer32 = C:\Program Files\Axis Communications\AXIS Media Control\AxisMediaControl.dll
CODEBASE =
http://85.37.179.106/activex/AMC.cab[YahooYMailTo Class]
InProcServer32 = C:\PROGRA~1\Yahoo!\Common\ymmapi.dll
CODEBASE =
http://download.yaho...mail/ymmapi.dll[YAddBook Class]
InProcServer32 = C:\PROGRA~1\Yahoo!\Common\yaddbook.dll
CODEBASE =
http://download.yaho...alls/yab_af.cab[AxisMediaControlEmb Class]
InProcServer32 = C:\Program Files\Axis Communications\AXIS Media Control Embedded\AxisMediaControlEmb.dll
CODEBASE =
http://office.vermas...activex/AMC.cab--------------------------------------------------
Enumerating Winsock LSP files:
NameSpace #4: C:\WINDOWS\system32\wshbth.dll
--------------------------------------------------
Enumerating ShellServiceObjectDelayLoad items:
PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll
--------------------------------------------------
End of report, 12,025 bytes
Report generated in 0.109 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only