Home   News  Product reviews  Website reviews  Forums   Competitions  Subscribe 
Search
You are not logged in.
Login | New user registration 		Main Index | Search | Active Topics | Who's Online | FAQ / HELP

Security >> HijackThis logs help and analysis
Previous topic Previous   View all topics Index   Next topic Next   Threaded Mode Threaded  
 |  Print Topic
Jump to first unread post. Pages: 1
growleruk
new user


Reg'd: Mon
Posts: 5
Advertisement By Outerinfo
      #391408 - Mon Apr 14 2008 08:57 AM
Reply to this post Reply   Reply to this post Quote  

Please help me, My PC is running really slowly and also keeps showing pop-up windows with adverts in underthe title "Advertisement By Outerinfo". My2 pronged question is; What can i getrid of to speed my pc up and how do i get rid of this malware which is causing these pop-ups?And finally my Mcafee Systemguard keeps getting disabled.
The Log files follow;

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:39:51, on 14/04/2008
Platform: Windows XP SP2 (WinNT

5.01.2600)
MSIE: Internet Explorer v6.00 SP2

(6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common

Files\Maxtor\Schedule2\schedul2.exe
d:\Program Files\Grisoft\AVG

Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\gearsec.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.

exe
c:\PROGRA~1\COMMON~1\mcafee\mna\

mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcp

roxy\mcproxy.exe
C:\Program

Files\McAfee\VirusScan\McShield.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common

Files\Microsoft

Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\Agent\mcag

ent.exe
C:\Program

Files\McAfee\MPF\MPFSrv.exe
C:\Program

Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\svchost.exe
d:\Program Files\TVersity\Media

Server\MediaServer.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Adobe\Photoshop

Album Starter

Edition\3.0\Apps\apdproxy.exe
C:\Program

Files\Maxtor\MaxBlast\MaxBlastMonitor

.exe
C:\Program Files\Common

Files\Maxtor\Schedule2\schedhlp.exe
C:\Program

Files\Maxtor\MaxBlast\TimounterMonito

r.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program

Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program

Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\SSC Service

Utility\ssc_serv.exe
C:\WINDOWS\System32\spool\DRIVERS

\W32X86\3\E_FATIAIA.EXE
C:\Program Files\Sony

Ericsson\Mobile2\Application

Launcher\Application Launcher.exe
C:\Program

Files\SiteAdvisor\6172\SiteAdv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Teleca

Shared\CapabilityManager.exe
D:\Program Files\Grisoft\AVG

Anti-Spyware 7.5\avgas.exe
D:\Program

Files\Uniblue\SpeedUpMyPC

3\SpeedUpMyPC.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Free Download

Manager\fdm.exe
C:\Program

Files\Google\GoogleToolbarNotifier\Go

ogleToolbarNotifier.exe
D:\Program Files\Microsoft

ActiveSync\Wcescomm.exe
C:\WINDOWS\PPATCH~1\winword.exe
D:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Windows

Live\Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Teleca

Shared\Generic.exe
C:\Program Files\Sony

Ericsson\Mobile2\Mobile Phone

Monitor\epmworker.exe
C:\PROGRA~1\DVDREG~1\DVDRegionF

ree.exe
C:\Program Files\Common

Files\?racle\w?nlogon.exe
D:\PROGRA~1\MICROS~1\OFFICE11\OU

TLOOK.EXE
D:\Program Files\Microsoft

Office\OFFICE11\WINWORD.EXE
D:\Program Files\Trend

Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet

Explorer\iexplore.exe
C:\Program Files\Common

Files\Microsoft Shared\Windows

Live\WLLoginProxy.exe

R0 - HKCU\Software\Microsoft\Internet

Explorer\Main,Start Page =

http://www.google.co.uk/
R0 - HKCU\Software\Microsoft\Internet

Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet

Explorer\Main,Local Page =
R1 -

HKCU\Software\Microsoft\Windows\Cur

rentVersion\Internet

Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar -

{EF99BD32-C1FB-11D2-892F-0090271D4

F88} - C:\Program

Files\Yahoo!\Companion\Installs\cpn\yt.

dll
R3 - URLSearchHook: (no name) -

{CA3EB689-8F09-4026-AA10-B9534C691

CE0} - (no file)
O2 - BHO: Yahoo! Toolbar Helper -

{02478D38-C3F9-4EFB-9B51-7695ECA05

670} - C:\Program

Files\Yahoo!\Companion\Installs\cpn\yt.

dll
O2 - BHO: Adobe PDF Reader Link

Helper -

{06849E9F-C8D7-4D59-B87D-784B7D6B

E0B3} - C:\Program Files\Common

Files\Adobe\Acrobat\ActiveX\AcroIEHel

per.dll
O2 - BHO: (no name) -

{089FD14D-132B-48FC-8861-0048AE113

215} - C:\Program

Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: TBSB09400 -

{1EF8C52D-928D-44C8-856D-8D0189973

911} - (no file)
O2 - BHO: Skype add-on (mastermind) -

{22BF413B-C6D2-4d91-82A9-A0F997BA5

88C} -

C:\PROGRA~1\Skype\Phone\IEPlugin\S

KYPEI~1.DLL
O2 - BHO: McAntiPhishingBHO -

{377C180E-6F0E-4D4C-980F-F45BD3D4

0CF4} -

c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: (no name) -

{381948CB-DE3D-418D-8C6E-C611F231

3B3F} - (no file)
O2 - BHO: (no name) -

{5805F281-D088-415B-BB87-4EB660A10

A1A} - (no file)
O2 - BHO: (no name) -

{75379201-A454-4A23-9A80-88EF8DB72

6F6} - (no file)
O2 - BHO: SSVHelper Class -

{761497BB-D6F0-462C-B6EB-D4DAF1D9

2D43} - C:\Program

Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy -

{7DB2D5A0-7241-4E79-B68D-6309F01C5

231} - C:\Program

Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) -

{7E853D72-626A-48EC-A868-BA8D5E23

E045} - (no file)
O2 - BHO: Band Class -

{8272B062-BD4D-4EAD-A149-45B3CE3F

5CDA} - C:\WINDOWS\GPalm.dll
O2 - BHO: Windows Live Sign-in Helper

-

{9030D464-4C02-4ABF-8ECC-516476086

3C6} - C:\Program Files\Common

Files\Microsoft Shared\Windows

Live\WindowsLiveLogin.dll
O2 - BHO: (no name) -

{A4CF09AC-1578-4761-8915-F601063246

46} - (no file)
O2 - BHO: (no name) -

{A74F3FC3-CC9A-4D4C-AFB5-B56F0CA

A445D} - (no file)
O2 - BHO: (no name) -

{A95B2816-1D7E-4561-A202-68C0DE023

53A} - (no file)
O2 - BHO: Google Toolbar Helper -

{AA58ED58-01DD-4d91-8333-CF1057747

3F7} - c:\program

files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO

-

{AF69DE43-7D58-4638-B6FA-CE66B5AD

205D} - C:\Program

Files\Google\GoogleToolbarNotifier\3.0.

1225.9868\swg.dll
O2 - BHO: (no name) -

{B18FD241-438C-365E-DD2E-38E607F00

E90} - (no file)
O2 - BHO:

{19fc2974-01ec-7adb-1104-5a65be9b272

b} -

{b272b9eb-56a5-4011-bda7-ce104792cf9

1} - (no file)
O2 - BHO: (no name) -

{BD0E7D67-0C9A-43AE-AF3D-5E94CB56

4CFF} - (no file)
O2 - BHO: Windows Live Toolbar Helper

-

{BDBD1DAD-C946-4A17-ADC1-64B5B4F

F55D0} - C:\Program Files\Windows

Live Toolbar\msntb.dll
O2 - BHO: (no name) -

{C5FCE753-7E3E-414C-815E-86AF82D8

817A} - (no file)
O2 - BHO: FDMIECookiesBHO Class -

{CC59E0F9-7E43-44FA-9FAA-8377850BF

205} - C:\Program Files\Free Download

Manager\iefdmcks.dll
O2 - BHO: (no name) -

{CEFD1580-D14A-F797-4492-A38F717A2

99F} - C:\WINDOWS\system32\nwtfp.dll
O2 - BHO: (no name) -

{D4576C73-52BD-4401-B966-5A128C443

3D4} -

C:\WINDOWS\system32\rqropon.dll (file

missing)
O2 - BHO: (no name) -

{D5A2DACE-F010-480F-B2B0-A47D8A2B

9CA8} - (no file)
O3 - Toolbar: Yahoo! Toolbar -

{EF99BD32-C1FB-11D2-892F-0090271D4

F88} - C:\Program

Files\Yahoo!\Companion\Installs\cpn\yt.

dll
O3 - Toolbar: &Google -

{2318C2B1-4965-11d4-9B18-009027A5C

D4F} - c:\program

files\google\googletoolbar3.dll
O3 - Toolbar: Band Class -

{8272B062-BD4D-4EAD-A149-45B3CE3F

5CDA} - C:\WINDOWS\GPalm.dll
O3 - Toolbar: Security Toolbar -

{11A69AE4-FBED-4832-A2BF-45AF82825

583} - (no file)
O3 - Toolbar: McAfee SiteAdvisor -

{0BF43445-2F28-4351-9252-17FE6E806A

A0} - C:\Program

Files\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: Windows Live Toolbar -

{BDAD1DAD-C946-4A17-ADC1-64B5B4F

F55D0} - C:\Program Files\Windows

Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ehTray]

C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RaidTool]

C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [NvCplDaemon]

RUNDLL32.EXE

C:\WINDOWS\system32\NvCpl.dll,NvSta

rtup
O4 - HKLM\..\Run: [nwiz] nwiz.exe

/install
O4 - HKLM\..\Run: [NvMediaCenter]

RUNDLL32.EXE

C:\WINDOWS\system32\NvMcTray.dll,N

vTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL]

RTHDCPL.EXE
O4 - HKLM\..\Run: [EPSON Stylus Photo

R300 Series]

C:\WINDOWS\System32\spool\DRIVERS

\W32X86\3\E_S4I0F2.EXE /P30 "EPSON

Stylus Photo R300 Series" /O6

"USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [Adobe Photo

Downloader] "C:\Program

Files\Adobe\Photoshop Album Starter

Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run:

[MaxBlastMonitor.exe] C:\Program

Files\Maxtor\MaxBlast\MaxBlastMonitor

.exe
O4 - HKLM\..\Run:

[AcronisTimounterMonitor] C:\Program

Files\Maxtor\MaxBlast\TimounterMonito

r.exe
O4 - HKLM\..\Run: [Acronis Scheduler2

Service] "C:\Program Files\Common

Files\Maxtor\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck]

C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run:

[SunJavaUpdateSched] "C:\Program

Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [GreasyPalmUpdate]

C:\WINDOWS\GreasyPalmUpdate.exe
O4 - HKLM\..\Run: [SSBkgdUpdate]

"C:\Program Files\Common

Files\Scansoft

Shared\SSBkgdUpdate\SSBkgdupdate.e

xe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD]

C:\Program

Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch]

C:\Program

Files\ScanSoft\PaperPort\IndexSearch.e

xe
O4 - HKLM\..\Run: [SSC Service Utility]

C:\Program Files\SSC Service

Utility\ssc_serv.exe /s
O4 - HKLM\..\Run: [EPSON Stylus Photo

R220 Series]

C:\WINDOWS\System32\spool\DRIVERS

\W32X86\3\E_FATIAIA.EXE /P30 "EPSON

Stylus Photo R220 Series" /O6

"USB002" /M "Stylus Photo R220"
O4 - HKLM\..\Run: [Sony Ericsson PC

Suite] "C:\Program Files\Sony

Ericsson\Mobile2\Application

Launcher\Application Launcher.exe"

/startoptions
O4 - HKLM\..\Run: [mcagent_exe]

C:\Program

Files\McAfee.com\Agent\mcagent.exe

/runkey
O4 - HKLM\..\Run: [SiteAdvisor]

C:\Program

Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [McENUI]

C:\PROGRA~1\McAfee\MHN\McENUI.ex

e /hide
O4 - HKLM\..\Run: [RoxWatchTray]

"C:\Program Files\Common Files\Roxio

Shared\9.0\SharedCOM\RoxWatchTray9

.exe"
O4 - HKLM\..\Run: [Adobe Reader

Speed Launcher] "C:\Program

Files\Adobe\Reader

8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware]

"D:\Program Files\Grisoft\AVG

Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Uniblue

SpeedUpMyPC] D:\Program

Files\Uniblue\SpeedUpMyPC

3\SpeedUpMyPC.exe -s
O4 - HKCU\..\Run: [CTFMON.EXE]

C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Free Download

Manager] C:\Program Files\Free

Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [swg] C:\Program

Files\Google\GoogleToolbarNotifier\Go

ogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Uniblue

RegistryBooster 2] C:\Program

Files\Uniblue\RegistryBooster

2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [H/PC Connection

Agent] "D:\Program Files\Microsoft

ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [Lekfib] "C:\Program

Files\Common

Files\?racle\w?nlogon.exe"
O4 - HKCU\..\Run: [SfKg6w]

C:\Documents and Settings\karl

lyon\Application

Data\Microsoft\Windows\ajxnpfgt.exe
O4 - HKCU\..\Run: [Words] C:\Program

Files\Words\Words.exe
O4 - HKCU\..\Run: [Wmle]

"C:\WINDOWS\PPATCH~1\winword.exe"

-vt ygw
O4 - HKCU\..\Run: [MsnMsgr]

"C:\Program Files\Windows

Live\Messenger\MsnMsgr.Exe"

/background
O4 - HKCU\..\Run: [HijackThis startup

scan] D:\Program Files\Trend

Micro\HijackThis\HijackThis.exe

/startupscan
O4 - HKUS\S-1-5-19\..\Run:

[CTFMON.EXE]

C:\WINDOWS\system32\CTFMON.EXE

(User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run:

[CTFMON.EXE]

C:\WINDOWS\system32\CTFMON.EXE

(User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run:

[CTFMON.EXE]

C:\WINDOWS\system32\CTFMON.EXE

(User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run:

[CTFMON.EXE]

C:\WINDOWS\system32\CTFMON.EXE

(User 'Default user')
O8 - Extra context menu item:

&Windows Live Search -

res://C:\Program Files\Windows Live

Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to

Windows &Live Favorites -

http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item:

Download all with Free Download

Manager - file://C:\Program Files\Free

Download Manager\dlall.htm
O8 - Extra context menu item:

Download selected with Free Download

Manager - file://C:\Program Files\Free

Download Manager\dlselected.htm
O8 - Extra context menu item:

Download with Free Download Manager

- file://C:\Program Files\Free Download

Manager\dllink.htm
O8 - Extra context menu item: E&xport

to Microsoft Excel -

res://D:\PROGRA~1\MICROS~1\OFFICE1

1\EXCEL.EXE/3000
O9 - Extra button: (no name) -

{08B0E5C0-4FCB-11CF-AAA5-00401C60

8501} - C:\Program

Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java

Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C60

8501} - C:\Program

Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile

Favorite -

{2EAF5BB1-070F-11D3-9307-00C04FAE2

D4F} -

D:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) -

{2EAF5BB2-070F-11D3-9307-00C04FAE2

D4F} -

D:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create

Mobile Favorite... -

{2EAF5BB2-070F-11D3-9307-00C04FAE2

D4F} -

D:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Skype -

{77BF5300-1474-4EC7-9980-D32B190E9

B07} -

C:\PROGRA~1\Skype\Phone\IEPlugin\S

KYPEI~1.DLL
O9 - Extra button: (no name) -

{85d1f590-48f4-11d9-9669-0800200c9a6

6} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall

BitDefender Online Scanner v8 -

{85d1f590-48f4-11d9-9669-0800200c9a6

6} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research -

{92780B25-18CC-41C8-B9BE-3C9C571A

8263} -

D:\PROGRA~1\MICROS~1\OFFICE11\RE

FIEBAR.DLL
O9 - Extra button: Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795

683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows

Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795

683} - C:\Program

Files\Messenger\msmsgs.exe
O16 - DPF:

{193C772A-87BE-4B19-A7BB-445B226F

E9A1} (ewidoOnlineScan Control) -

http://downloads.ewido.net/ewidoOnlin

eScan.cab
O16 - DPF:

{1B735B98-8010-11D5-AD0B-00500463D

885} (SearchCD Control) -

http://www.partsarena.com/baxi/Plugin

s/IMIESRCH.cab
O16 - DPF:

{254AA86E-5655-4518-AA87-185D7CC41

801} -

https://secure.logmeinrescue.com/Tech

Console/x86/RescueControl.cab
O16 - DPF:

{36C17E9B-3354-11D1-95CF-0000B4530

F04} (GrafixViewControl) -

http://www.partsarena.com/baxi/Plugin

s/GFXVIEW.cab
O16 - DPF:

{4D561B31-49A0-4E2C-8AFF-353468EC6

69B} (GreasyPalmInstallHelper Class) -

http://www.greasypalm.co.uk/bho/upda

te/GreasyPalm.cab
O16 - DPF:

{56762DEC-6B0D-4AB4-A8AD-989993B5

D08B} -

http://www.eset.eu/buxus/docs/OnlineS

canner.cab
O16 - DPF:

{5D86DDB5-BDF9-441B-9E9E-D4730F4E

E499} (BDSCANONLINE Control) -

http://download.bitdefender.com/resour

ces/scan8/oscan8.cab
O16 - DPF:

{BB21F850-63F4-4EC9-BF9D-565BD30C

9AE9} (a-squared Scanner) -

http://ax.emsisoft.com/asquared.cab
O16 - DPF:

{CAFEEFAC-0016-0000-0001-ABCDEFFE

DCBA} (Java Plug-in 1.6.0_01) -
O17 -

HKLM\System\CCS\Services\Tcpip\..\{A

2068BA9-AC71-4EF4-88D0-D36C32EB47

F8}: NameServer =

194.168.4.100,194.168.8.100
O18 - Protocol: skype4com -

{FFC8B962-9B40-4DFF-9458-1830C7DD

7F5D} -

C:\PROGRA~1\COMMON~1\Skype\SKY

PE4~1.DLL
O20 - Winlogon Notify: jkkll -

C:\WINDOWS\
O20 - Winlogon Notify: pmkjihg -

pmkjihg.dll (file missing)
O20 - Winlogon Notify: rqropon -

rqropon.dll (file missing)
O20 - Winlogon Notify: zxsgannh -

zxsgannh.dll (file missing)
O23 - Service: McAfee Application

Installer Cleanup (0084861207979072)

(0084861207979072mcinstcleanup) -

McAfee, Inc. -

C:\WINDOWS\TEMP\008486~1.EXE
O23 - Service: Acronis Scheduler2

Service (AcrSch2Svc) - Acronis -

C:\Program Files\Common

Files\Maxtor\Schedule2\schedul2.exe
O23 - Service: AVG Anti-Spyware Guard

- GRISOFT s.r.o. - d:\Program

Files\Grisoft\AVG Anti-Spyware

7.5\guard.exe
O23 - Service: gearsec - GEAR Software

- C:\WINDOWS\system32\gearsec.exe
O23 - Service: Google Updater Service

(gusvc) - Google - C:\Program

Files\Google\Common\Google

Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table

Manager (IDriverT) - Macrovision

Corporation - C:\Program

Files\Common

Files\InstallShield\Driver\1050\Intel

32\IDriverT.exe
O23 - Service: McAfee Services

(mcmscsvc) - McAfee, Inc. -

C:\PROGRA~1\McAfee\MSC\mcmscsvc.

exe
O23 - Service: McAfee Network Agent

(McNASvc) - McAfee, Inc. -

c:\PROGRA~1\COMMON~1\mcafee\mna\

mcnasvc.exe
O23 - Service: McAfee Scanner

(McODS) - McAfee, Inc. -

C:\PROGRA~1\McAfee\VIRUSS~1\mcod

s.exe
O23 - Service: McAfee Proxy Service

(McProxy) - McAfee, Inc. -

c:\PROGRA~1\COMMON~1\mcafee\mcp

roxy\mcproxy.exe
O23 - Service: McAfee Real-time

Scanner (McShield) - McAfee, Inc. -

C:\Program

Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards

(McSysmon) - McAfee, Inc. -

C:\PROGRA~1\McAfee\VIRUSS~1\mcsys

mon.exe
O23 - Service: McAfee Personal Firewall

Service (MpfService) - McAfee, Inc. -

C:\Program

Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam

Service (MSK80Service) - McAfee, Inc. -

C:\Program

Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver

Service (NVSvc) - NVIDIA Corporation -

C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O

Software GmbH -

C:\WINDOWS\system32\oodag.exe
O23 - Service: Roxio UPnP Renderer 9 -

Sonic Solutions - C:\Program

Files\Roxio\Digital Home

9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 -

Sonic Solutions - C:\Program

Files\Roxio\Digital Home

9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9

(RoxLiveShare9) - Sonic Solutions -

C:\Program Files\Common Files\Roxio

Shared\9.0\SharedCOM\RoxLiveShare9.

exe
O23 - Service: RoxMediaDB9 - Sonic

Solutions - C:\Program Files\Common

Files\Roxio

Shared\9.0\SharedCOM\RoxMediaDB9.e

xe
O23 - Service: Roxio Hard Drive

Watcher 9 (RoxWatch9) - Sonic

Solutions - C:\Program Files\Common

Files\Roxio

Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: ServiceLayer - Nokia. -

C:\Program Files\PC Connectivity

Solution\ServiceLayer.exe
O23 - Service: TVersityMediaServer -

Unknown owner - d:\Program

Files\TVersity\Media

Server\MediaServer.exe
O23 - Service: SecuROM User Access

Service (V7) (UserAccess7) - Unknown

owner -

C:\WINDOWS\system32\UAService7.exe

--
End of file - 17521 bytes


and the startup list log;

StartupList report, 14/04/2008, 08:02:51
StartupList version: 1.52.2
Started from : D:\Program Files\Trend Micro\HijackThis\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\gearsec.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\svchost.exe
d:\Program Files\TVersity\Media Server\MediaServer.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe
C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe
C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\SSC Service Utility\ssc_serv.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
D:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
D:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\WINDOWS\PPATCH~1\winword.exe
D:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\PROGRA~1\DVDREG~1\DVDRegionFree.exe
C:\Program Files\Common Files\?racle\w?nlogon.exe
D:\PROGRA~1\MICROS~1\OFFICE11\OUTLOOK.EXE
D:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

ehTray = C:\WINDOWS\ehome\ehtray.exe
RaidTool = C:\Program Files\VIA\RAID\raid_tool.exe
NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
nwiz = nwiz.exe /install
NvMediaCenter = RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
RTHDCPL = RTHDCPL.EXE
EPSON Stylus Photo R300 Series = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
Adobe Photo Downloader = "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
MaxBlastMonitor.exe = C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe
AcronisTimounterMonitor = C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe
Acronis Scheduler2 Service = "C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe"
NeroFilterCheck = C:\WINDOWS\system32\NeroCheck.exe
SunJavaUpdateSched = "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
GreasyPalmUpdate = C:\WINDOWS\GreasyPalmUpdate.exe
SSBkgdUpdate = "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
PaperPort PTD = C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
IndexSearch = C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
SSC Service Utility = C:\Program Files\SSC Service Utility\ssc_serv.exe /s
EPSON Stylus Photo R220 Series = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE /P30 "EPSON Stylus Photo R220 Series" /O6 "USB002" /M "Stylus Photo R220"
(Default) =
Sony Ericsson PC Suite = "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
mcagent_exe = C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
SiteAdvisor = C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
McENUI = C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
RoxWatchTray = "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
Adobe Reader Speed Launcher = "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
!AVG Anti-Spyware = "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

Uniblue SpeedUpMyPC = D:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s
CTFMON.EXE = C:\WINDOWS\system32\ctfmon.exe
Free Download Manager = C:\Program Files\Free Download Manager\fdm.exe -autorun
swg = C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
Uniblue RegistryBooster 2 = C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
H/PC Connection Agent = "D:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
Lekfib = "C:\Program Files\Common Files\?racle\w?nlogon.exe"
SfKg6w = C:\Documents and Settings\karl lyon\Application Data\Microsoft\Windows\ajxnpfgt.exe
Words = C:\Program Files\Words\Words.exe
Wmle = "C:\WINDOWS\PPATCH~1\winword.exe" -vt ygw
MsnMsgr = "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\system32\ssbezier.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll - {02478D38-C3F9-4EFB-9B51-7695ECA05670}
(no name) - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll - {089FD14D-132B-48FC-8861-0048AE113215}
TBSB09400 - (no file) - {1EF8C52D-928D-44C8-856D-8D0189973911}
Skype add-on (mastermind) - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL - {22BF413B-C6D2-4d91-82A9-A0F997BA588C}
McAntiPhishingBHO - c:\PROGRA~1\mcafee\msk\mcapbho.dll - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4}
(no name) - (no file) - {381948CB-DE3D-418D-8C6E-C611F2313B3F}
(no name) - (no file) - {5805F281-D088-415B-BB87-4EB660A10A1A}
(no name) - (no file) - {75379201-A454-4A23-9A80-88EF8DB726F6}
(no name) - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll - {7DB2D5A0-7241-4E79-B68D-6309F01C5231}
(no name) - (no file) - {7E853D72-626A-48EC-A868-BA8D5E23E045}
(no name) - C:\WINDOWS\GPalm.dll - {8272B062-BD4D-4EAD-A149-45B3CE3F5CDA}
(no name) - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll - {9030D464-4C02-4ABF-8ECC-5164760863C6}
(no name) - (no file) - {A4CF09AC-1578-4761-8915-F60106324646}
(no name) - (no file) - {A74F3FC3-CC9A-4D4C-AFB5-B56F0CAA445D}
(no name) - (no file) - {A95B2816-1D7E-4561-A202-68C0DE02353A}
(no name) - c:\program files\google\googletoolbar3.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}
(no name) - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
(no name) - (no file) - {B18FD241-438C-365E-DD2E-38E607F00E90}
{19fc2974-01ec-7adb-1104-5a65be9b272b} - (no file) - {b272b9eb-56a5-4011-bda7-ce104792cf91}
(no name) - (no file) - {BD0E7D67-0C9A-43AE-AF3D-5E94CB564CFF}
(no name) - C:\Program Files\Windows Live Toolbar\msntb.dll - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
(no name) - (no file) - {C5FCE753-7E3E-414C-815E-86AF82D8817A}
(no name) - C:\Program Files\Free Download Manager\iefdmcks.dll - {CC59E0F9-7E43-44FA-9FAA-8377850BF205}
(no name) - C:\WINDOWS\system32\nwtfp.dll - {CEFD1580-D14A-F797-4492-A38F717A299F}
(no name) - C:\WINDOWS\system32\rqropon.dll (file missing) - {D4576C73-52BD-4401-B966-5A128C4433D4}
(no name) - (no file) - {D5A2DACE-F010-480F-B2B0-A47D8A2B9CA8}

--------------------------------------------------

Enumerating Task Scheduler jobs:

At1.job
At10.job
At11.job
At12.job
At13.job
At14.job
At15.job
At16.job
At17.job
At18.job
At19.job
At2.job
At20.job
At21.job
At22.job
At23.job
At24.job
At3.job
At4.job
At5.job
At6.job
At7.job
At8.job
At9.job
Check Updates for Windows Live Toolbar.job
McDefragTask.job
McQcTask.job
Uniblue SpeedUpMyPC Nag.job
Uniblue SpeedUpMyPC.job
Uniblue SpyEraser.job

--------------------------------------------------

Enumerating Download Program Files:

[ewidoOnlineScan Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\EWIDOO~1.DLL
CODEBASE = http://downloads.ewido.net/ewidoOnlineScan.cab

[SearchCD Control]
InProcServer32 = C:\WINDOWS\system32\imiesrch.ocx
CODEBASE = http://www.partsarena.com/baxi/Plugins/IMIESRCH.cab

[{254AA86E-5655-4518-AA87-185D7CC41801}]
CODEBASE = https://secure.logmeinrescue.com/TechConsole/x86/RescueControl.cab

[GrafixViewControl]
InProcServer32 = C:\WINDOWS\system32\GFXVIEW.ocx
CODEBASE = http://www.partsarena.com/baxi/Plugins/GFXVIEW.cab

[GreasyPalmInstallHelper Class]
CODEBASE = http://www.greasypalm.co.uk/bho/update/GreasyPalm.cab

[{56762DEC-6B0D-4AB4-A8AD-989993B5D08B}]
CODEBASE = http://www.eset.eu/buxus/docs/OnlineScanner.cab

[BDSCANONLINE Control]
InProcServer32 = C:\WINDOWS\BDOSCAN8\oscan82.ocx
CODEBASE = http://download.bitdefender.com/resources/scan8/oscan8.cab

[a-squared Scanner]
InProcServer32 = C:\WINDOWS\DOWNLO~1\asquared.ocx
CODEBASE = http://ax.emsisoft.com/asquared.cab

[Java Plug-in 1.6.0_01]
InProcServer32 = C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx
CODEBASE = http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee\MSC\Updates\Installs\1\msk\mcinst.exe||C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee\MSC\Updates\Installs\1\msk\mcinst.exe


--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll
UPnPMonitor: C:\WINDOWS\system32\upnpui.dll

--------------------------------------------------
End of report, 13,101 bytes
Report generated in 0.047 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

Post Extras: Print Post   Remind Me!   Notify Moderator  
bricatModerator
HijackThis Helper


Reg'd: Wed
Posts: 29198
Loc: belfast
Re: Advertisement By Outerinfo [Re: growleruk]
      #391461 - Mon Apr 14 2008 06:42 PM
Reply to this post Reply   Reply to this post Quote  

Welcome to the Webuser forum.

Click Start->Run...-> type Notepad.exe and press Enter

Click "Format", then make sure "WordWrap" is unchecked.

Now close Notepad.


wordwrap makes the logs difficult to read.

Run HijackThis again and post the HJT log back here.

--------------------
MY HELP IS FREE,BUT PLEASE CONSIDER GIVING A DONATION TO HELP IN MY FIGHT AGAINST SPYWARE.

You don't stop laughing when you get old, you get old when you stop laughing!

Post Extras: Print Post   Remind Me!   Notify Moderator  
growleruk
new user


Reg'd: Mon
Posts: 5
Re: Advertisement By Outerinfo [Re: bricat]
      #391497 - Mon Apr 14 2008 09:16 PM
Reply to this post Reply   Reply to this post Quote  

Apologies.
Log file follows;

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:10:58, on 14/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\gearsec.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\svchost.exe
d:\Program Files\TVersity\Media Server\MediaServer.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe
C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe
C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\SSC Service Utility\ssc_serv.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
D:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
D:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\WINDOWS\PPATCH~1\winword.exe
D:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\PROGRA~1\DVDREG~1\DVDRegionFree.exe
C:\Program Files\Common Files\?racle\w?nlogon.exe
D:\PROGRA~1\MICROS~1\OFFICE11\OUTLOOK.EXE
D:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {CA3EB689-8F09-4026-AA10-B9534C691CE0} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: TBSB09400 - {1EF8C52D-928D-44C8-856D-8D0189973911} - (no file)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: (no name) - {381948CB-DE3D-418D-8C6E-C611F2313B3F} - (no file)
O2 - BHO: (no name) - {5805F281-D088-415B-BB87-4EB660A10A1A} - (no file)
O2 - BHO: (no name) - {75379201-A454-4A23-9A80-88EF8DB726F6} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Band Class - {8272B062-BD4D-4EAD-A149-45B3CE3F5CDA} - C:\WINDOWS\GPalm.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A4CF09AC-1578-4761-8915-F60106324646} - (no file)
O2 - BHO: (no name) - {A74F3FC3-CC9A-4D4C-AFB5-B56F0CAA445D} - (no file)
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: (no name) - {B18FD241-438C-365E-DD2E-38E607F00E90} - (no file)
O2 - BHO: {19fc2974-01ec-7adb-1104-5a65be9b272b} - {b272b9eb-56a5-4011-bda7-ce104792cf91} - (no file)
O2 - BHO: (no name) - {BD0E7D67-0C9A-43AE-AF3D-5E94CB564CFF} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {C5FCE753-7E3E-414C-815E-86AF82D8817A} - (no file)
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O2 - BHO: (no name) - {CEFD1580-D14A-F797-4492-A38F717A299F} - C:\WINDOWS\system32\nwtfp.dll
O2 - BHO: (no name) - {D4576C73-52BD-4401-B966-5A128C4433D4} - C:\WINDOWS\system32\rqropon.dll (file missing)
O2 - BHO: (no name) - {D5A2DACE-F010-480F-B2B0-A47D8A2B9CA8} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Band Class - {8272B062-BD4D-4EAD-A149-45B3CE3F5CDA} - C:\WINDOWS\GPalm.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [MaxBlastMonitor.exe] C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [GreasyPalmUpdate] C:\WINDOWS\GreasyPalmUpdate.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SSC Service Utility] C:\Program Files\SSC Service Utility\ssc_serv.exe /s
O4 - HKLM\..\Run: [EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE /P30 "EPSON Stylus Photo R220 Series" /O6 "USB002" /M "Stylus Photo R220"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] D:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [Lekfib] "C:\Program Files\Common Files\?racle\w?nlogon.exe"
O4 - HKCU\..\Run: [SfKg6w] C:\Documents and Settings\karl lyon\Application Data\Microsoft\Windows\ajxnpfgt.exe
O4 - HKCU\..\Run: [Words] C:\Program Files\Words\Words.exe
O4 - HKCU\..\Run: [Wmle] "C:\WINDOWS\PPATCH~1\winword.exe" -vt ygw
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [HijackThis startup scan] D:\Program Files\Trend Micro\HijackThis\HijackThis.exe /startupscan
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {1B735B98-8010-11D5-AD0B-00500463D885} (SearchCD Control) - http://www.partsarena.com/baxi/Plugins/IMIESRCH.cab
O16 - DPF: {254AA86E-5655-4518-AA87-185D7CC41801} - https://secure.logmeinrescue.com/TechConsole/x86/RescueControl.cab
O16 - DPF: {36C17E9B-3354-11D1-95CF-0000B4530F04} (GrafixViewControl) - http://www.partsarena.com/baxi/Plugins/GFXVIEW.cab
O16 - DPF: {4D561B31-49A0-4E2C-8AFF-353468EC669B} (GreasyPalmInstallHelper Class) - http://www.greasypalm.co.uk/bho/update/GreasyPalm.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} (Java Plug-in 1.6.0_01) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{A2068BA9-AC71-4EF4-88D0-D36C32EB47F8}: NameServer = 194.168.4.100,194.168.8.100
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: jkkll - C:\WINDOWS\
O20 - Winlogon Notify: pmkjihg - pmkjihg.dll (file missing)
O20 - Winlogon Notify: rqropon - rqropon.dll (file missing)
O20 - Winlogon Notify: zxsgannh - zxsgannh.dll (file missing)
O23 - Service: McAfee Application Installer Cleanup (0084861207979072) (0084861207979072mcinstcleanup) - McAfee, Inc. - C:\WINDOWS\TEMP\008486~1.EXE
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: gearsec - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TVersityMediaServer - Unknown owner - d:\Program Files\TVersity\Media Server\MediaServer.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

--
End of file - 17587 bytes


And startup file;


StartupList report, 14/04/2008, 21:13:22
StartupList version: 1.52.2
Started from : D:\Program Files\Trend Micro\HijackThis\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\gearsec.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\svchost.exe
d:\Program Files\TVersity\Media Server\MediaServer.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe
C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe
C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\SSC Service Utility\ssc_serv.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
D:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
D:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\WINDOWS\PPATCH~1\winword.exe
D:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\PROGRA~1\DVDREG~1\DVDRegionFree.exe
C:\Program Files\Common Files\?racle\w?nlogon.exe
D:\PROGRA~1\MICROS~1\OFFICE11\OUTLOOK.EXE
D:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

ehTray = C:\WINDOWS\ehome\ehtray.exe
RaidTool = C:\Program Files\VIA\RAID\raid_tool.exe
NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
nwiz = nwiz.exe /install
NvMediaCenter = RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
RTHDCPL = RTHDCPL.EXE
EPSON Stylus Photo R300 Series = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
Adobe Photo Downloader = "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
MaxBlastMonitor.exe = C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe
AcronisTimounterMonitor = C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe
Acronis Scheduler2 Service = "C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe"
NeroFilterCheck = C:\WINDOWS\system32\NeroCheck.exe
SunJavaUpdateSched = "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
GreasyPalmUpdate = C:\WINDOWS\GreasyPalmUpdate.exe
SSBkgdUpdate = "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
PaperPort PTD = C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
IndexSearch = C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
SSC Service Utility = C:\Program Files\SSC Service Utility\ssc_serv.exe /s
EPSON Stylus Photo R220 Series = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE /P30 "EPSON Stylus Photo R220 Series" /O6 "USB002" /M "Stylus Photo R220"
(Default) =
Sony Ericsson PC Suite = "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
mcagent_exe = C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
SiteAdvisor = C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
McENUI = C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
RoxWatchTray = "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
Adobe Reader Speed Launcher = "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
!AVG Anti-Spyware = "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

Uniblue SpeedUpMyPC = D:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s
CTFMON.EXE = C:\WINDOWS\system32\ctfmon.exe
Free Download Manager = C:\Program Files\Free Download Manager\fdm.exe -autorun
swg = C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
Uniblue RegistryBooster 2 = C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
H/PC Connection Agent = "D:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
Lekfib = "C:\Program Files\Common Files\?racle\w?nlogon.exe"
SfKg6w = C:\Documents and Settings\karl lyon\Application Data\Microsoft\Windows\ajxnpfgt.exe
Words = C:\Program Files\Words\Words.exe
Wmle = "C:\WINDOWS\PPATCH~1\winword.exe" -vt ygw
MsnMsgr = "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
HijackThis startup scan = D:\Program Files\Trend Micro\HijackThis\HijackThis.exe /startupscan

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\system32\ssbezier.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll - {02478D38-C3F9-4EFB-9B51-7695ECA05670}
(no name) - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll - {089FD14D-132B-48FC-8861-0048AE113215}
TBSB09400 - (no file) - {1EF8C52D-928D-44C8-856D-8D0189973911}
Skype add-on (mastermind) - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL - {22BF413B-C6D2-4d91-82A9-A0F997BA588C}
McAntiPhishingBHO - c:\PROGRA~1\mcafee\msk\mcapbho.dll - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4}
(no name) - (no file) - {381948CB-DE3D-418D-8C6E-C611F2313B3F}
(no name) - (no file) - {5805F281-D088-415B-BB87-4EB660A10A1A}
(no name) - (no file) - {75379201-A454-4A23-9A80-88EF8DB726F6}
(no name) - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll - {7DB2D5A0-7241-4E79-B68D-6309F01C5231}
(no name) - (no file) - {7E853D72-626A-48EC-A868-BA8D5E23E045}
(no name) - C:\WINDOWS\GPalm.dll - {8272B062-BD4D-4EAD-A149-45B3CE3F5CDA}
(no name) - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll - {9030D464-4C02-4ABF-8ECC-5164760863C6}
(no name) - (no file) - {A4CF09AC-1578-4761-8915-F60106324646}
(no name) - (no file) - {A74F3FC3-CC9A-4D4C-AFB5-B56F0CAA445D}
(no name) - (no file) - {A95B2816-1D7E-4561-A202-68C0DE02353A}
(no name) - c:\program files\google\googletoolbar3.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}
(no name) - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
(no name) - (no file) - {B18FD241-438C-365E-DD2E-38E607F00E90}
{19fc2974-01ec-7adb-1104-5a65be9b272b} - (no file) - {b272b9eb-56a5-4011-bda7-ce104792cf91}
(no name) - (no file) - {BD0E7D67-0C9A-43AE-AF3D-5E94CB564CFF}
(no name) - C:\Program Files\Windows Live Toolbar\msntb.dll - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
(no name) - (no file) - {C5FCE753-7E3E-414C-815E-86AF82D8817A}
(no name) - C:\Program Files\Free Download Manager\iefdmcks.dll - {CC59E0F9-7E43-44FA-9FAA-8377850BF205}
(no name) - C:\WINDOWS\system32\nwtfp.dll - {CEFD1580-D14A-F797-4492-A38F717A299F}
(no name) - C:\WINDOWS\system32\rqropon.dll (file missing) - {D4576C73-52BD-4401-B966-5A128C4433D4}
(no name) - (no file) - {D5A2DACE-F010-480F-B2B0-A47D8A2B9CA8}

--------------------------------------------------

Enumerating Task Scheduler jobs:

At1.job
At10.job
At11.job
At12.job
At13.job
At14.job
At15.job
At16.job
At17.job
At18.job
At19.job
At2.job
At20.job
At21.job
At22.job
At23.job
At24.job
At3.job
At4.job
At5.job
At6.job
At7.job
At8.job
At9.job
Check Updates for Windows Live Toolbar.job
McDefragTask.job
McQcTask.job
Uniblue SpeedUpMyPC Nag.job
Uniblue SpeedUpMyPC.job
Uniblue SpyEraser.job

--------------------------------------------------

Enumerating Download Program Files:

[ewidoOnlineScan Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\EWIDOO~1.DLL
CODEBASE = http://downloads.ewido.net/ewidoOnlineScan.cab

[SearchCD Control]
InProcServer32 = C:\WINDOWS\system32\imiesrch.ocx
CODEBASE = http://www.partsarena.com/baxi/Plugins/IMIESRCH.cab

[{254AA86E-5655-4518-AA87-185D7CC41801}]
CODEBASE = https://secure.logmeinrescue.com/TechConsole/x86/RescueControl.cab

[GrafixViewControl]
InProcServer32 = C:\WINDOWS\system32\GFXVIEW.ocx
CODEBASE = http://www.partsarena.com/baxi/Plugins/GFXVIEW.cab

[GreasyPalmInstallHelper Class]
CODEBASE = http://www.greasypalm.co.uk/bho/update/GreasyPalm.cab

[{56762DEC-6B0D-4AB4-A8AD-989993B5D08B}]
CODEBASE = http://www.eset.eu/buxus/docs/OnlineScanner.cab

[BDSCANONLINE Control]
InProcServer32 = C:\WINDOWS\BDOSCAN8\oscan82.ocx
CODEBASE = http://download.bitdefender.com/resources/scan8/oscan8.cab

[a-squared Scanner]
InProcServer32 = C:\WINDOWS\DOWNLO~1\asquared.ocx
CODEBASE = http://ax.emsisoft.com/asquared.cab

[Java Plug-in 1.6.0_01]
InProcServer32 = C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx
CODEBASE = http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee\MSC\Updates\Installs\1\msk\mcinst.exe||C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee\MSC\Updates\Installs\1\msk\mcinst.exe


--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll
UPnPMonitor: C:\WINDOWS\system32\upnpui.dll

--------------------------------------------------
End of report, 13,295 bytes
Report generated in 0.063 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only



Hope this helps.

Post Extras: Print Post   Remind Me!   Notify Moderator  
bricatModerator
HijackThis Helper


Reg'd: Wed
Posts: 29198
Loc: belfast
Re: Advertisement By Outerinfo [Re: growleruk]
      #391523 - Mon Apr 14 2008 11:15 PM
Reply to this post Reply   Reply to this post Quote  

Rerun HJT,and put a checkmark beside these :-

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {CA3EB689-8F09-4026-AA10-B9534C691CE0} - (no file)
O2 - BHO: TBSB09400 - {1EF8C52D-928D-44C8-856D-8D0189973911} - (no file)
O2 - BHO: (no name) - {381948CB-DE3D-418D-8C6E-C611F2313B3F} - (no file)
O2 - BHO: (no name) - {5805F281-D088-415B-BB87-4EB660A10A1A} - (no file)
O2 - BHO: (no name) - {75379201-A454-4A23-9A80-88EF8DB726F6} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Band Class - {8272B062-BD4D-4EAD-A149-45B3CE3F5CDA} - C:\WINDOWS\GPalm.dll
O2 - BHO: (no name) - {A4CF09AC-1578-4761-8915-F60106324646} - (no file)
O2 - BHO: (no name) - {A74F3FC3-CC9A-4D4C-AFB5-B56F0CAA445D} - (no file)
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - (no file)
O2 - BHO: (no name) - {B18FD241-438C-365E-DD2E-38E607F00E90} - (no file)
O2 - BHO: {19fc2974-01ec-7adb-1104-5a65be9b272b} - {b272b9eb-56a5-4011-bda7-ce104792cf91} - (no file)
O2 - BHO: (no name) - {BD0E7D67-0C9A-43AE-AF3D-5E94CB564CFF} - (no file)
O2 - BHO: (no name) - {C5FCE753-7E3E-414C-815E-86AF82D8817A} - (no file)
O2 - BHO: (no name) - {CEFD1580-D14A-F797-4492-A38F717A299F} - C:\WINDOWS\system32\nwtfp.dll
O2 - BHO: (no name) - {D4576C73-52BD-4401-B966-5A128C4433D4} - C:\WINDOWS\system32\rqropon.dll (file missing)
O2 - BHO: (no name) - {D5A2DACE-F010-480F-B2B0-A47D8A2B9CA8} - (no file)
O3 - Toolbar: Band Class - {8272B062-BD4D-4EAD-A149-45B3CE3F5CDA} - C:\WINDOWS\GPalm.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O4 - HKLM\..\Run: [GreasyPalmUpdate] C:\WINDOWS\GreasyPalmUpdate.exe
O4 - HKCU\..\Run: [Lekfib] "C:\Program Files\Common Files\?racle\w?nlogon.exe"
O4 - HKCU\..\Run: [SfKg6w] C:\Documents and Settings\karl lyon\Application Data\Microsoft\Windows\ajxnpfgt.exe
O4 - HKCU\..\Run: [Words] C:\Program Files\Words\Words.exe
O4 - HKCU\..\Run: [Wmle] "C:\WINDOWS\PPATCH~1\winword.exe" -vt ygw
O16 - DPF: {4D561B31-49A0-4E2C-8AFF-353468EC669B} (GreasyPalmInstallHelper Class) - http://www.greasypalm.co.uk/bho/update/GreasyPalm.cab
O20 - Winlogon Notify: jkkll - C:\WINDOWS\
O20 - Winlogon Notify: pmkjihg - pmkjihg.dll (file missing)
O20 - Winlogon Notify: rqropon - rqropon.dll (file missing)
O20 - Winlogon Notify: zxsgannh - zxsgannh.dll (file missing)

now close all windows and browsers and click FIX CHECKED

Then go to ADD\REMOVE programs in the control panel and remove :-

GreasyPalm

Then boot up in SAFE MODE

Then navigate to and delete these files\folders in BOLD

C:\WINDOWS\PPATCH <----folder starting with these 6 letters
C:\WINDOWS\system32\nwtfp.dll

then boot up normally.

Copy everything inside the quote box below (starting with dir) and paste it into notepad. Go up to "File > Save As" and click the drop-down box to change the "Save As Type" to "All Files". Save it as findfile.bat on your Desktop.

Quote:

dir C:\Program Files\Common Files\?racle\w?nlogon.exe /a h > files.txt
notepad files.txt



Locate findfile.bat on your Desktop and double-click on it. It will open Notepad with some text in it. Please post the contents of that Notepad here along with a new HiJackThis log.

P.S
Please don't post any more startup lists.

--------------------
MY HELP IS FREE,BUT PLEASE CONSIDER GIVING A DONATION TO HELP IN MY FIGHT AGAINST SPYWARE.

You don't stop laughing when you get old, you get old when you stop laughing!

Post Extras: Print Post   Remind Me!   Notify Moderator  
growleruk
new user


Reg'd: Mon
Posts: 5
Re: Advertisement By Outerinfo [Re: bricat]
      #391540 - Tue Apr 15 2008 07:58 AM
Reply to this post Reply   Reply to this post Quote  

Apologies for the startup lists, as you may have guessed im a bitof a newbie. Will follow the instructions and re-post.
Thank you

Post Extras: Print Post   Remind Me!   Notify Moderator  
growleruk
new user


Reg'd: Mon
Posts: 5
Re: Advertisement By Outerinfo [Re: growleruk]
      #391546 - Tue Apr 15 2008 08:59 AM
Reply to this post Reply   Reply to this post Quote  

OK.
Have completed instructions posted but;
No Greasypalm available in add/remove programs
c:\windows\ppatch\ not there
c:\windows\system32\nwtfp.dll not there
I alsotried doing a search for these files and folders.
when i ran findfile.bat it returned no results and the DOS window stated unable to locate file.
Anyway, new HJT Log here;

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:54:44, on 15/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\gearsec.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\svchost.exe
d:\Program Files\TVersity\Media Server\MediaServer.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe
C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\SSC Service Utility\ssc_serv.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
D:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
D:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
D:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live Toolbar\msn_sl.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [MaxBlastMonitor.exe] C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SSC Service Utility] C:\Program Files\SSC Service Utility\ssc_serv.exe /s
O4 - HKLM\..\Run: [EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE /P30 "EPSON Stylus Photo R220 Series" /O6 "USB002" /M "Stylus Photo R220"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] D:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [HijackThis startup scan] D:\Program Files\Trend Micro\HijackThis\HijackThis.exe /startupscan
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {1B735B98-8010-11D5-AD0B-00500463D885} (SearchCD Control) - http://www.partsarena.com/baxi/Plugins/IMIESRCH.cab
O16 - DPF: {254AA86E-5655-4518-AA87-185D7CC41801} - https://secure.logmeinrescue.com/TechConsole/x86/RescueControl.cab
O16 - DPF: {36C17E9B-3354-11D1-95CF-0000B4530F04} (GrafixViewControl) - http://www.partsarena.com/baxi/Plugins/GFXVIEW.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} (Java Plug-in 1.6.0_01) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{A2068BA9-AC71-4EF4-88D0-D36C32EB47F8}: NameServer = 194.168.4.100,194.168.8.100
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: gearsec - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TVersityMedi