Random popup

gt88 · May 26, 2010

Keep getting this random popup from news.11.today.com. Scanned nod32, adaware and MBAM. MBAM picked up a few items which i removed, however the popup still appears. MY HJT log is below.

Thanks

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 8:37:02 AM, on 26/05/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Lenovo\Energy Management\utility.exe

C:\Program Files\Lenovo\Energy Management\Energy Management.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

C:\Program Files\Lenovo\VeriFaceIII\PManage.exe

C:\Program Files\Eset\nod32kui.exe

C:\Program Files\LooknStop\looknstop.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\T-Mobile\web'n'walk Manager\DataCardMonitor.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\QSTART.SYS\config\DVMExportService.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\LimeWire\LimeWire.exe

C:\Program Files\Eset\nod32krn.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\WINDOWS\system32\svchost.exe

c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

c:\program files\lenovo\system update\suservice.exe

C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe

C:\PROGRA~1\HUAWEI~1\HUAWEI~1\3 USB Modem.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.ninemsn.com.au/0SEENAU/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.ninemsn.com.au/0SEENAU/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.ninemsn.com.au/0SEENAU/SAOS01?FORM=TOOLBR

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\utility.exe

O4 - HKLM\..\Run: [Energy Management] C:\Program Files\Lenovo\Energy Management\Energy Management.exe

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [TVT Scheduler Proxy] c:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

O4 - HKLM\..\Run: [VeriFaceManager] C:\Program Files\Lenovo\VeriFaceIII\PManage.exe

O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [Look 'n' Stop] "C:\Program Files\LooknStop\looknstop.exe" -auto

O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

O4 - HKLM\..\Run: [DataCardMonitor] C:\Program Files\T-Mobile\web'n'walk Manager\DataCardMonitor.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1251514927730

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1251514897245

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{0E1B2DD2-C64F-4389-AA9F-DD97CA777446}: NameServer = 217.171.135.1 217.171.132.1

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: PicNotify - C:\WINDOWS\SYSTEM32\PicNotify.dll

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe

O23 - Service: DeviceVM Meta Data Export Service (DvmMDES) - DeviceVM - C:\QSTART.SYS\config\DVMExportService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe

O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

--

End of file - 9200 bytes

deltalima · May 26, 2010

Hi gt88,

Welcome to the forum.

My nickname is deltalima and I will be helping you with your computer problems.

The logs can take some time to research, so please be patient with me.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Please note the following:

I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
The fixes are specific to your problem and should only be used for this issue on this machine.
Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one.
It's often worth reading through these instructions and printing them for ease of reference.
If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
Please reply to this thread. Do not start a new topic.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.

Double click on OTL.exe to run it.
Under Output, ensure that Minimal Output is selected.
Under Extra Registry section, select Use SafeList.
Click the Scan All Users checkbox.
Click on Run Scan at the top left hand corner.
When done, two Notepad files will open.
- OTL.txt <-- Will be opened
- Extras.txt <-- Will be minimized
[*]Please post the contents of these 2 Notepad files in your next reply.

Scan With RKUnHooker

Please Download Rootkit Unhooker Save it to your desktop.
Now double-click on RKUnhookerLE.exe to run it.
Click the Report tab, then click Scan.
Check (Tick) Drivers, Stealth, Files, Code Hooks. Uncheck the rest. then Click OK.
Wait till the scanner has finished and then click File, Save Report.
Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Begbie · May 27, 2010

Like GT88, I am also having this problem. I have ran OTL and RK Unhooker. NotL RKU detects a parasite inside itself when run and recommends removing it!!! I haven't run this yet.

Logs below. I would be grateful for any help.

____________________________________________________________

HJT Log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:02:52, on 27/05/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\AVG\AVG9\avgrsx.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Unlocker\UnlockerAssistant.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe

C:\Program Files\Labtec\Mouse\V3.0\moffice.exe

C:\PROGRA~1\AVG\AVG9\avgtray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Labtec\Mouse\V3.0\MOUSE32A.EXE

D:\Program Files\WinZip Pro\WZQKPICK.EXE

C:\Program Files\OpenOffice.org 3\program\soffice.exe

C:\Program Files\OpenOffice.org 3\program\soffice.bin

C:\WINDOWS\ATKKBService.exe

C:\Program Files\AVG\AVG9\avgwdsvc.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\WINDOWS\system32\cisvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\AVG\AVG9\avgnsx.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\AVG\AVG9\avgemc.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\cidaemon.exe

D:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\cidaemon.exe

C:\Program Files\Windows NT\Accessories\WORDPAD.EXE

C:\Documents and Settings\Administrator\Desktop\OTL.exe

D:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/home/?ai=13054

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;2

R3 - URLSearchHook: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ladklq.exe,

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Program Files\Real\rpbrowserrecordplugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll

O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll

O2 - BHO: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll

O3 - Toolbar: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll

O4 - HKLM\..\Run: [unlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe -H

O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe

O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Labtec\Mouse\V3.0\moffice.exe

O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe

O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe

O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\BTHOME~2\Help\SMARTB~3\BTHelpNotifier.exe

O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] C:\Program Files\btbb_wcm\McciTrayApp.exe

O4 - HKLM\..\RunOnce: [uninstall Adobe Download Manager] "C:\WINDOWS\system32\rundll32.exe" "C:\Program Files\NOS\bin\getPlus_Helper.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1noarp

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O4 - S-1-5-18 Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'SYSTEM')

O4 - .DEFAULT Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'Default user')

O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe

O4 - Global Startup: BT Broadband Desktop Help.lnk = C:\Program Files\BT Home Hub\Help\bin\matcli.exe

O4 - Global Startup: WinZip Quick Pick.lnk = D:\Program Files\WinZip Pro\WZQKPICK.EXE

O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing)

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe

O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe

O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: Google Update Service (gupdate1ca3b719fe19692) (gupdate1ca3b719fe19692) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Visibroker Activation Daemon (oad) - Unknown owner - D:\Inprise\vbroker\bin\oad.exe

O23 - Service: VisiBroker Smart Agent (osagent) - Unknown owner - D:\Inprise\vbroker\bin\osagent.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--

End of file - 7657 bytes

_________________________________________________________

OTL.txt file:

OTL logfile created on: 27/05/2010 20:06:18 - Run 2

OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Administrator\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 70.00% Memory free

5.00 Gb Paging File | 4.00 Gb Available in Paging File | 85.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 232.88 Gb Total Space | 201.25 Gb Free Space | 86.42% Space Free | Partition Type: NTFS

Drive D: | 465.76 Gb Total Space | 317.34 Gb Free Space | 68.13% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: PAUL

Current User Name: Administrator

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)

PRC - D:\Program Files\WinZip Pro\WZQKPICK.EXE (WinZip Computing, S.L.)

PRC - D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)

PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)

PRC - C:\Program Files\Labtec\Mouse\V3.0\moffice.exe ()

PRC - C:\Program Files\Labtec\Mouse\V3.0\mouse32a.exe ()

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Unlocker\UnlockerAssistant.exe ()

PRC - C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)

PRC - C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)

PRC - C:\WINDOWS\ATKKBService.exe (ASUSTeK COMPUTER INC.)

PRC - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\Program Files\Labtec\Mouse\V3.0\mouDL32A.dll ()

MOD - C:\Program Files\Unlocker\UnlockerHook.dll ()

MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (ACDaemon) -- File not found

SRV - (getPlusHelper) getPlus® -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)

SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

SRV - (avg9emc) -- C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)

SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies, Inc.)

SRV - (SNMP) -- C:\WINDOWS\system32\snmp.exe (Microsoft Corporation)

SRV - (LPDSVC) -- C:\WINDOWS\system32\tcpsvcs.exe (Microsoft Corporation)

SRV - (W3SVC) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)

SRV - (SMTPSVC) Simple Mail Transfer Protocol (SMTP) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)

SRV - (IISADMIN) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)

SRV - (ATKKeyboardService) -- C:\WINDOWS\ATKKBService.exe (ASUSTeK COMPUTER INC.)

SRV - (StarWindServiceAE) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)

SRV - (usnjsvc) -- C:\Program Files\MSN Messenger\usnsvc.exe (Microsoft Corporation)

SRV - (YPCService) -- C:\WINDOWS\system32\YPcservice.exe (Yahoo! Inc.)

SRV - (osagent) -- D:\Inprise\vbroker\bin\osagent.exe ()

SRV - (oad) -- D:\Inprise\vbroker\bin\oad.exe ()

========== Driver Services (SafeList) ==========

DRV - (AvgTdiX) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)

DRV - (AvgMfx86) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (AvgLdx86) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()

DRV - (RTHDMIAzAudService) -- C:\WINDOWS\system32\drivers\RtHDMI.sys (Realtek Semiconductor Corp.)

DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies, Inc.)

DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)

DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)

DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)

DRV - (MPE) -- C:\WINDOWS\system32\drivers\MPE.sys (Microsoft Corporation)

DRV - (asusgsb) -- C:\WINDOWS\system32\drivers\asusgsb.sys (ASUSTeK Computer Inc.)

DRV - (Video3D) -- C:\WINDOWS\system32\drivers\Video3D32.sys (ASUSTeK COMPUTER INC.)

DRV - (asuskbnt) -- C:\WINDOWS\system32\drivers\atkkbnt.sys (ASUSTeK COMPUTER INC.)

DRV - (PhilCap) -- C:\WINDOWS\system32\drivers\PhilCap.sys (NXP Semiconductors Germany GmbH)

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)

DRV - (ASUSVRC) -- C:\WINDOWS\system32\drivers\AsusVRC.sys (ASUSTeK COMPUTER INC.)

DRV - (RTL8169) -- C:\WINDOWS\system32\drivers\Rtlh86.sys (Realtek Corporation)

DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\AtiHdAud.sys (ATI Research Inc.)

DRV - (AsIO) -- C:\WINDOWS\system32\drivers\AsIO.sys ()

DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )

DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)

DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.)

DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)

DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.)

DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.)

DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)

DRV - (btwhid) -- C:\WINDOWS\system32\drivers\btwhid.sys (Broadcom Corporation.)

DRV - (MRENDIS5) -- C:\Program Files\Common Files\Motive\MRENDIS5.sys (Motive, Inc.)

DRV - (Aspi32) -- C:\WINDOWS\system32\drivers\aspi32.sys (Adaptec)

DRV - (MREMPR5) -- C:\Program Files\Common Files\Motive\MREMPR5.sys (Motive, Inc.)

DRV - (MarvinBus) -- C:\WINDOWS\system32\drivers\MarvinBus.sys (Pinnacle Systems GmbH)

DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys ()

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://uk.red.clientapps.yahoo.com/customi...fo/bt_side.html

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKU\S-1-5-21-448539723-162531612-1801674531-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/home/?ai=13054

IE - HKU\S-1-5-21-448539723-162531612-1801674531-500\..\URLSearchHook: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll (Conduit Ltd.)

IE - HKU\S-1-5-21-448539723-162531612-1801674531-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-448539723-162531612-1801674531-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;2

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"

FF - prefs.js..browser.search.defaulturl: "http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&ai=13054"

FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"

FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"

FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.812

FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19

FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.11.7

FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3

FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.9

FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.0.5

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0

FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2

FF - prefs.js..extensions.enabledItems: 5

FF - prefs.js..extensions.enabledItems: 2

FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:3.3.3

FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63

FF - prefs.js..network.proxy.http: "222.68.207.11"

FF - prefs.js..network.proxy.http_port: 80

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/04/21 12:33:29 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: D:\Program Files\Real\browserrecord\firefox\ext [2009/09/22 11:46:27 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2010/05/27 15:52:58 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2010/05/27 16:08:46 | 000,000,000 | ---D | M]

[2009/07/29 13:12:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions

[2010/05/27 17:54:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1uv2gowj.default\extensions

[2010/05/26 18:49:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1uv2gowj.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}(2)

[2010/05/26 18:49:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1uv2gowj.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}(3)

[2010/05/26 22:05:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1uv2gowj.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}(4)

[2010/05/08 12:33:56 | 000,000,000 | ---D | M] (Flagfox) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1uv2gowj.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}

[2009/08/15 13:39:48 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1uv2gowj.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}

[2010/04/14 19:15:52 | 000,000,000 | ---D | M] (ImTranslator) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1uv2gowj.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}

[2010/04/28 11:12:12 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1uv2gowj.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2010/03/27 13:24:13 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1uv2gowj.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}

[2010/05/27 16:08:41 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1uv2gowj.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}

[2009/11/03 16:43:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1uv2gowj.default\extensions\en-GB@dictionaries.addons.mozilla.org

[2010/04/25 14:28:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1uv2gowj.default\extensions\firefox@tvunetworks.com

[2010/03/14 13:02:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1uv2gowj.default\extensions\piclens@cooliris.com

O1 HOSTS File: ([2008/04/14 11:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Program Files\Real\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)

O2 - BHO: (myBabylon English Toolbar) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (myBabylon English Toolbar) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll (Conduit Ltd.)

O3 - HKU\S-1-5-21-448539723-162531612-1801674531-500\..\Toolbar\WebBrowser: (myBabylon English Toolbar) - {B2E293EE-FD7E-4C71-A714-5F4750D8D7B7} - C:\Program Files\myBabylon_English\tbmyBa.dll (Conduit Ltd.)

O3 - HKU\S-1-5-21-448539723-162531612-1801674531-500\..\Toolbar\WebBrowser: (Webs Credits) - {D09588AA-5560-4240-B2F2-774D78D7E917} - Reg Error: Value error. File not found

O3 - HKU\S-1-5-21-448539723-162531612-1801674531-500\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)

O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [btbb_wcm_McciTrayApp] C:\Program Files\btbb_wcm\McciTrayApp.exe (Motive Communications, Inc.)

O4 - HKLM..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Labtec\Mouse\V3.0\moffice.exe ()

O4 - HKLM..\Run: [Motive SmartBridge] C:\Program Files\BT Home Hub\Help\SmartBridge\BTHelpNotifier.exe (Motive)

O4 - HKLM..\Run: [unlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()

O4 - HKLM..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe (Yahoo! Inc.)

O4 - HKLM..\RunOnce: [uninstall Adobe Download Manager] File not found

O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BT Broadband Desktop Help.lnk = C:\Program Files\BT Home Hub\Help\bin\matcli.exe (Motive Communications, Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = D:\Program Files\WinZip Pro\WZQKPICK.EXE (WinZip Computing, S.L.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1

O7 - HKU\S-1-5-21-448539723-162531612-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-448539723-162531612-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1

O7 - HKU\S-1-5-21-448539723-162531612-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1

O7 - HKU\S-1-5-21-448539723-162531612-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1

O7 - HKU\S-1-5-21-448539723-162531612-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1

O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)

O9 - Extra Button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)

O15 - HKU\S-1-5-21-448539723-162531612-1801674531-500\..Trusted Domains: motive.com ([pbttbc.bt] https in Trusted sites)

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\ladklq.exe) - C:\WINDOWS\System32\ladklq.exe File not found

O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)

O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/07/29 11:43:23 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\E\Shell - "" = AutoRun

O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Setup.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/05/27 19:19:26 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe

[2010/05/27 16:20:53 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit

[2010/05/27 16:20:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit

[2010/05/27 16:20:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\myBabylon_English

[2010/05/27 16:20:51 | 000,000,000 | ---D | C] -- C:\Program Files\myBabylon_English

[2010/05/27 16:08:44 | 000,000,000 | ---D | C] -- C:\Program Files\NOS

[2010/05/27 16:08:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS

[2010/05/27 15:58:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe

[2010/05/27 15:36:28 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent

[2010/05/27 15:32:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\IIS Temporary Compressed Files

[2010/05/27 15:31:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Cache

[2010/05/27 15:29:36 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\smtpctrs.dll

[2010/05/27 15:29:36 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\snprfdll.dll

[2010/05/27 15:29:35 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fcachdll.dll

[2010/05/27 15:29:35 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\regtrace.exe

[2010/05/27 15:29:35 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\adsiisex.dll

[2010/05/27 15:29:25 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aspperf.dll

[2010/05/27 15:29:25 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\w3svapi.dll

[2010/05/27 15:29:25 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\w3ctrs.dll

[2010/05/27 15:29:24 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iisreset.exe

[2010/05/27 15:29:24 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wamregps.dll

[2010/05/27 15:29:24 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ftpsapi2.dll

[2010/05/27 15:29:24 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iisrstap.dll

[2010/05/27 15:29:23 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\convlog.exe

[2010/05/27 15:29:23 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetsloc.dll

[2010/05/27 15:29:23 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\infoctrs.dll

[2010/05/27 15:29:23 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\admxprox.dll

[2010/05/27 15:29:23 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iismui.dll

[2010/05/27 15:29:18 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\smtpapi.dll

[2010/05/27 15:29:18 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rwnh.dll

[2010/05/27 15:29:17 | 000,290,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\adsiis.dll

[2010/05/27 15:29:17 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iisext.dll

[2010/05/27 15:29:17 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iismap.dll

[2010/05/27 15:29:17 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\exstrace.dll

[2010/05/27 15:29:17 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\infoadmn.dll

[2010/05/27 15:29:16 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iisRtl.dll

[2010/05/27 15:29:16 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\admwprox.dll

[2010/05/27 15:29:13 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\lpdsvc.dll

[2010/05/27 15:29:13 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\lprmon.dll

[2010/05/27 15:29:13 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\staxmem.dll

[2010/05/27 15:29:09 | 000,000,000 | ---D | C] -- C:\Inetpub

[2010/05/27 15:27:54 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\evntagnt.dll

[2010/05/27 15:27:54 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\evntwin.exe

[2010/05/27 15:27:54 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\snmp.exe

[2010/05/27 15:27:54 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\evntcmd.exe

[2010/05/27 15:27:54 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\snmpmib.dll

[2010/05/27 15:27:53 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hostmib.dll

[2010/05/27 15:27:52 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\lmmib2.dll

[2010/05/27 13:51:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\7A9B63233F5E4A2E939E8A1F4F6A0CA8.TMP

[2010/05/27 11:32:00 | 000,000,000 | ---D | C] -- C:\Program Files\Motive

[2010/05/26 22:32:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel

[2010/05/26 22:04:26 | 000,000,000 | ---D | C] -- C:\Program Files\Motive(4)

[2010/05/26 21:34:34 | 000,000,000 | ---D | C] -- C:\Program Files\Motive(4)(2)

[2010/05/26 16:45:40 | 000,000,000 | ---D | C] -- C:\Program Files\Motive(3)

[2010/05/25 20:39:38 | 000,000,000 | ---D | C] -- C:\Program Files\Motive(2)

[2010/05/25 14:39:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\ippycyxlp

[2010/05/22 18:02:32 | 000,000,000 | ---D | C] -- C:\FSiLinks

[2010/05/22 18:00:05 | 000,000,000 | ---D | C] -- C:\FSi

[2010/05/19 17:47:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes

[2010/05/19 17:47:16 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/05/19 17:47:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2010/05/19 17:47:15 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/05/18 14:56:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\manky

[2010/05/16 12:20:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer

[2010/05/16 00:03:44 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys

[2010/05/14 12:50:38 | 000,000,000 | -HSD | C] -- C:\WINDOWS\System32\usewrw

[2010/05/13 22:52:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\DVDVideoSoft

[2010/05/13 22:52:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft

[2010/05/04 01:34:40 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer

[2010/05/04 01:33:32 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8

[2010/05/04 00:20:50 | 000,000,000 | ---D | C] -- C:\Microgaming

[2010/04/30 12:44:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun

[2010/04/29 14:37:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe

[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/27 19:20:08 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI

[2010/05/27 19:19:37 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\RKUnhookerLE.EXE

[2010/05/27 19:19:30 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\prvlcl.dat

[2010/05/27 19:19:26 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe

[2010/05/27 19:13:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2010/05/27 18:00:27 | 060,433,047 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm

[2010/05/27 16:37:10 | 000,001,754 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BT Broadband Desktop Help.lnk

[2010/05/27 16:18:35 | 000,073,456 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

[2010/05/27 15:52:58 | 000,000,722 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2010/05/27 15:38:05 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2010/05/27 15:38:02 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/05/27 15:37:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/05/27 15:36:29 | 006,139,904 | ---- | M] () -- C:\Documents and Settings\Administrator\ntuser.dat

[2010/05/27 15:36:29 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini

[2010/05/27 15:32:36 | 000,570,256 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2010/05/27 15:32:36 | 000,476,638 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010/05/27 15:32:36 | 000,083,406 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010/05/27 13:29:48 | 000,000,579 | ---- | M] () -- C:\WINDOWS\win.ini

[2010/05/27 13:29:48 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini

[2010/05/26 23:13:59 | 000,000,243 | -HS- | M] () -- C:\boot.ini

[2010/05/26 22:58:06 | 000,265,416 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010/05/26 22:36:39 | 000,000,349 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\PCLECHAL.INI

[2010/05/26 22:29:31 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

[2010/05/26 22:23:02 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010/05/26 20:20:10 | 000,001,030 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\limited connectivity.rtf

[2010/05/26 16:23:14 | 000,253,740 | ---- | M] () -- C:\firewall.jpg

[2010/05/26 12:35:17 | 000,196,608 | ---- | M] () -- C:\WINDOWS\System32\drivers\nStandard.bin

[2010/05/25 12:45:24 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/05/25 12:35:30 | 006,291,456 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db

[2010/05/23 15:18:33 | 000,017,408 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\WebpageIcons.db

[2010/05/22 01:39:00 | 000,406,318 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\btv.zip

[2010/05/22 01:37:16 | 000,001,772 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\UKTV.zip

[2010/05/21 21:20:52 | 000,041,914 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\flags.jpg

[2010/05/21 00:00:10 | 000,000,583 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Sweepstake.zip

[2010/05/19 17:47:20 | 000,000,588 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/05/16 00:03:41 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys

[2010/05/15 22:15:24 | 000,425,984 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb

[2010/05/15 22:15:24 | 000,275,456 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb

[2010/05/15 22:07:00 | 000,000,452 | ---- | M] () -- C:\WINDOWS\tasks\EasyShare Registration Task.job

[2010/05/11 01:03:03 | 000,002,640 | ---- | M] () -- C:\WINDOWS\System32\settings.aaw

[2010/05/11 01:03:03 | 000,000,960 | ---- | M] () -- C:\WINDOWS\System32\history.aaw

[2010/05/09 22:53:54 | 000,000,762 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Zattoo.lnk

[2010/05/04 01:37:13 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Internet Explorer.lnk

[2010/05/01 14:55:15 | 000,000,590 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\SopCast.lnk

[2010/04/30 12:44:41 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat

[2010/04/29 22:13:37 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk

[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/27 19:19:38 | 000,133,632 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\RKUnhookerLE.EXE

[2010/05/27 16:37:10 | 000,001,754 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BT Broadband Desktop Help.lnk

[2010/05/27 15:52:58 | 000,000,722 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2010/05/27 15:29:36 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini

[2010/05/27 15:29:36 | 000,008,002 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.h

[2010/05/27 15:29:35 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini

[2010/05/27 15:29:35 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.h

[2010/05/27 15:29:25 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini

[2010/05/27 15:29:25 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini

[2010/05/27 15:29:25 | 000,005,379 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.h

[2010/05/27 15:29:25 | 000,002,024 | ---- | C] () -- C:\WINDOWS\System32\axctrnm.h

[2010/05/27 15:29:23 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini

[2010/05/27 15:29:23 | 000,003,276 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.h

[2010/05/27 15:27:58 | 000,049,275 | ---- | C] () -- C:\WINDOWS\System32\wfospf.mib

[2010/05/27 15:27:58 | 000,026,236 | ---- | C] () -- C:\WINDOWS\System32\wins.mib

[2010/05/27 15:27:58 | 000,004,332 | ---- | C] () -- C:\WINDOWS\System32\smi.mib

[2010/05/27 15:27:57 | 000,107,882 | ---- | C] () -- C:\WINDOWS\System32\mib_ii.mib

[2010/05/27 15:27:57 | 000,038,608 | ---- | C] () -- C:\WINDOWS\System32\nipx.mib

[2010/05/27 15:27:57 | 000,034,317 | ---- | C] () -- C:\WINDOWS\System32\msiprip2.mib

[2010/05/27 15:27:57 | 000,030,448 | ---- | C] () -- C:\WINDOWS\System32\mcastmib.mib

[2010/05/27 15:27:57 | 000,021,386 | ---- | C] () -- C:\WINDOWS\System32\mipx.mib

[2010/05/27 15:27:57 | 000,013,767 | ---- | C] () -- C:\WINDOWS\System32\msipbtp.mib

[2010/05/27 15:27:57 | 000,010,313 | ---- | C] () -- C:\WINDOWS\System32\mripsap.mib

[2010/05/27 15:27:57 | 000,000,581 | ---- | C] () -- C:\WINDOWS\System32\msft.mib

[2010/05/27 15:27:56 | 000,048,593 | ---- | C] () -- C:\WINDOWS\System32\hostmib.mib

[2010/05/27 15:27:56 | 000,026,100 | ---- | C] () -- C:\WINDOWS\System32\lmmib2.mib

[2010/05/27 15:27:56 | 000,020,079 | ---- | C] () -- C:\WINDOWS\System32\http.mib

[2010/05/27 15:27:56 | 000,015,799 | ---- | C] () -- C:\WINDOWS\System32\ipforwd.mib

[2010/05/27 15:27:56 | 000,006,179 | ---- | C] () -- C:\WINDOWS\System32\ftp.mib

[2010/05/27 15:27:56 | 000,004,597 | ---- | C] () -- C:\WINDOWS\System32\dhcp.mib

[2010/05/27 15:27:56 | 000,000,698 | ---- | C] () -- C:\WINDOWS\System32\inetsrv.mib

[2010/05/27 15:27:55 | 000,016,617 | ---- | C] () -- C:\WINDOWS\System32\authserv.mib

[2010/05/27 15:27:55 | 000,015,597 | ---- | C] () -- C:\WINDOWS\System32\accserv.mib

[2010/05/26 23:58:58 | 006,139,904 | ---- | C] () -- C:\Documents and Settings\Administrator\ntuser.dat

[2010/05/26 21:02:52 | 000,015,975 | ---- | C] () -- C:\Documents and Settings\Administrator\log.txt

[2010/05/26 20:20:10 | 000,001,030 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\limited connectivity.rtf

[2010/05/26 19:27:13 | 000,001,594 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk

[2010/05/26 19:27:13 | 000,000,864 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk

[2010/05/26 16:23:14 | 000,253,740 | ---- | C] () -- C:\firewall.jpg

[2010/05/22 01:38:59 | 000,406,318 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\btv.zip

[2010/05/22 01:37:16 | 000,001,772 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\UKTV.zip

[2010/05/21 21:20:52 | 000,041,914 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\flags.jpg

[2010/05/21 00:00:10 | 000,000,583 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Sweepstake.zip

[2010/05/19 17:47:20 | 000,000,588 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/05/16 00:08:05 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

[2010/05/04 01:38:53 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Internet Explorer.lnk

[2010/04/30 12:44:41 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010/04/30 12:44:41 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat

[2010/04/13 16:39:35 | 000,201,488 | ---- | C] () -- C:\WINDOWS\System32\MACD32.DLL

[2010/04/13 16:39:35 | 000,141,584 | ---- | C] () -- C:\WINDOWS\System32\MAMC32.DLL

[2010/04/13 16:39:35 | 000,063,248 | ---- | C] () -- C:\WINDOWS\System32\MASD32.DLL

[2010/02/18 20:27:10 | 000,000,031 | -H-- | C] () -- C:\WINDOWS\UKCpInfo.sys

[2010/01/01 13:09:45 | 000,000,530 | ---- | C] () -- C:\WINDOWS\System32\tx14_ic.ini

[2009/11/20 16:41:20 | 000,237,568 | R--- | C] () -- C:\WINDOWS\System32\qtmlClient.dll

[2009/11/20 16:41:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Graffiti5.2Pin.ini

[2009/11/15 15:38:43 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI

[2009/10/20 01:13:42 | 000,716,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys

[2009/08/21 13:56:11 | 000,005,440 | ---- | C] () -- C:\WINDOWS\cdplayer.ini

[2009/08/05 18:08:29 | 000,055,808 | ---- | C] () -- C:\WINDOWS\System32\ActPanel.dll

[2009/07/29 21:07:30 | 000,000,848 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys

[2009/07/29 19:55:57 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll

[2009/07/29 19:55:57 | 000,012,664 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys

[2009/07/29 19:55:52 | 000,012,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys

[2009/07/29 19:55:52 | 000,010,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys

[2009/07/29 19:37:44 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI

[2009/07/29 19:13:26 | 000,000,018 | ---- | C] () -- C:\WINDOWS\System32\atkid.ini

[2009/07/29 19:13:25 | 000,046,592 | ---- | C] () -- C:\WINDOWS\System32\asfrench.dll

[2009/07/29 19:13:25 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\asrussian.dll

[2009/07/29 19:13:25 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\asgerman.dll

[2009/07/29 19:13:25 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\aseng.dll

[2009/07/29 19:13:25 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\askorean.dll

[2009/07/29 19:13:25 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\asjapan.dll

[2009/07/29 19:13:25 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\aschs.dll

[2009/07/29 19:13:24 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\ASCHT.dll

[2009/07/29 18:22:58 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll

[2009/07/29 13:07:07 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll

[2009/07/29 11:58:14 | 000,020,257 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini

[2009/07/29 11:58:03 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys

[2009/07/29 11:58:01 | 000,021,582 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini

[2009/07/29 11:57:52 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS

[2009/07/17 18:03:47 | 000,009,760 | ---- | C] () -- C:\WINDOWS\System32\716xCoInstaller.dll

[2009/01/25 22:10:48 | 000,179,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2009/01/09 00:01:22 | 000,629,760 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2008/12/23 16:33:18 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll

[2008/04/14 11:00:00 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\CopyToSendTo.dll

[2007/01/26 03:04:12 | 000,144,144 | ---- | C] () -- C:\WINDOWS\System32\MASE32.DLL

[2007/01/26 03:04:12 | 000,033,040 | ---- | C] () -- C:\WINDOWS\System32\MA32.DLL

[2006/06/07 16:52:08 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll

[2005/02/17 12:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest

[2005/02/17 12:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest

[2004/10/11 11:19:00 | 000,092,672 | ---- | C] () -- C:\WINDOWS\System32\ASUSASV2.DLL

[2003/09/23 13:40:34 | 000,394,240 | ---- | C] () -- C:\WINDOWS\System32\HMTCD.dll

[2003/08/07 15:01:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll

[2002/10/15 23:54:04 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

< End of report >

______________________________________________________________

Extras.txt:

OTL Extras logfile created on: 27/05/2010 20:06:18 - Run 2

OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Administrator\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 70.00% Memory free

5.00 Gb Paging File | 4.00 Gb Available in Paging File | 85.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 232.88 Gb Total Space | 201.25 Gb Free Space | 86.42% Space Free | Partition Type: NTFS

Drive D: | 465.76 Gb Total Space | 317.34 Gb Free Space | 68.13% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: PAUL

Current User Name: Administrator

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html [@ = htmlfile] -- C:\Program Files\Yahoo!\browser\ybrowser.exe (Yahoo!, Inc.)

[HKEY_USERS\S-1-5-21-448539723-162531612-1801674531-500\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- Reg Error: Key error.

htmlfile [open] -- C:\PROGRA~1\Yahoo!\browser\ybrowser.exe %1 (Yahoo!, Inc.)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "D:\Program Files\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "D:\Program Files\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

"DisableUnicastResponsesToMulticastBroadcast" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

"DisableUnicastResponsesToMulticastBroadcast" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"86:TCP" = 86:TCP:*:Enabled:BroadCam Video Streaming Server Web Server

"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- (Microsoft Corporation)

"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)

"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)

"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)

"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- File not found

"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- File not found

"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- File not found

"D:\Program Files\spotify.exe" = D:\Program Files\spotify.exe:*:Enabled:Spotify -- (Spotify AB)

"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- (Microsoft Corporation)

"D:\Program Files\Sopcast\SopCast.exe" = D:\Program Files\Sopcast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com)

"D:\Program Files\uTorrent\uTorrent.exe" = D:\Program Files\uTorrent\uTorrent.exe:*:Enabled:

deltalima · May 27, 2010

Begbie

You must open your own topic, it is not possible to work on two computers in the same thread.

Begbie · May 27, 2010

Begbie
You must open your own topic, it is not possible to work on two computers in the same thread.

Apologies. :welcome:

http://forums.malwarebytes.org/index.php?showtopic=51915

gt88 · May 28, 2010

Hi deltalima,

Since my last post, things seem to be getting worse. Ive posted a new HJT log, MBAM log, OTL log, however I got an error when running RKUnHooker. The error received is:

Warning-integrity checking

Rootkit Unhooker has detected parasite inside itself!

It is recommended to remove parasite, okay?

Parasite type: Unknown remote thread

Thread ID: 2148

Priority:8

Thread start address: 0x77DF848A

Module: advapi32.dll

Then when i press ok it says: Parasite removed, continue loading

I started the scanning process but halfway through as it was scanning files a error occured with unhooker and it closed the program.

HJT Log

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 8:17:42 AM, on 28/05/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Lenovo\Energy Management\utility.exe

C:\Program Files\Lenovo\Energy Management\Energy Management.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

C:\Program Files\Lenovo\VeriFaceIII\PManage.exe

C:\Program Files\Eset\nod32kui.exe

C:\Program Files\LooknStop\looknstop.exe

C:\Program Files\T-Mobile\web'n'walk Manager\DataCardMonitor.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

C:\QSTART.SYS\config\DVMExportService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Eset\nod32krn.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\WINDOWS\system32\svchost.exe

c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

c:\program files\lenovo\system update\suservice.exe

C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe