Virgin Media anti virus and anti spyware were overcome by this infection . When I tried to scan after 10 miutes the anti virus program would just disappear from the screen after 10 minutes instead of completing the scan which should take about 90 minutes .. Logs are as follows
Malwarebytes' Anti-Malware 1.36
Database version: 2157
Windows 5.1.2600 Service Pack 3
20/05/2009 16:14:49
mbam-log-2009-05-20 (16-14-49).txt
Scan type: Full Scan (C:\|F:\|G:\|)
Objects scanned: 155657
Time elapsed: 1 hour(s), 31 minute(s), 37 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d6e0fafc-2b61-4753-b3da-d83be96a2c39} (Trojan.Banker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d6e0fafc-2b61-4753-b3da-d83be96a2c39} (Trojan.Banker) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\mashtuic32.dll (Password.Stealer) -> Quarantined and deleted successfully.
OTListIt logfile created on: 20/05/2009 16:36:33 - Run 1
OTListIt2 by OldTimer - Version 2.0.15.8 Folder = C:\Documents and Settings\Paul\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
1023.48 Mb Total Physical Memory | 599.36 Mb Available Physical Memory | 58.56% Memory free
1.65 Gb Paging File | 1.27 Gb Available in Paging File | 76.81% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 38.28 Gb Total Space | 5.81 Gb Free Space | 15.19% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 19.10 Gb Total Space | 8.23 Gb Free Space | 43.11% Space Free | Partition Type: NTFS
Drive G: | 149.01 Gb Total Space | 139.45 Gb Free Space | 93.58% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: HOME
Current User Name: Paul
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Output = Standard
File Age = 30 Days
Company Name Whitelist: On
========== Processes (SafeList) ==========
PRC - [2009/02/05 21:01:25 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2008/04/14 01:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2009/02/05 21:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2005/09/22 10:05:40 | 00,438,359 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\blueyonder IST\SmartBridge\blueyonder-istnotifier.exe
PRC - [2008/12/29 17:48:55 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2008/04/19 10:02:30 | 00,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2008/02/01 00:13:08 | 00,385,024 | ---- | M] (Apple Inc.) -- C:\Program Files\QuickTime\qttask.exe
PRC - [2009/01/29 16:29:28 | 02,303,216 | ---- | M] (Virgin Broadband) -- C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe
PRC - [2009/02/05 21:08:45 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/01/22 18:18:59 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Paul\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
PRC - [2009/04/06 15:41:26 | 00,972,008 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2005/06/03 10:25:18 | 00,192,512 | ---- | M] () -- C:\Program Files\blueyonder IST\bin\mpbtn.exe
PRC - [2008/02/18 12:16:30 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2007/07/24 16:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2002/07/17 02:03:00 | 00,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
PRC - [2008/12/29 17:48:54 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2007/04/19 05:26:00 | 00,159,810 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2009/02/05 21:08:26 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/02/05 21:06:04 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/02/28 05:54:41 | 00,636,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\IEXPLORE.EXE
PRC - [2009/05/20 16:34:17 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Paul\Desktop\OTListIt2.exe
========== Win32 Services (SafeList) ==========
SRV - [2008/02/18 12:16:30 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2008/07/25 12:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009/02/05 21:01:25 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
SRV - [2009/02/05 21:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])
SRV - [2009/02/05 21:08:26 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running])
SRV - [2009/02/05 21:06:04 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])
SRV - [2004/12/13 16:58:02 | 00,106,496 | ---- | M] () -- C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe -- (BlueSoleil Hid Service [Disabled | Stopped])
SRV - [2007/07/24 16:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2008/07/25 12:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2002/07/17 02:03:00 | 00,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe -- (EPSONStatusAgent2 [Auto | Running])
SRV - [2008/07/29 22:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/11/15 11:45:34 | 00,029,744 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-061008-081103 [On_Demand | Stopped])
SRV - [2008/04/06 20:00:44 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2008/04/14 01:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2008/07/29 20:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/02/19 14:10:24 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [Disabled | Stopped])
SRV - [2008/12/29 17:48:54 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2008/07/29 20:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - File not found -- -- (NMIndexingService [Disabled | Stopped])
SRV - [2007/04/19 05:26:00 | 00,159,810 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2007/10/18 12:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
SRV - [2007/10/25 16:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])
SRV - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
========== Driver Services (SafeList) ==========
DRV - [2009/02/05 21:05:11 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4 [System | Running])
DRV - [2009/02/05 21:07:12 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys -- (aswFsBlk [Auto | Running])
DRV - [2009/02/05 21:08:10 | 00,094,032 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2 [Auto | Running])
DRV - [2009/02/05 21:06:10 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr [On_Demand | Running])
DRV - [2009/02/05 21:07:23 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP [System | Running])
DRV - [2009/02/05 21:06:20 | 00,051,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi [System | Running])
DRV - [2004/10/19 11:39:26 | 00,020,096 | ---- | M] (IVT Corporation) -- C:\WINDOWS\system32\DRIVERS\blueletaudio.sys -- (BlueletAudio [On_Demand | Stopped])
DRV - [2004/09/21 18:15:34 | 00,010,804 | ---- | M] (IVT Corporation) -- C:\WINDOWS\system32\DRIVERS\btnetdrv.sys -- (BT [On_Demand | Stopped])
DRV - [2004/12/01 17:55:32 | 00,022,488 | ---- | M] (IVT Corporation) -- C:\WINDOWS\System32\Drivers\btcusb.sys -- (Btcsrusb [On_Demand | Stopped])
DRV - [2004/09/21 18:18:02 | 00,011,604 | ---- | M] () -- C:\WINDOWS\system32\DRIVERS\vbtenum.sys -- (BTHidEnum [On_Demand | Stopped])
DRV - [2004/10/19 13:40:56 | 00,028,207 | ---- | M] (IVT Corporation) -- C:\WINDOWS\System32\Drivers\BTHidMgr.sys -- (BTHidMgr [Boot | Stopped])
DRV - [2006/06/09 22:58:22 | 01,373,120 | ---- | M] (C-Media Inc) -- C:\WINDOWS\system32\drivers\cmuda.sys -- (cmuda [On_Demand | Running])
DRV - [2001/08/27 15:29:26 | 00,050,528 | ---- | M] (SCM Microsystems Inc.) -- C:\WINDOWS\system32\DRIVERS\EUSBMSD.SYS -- (EUSBMSD [On_Demand | Stopped])
DRV - [2006/01/11 13:16:14 | 00,054,840 | ---- | M] (Radialpoint Inc.) -- C:\WINDOWS\System32\Drivers\FreeTdi.sys -- (FreeTdi [Auto | Running])
DRV - [2008/04/13 19:45:29 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\gameenum.sys -- (gameenum [On_Demand | Running])
DRV - [2006/09/19 15:44:04 | 00,015,664 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2008/07/26 12:07:46 | 00,005,248 | ---- | M] () -- C:\WINDOWS\system32\giveio.sys -- (giveio [On_Demand | Stopped])
DRV - [2001/08/17 14:28:02 | 00,907,456 | ---- | M] (Conexant) -- C:\WINDOWS\System32\DRIVERS\HCF_MSFT.sys -- (HCF_MSFT [On_Demand | Running])
DRV - [2004/11/22 17:36:40 | 00,018,003 | ---- | M] (Motive, Inc.) -- C:\Program Files\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5 [On_Demand | Stopped])
DRV - [2004/02/09 13:06:22 | 00,015,360 | ---- | M] (Motorola Inc.) -- C:\WINDOWS\system32\DRIVERS\NetMotCM.sys -- (ndiscm [On_Demand | Stopped])
DRV - [2007/04/19 05:26:00 | 03,988,384 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [1998/02/26 00:27:02 | 00,022,688 | ---- | M] () -- C:\WINDOWS\System32\drivers\PPSIO.SYS -- (ppsio [Auto | Running])
DRV - [2002/08/29 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Stopped])
DRV - [2007/07/27 00:06:18 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2009/04/06 15:41:26 | 00,056,808 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportKELL.sys -- (RapportKELL [System | Running])
DRV - [2009/04/06 15:41:26 | 00,089,192 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG [System | Running])
DRV - [2002/08/29 13:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Drivers\RootMdm.sys -- (ROOTMODEM [On_Demand | Stopped])
DRV - [2007/11/13 11:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2004/06/28 13:08:56 | 00,042,752 | ---- | M] (Prolific Technology Inc.) -- C:\WINDOWS\system32\DRIVERS\ser2pl.sys -- (Ser2pl [On_Demand | Stopped])
DRV - [2003/02/20 02:18:36 | 00,036,608 | R--- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\SISAGPX.sys -- (SISAGP [Boot | Running])
DRV - [2003/03/25 10:50:46 | 00,004,096 | R--- | M] (Silicon Integrated Systems Corp.) -- C:\WINDOWS\system32\DRIVERS\siside.sys -- (SiSide [Boot | Running])
DRV - [2002/10/17 08:14:46 | 00,049,024 | R--- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\system32\drivers\sisidex.sys -- (sisidex [Boot | Running])
DRV - [2002/07/10 16:39:34 | 00,032,256 | R--- | M] (SiS Corporation) -- C:\WINDOWS\System32\DRIVERS\sisnic.sys -- (SISNIC [On_Demand | Running])
DRV - [2002/08/20 10:19:08 | 00,009,472 | R--- | M] (Silicon Integrated Systems Corp.) -- C:\WINDOWS\system32\drivers\sisperf.sys -- (sisperf [Boot | Stopped])
DRV - [2001/08/17 13:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS -- (SONYPVU1 [On_Demand | Stopped])
DRV - [2004/08/06 15:33:52 | 00,068,204 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Drivers\Stmp3Rec.sys -- (Stmp3Rec [On_Demand | Stopped])
DRV - [2008/09/25 12:33:16 | 00,043,552 | ---- | M] (RapidSolution Software AG) -- C:\WINDOWS\system32\drivers\tbhsd.sys -- (tbhsd [On_Demand | Stopped])
DRV - [2008/02/18 12:16:24 | 00,030,464 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
DRV - [2004/10/19 13:37:38 | 00,061,312 | ---- | M] (IVT Corporation) -- C:\WINDOWS\system32\DRIVERS\VComm.sys -- (VComm [On_Demand | Stopped])
DRV - [2004/11/05 11:39:08 | 00,082,148 | ---- | M] (IVT Corporation) -- C:\WINDOWS\System32\Drivers\VcommMgr.sys -- (VcommMgr [On_Demand | Stopped])
DRV - [2006/02/20 17:59:27 | 00,058,288 | R--- | M] (MCCI) -- C:\WINDOWS\system32\DRIVERS\w810bus.sys -- (w810bus [On_Demand | Stopped])
DRV - [2005/10/07 12:27:26 | 00,085,408 | ---- | M] (MCCI) -- C:\WINDOWS\system32\DRIVERS\w810mgmt.sys -- (w810mgmt [On_Demand | Stopped])
DRV - [2004/05/10 23:42:38 | 00,035,363 | ---- | M] () -- C:\WINDOWS\system32\windrvNT.sys -- (windrvNT [Auto | Running])
DRV - [2007/02/15 23:28:16 | 00,052,108 | ---- | M] () -- C:\WINDOWS\System32\drivers\XMS1563K.SYS -- (XMS1563K [Boot | Stopped])
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
[2008/07/04 23:26:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\mozilla\Extensions
[2008/07/04 23:26:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\mozilla\Extensions\home2@tomtom.com
O1 HOSTS File: (211 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 mozilla.com
O1 - Hosts: 127.0.0.1 www.mozilla.com
O1 - Hosts: 127.0.0.1 firefox.com
O1 - Hosts: 127.0.0.1 www.firefox.com
O1 - Hosts: 127.0.0.1 www.firefox2.com
O1 - Hosts: 127.0.0.1 firefox2.com
O1 - Hosts: 127.0.0.1 download.mozilla.com
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - Reg Error: Key error. File not found
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\msgr.en-us.en-gb\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll (Google Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [Broadbandadvisor.exe] "C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN (Virgin Broadband)
O4 - HKLM..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 (Microsoft Corporation)
O4 - HKLM..\Run: [Motive SmartBridge] C:\PROGRA~1\BLUEYO~2\SMARTB~1\blueyonder-istnotifier.exe (Motive Communications, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN (FUJI PHOTO FILM CO., LTD.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
O4 - HKCU..\Run: [Google Update] "C:\Documents and Settings\Paul\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c (Google Inc.)
O4 - HKCU..\Run: [Rapportexe] "C:\Program Files\Trusteer\Rapport\bin\RapportService.exe" -start -after_boot (Trusteer Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\blueyonder Instant Support Tool.lnk = C:\Program Files\blueyonder IST\bin\blueyonder-istconfig.exe (Telewest)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {083DB4B1-8108-42E3-AC45-A042C1631CA3} http://www.wayn.com/activex/WAYNImportOE.cab (ImportCtl Class)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {2A493D5F-8914-4D3E-8BF3-767F281862F4} http://sell.autotrader.co.uk/uk-ola/common/TraderMediaX.cab (TraderMediaImgX Control)
O16 - DPF: {3334504D-0000-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/mpeg4ax.cab (Reg Error: Key error.)
O16 - DPF: {4B48D5DF-9021-45F7-A240-60304302A215} http://download.microsoft.com/download/b/d.../WebCleaner.cab (Malicious Software Removal Tool)
O16 - DPF: {4E8A3661-FB5B-4AEF-BF60-B0E9712FAE49} http://www.fotowire.com/download/client/up...geUploader3.cab (Silverwire Image Uploader 3.0 Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebook.com/controls/Facebo...otoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DBFECB3F-B78F-442E-AE46-4952E6F17545} http://webalbum.bonusprint.com/UK/download...geUploader3.cab (Bonusprint Image Uploader Version 3.5)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/09/28 14:02:20 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/05/30 09:31:26 | 00,000,054 | -H-- | M] () - G:\autorun.in_2.org -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2009/05/20 16:34:16 | 00,000,000 | ---D | M]
O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)
========== Files/Folders - Created Within 30 Days ==========
[1 C:\Documents and Settings\Paul\Application Data\*.tmp files]
[2009/05/20 16:34:14 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Paul\Desktop\OTListIt2.exe
[2009/05/20 15:58:22 | 00,000,150 | ---- | C] () -- C:\WINDOWS\System32\lxd
[2009/05/20 14:35:10 | 00,000,873 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/20 14:29:48 | 02,967,800 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Paul\Desktop\mbam-setup.exe
[2009/05/20 14:25:02 | 00,396,288 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Paul\Desktop\HijackThis.exe
[2009/05/20 14:25:02 | 00,001,368 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\HijackThis.lnk
[2009/05/20 13:47:24 | 00,001,709 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/05/20 13:47:23 | 00,051,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/05/20 13:47:23 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/05/20 13:47:22 | 00,026,944 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/05/20 13:47:20 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2009/05/20 13:47:19 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/05/20 13:47:19 | 00,094,032 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/05/20 13:47:19 | 00,093,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/05/20 13:47:19 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/05/20 13:47:00 | 01,256,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/05/20 13:47:00 | 01,060,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71.dll
[2009/05/20 13:47:00 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx
[2009/05/20 13:46:57 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/05/20 09:02:33 | 10,732,70784 | -HS- | C] () -- C:\hiberfil.sys
[2009/05/19 22:54:07 | 00,000,000 | ---D | C] -- C:\Program Files\AskBarDis
[2009/05/19 13:33:18 | 01,337,216 | ---- | C] (Virgin Broadband) -- C:\Documents and Settings\Paul\Desktop\broadband_advisor.exe
[2009/05/19 06:02:27 | 00,010,806 | ---- | C] () -- C:\Documents and Settings\Paul\My Documents\avg scan1.csv
[2009/05/18 22:07:43 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Paul\Application Data\.#
[2009/05/18 20:23:05 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/05/18 16:40:34 | 00,000,000 | ---D | C] -- C:\Program Files\Virgin Broadband
[2009/05/18 06:14:43 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/05/17 22:17:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Local Settings\temp
[2009/05/17 22:15:14 | 00,389,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF32298.exe
[2009/05/13 13:12:02 | 00,082,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ws2_32.dll
[2009/04/24 15:02:04 | 00,003,627 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\my nanning address.doc
[2009/02/13 16:35:56 | 00,000,197 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/07/26 12:07:46 | 00,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
[2008/06/18 14:59:56 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/02/21 03:05:44 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/02/21 03:04:16 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/02/21 03:04:16 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/02/21 03:03:24 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/07/11 23:42:45 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/04/19 05:26:00 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/04/19 05:26:00 | 01,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/04/19 05:26:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/04/19 05:26:00 | 00,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2007/04/19 05:26:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/04/19 05:26:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/04/19 05:26:00 | 00,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2007/02/20 19:31:35 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\suppdll.dll
[2007/02/20 19:31:35 | 00,035,363 | ---- | C] () -- C:\WINDOWS\System32\windrvNT.sys
[2007/02/15 23:28:16 | 00,052,108 | ---- | C] () -- C:\WINDOWS\System32\drivers\XMS1563K.SYS
[2007/01/18 00:26:34 | 00,003,982 | ---- | C] () -- C:\WINDOWS\kj01d.sys
[2007/01/18 00:14:42 | 00,000,225 | ---- | C] () -- C:\WINDOWS\z56k2.ini
[2006/09/16 09:25:53 | 00,013,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\BTNetFilter.sys
[2006/09/16 09:25:53 | 00,011,604 | ---- | C] () -- C:\WINDOWS\System32\drivers\vbtenum.sys
[2005/09/19 21:56:03 | 00,000,070 | ---- | C] () -- C:\WINDOWS\849A615D.ini
[2005/08/24 21:54:06 | 00,007,207 | R--- | C] () -- C:\WINDOWS\Disktool.INI
[2005/08/24 21:54:06 | 00,006,399 | R--- | C] () -- C:\WINDOWS\fwupgrade.ini
[2005/08/24 21:54:06 | 00,003,677 | R--- | C] () -- C:\WINDOWS\SoundCon.INI
[2005/05/08 16:30:59 | 00,001,125 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2005/02/12 11:21:35 | 00,000,082 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI
[2005/01/10 20:59:31 | 00,000,619 | ---- | C] () -- C:\WINDOWS\taumon.INI
[2004/11/29 00:47:18 | 00,000,368 | ---- | C] () -- C:\WINDOWS\Gems.ini
[2004/11/29 00:41:08 | 00,000,594 | ---- | C] () -- C:\WINDOWS\cncscore.ini
[2004/11/28 23:36:03 | 00,000,268 | ---- | C] () -- C:\WINDOWS\ProgressiveTetrisOutline.ini
[2004/11/21 21:19:38 | 00,000,029 | ---- | C] () -- C:\WINDOWS\videoimp.ini
[2004/11/21 21:19:26 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2004/10/28 09:23:24 | 00,000,204 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2004/10/05 23:04:15 | 00,022,688 | ---- | C] () -- C:\WINDOWS\System32\drivers\PPSIO.SYS
[2004/10/04 20:28:37 | 00,000,022 | ---- | C] () -- C:\WINDOWS\exchng.ini
[2004/10/04 20:28:36 | 00,000,611 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/09/28 17:57:59 | 00,000,092 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI
[2004/09/28 17:57:59 | 00,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI
[2004/09/28 17:57:58 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
[2004/09/28 17:57:58 | 00,028,672 | ---- | C] () -- C:\WINDOWS\CMIRmDriver.dll
[2004/09/28 17:57:58 | 00,000,737 | ---- | C] () -- C:\WINDOWS\Wininit.ini
[2004/09/28 15:56:05 | 00,139,264 | R--- | C] () -- C:\WINDOWS\System32\IDEproperty.dll
[2004/09/28 15:55:16 | 00,032,768 | ---- | C] () -- C:\WINDOWS\SIS_LIB.DLL
[2004/09/28 15:54:59 | 00,001,918 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2004/09/28 15:54:58 | 00,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2004/09/16 14:26:40 | 00,012,634 | ---- | C] () -- C:\WINDOWS\System32\drivers\ADFUUD.SYS
[2004/09/16 14:26:40 | 00,012,634 | ---- | C] () -- C:\WINDOWS\ADFUUD.SYS
[2004/05/09 14:11:32 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2004/05/09 12:31:44 | 00,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2003/05/13 20:41:58 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\cdlock.dll
[2003/03/31 13:00:00 | 00,001,040 | ---- | C] () -- C:\WINDOWS\win.ini
[2003/03/31 13:00:00 | 00,000,284 | ---- | C] () -- C:\WINDOWS\system.ini
[2001/09/17 14:20:02 | 00,009,216 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[1996/11/17 01:00:00 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[1996/11/17 00:00:00 | 00,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
========== Files - Modified Within 30 Days ==========
[3 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[1 C:\Documents and Settings\Paul\Application Data\*.tmp files]
[2009/05/20 16:34:17 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Paul\Desktop\OTListIt2.exe
[2009/05/20 16:18:17 | 00,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/05/20 16:17:31 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/20 16:17:24 | 00,088,723 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/05/20 16:17:11 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Paul\Local Settings\desktop.ini
[2009/05/20 16:17:10 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/20 16:17:08 | 10,732,70784 | -HS- | M] () -- C:\hiberfil.sys
[2009/05/20 15:58:22 | 00,000,150 | ---- | M] () -- C:\WINDOWS\System32\lxd
[2009/05/20 15:21:26 | 00,000,920 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1343024091-2049760794-725345543-1004.job
[2009/05/20 14:35:10 | 00,000,873 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/20 14:29:54 | 02,967,800 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Paul\Desktop\mbam-setup.exe
[2009/05/20 14:25:02 | 00,396,288 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Paul\Desktop\HijackThis.exe
[2009/05/20 14:25:02 | 00,001,368 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\HijackThis.lnk
[2009/05/20 13:47:24 | 00,001,709 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/05/20 13:47:19 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/05/20 09:05:06 | 00,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{057867C1-E7FE-484E-AB48-8A3D0BB1497D}.job
[2009/05/19 16:40:09 | 00,001,040 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/05/19 16:40:09 | 00,000,284 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/05/19 16:40:09 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/05/19 13:33:23 | 01,337,216 | ---- | M] (Virgin Broadband) -- C:\Documents and Settings\Paul\Desktop\broadband_advisor.exe
[2009/05/19 06:02:27 | 00,010,806 | ---- | M] () -- C:\Documents and Settings\Paul\My Documents\avg scan1.csv
[2009/05/17 22:14:32 | 00,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF32298.exe
[2009/05/07 08:16:30 | 24,699,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/04/30 09:09:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/04/24 15:02:05 | 00,003,627 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\my nanning address.doc
========== LOP Check ==========
[2009/05/19 22:41:04 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2007/03/20 20:56:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2008/02/23 00:37:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2006/10/03 17:02:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2006/09/16 09:41:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bluetooth
[2008/04/06 20:00:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google
[2009/02/24 14:37:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/04/19 12:24:21 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2009/04/19 12:16:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2006/11/08 20:29:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Motive
[2004/09/29 21:37:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN6
[2008/10/19 21:07:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2007/07/11 22:33:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nero
[2008/12/09 18:54:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\nView_Profiles
[2005/01/30 17:55:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QuickTime
[2008/10/19 21:09:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RapidSolution
[2005/09/19 21:50:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2009/05/19 18:19:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Virgin Broadband
[2005/09/11 18:38:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2009/01/19 21:17:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WLInstaller
[2007/04/17 21:25:47 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data\yahoo!
[1 C:\Documents and Settings\Paul\Application Data\*.tmp files]
[2009/05/20 13:42:47 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\Paul\Application Data
[2009/05/20 13:42:51 | 00,000,000 | -HSD | M] -- C:\Documents and Settings\Paul\Application Data\.#
[2007/01/17 11:18:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\.TrueSwordSettings
[2008/06/27 09:37:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Adobe
[2006/04/24 00:22:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\AdobeUM
[2007/07/11 23:43:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Ahead
[2006/10/14 10:49:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Apple Computer
[2004/12/03 10:35:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\CyberScrub
[2007/08/16 20:24:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\DivX
[2009/01/15 17:58:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\FrostWire
[2004/11/21 21:24:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\FUJIFILM
[2008/04/07 17:50:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Google
[2008/09/28 11:35:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Help
[2004/09/28 14:42:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Identities
[2008/10/06 09:47:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\InstallShield
[2005/09/11 18:30:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Lavasoft
[2006/02/17 14:39:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Leadertech
[2009/05/03 23:34:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\LimeWire
[2005/09/11 18:21:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Macromedia
[2009/05/19 18:01:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\MailWasher
[2009/02/24 14:38:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Malwarebytes
[2007/07/03 05:16:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Microgaming
[2009/02/03 20:44:39 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Paul\Application Data\Microsoft
[2007/01/18 16:15:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Motive
[2009/04/07 17:10:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Mozilla
[2009/01/20 20:42:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\MSN6
[2006/10/15 10:40:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\MyFamily.com
[2009/03/24 13:52:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Real
[2007/02/18 22:05:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Recycle.{645FF040-5081-101B-9F08-00AA002F954E}
[2008/10/19 17:44:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Roxio
[2004/10/17 12:15:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Sun
[2004/09/29 12:31:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Symantec
[2006/08/13 11:38:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Telewest
[2008/12/19 19:20:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\TomTom
[2009/04/16 17:31:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Trusteer
[2009/05/19 18:19:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Virgin Broadband
[2005/06/08 22:59:03 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Paul\Application Data\yahoo!
[2009/04/30 09:09:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2009/02/01 20:17:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job
[2009/02/01 20:17:01 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job
[2009/02/01 20:17:01 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job
[2009/02/01 20:17:01 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job
[2009/02/01 20:17:02 | 00,000,282 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job
[2003/03/31 13:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/05/20 15:21:26 | 00,000,920 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1343024091-2049760794-725345543-1004.job
[2009/05/20 16:17:31 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
[2009/05/20 09:05:06 | 00,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{057867C1-E7FE-484E-AB48-8A3D0BB1497D}.job
========== Purity Check ==========
< End of report >
OTListIt Extras logfile created on: 20/05/2009 16:36:33 - Run 1
OTListIt2 by OldTimer - Version 2.0.15.8 Folder = C:\Documents and Settings\Paul\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
1023.48 Mb Total Physical Memory | 599.36 Mb Available Physical Memory | 58.56% Memory free
1.65 Gb Paging File | 1.27 Gb Available in Paging File | 76.81% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 38.28 Gb Total Space | 5.81 Gb Free Space | 15.19% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 19.10 Gb Total Space | 8.23 Gb Free Space | 43.11% Space Free | Partition Type: NTFS
Drive G: | 149.01 Gb Total Space | 139.45 Gb Free Space | 93.58% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: HOME
Current User Name: Paul
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Output = Standard
File Age = 30 Days
Company Name Whitelist: On
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007/10/18 12:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2007/10/02 18:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/14 01:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Disabled:Windows Messenger
[2008/04/14 01:12:25 | 01,414,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console
[2004/12/21 11:39:40 | 01,044,480 | ---- | M] (IVT Corporation) -- C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil
[2005/10/31 16:56:00 | 00,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe:*:Disabled:LimeWire swarmed installer
[2004/03/28 19:46:44 | 01,340,928 | ---- | M] (Gabest) -- C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe:*:Enabled:Media Player Classic
[2008/04/13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/02/19 14:10:26 | 19,897,640 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
[2007/10/18 12:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2007/10/02 18:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)
[2008/04/19 10:02:39 | 00,214,560 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer
[2008/09/18 18:50:22 | 00,147,456 | ---- | M] (Lime Wire, LLC) -- G:\limewire\LimeWire.exe:*:Enabled:LimeWire
[2009/03/24 18:33:40 | 03,985,104 | ---- | M] (Google) -- C:\Documents and Settings\Paul\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin
[2009/03/24 17:55:30 | 00,083,440 | ---- | M] (Google) -- C:\Documents and Settings\Paul\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin
[2007/07/24 16:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Disabled:Bonjour
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24ED4D80-8294-11D5-96CD-0040266301AD}" = FinePixViewer Ver.2.0
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{307780E3-1720-4310-AF3C-13771E069677}" = Samsung PC Studio II PIMS & File Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{44734179-8A79-4DEE-BB08-73037F065543}" = Apple Mobile Device Support
"{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}" = Bonjour
"{5012BC0C-7E1A-329A-8F02-B6846070C5F8}" = Google Talk Plugin
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{5490882C-6961-11D5-BAE5-00E0188E010B}" = FUJIFILM USB Driver
"{56364334-9530-11D2-BFFC-00C04FA329AA}" = Microsoft Works 2000
"{5BBFB0E4-2250-49C3-A8A3-65BE2197D13B}" = MP3 Player Utilities
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{80FD852F-5AAC-4129-B931-06AAFFA43138}" = iTunes
"{8A793FC6-6DF5-11DD-BB6A-00018021113F}" = EPSON PhotoQuicker3.4
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{900A92BA-19EF-4A34-86CF-7B6C85BDD971}" = VC_MergeModuleToMSI
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4D7B764-4140-11D4-88EB-0050DA3579C0}" = Nero - Burning Rom
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{AC76BA86-7AD7-1033-7B44-A70700000002}" = Adobe Reader 7.0.7
"{B02B8E30-EB28-49B0-A60F-696268BAE033}" = iPod System Software Updater 2.1
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}" = PixiePack Codec Pack
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{B9987754-9A14-4B61-ABB3-73A79503238D}" = iPod for Windows User Guide
"{B9F499B8-D1F0-42FC-84BE-CC552123CCCB}" = BlueSoleil
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BFD96B89-B769-4CD6-B11E-E79FFD46F067}" = QuickTime
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{F2F4C144-7D1A-47C4-9D53-395A57B0CD64}" = Family Tree Maker 2006
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"Ask Toolbar_is1" = Ask Toolbar
"AskSBar Uninstall" = Ask Toolbar
"Audacity_is1" = Audacity 1.2.6
"avast!" = avast! Antivirus
"blueyonder.MCCInstall" = blueyonder Instant Support Tool
"C-Media Audio" = C-Media 3D Audio
"C-Media Audio Driver" = C-Media WDM Audio Driver
"CyberScrub Trial Edition 3.5" = CyberScrub Trial Edition 3.5
"EPSON Printer and Utilities" = EPSON Printer Software
"ES C43 PSolver" = ES C43 Problem Solver
"FLV Player2.0 " = FLV Player
"Google Desktop" = Google Desktop
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{B02B8E30-EB28-49B0-A60F-696268BAE033}" = iPod System Software Updater 2.1
"InstallShield_{B9987754-9A14-4B61-ABB3-73A79503238D}" = iPod for Windows User Guide
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 1.02
"MailWasher_is1" = MailWasher
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Toolbar" = MSN Toolbar
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Paint Shop Pro 4.14" = Paint Shop Pro 4.14
"Picasa2" = Picasa 2
"RadialpointClientGateway_is1" = Virgin Broadband advisor 1.5.24
"Rapport_is1" = Rapport
"RealPlayer 6.0" = RealPlayer
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"SimpleToolbar" = SimpleToolbar
"SiSLan" = SiS 900 PCI Fast Ethernet Adapter Driver
"SSC Service Utility_is1" = SSC Service Utility v4.30
"ST6UNST #1" = WINFOREX
"TomTom HOME" = TomTom HOME 2.5.2.60
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Photos Drag-Drop Uploader 1v6" = Yahoo! Photos Easy Upload Tool 1v6
"Yahoo! Photos Drag-Drop Uploader 1v7" = Yahoo! Photos Easy Upload Tool 1v7
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Folder Lock" = Folder Lock
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 18/05/2009 19:10:59 | Computer Name = HOME | Source = Google Update | ID = 20
Description =
Error - 18/05/2009 20:10:57 | Computer Name = HOME | Source = Google Update | ID = 20
Description =
Error - 18/05/2009 21:10:57 | Computer Name = HOME | Source = Google Update | ID = 20
Description =
Error - 18/05/2009 22:10:57 | Computer Name = HOME | Source = Google Update | ID = 20
Description =
Error - 18/05/2009 23:10:58 | Computer Name = HOME | Source = Google Update | ID = 20
Description =
Error - 19/05/2009 00:10:59 | Computer Name = HOME | Source = Google Update | ID = 20
Description =
Error - 19/05/2009 08:54:15 | Computer Name = HOME | Source = WinMgmt | ID = 24
Description = Event provider attempted to register query "SELECT * FROM PDEvent"
whose target class "PDEvent" does not exist. The query will be ignored.
Error - 19/05/2009 12:01:23 | Computer Name = HOME | Source = Google Update | ID = 20
Description =
Error - 19/05/2009 12:55:26 | Computer Name = HOME | Source = Google Update | ID = 20
Description =
Error - 19/05/2009 13:16:52 | Computer Name = HOME | Source = WinMgmt | ID = 24
Description = Event provider attempted to register query "SELECT * FROM PDEvent"
whose target class "PDEvent" does not exist. The query will be ignored.
[ System Events ]
Error - 20/05/2009 04:02:53 | Computer Name = HOME | Source = Service Control Manager | ID = 7000
Description = The Security Services Driver (x86) service failed to start due to
the following error: %%2
Error - 20/05/2009 08:11:55 | Computer Name = HOME | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)
Error - 20/05/2009 08:11:55 | Computer Name = HOME | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.
Error - 20/05/2009 08:26:55 | Computer Name = HOME | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 30 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)
Error - 20/05/2009 08:26:55 | Computer Name = HOME | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 29 minutes. NtpClient has no source of accurate
time.
Error - 20/05/2009 08:49:23 | Computer Name = HOME | Source = Service Control Manager | ID = 7000
Description = The FILELOCK service failed to start due to the following error: %%2
Error - 20/05/2009 08:49:23 | Computer Name = HOME | Source = Service Control Manager | ID = 7000
Description = The Security Services Driver (x86) service failed to start due to
the following error: %%2
Error - 20/05/2009 11:17:46 | Computer Name = HOME | Source = Service Control Manager | ID = 7000
Description = The FILELOCK service failed to start due to the following error: %%2
Error - 20/05/2009 11:17:46 | Computer Name = HOME | Source = Service Control Manager | ID = 7000
Description = The Security Services Driver (x86) service failed to start due to
the following error: %%2
Error - 20/05/2009 11:17:46 | Computer Name = HOME | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
gagp30kx PCIIde sisperf
< End of report >
Results of screen317's Security Check version 0.98.3
Windows XP Service Pack 3
``````````````````````````````
Antivirus/Firewall Check:
``````````````````````````````
Windows Firewall Enabled!
avast!Antivirus
``````````````````````````````
Anti-malware/Other Utilities Check:
``````````````````````````````
Malwarebytes' Anti-Malware
HijackThis 2.0.2
Java™ 6 Update 11
Java™ 6 Update 3
Out of date Java installed!
``````````````````````````````
Process Check:
objlist.exe by Laurent
``````````````````````````````
Alwil Software Avast4 aswUpdSv.exe
Alwil Software Avast4 ashServ.exe
ALWILS~1 Avast4 ashDisp.exe
Alwil Software Avast4 ashMaiSv.exe
Alwil Software Avast4 ashWebSv.exe
``````````````````````````````
DNS Vulnerability Check:
``````````````````````````````
GREAT! (Very random)
Scan took 22 seconds.
`````````End of Log```````````
many thanks paul