Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Not sure what virus


  • This topic is locked This topic is locked
48 replies to this topic

#1 bazza.a

bazza.a

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:35 AM

Posted 24 August 2011 - 02:31 PM

Hi
the laptop my sons use recently started acting slow not loading pages etc so thought I'd do some maintenance,ran bootime scan (avast) which found nothing, ran superanti-spyware and Mbam in safe mode which both caused a shut down,followed your guide ran defogger and dds but GMER caused a BSOD and re-boot, tried to do this on their laptop but just wouldn't post,thanks in advance (DDS and Attach)
Bazza

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by sworthin at 16:51:10 on 2011-08-24
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.703.253 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *Enabled*
.
============== Running Processes ===============
.
C:\Program Files\Mamutu\a2service.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\windows\system\hpsysdrv.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRAM FILES\MAMUTU\mamutu.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\sworthin\Desktop\WLANUTL.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.orange.co.uk/
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [Mamutu Guard] "c:\program files\mamutu\mamutu.exe" /silent
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {9732FB42-C321-11D1-836F-00A0C993F125} - hxxp://pcpitstop.com/mhLbl.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37951.2587847222
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{1A4EAD82-EFFA-431C-A053-276030FC7786} : DhcpNameServer = 192.168.0.1
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\sworthin\application data\mozilla\firefox\profiles\vb2kxzul.default\
FF - prefs.js: browser.startup.homepage - hxxp://web.orange.co.uk/p/communicate/home
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
.
---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 750
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
============= SERVICES / DRIVERS ===============
.
R1 a2injectiondriver;a2injectiondriver;c:\program files\mamutu\a2dix86.sys [2011-7-14 41928]
R1 a2util;a-squared Malware-IDS utility driver;c:\program files\mamutu\a2util32.sys [2011-7-14 11776]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-5-28 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-8-2 309848]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R1 uziznzu5;AVZ-RK Kernel Driver;c:\windows\system32\drivers\uziznzu5.sys [2011-7-2 11264]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2010-8-2 532224]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-8-2 19544]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-2 42184]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-7-8 233472]
R2 Iprip;RIP Listener;c:\windows\system32\svchost.exe -k netsvcs [2002-8-29 14336]
R2 Mamutu;Mamutu Service;c:\program files\mamutu\a2service.exe [2011-7-14 2978720]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R3 a2acc;a2acc;c:\program files\mamutu\a2accx86.sys [2011-7-14 73728]
R3 CALIAUD;Conexant AMC 3D Environmental Audio;c:\windows\system32\drivers\caliaud.sys [2004-2-17 292352]
R3 CALIHALA;CALIHALA;c:\windows\system32\drivers\calihal.sys [2004-2-17 273536]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-7-8 36608]
R3 WlanUIG;EDUP 802.11g Wireless LAN USB Adapter Driver;c:\windows\system32\drivers\WlanUIG.sys [2010-7-18 376224]
S1 SABKUTIL;SABKUTIL;\??\c:\program files\superantispyware\sabkutil.sys --> c:\program files\superantispyware\SABKUTIL.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 UI Assistant Service;UI Assistant Service;c:\program files\t-mobile mobile broadband manager\assistantservices.exe --> c:\program files\t-mobile mobile broadband manager\AssistantServices.exe [?]
S3 ALiIRDA;ALi Infrared Device Driver;c:\windows\system32\drivers\aliirda.sys [2003-4-7 26112]
S3 DP83815;National Semiconductor Corp. DP83815/816 NDIS 5.0 Miniport Driver;c:\windows\system32\drivers\DP83815.sys [2004-7-15 18432]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-2-2 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-2-2 8456]
S3 LEX_NIC_SERVICE;IEEE 802.11 Wireless NIC Win2000 Driver;c:\windows\system32\drivers\Express.sys [2003-4-7 57344]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys --> c:\windows\system32\drivers\massfilter.sys [?]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-7-18 22712]
S3 USBNET_XP;Instant Wireless XP USB Network Adapter ver.2.6 Driver;c:\windows\system32\drivers\netusbxp.sys [2011-3-28 72576]
S3 utiznzu5;AVZ Kernel Driver;\??\c:\windows\system32\drivers\utiznzu5.sys --> c:\windows\system32\drivers\utiznzu5.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2002-8-29 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-7-18 366640]
S4 PuranDefrag;PuranDefrag;c:\windows\system32\PuranDefragS.exe [2011-7-3 229376]
.
=============== Created Last 30 ================
.
2011-08-16 10:18:16 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys
2011-08-15 20:04:11 139656 ------w- c:\windows\system32\dllcache\rdpwd.sys
2011-08-05 22:26:30 388096 ----a-r- c:\documents and settings\sworthin\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-07-26 11:36:30 -------- dc-h--w- c:\documents and settings\all users\application data\{09A359E3-1191-4CB0-AA60-38A84C758D70}
2011-07-26 11:36:24 -------- d-----w- c:\program files\AntiLogger
.
==================== Find3M ====================
.
2011-08-22 15:14:21 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-19 08:31:58 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-06 18:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 18:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-04 11:43:53 40112 ----a-w- c:\windows\avastSS.scr
2011-07-04 11:36:43 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-02 21:16:26 11264 ----a-w- c:\windows\system32\drivers\uziznzu5.sys
2011-06-24 14:10:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36:30 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:36:30 43520 ------w- c:\windows\system32\licmgr10.dll
2011-06-23 18:36:30 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05:13 385024 ------w- c:\windows\system32\html.iec
2011-06-20 17:44:52 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 16:55:38.75 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,604 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:35 PM

Posted 29 August 2011 - 02:35 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/415945 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 bazza.a

bazza.a
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:35 AM

Posted 29 August 2011 - 04:02 PM

Hi,
yes I still need help,I haven't tried to remove anything since I first posted,I downloaded again GMER (in case it's a newer version) tried to run it twice, both times it caused a bsod and restart,am posting DDS logs, I don't have any discs for the operating system
thanks
Bazza

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Owner at 21:45:24 on 2011-08-29
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.703.296 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *Enabled*
.
============== Running Processes ===============
.
C:\Program Files\Mamutu\a2service.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\windows\system\hpsysdrv.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRAM FILES\MAMUTU\mamutu.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.orange.co.uk/
uURLSearchHooks: H - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [Mamutu Guard] "c:\program files\mamutu\mamutu.exe" /silent
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {9732FB42-C321-11D1-836F-00A0C993F125} - hxxp://pcpitstop.com/mhLbl.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37951.2587847222
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{0D918FE2-6D40-4D8E-B480-1A9D1590938B} : DhcpNameServer = 192.168.0.1
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\u5fp1thb.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.orange.co.uk/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
.
============= SERVICES / DRIVERS ===============
.
R1 a2injectiondriver;a2injectiondriver;c:\program files\mamutu\a2dix86.sys [2011-7-14 41928]
R1 a2util;a-squared Malware-IDS utility driver;c:\program files\mamutu\a2util32.sys [2011-7-14 11776]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-5-28 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-8-2 309848]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R1 uziznzu5;AVZ-RK Kernel Driver;c:\windows\system32\drivers\uziznzu5.sys [2011-7-2 11264]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2010-8-2 532224]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-8-2 19544]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-2 42184]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-7-8 233472]
R2 Iprip;RIP Listener;c:\windows\system32\svchost.exe -k netsvcs [2002-8-29 14336]
R2 Mamutu;Mamutu Service;c:\program files\mamutu\a2service.exe [2011-7-14 2978720]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R3 a2acc;a2acc;c:\program files\mamutu\a2accx86.sys [2011-7-14 73728]
R3 CALIAUD;Conexant AMC 3D Environmental Audio;c:\windows\system32\drivers\caliaud.sys [2004-2-17 292352]
R3 CALIHALA;CALIHALA;c:\windows\system32\drivers\calihal.sys [2004-2-17 273536]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-7-8 36608]
R3 USBNET_XP;Instant Wireless XP USB Network Adapter ver.2.6 Driver;c:\windows\system32\drivers\netusbxp.sys [2011-3-28 72576]
S1 SABKUTIL;SABKUTIL;\??\c:\program files\superantispyware\sabkutil.sys --> c:\program files\superantispyware\SABKUTIL.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 UI Assistant Service;UI Assistant Service;c:\program files\t-mobile mobile broadband manager\assistantservices.exe --> c:\program files\t-mobile mobile broadband manager\AssistantServices.exe [?]
S3 ALiIRDA;ALi Infrared Device Driver;c:\windows\system32\drivers\aliirda.sys [2003-4-7 26112]
S3 DP83815;National Semiconductor Corp. DP83815/816 NDIS 5.0 Miniport Driver;c:\windows\system32\drivers\DP83815.sys [2004-7-15 18432]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-2-2 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-2-2 8456]
S3 LEX_NIC_SERVICE;IEEE 802.11 Wireless NIC Win2000 Driver;c:\windows\system32\drivers\Express.sys [2003-4-7 57344]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys --> c:\windows\system32\drivers\massfilter.sys [?]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-7-18 22712]
S3 utiznzu5;AVZ Kernel Driver;\??\c:\windows\system32\drivers\utiznzu5.sys --> c:\windows\system32\drivers\utiznzu5.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2002-8-29 14336]
S3 WlanUIG;EDUP 802.11g Wireless LAN USB Adapter Driver;c:\windows\system32\drivers\WlanUIG.sys [2010-7-18 376224]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-7-18 366640]
S4 PuranDefrag;PuranDefrag;c:\windows\system32\PuranDefragS.exe [2011-7-3 229376]
.
=============== Created Last 30 ================
.
2011-08-16 10:18:16 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys
2011-08-15 20:04:11 139656 ------w- c:\windows\system32\dllcache\rdpwd.sys
.
==================== Find3M ====================
.
2011-08-22 15:14:21 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-19 08:31:58 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-06 18:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 18:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-04 11:43:53 40112 ----a-w- c:\windows\avastSS.scr
2011-07-04 11:36:43 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-02 21:16:26 11264 ----a-w- c:\windows\system32\drivers\uziznzu5.sys
2011-06-24 14:10:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36:30 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:36:30 43520 ------w- c:\windows\system32\licmgr10.dll
2011-06-23 18:36:30 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05:13 385024 ------w- c:\windows\system32\html.iec
2011-06-20 17:44:52 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 21:52:05.75 ===============

Attached Files



#4 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:08:35 PM

Posted 30 August 2011 - 02:46 PM

Hi,

Welcome to Bleeping Computer.

My name is Shannon and I will be working with you to remove the malware that is on your machine.

I apologize for the delay in replying to your post, but this forum is extremely busy.

Please Track this topic - On the top right on this tread, click on the Watch Topic button, click on 'Immediate Email Notification', and then click on the Proceed button at the bottom.

Do Not make any changes on your own to the infected computer.

Please set your system to show all files.
Click Start, open My Computer, select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.

Now, let's look more thoroughly at the infected computer -

We need to see some information about what is happening in your machine. Please perform the following scan:
  • We need to create an OTL Report
  • Please download OTL from here:
  • Main Mirror
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "Use SafeList"
  • Push the Posted Image button.
  • Two reports will open, copy and paste them into your reply:
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

Next, please download Rootkit Unhooker from one of the following links and save it to your desktop.
Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)
In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".

Once you have the above logs, click on the Add Reply button below, copy in the contents of the two OTL logs and the RKU log. Also include any comments that you might have concerning the infection(s) and the infected computer.
Shannon

#5 bazza.a

bazza.a
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:35 AM

Posted 30 August 2011 - 04:56 PM

Hi Shannon,
thanks for the help,this takes awhile as i'm downloading tools from my laptop to instal on the infected one via mem stick, ran OTL and am posting logs,also am watching topic (butoon only says stop watching)made all files visible, however downloaded RKunhooker (ZIP and RAR) when i ran rar version i got message (02 error loading data file) and when I ran the unzipped version i got a BSOD and restart, I tried twice with both uncompressed programs and got same result both times,anyway here's the logs
thanks
Bazza

OTL logfile created on: 30/08/2011 21:50:04 - Run 2
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Documents and Settings\sworthin\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

702.98 Mb Total Physical Memory | 443.77 Mb Available Physical Memory | 63.13% Memory free
1.15 Gb Paging File | 0.92 Gb Available in Paging File | 80.43% Paging File free
Paging file location(s): C:\pagefile.sys 512 1024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.18 Gb Total Space | 10.18 Gb Free Space | 29.79% Space Free | Partition Type: NTFS
Drive E: | 40.35 Gb Total Space | 40.23 Gb Free Space | 99.70% Space Free | Partition Type: NTFS
Drive F: | 1.89 Gb Total Space | 1.34 Gb Free Space | 71.05% Space Free | Partition Type: FAT

Computer Name: SIMON | User Name: sworthin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\sworthin\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mamutu\a2service.exe (Emsi Software GmbH)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\WINDOWS\system32\FsUsbExService.Exe (Teruten)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
PRC - C:\WINDOWS\system32\HPConfig.exe (Hewlett-Packard)
PRC - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe (Hewlett-Packard Co.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Alwil Software\Avast5\defs\11083001\algo.dll ()
MOD - C:\Program Files\Alwil Software\Avast5\defs\11083001\aswRep.dll ()


========== Win32 Services (SafeList) ==========

SRV - (UI Assistant Service) -- File not found
SRV - (iPod Service) -- File not found
SRV - (HidServ) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (Mamutu) -- C:\Program Files\Mamutu\a2service.exe (Emsi Software GmbH)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (vsmon) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SRV - (FsUsbExService) -- C:\WINDOWS\system32\FsUsbExService.Exe (Teruten)
SRV - (p2pgasvc) -- C:\WINDOWS\system32\p2pgasvc.dll (Microsoft Corporation)
SRV - (Iprip) -- C:\WINDOWS\system32\iprip.dll (Microsoft Corporation)
SRV - (HPConfig) -- C:\WINDOWS\system32\HPConfig.exe (Hewlett-Packard)
SRV - (HPWirelessMgr) -- C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe (Hewlett-Packard Co.)


========== Driver Services (SafeList) ==========

DRV - (a2acc) -- C:\Program Files\Mamutu\a2accx86.sys (Emsi Software GmbH)
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (uziznzu5) -- C:\WINDOWS\system32\drivers\uziznzu5.sys ()
DRV - (a2injectiondriver) -- C:\Program Files\Mamutu\a2dix86.sys (Emsi Software GmbH)
DRV - (epmntdrv) -- C:\WINDOWS\system32\epmntdrv.sys ()
DRV - (EuGdiDrv) -- C:\WINDOWS\system32\EuGdiDrv.sys ()
DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Check Point Software Technologies LTD)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (a2util) -- C:\Program Files\Mamutu\a2util32.sys (Emsi Software GmbH)
DRV - (FsUsbExDisk) -- C:\WINDOWS\system32\FsUsbExDisk.Sys ()
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation)
DRV - (BANTExt) -- C:\WINDOWS\System32\Drivers\BANTExt.sys ()
DRV - (sscdmdm) -- C:\WINDOWS\system32\drivers\sscdmdm.sys (MCCI Corporation)
DRV - (sscdmdfl) -- C:\WINDOWS\system32\drivers\sscdmdfl.sys (MCCI Corporation)
DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\WINDOWS\system32\drivers\sscdbus.sys (MCCI Corporation)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSFHWALI) -- C:\WINDOWS\system32\drivers\HSFHWALI.sys (Conexant Systems, Inc.)
DRV - (DP83815) -- C:\WINDOWS\system32\drivers\DP83815.sys (National Semiconductor Corp.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (MDC8021X) AEGIS Protocol (IEEE 802.1x) -- C:\WINDOWS\system32\drivers\mdc8021x.sys (Meetinghouse Data Communications)
DRV - (PCANDIS5) -- C:\WINDOWS\system32\PCANDIS5.SYS (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (WlanUIG) -- C:\WINDOWS\system32\drivers\WlanUIG.sys ( )
DRV - (CALIHALA) -- C:\WINDOWS\system32\drivers\calihal.sys (Conexant Systems Inc.)
DRV - (CALIAUD) -- C:\WINDOWS\system32\drivers\caliaud.sys (Conexant Systems Inc.)
DRV - (StreamDispatcher) -- C:\WINDOWS\system32\drivers\strmdisp.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\bcmwl5.sys (Belkin Corporation)
DRV - (LEX_NIC_SERVICE) -- C:\WINDOWS\system32\drivers\Express.sys (LAN-Express)
DRV - (Aspi32) -- C:\WINDOWS\System32\drivers\ASPI32.SYS (Adaptec)
DRV - (caboagp) -- C:\WINDOWS\System32\DRIVERS\atisgkaf.sys (ATI Technologies Inc.)
DRV - (HPCI) -- C:\WINDOWS\system32\drivers\hpci.sys (Hewlett-Packard)
DRV - (USBNET_XP) -- C:\WINDOWS\system32\drivers\netusbxp.sys (The LinkSys Group, Inc.)
DRV - (ALiIRDA) -- C:\WINDOWS\system32\drivers\aliirda.sys (Acer Laboratories Inc.)
DRV - (atimpab) -- C:\WINDOWS\system32\drivers\atimpab.sys (ATI Technologies Inc.)
DRV - (allegro) ESS Allegro Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\es198x.sys (ESS Technology, Inc.)
DRV - (CE3) -- C:\WINDOWS\system32\drivers\CE3N5.SYS (Xircom, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://autoconfig.cpqcorp.net

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://autoconfig.cpqcorp.net

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://autoconfig.cpqcorp.net

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://autoconfig.cpqcorp.net

IE - HKU\S-1-5-21-3532832697-4035846255-1194078510-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.co.uk/
IE - HKU\S-1-5-21-3532832697-4035846255-1194078510-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://web.orange.co.uk/p/communicate/home"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {ab91efd4-6975-4081-8552-1b3922ed79e2}:1.0.5.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\T-Mobile Mobile Broadband Manager\addon
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/08/20 09:30:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/08 19:50:13 | 000,000,000 | ---D | M]

[2010/07/23 17:51:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\sworthin\Application Data\Mozilla\Extensions
[2011/07/27 22:03:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\sworthin\Application Data\Mozilla\Firefox\Profiles\vb2kxzul.default\extensions
[2010/07/25 13:17:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\sworthin\Application Data\Mozilla\Firefox\Profiles\vb2kxzul.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/11/18 09:12:13 | 000,000,000 | ---D | M] (HP Detect) -- C:\Documents and Settings\sworthin\Application Data\Mozilla\Firefox\Profiles\vb2kxzul.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}
[2011/07/03 16:56:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/14 18:10:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/01/04 23:27:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/07/03 16:56:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\SWORTHIN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\VB2KXZUL.DEFAULT\EXTENSIONS\{D09E32DF-8610-4B33-B929-1E631B764130}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\SWORTHIN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\VB2KXZUL.DEFAULT\EXTENSIONS\STATUS4EVAR@CALIGONSTUDIOS.COM.XPI
[2011/01/04 23:26:24 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/08/20 09:30:20 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/08/01 23:03:45 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2011/06/08 19:49:52 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/06/08 19:49:52 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/06/08 19:49:52 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/06/08 19:49:52 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/06/08 19:49:52 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/07/03 14:50:12 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [Mamutu Guard] C:\PROGRAM FILES\MAMUTU\mamutu.exe (Emsi Software GmbH)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3532832697-4035846255-1194078510-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3532832697-4035846255-1194078510-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-21-3532832697-4035846255-1194078510-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O15 - HKU\S-1-5-21-3532832697-4035846255-1194078510-1008\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab (PCPitstop Utility)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} http://pcpitstop.com/mhLbl.cab (mhLabel Class)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37951.2587847222 (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-3532832697-4035846255-1194078510-1008\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/08/30 10:14:33 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\sworthin\Recent
[2011/08/24 11:15:25 | 000,607,017 | R--- | C] (Swearware) -- C:\Documents and Settings\sworthin\Desktop\dds.scr
[2011/08/23 18:50:34 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\sworthin\Desktop\OTL.exe
[2011/08/21 09:31:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sworthin\Desktop\winnie
[2011/08/16 11:18:16 | 000,010,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndistapi.sys
[2011/08/15 21:04:11 | 000,139,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwd.sys
[2011/08/13 21:22:54 | 007,567,520 | ---- | C] (Gretech Corporation) -- C:\Documents and Settings\sworthin\Desktop\GOMPLAYERENSETUP.EXE
[2011/08/05 23:26:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sworthin\Start Menu\Programs\HiJackThis
[2010/07/18 13:09:54 | 000,376,224 | R--- | C] ( ) -- C:\WINDOWS\System32\drivers\WlanUIG.sys
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/30 21:45:40 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/30 21:45:39 | 000,000,188 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2011/08/30 21:16:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/30 21:16:31 | 737,202,176 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/29 00:02:01 | 000,002,040 | ---- | M] () -- C:\WINDOWS\tefview.ini
[2011/08/27 22:59:13 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\sworthin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/25 20:37:39 | 000,002,453 | ---- | M] () -- C:\Documents and Settings\sworthin\Desktop\HiJackThis.lnk
[2011/08/24 11:15:37 | 000,607,017 | R--- | M] (Swearware) -- C:\Documents and Settings\sworthin\Desktop\dds.scr
[2011/08/24 11:14:03 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\sworthin\defogger_reenable
[2011/08/24 11:13:22 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\sworthin\Desktop\Defogger.exe
[2011/08/23 18:50:50 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\sworthin\Desktop\OTL.exe
[2011/08/23 18:23:50 | 004,980,736 | ---- | M] () -- C:\Documents and Settings\sworthin\ntuser.bak
[2011/08/23 18:15:02 | 000,225,694 | ---- | M] () -- C:\Documents and Settings\sworthin\Local Settings\Application Data\census.cache
[2011/08/23 18:14:40 | 000,205,321 | ---- | M] () -- C:\Documents and Settings\sworthin\Local Settings\Application Data\ars.cache
[2011/08/22 16:14:21 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/08/22 16:13:48 | 000,000,797 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\YouTube Downloader.lnk
[2011/08/20 13:49:30 | 000,046,423 | ---- | M] () -- C:\Documents and Settings\sworthin\Desktop\rolling_stones_angie.ptb
[2011/08/15 22:38:00 | 000,503,480 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/08/15 22:38:00 | 000,087,564 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/08/13 21:24:38 | 007,567,520 | ---- | M] (Gretech Corporation) -- C:\Documents and Settings\sworthin\Desktop\GOMPLAYERENSETUP.EXE
[2011/08/02 23:06:59 | 000,001,475 | ---- | M] () -- C:\Documents and Settings\sworthin\Desktop\Windows Explorer.lnk
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/24 16:28:28 | 737,202,176 | -HS- | C] () -- C:\hiberfil.sys
[2011/08/24 11:14:03 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\sworthin\defogger_reenable
[2011/08/24 11:13:20 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\sworthin\Desktop\Defogger.exe
[2011/08/23 18:15:02 | 000,225,694 | ---- | C] () -- C:\Documents and Settings\sworthin\Local Settings\Application Data\census.cache
[2011/08/23 18:14:40 | 000,205,321 | ---- | C] () -- C:\Documents and Settings\sworthin\Local Settings\Application Data\ars.cache
[2011/08/20 13:48:56 | 000,046,423 | ---- | C] () -- C:\Documents and Settings\sworthin\Desktop\rolling_stones_angie.ptb
[2011/08/05 23:26:29 | 000,002,453 | ---- | C] () -- C:\Documents and Settings\sworthin\Desktop\HiJackThis.lnk
[2011/08/02 23:06:50 | 000,001,475 | ---- | C] () -- C:\Documents and Settings\sworthin\Desktop\Windows Explorer.lnk
[2011/08/02 22:35:01 | 000,002,489 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word (2).lnk
[2011/07/26 12:36:43 | 000,034,704 | ---- | C] () -- C:\WINDOWS\syscall.dat
[2011/07/08 21:55:04 | 000,002,040 | ---- | C] () -- C:\WINDOWS\tefview.ini
[2011/07/02 22:16:26 | 000,011,264 | ---- | C] () -- C:\WINDOWS\System32\drivers\uziznzu5.sys
[2011/04/24 11:33:48 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2011/04/24 11:33:48 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2011/04/23 14:41:31 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IsUser11b.dll
[2011/02/02 13:34:36 | 002,336,384 | ---- | C] () -- C:\WINDOWS\System32\BootMan.exe
[2011/02/02 13:34:36 | 000,086,408 | ---- | C] () -- C:\WINDOWS\System32\setupempdrv03.exe
[2011/02/02 13:34:36 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll
[2011/02/02 13:34:33 | 000,013,192 | ---- | C] () -- C:\WINDOWS\System32\epmntdrv.sys
[2011/02/02 13:34:33 | 000,008,456 | ---- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys
[2010/11/27 18:45:36 | 000,015,620 | ---- | C] () -- C:\WINDOWS\System32\SystemRs11.sm.SYS
[2010/11/10 09:24:47 | 000,000,007 | ---- | C] () -- C:\WINDOWS\sysres10.dat
[2010/08/04 23:37:27 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\sworthin\Application Data\$_hpcst$.hpc
[2010/08/02 10:15:57 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/07/27 13:30:33 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\sworthin\Local Settings\Application Data\housecall.guid.cache
[2010/07/25 10:39:33 | 000,052,736 | ---- | C] () -- C:\Documents and Settings\sworthin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/19 22:44:14 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2010/07/11 15:30:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/07/08 12:29:59 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2010/07/08 12:29:59 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2008/05/26 22:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 22:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/01/14 19:29:45 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2007/10/25 16:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2005/12/30 22:24:53 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS7L.DLL
[2005/12/12 18:47:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2005/12/12 18:29:24 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2005/11/06 00:18:02 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/04/25 18:11:14 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/04/25 16:23:10 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/02/05 20:46:00 | 000,004,608 | ---- | C] () -- C:\WINDOWS\fgexec.dll
[2003/11/26 14:30:18 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2003/11/26 12:10:05 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/04/07 14:41:19 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpREG.DLL
[2003/04/07 14:41:19 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\syscontr.dll
[2003/04/07 14:32:00 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/04/07 14:31:52 | 000,000,139 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/01/15 00:50:12 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\RemoveCpl.exe
[2003/01/09 15:34:00 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\DetectHardware.exe
[2002/12/23 22:23:50 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\WinXPDisableZeroConfigation.exe
[2002/12/23 00:22:24 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\RemoveInstallShield.exe
[2002/09/09 23:47:10 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2002/09/09 16:16:06 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2002/09/09 16:15:50 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2002/09/09 16:02:16 | 000,503,480 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2002/09/09 16:02:16 | 000,087,564 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2002/09/09 15:56:08 | 000,232,776 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2002/09/09 15:49:10 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2002/09/09 15:44:10 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2002/08/29 03:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2002/08/29 03:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2002/08/29 03:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2002/08/29 03:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2002/08/29 03:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2002/08/29 03:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2002/08/29 03:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/05/28 08:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/05/28 08:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/10/25 14:54:54 | 000,036,864 | ---- | C] () -- C:\WINDOWS\hpfsched.exe
[2001/10/25 14:53:34 | 000,003,691 | ---- | C] () -- C:\WINDOWS\hphinfs.dat
[1999/01/22 19:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

< End of report >

OTL Extras logfile created on: 30/08/2011 21:50:04 - Run 2
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Documents and Settings\sworthin\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

702.98 Mb Total Physical Memory | 443.77 Mb Available Physical Memory | 63.13% Memory free
1.15 Gb Paging File | 0.92 Gb Available in Paging File | 80.43% Paging File free
Paging file location(s): C:\pagefile.sys 512 1024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.18 Gb Total Space | 10.18 Gb Free Space | 29.79% Space Free | Partition Type: NTFS
Drive E: | 40.35 Gb Total Space | 40.23 Gb Free Space | 99.70% Space Free | Partition Type: NTFS
Drive F: | 1.89 Gb Total Space | 1.34 Gb Free Space | 71.05% Space Free | Partition Type: FAT

Computer Name: SIMON | User Name: sworthin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-3532832697-4035846255-1194078510-1008\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with FastStone] -- "C:\Program Files\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"ANTIVIRUSDISABLENOTIFY" = 0
"FIREWALLDISABLENOTIFY" = 0
"UPDATESDISABLENOTIFY" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3587:TCP" = 3587:TCP:*:Enabled:@xpsp2res.dll,-22010
"3540:UDP" = 3540:UDP:*:Enabled:@xpsp2res.dll,-22011
"1900:UDP" = 1900:UDP:*:Enabled:@xpsp2res.dll,-22007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3587:TCP" = 3587:TCP:*:Enabled:@xpsp2res.dll,-22010
"3540:UDP" = 3540:UDP:*:Enabled:@xpsp2res.dll,-22011
"1900:UDP" = 1900:UDP:*:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe" = C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server -- (PeeringPortal)
"C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe" = C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server -- (PeeringPortal)
"C:\WINDOWS\system32\ZoneLabs\vsmon.exe" = C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:vsmon -- (Check Point Software Technologies LTD)
"C:\Program Files\FrostWire\FrostWire.exe" = C:\Program Files\FrostWire\FrostWire.exe:*:Disabled:FrostWire -- (FrostWire Group)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0861F88C-6EBC-41C9-B9A4-AA3D04B0AF3B}" = IEEE 802.11g Wireless LAN Utility
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java™ 6 Update 26
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}" = Power Tab Editor 1.7
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0BBC906-9A33-4C79-A26A-758ED3503769}" = Belkin Wireless Setup utility
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A8F2DCDE-AE4E-4AC9-BECD-496FB80FBF6A}" = Notebook Utilities
"{B43357AA-3A6D-4D94-B56E-43C44D09E548}" = Microsoft .NET Framework (English)
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B78823CD-488F-43B4-80D6-FAEADAE40EC4}" = Instant Wireless USB Adapter
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D8CE69B0-9274-4b8c-BA49-0FF6A20A3C65}" = SAMSUNG SYMBIAN USB Download Driver
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"ATI Display Driver" = ATI Display Driver
"avast" = avast! Free Antivirus
"Belarc Advisor" = Belarc Advisor 8.1
"Bloomberg SFD Data Dictionary" = Bloomberg SFD Data Dictionary
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_10B9&DEV_5457&SUBSYS_0850103C" = Conexant 56K ACLink Modem
"Conexant PCI Audio" = Conexant AC-Link Audio
"E24870CB6AA1C3511635FF9020A3E9471287FBE7" = Windows Driver Package - MobileTop (sshpmdm) Modem (01/26/2008 2.6.0.0)
"EASEUS Partition Master Professional Edition_is1" = EASEUS Partition Master 7.0.1 Professional
"ERUNT_is1" = ERUNT 1.1j
"ESET Online Scanner" = ESET Online Scanner v3
"FastStone Image Viewer" = FastStone Image Viewer 4.3
"FileHippo.com" = FileHippo.com Update Checker
"Foxit Reader" = Foxit Reader
"FrostWire" = FrostWire 4.21.5
"GOM Player" = GOM Player
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{A0BBC906-9A33-4C79-A26A-758ED3503769}" = Belkin Wireless Setup utility
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"Mamutu_is1" = Mamutu 3.0
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework Full v1.0.3705 (1033)" = Microsoft .NET Framework (English) v1.0.3705
"Mozilla Firefox 5.0 (x86 en-GB)" = Mozilla Firefox 5.0 (x86 en-GB)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Puran Defrag Free Edition_is1" = Puran Defrag Free Edition 7.3
"QT4HPOT" = One-Touch Buttons
"Recuva" = Recuva
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"SAMSUNG Mobile Modem V2" = SAMSUNG Mobile Modem V2 Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"Security Task Manager" = Security Task Manager 1.8c
"Sure Delete_is1" = Sure Delete 5.1.1
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SysResources Manager11.0" = SysResources Manager
"TEFView_is1" = TEFView 2.69
"VLC media player" = VLC media player 1.1.7
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZoneAlarm" = ZoneAlarm

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

#6 bazza.a

bazza.a
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:35 AM

Posted 30 August 2011 - 05:01 PM

Hi shannon,sorry for the delay,i've been using a different laptop to download tools via memory stick for the infected laptop as internet very slow on infected one (hope the virus dont get onto this one) I am watching this and already have immediate emails requested,done what you requested with file viewing downloaded both tools OTL went fine but RKUnhooker had a problem, downloaded both rar and zip version, rar version gave this message
02 Error loading data file and the zip version caused a BSOD and restart,I ran them twice with the same results. Anyway here's the OTL logs
thanks
Bazza

OTL logfile created on: 30/08/2011 21:50:04 - Run 2
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Documents and Settings\sworthin\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

702.98 Mb Total Physical Memory | 443.77 Mb Available Physical Memory | 63.13% Memory free
1.15 Gb Paging File | 0.92 Gb Available in Paging File | 80.43% Paging File free
Paging file location(s): C:\pagefile.sys 512 1024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.18 Gb Total Space | 10.18 Gb Free Space | 29.79% Space Free | Partition Type: NTFS
Drive E: | 40.35 Gb Total Space | 40.23 Gb Free Space | 99.70% Space Free | Partition Type: NTFS
Drive F: | 1.89 Gb Total Space | 1.34 Gb Free Space | 71.05% Space Free | Partition Type: FAT

Computer Name: SIMON | User Name: sworthin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\sworthin\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mamutu\a2service.exe (Emsi Software GmbH)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\WINDOWS\system32\FsUsbExService.Exe (Teruten)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
PRC - C:\WINDOWS\system32\HPConfig.exe (Hewlett-Packard)
PRC - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe (Hewlett-Packard Co.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Alwil Software\Avast5\defs\11083001\algo.dll ()
MOD - C:\Program Files\Alwil Software\Avast5\defs\11083001\aswRep.dll ()


========== Win32 Services (SafeList) ==========

SRV - (UI Assistant Service) -- File not found
SRV - (iPod Service) -- File not found
SRV - (HidServ) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (Mamutu) -- C:\Program Files\Mamutu\a2service.exe (Emsi Software GmbH)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (vsmon) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SRV - (FsUsbExService) -- C:\WINDOWS\system32\FsUsbExService.Exe (Teruten)
SRV - (p2pgasvc) -- C:\WINDOWS\system32\p2pgasvc.dll (Microsoft Corporation)
SRV - (Iprip) -- C:\WINDOWS\system32\iprip.dll (Microsoft Corporation)
SRV - (HPConfig) -- C:\WINDOWS\system32\HPConfig.exe (Hewlett-Packard)
SRV - (HPWirelessMgr) -- C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe (Hewlett-Packard Co.)


========== Driver Services (SafeList) ==========

DRV - (a2acc) -- C:\Program Files\Mamutu\a2accx86.sys (Emsi Software GmbH)
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (uziznzu5) -- C:\WINDOWS\system32\drivers\uziznzu5.sys ()
DRV - (a2injectiondriver) -- C:\Program Files\Mamutu\a2dix86.sys (Emsi Software GmbH)
DRV - (epmntdrv) -- C:\WINDOWS\system32\epmntdrv.sys ()
DRV - (EuGdiDrv) -- C:\WINDOWS\system32\EuGdiDrv.sys ()
DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Check Point Software Technologies LTD)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (a2util) -- C:\Program Files\Mamutu\a2util32.sys (Emsi Software GmbH)
DRV - (FsUsbExDisk) -- C:\WINDOWS\system32\FsUsbExDisk.Sys ()
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation)
DRV - (BANTExt) -- C:\WINDOWS\System32\Drivers\BANTExt.sys ()
DRV - (sscdmdm) -- C:\WINDOWS\system32\drivers\sscdmdm.sys (MCCI Corporation)
DRV - (sscdmdfl) -- C:\WINDOWS\system32\drivers\sscdmdfl.sys (MCCI Corporation)
DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\WINDOWS\system32\drivers\sscdbus.sys (MCCI Corporation)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSFHWALI) -- C:\WINDOWS\system32\drivers\HSFHWALI.sys (Conexant Systems, Inc.)
DRV - (DP83815) -- C:\WINDOWS\system32\drivers\DP83815.sys (National Semiconductor Corp.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (MDC8021X) AEGIS Protocol (IEEE 802.1x) -- C:\WINDOWS\system32\drivers\mdc8021x.sys (Meetinghouse Data Communications)
DRV - (PCANDIS5) -- C:\WINDOWS\system32\PCANDIS5.SYS (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (WlanUIG) -- C:\WINDOWS\system32\drivers\WlanUIG.sys ( )
DRV - (CALIHALA) -- C:\WINDOWS\system32\drivers\calihal.sys (Conexant Systems Inc.)
DRV - (CALIAUD) -- C:\WINDOWS\system32\drivers\caliaud.sys (Conexant Systems Inc.)
DRV - (StreamDispatcher) -- C:\WINDOWS\system32\drivers\strmdisp.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\bcmwl5.sys (Belkin Corporation)
DRV - (LEX_NIC_SERVICE) -- C:\WINDOWS\system32\drivers\Express.sys (LAN-Express)
DRV - (Aspi32) -- C:\WINDOWS\System32\drivers\ASPI32.SYS (Adaptec)
DRV - (caboagp) -- C:\WINDOWS\System32\DRIVERS\atisgkaf.sys (ATI Technologies Inc.)
DRV - (HPCI) -- C:\WINDOWS\system32\drivers\hpci.sys (Hewlett-Packard)
DRV - (USBNET_XP) -- C:\WINDOWS\system32\drivers\netusbxp.sys (The LinkSys Group, Inc.)
DRV - (ALiIRDA) -- C:\WINDOWS\system32\drivers\aliirda.sys (Acer Laboratories Inc.)
DRV - (atimpab) -- C:\WINDOWS\system32\drivers\atimpab.sys (ATI Technologies Inc.)
DRV - (allegro) ESS Allegro Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\es198x.sys (ESS Technology, Inc.)
DRV - (CE3) -- C:\WINDOWS\system32\drivers\CE3N5.SYS (Xircom, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HK

#7 bazza.a

bazza.a
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:35 AM

Posted 30 August 2011 - 05:08 PM

Hi shannon,sorry for the delay,i've been using a different laptop to download tools via memory stick for the infected laptop as internet very slow on infected one (hope the virus dont get onto this one) I am watching this and already have immediate emails requested,done what you requested with file viewing downloaded both tools OTL went fine but RKUnhooker had a problem, downloaded both rar and zip version, rar version gave this message
02 Error loading data file and the zip version caused a BSOD and restart,I ran them twice with the same results. Anyway here's the OTL logs
thanks
Bazza

OTL logfile created on: 30/08/2011 21:50:04 - Run 2
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Documents and Settings\sworthin\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

702.98 Mb Total Physical Memory | 443.77 Mb Available Physical Memory | 63.13% Memory free
1.15 Gb Paging File | 0.92 Gb Available in Paging File | 80.43% Paging File free
Paging file location(s): C:\pagefile.sys 512 1024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.18 Gb Total Space | 10.18 Gb Free Space | 29.79% Space Free | Partition Type: NTFS
Drive E: | 40.35 Gb Total Space | 40.23 Gb Free Space | 99.70% Space Free | Partition Type: NTFS
Drive F: | 1.89 Gb Total Space | 1.34 Gb Free Space | 71.05% Space Free | Partition Type: FAT

Computer Name: SIMON | User Name: sworthin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\sworthin\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mamutu\a2service.exe (Emsi Software GmbH)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\WINDOWS\system32\FsUsbExService.Exe (Teruten)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
PRC - C:\WINDOWS\system32\HPConfig.exe (Hewlett-Packard)
PRC - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe (Hewlett-Packard Co.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Alwil Software\Avast5\defs\11083001\algo.dll ()
MOD - C:\Program Files\Alwil Software\Avast5\defs\11083001\aswRep.dll ()


========== Win32 Services (SafeList) ==========

SRV - (UI Assistant Service) -- File not found
SRV - (iPod Service) -- File not found
SRV - (HidServ) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (Mamutu) -- C:\Program Files\Mamutu\a2service.exe (Emsi Software GmbH)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (vsmon) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SRV - (FsUsbExService) -- C:\WINDOWS\system32\FsUsbExService.Exe (Teruten)
SRV - (p2pgasvc) -- C:\WINDOWS\system32\p2pgasvc.dll (Microsoft Corporation)
SRV - (Iprip) -- C:\WINDOWS\system32\iprip.dll (Microsoft Corporation)
SRV - (HPConfig) -- C:\WINDOWS\system32\HPConfig.exe (Hewlett-Packard)
SRV - (HPWirelessMgr) -- C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe (Hewlett-Packard Co.)


========== Driver Services (SafeList) ==========

DRV - (a2acc) -- C:\Program Files\Mamutu\a2accx86.sys (Emsi Software GmbH)
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (uziznzu5) -- C:\WINDOWS\system32\drivers\uziznzu5.sys ()
DRV - (a2injectiondriver) -- C:\Program Files\Mamutu\a2dix86.sys (Emsi Software GmbH)
DRV - (epmntdrv) -- C:\WINDOWS\system32\epmntdrv.sys ()
DRV - (EuGdiDrv) -- C:\WINDOWS\system32\EuGdiDrv.sys ()
DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Check Point Software Technologies LTD)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (a2util) -- C:\Program Files\Mamutu\a2util32.sys (Emsi Software GmbH)
DRV - (FsUsbExDisk) -- C:\WINDOWS\system32\FsUsbExDisk.Sys ()
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation)
DRV - (BANTExt) -- C:\WINDOWS\System32\Drivers\BANTExt.sys ()
DRV - (sscdmdm) -- C:\WINDOWS\system32\drivers\sscdmdm.sys (MCCI Corporation)
DRV - (sscdmdfl) -- C:\WINDOWS\system32\drivers\sscdmdfl.sys (MCCI Corporation)
DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\WINDOWS\system32\drivers\sscdbus.sys (MCCI Corporation)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSFHWALI) -- C:\WINDOWS\system32\drivers\HSFHWALI.sys (Conexant Systems, Inc.)
DRV - (DP83815) -- C:\WINDOWS\system32\drivers\DP83815.sys (National Semiconductor Corp.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (MDC8021X) AEGIS Protocol (IEEE 802.1x) -- C:\WINDOWS\system32\drivers\mdc8021x.sys (Meetinghouse Data Communications)
DRV - (PCANDIS5) -- C:\WINDOWS\system32\PCANDIS5.SYS (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (WlanUIG) -- C:\WINDOWS\system32\drivers\WlanUIG.sys ( )
DRV - (CALIHALA) -- C:\WINDOWS\system32\drivers\calihal.sys (Conexant Systems Inc.)
DRV - (CALIAUD) -- C:\WINDOWS\system32\drivers\caliaud.sys (Conexant Systems Inc.)
DRV - (StreamDispatcher) -- C:\WINDOWS\system32\drivers\strmdisp.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\bcmwl5.sys (Belkin Corporation)
DRV - (LEX_NIC_SERVICE) -- C:\WINDOWS\system32\drivers\Express.sys (LAN-Express)
DRV - (Aspi32) -- C:\WINDOWS\System32\drivers\ASPI32.SYS (Adaptec)
DRV - (caboagp) -- C:\WINDOWS\System32\DRIVERS\atisgkaf.sys (ATI Technologies Inc.)
DRV - (HPCI) -- C:\WINDOWS\system32\drivers\hpci.sys (Hewlett-Packard)
DRV - (USBNET_XP) -- C:\WINDOWS\system32\drivers\netusbxp.sys (The LinkSys Group, Inc.)
DRV - (ALiIRDA) -- C:\WINDOWS\system32\drivers\aliirda.sys (Acer Laboratories Inc.)
DRV - (atimpab) -- C:\WINDOWS\system32\drivers\atimpab.sys (ATI Technologies Inc.)
DRV - (allegro) ESS Allegro Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\es198x.sys (ESS Technology, Inc.)
DRV - (CE3) -- C:\WINDOWS\system32\drivers\CE3N5.SYS (Xircom, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://autoconfig.cpqcorp.net

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://autoconfig.cpqcorp.net

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://autoconfig.cpqcorp.net

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://autoconfig.cpqcorp.net

IE - HKU\S-1-5-21-3532832697-4035846255-1194078510-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.co.uk/
IE - HKU\S-1-5-21-3532832697-4035846255-1194078510-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://web.orange.co.uk/p/communicate/home"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {ab91efd4-6975-4081-8552-1b3922ed79e2}:1.0.5.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\T-Mobile Mobile Broadband Manager\addon
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/08/20 09:30:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/08 19:50:13 | 000,000,000 | ---D | M]

[2010/07/23 17:51:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\sworthin\Application Data\Mozilla\Extensions
[2011/07/27 22:03:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\sworthin\Application Data\Mozilla\Firefox\Profiles\vb2kxzul.default\extensions
[2010/07/25 13:17:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\sworthin\Application Data\Mozilla\Firefox\Profiles\vb2kxzul.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/11/18 09:12:13 | 000,000,000 | ---D | M] (HP Detect) -- C:\Documents and Settings\sworthin\Application Data\Mozilla\Firefox\Profiles\vb2kxzul.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}
[2011/07/03 16:56:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/14 18:10:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/01/04 23:27:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/07/03 16:56:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\SWORTHIN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\VB2KXZUL.DEFAULT\EXTENSIONS\{D09E32DF-8610-4B33-B929-1E631B764130}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\SWORTHIN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\VB2KXZUL.DEFAULT\EXTENSIONS\STATUS4EVAR@CALIGONSTUDIOS.COM.XPI
[2011/01/04 23:26:24 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/08/20 09:30:20 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/08/01 23:03:45 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2011/06/08 19:49:52 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/06/08 19:49:52 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/06/08 19:49:52 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/06/08 19:49:52 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/06/08 19:49:52 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/07/03 14:50:12 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [Mamutu Guard] C:\PROGRAM FILES\MAMUTU\mamutu.exe (Emsi Software GmbH)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3532832697-4035846255-1194078510-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3532832697-4035846255-1194078510-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-21-3532832697-4035846255-1194078510-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O15 - HKU\S-1-5-21-3532832697-4035846255-1194078510-1008\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab (PCPitstop Utility)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} http://pcpitstop.com/mhLbl.cab (mhLabel Class)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37951.2587847222 (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-3532832697-4035846255-1194078510-1008\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/08/30 10:14:33 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\sworthin\Recent
[2011/08/24 11:15:25 | 000,607,017 | R--- | C] (Swearware) -- C:\Documents and Settings\sworthin\Desktop\dds.scr
[2011/08/23 18:50:34 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\sworthin\Desktop\OTL.exe
[2011/08/21 09:31:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sworthin\Desktop\winnie
[2011/08/16 11:18:16 | 000,010,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndistapi.sys
[2011/08/15 21:04:11 | 000,139,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwd.sys
[2011/08/13 21:22:54 | 007,567,520 | ---- | C] (Gretech Corporation) -- C:\Documents and Settings\sworthin\Desktop\GOMPLAYERENSETUP.EXE
[2011/08/05 23:26:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sworthin\Start Menu\Programs\HiJackThis
[2010/07/18 13:09:54 | 000,376,224 | R--- | C] ( ) -- C:\WINDOWS\System32\drivers\WlanUIG.sys
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/30 21:45:40 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/30 21:45:39 | 000,000,188 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2011/08/30 21:16:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/30 21:16:31 | 737,202,176 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/29 00:02:01 | 000,002,040 | ---- | M] () -- C:\WINDOWS\tefview.ini
[2011/08/27 22:59:13 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\sworthin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/25 20:37:39 | 000,002,453 | ---- | M] () -- C:\Documents and Settings\sworthin\Desktop\HiJackThis.lnk
[2011/08/24 11:15:37 | 000,607,017 | R--- | M] (Swearware) -- C:\Documents and Settings\sworthin\Desktop\dds.scr
[2011/08/24 11:14:03 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\sworthin\defogger_reenable
[2011/08/24 11:13:22 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\sworthin\Desktop\Defogger.exe
[2011/08/23 18:50:50 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\sworthin\Desktop\OTL.exe
[2011/08/23 18:23:50 | 004,980,736 | ---- | M] () -- C:\Documents and Settings\sworthin\ntuser.bak
[2011/08/23 18:15:02 | 000,225,694 | ---- | M] () -- C:\Documents and Settings\sworthin\Local Settings\Application Data\census.cache
[2011/08/23 18:14:40 | 000,205,321 | ---- | M] () -- C:\Documents and Settings\sworthin\Local Settings\Application Data\ars.cache
[2011/08/22 16:14:21 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/08/22 16:13:48 | 000,000,797 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\YouTube Downloader.lnk
[2011/08/20 13:49:30 | 000,046,423 | ---- | M] () -- C:\Documents and Settings\sworthin\Desktop\rolling_stones_angie.ptb
[2011/08/15 22:38:00 | 000,503,480 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/08/15 22:38:00 | 000,087,564 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/08/13 21:24:38 | 007,567,520 | ---- | M] (Gretech Corporation) -- C:\Documents and Settings\sworthin\Desktop\GOMPLAYERENSETUP.EXE
[2011/08/02 23:06:59 | 000,001,475 | ---- | M] () -- C:\Documents and Settings\sworthin\Desktop\Windows Explorer.lnk
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/24 16:28:28 | 737,202,176 | -HS- | C] () -- C:\hiberfil.sys
[2011/08/24 11:14:03 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\sworthin\defogger_reenable
[2011/08/24 11:13:20 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\sworthin\Desktop\Defogger.exe
[2011/08/23 18:15:02 | 000,225,694 | ---- | C] () -- C:\Documents and Settings\sworthin\Local Settings\Application Data\census.cache
[2011/08/23 18:14:40 | 000,205,321 | ---- | C] () -- C:\Documents and Settings\sworthin\Local Settings\Application Data\ars.cache
[2011/08/20 13:48:56 | 000,046,423 | ---- | C] () -- C:\Documents and Settings\sworthin\Desktop\rolling_stones_angie.ptb
[2011/08/05 23:26:29 | 000,002,453 | ---- | C] () -- C:\Documents and Settings\sworthin\Desktop\HiJackThis.lnk
[2011/08/02 23:06:50 | 000,001,475 | ---- | C] () -- C:\Documents and Settings\sworthin\Desktop\Windows Explorer.lnk
[2011/08/02 22:35:01 | 000,002,489 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word (2).lnk
[2011/07/26 12:36:43 | 000,034,704 | ---- | C] () -- C:\WINDOWS\syscall.dat
[2011/07/08 21:55:04 | 000,002,040 | ---- | C] () -- C:\WINDOWS\tefview.ini
[2011/07/02 22:16:26 | 000,011,264 | ---- | C] () -- C:\WINDOWS\System32\drivers\uziznzu5.sys
[2011/04/24 11:33:48 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2011/04/24 11:33:48 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2011/04/23 14:41:31 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IsUser11b.dll
[2011/02/02 13:34:36 | 002,336,384 | ---- | C] () -- C:\WINDOWS\System32\BootMan.exe
[2011/02/02 13:34:36 | 000,086,408 | ---- | C] () -- C:\WINDOWS\System32\setupempdrv03.exe
[2011/02/02 13:34:36 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll
[2011/02/02 13:34:33 | 000,013,192 | ---- | C] () -- C:\WINDOWS\System32\epmntdrv.sys
[2011/02/02 13:34:33 | 000,008,456 | ---- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys
[2010/11/27 18:45:36 | 000,015,620 | ---- | C] () -- C:\WINDOWS\System32\SystemRs11.sm.SYS
[2010/11/10 09:24:47 | 000,000,007 | ---- | C] () -- C:\WINDOWS\sysres10.dat
[2010/08/04 23:37:27 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\sworthin\Application Data\$_hpcst$.hpc
[2010/08/02 10:15:57 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/07/27 13:30:33 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\sworthin\Local Settings\Application Data\housecall.guid.cache
[2010/07/25 10:39:33 | 000,052,736 | ---- | C] () -- C:\Documents and Settings\sworthin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/19 22:44:14 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2010/07/11 15:30:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/07/08 12:29:59 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2010/07/08 12:29:59 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2008/05/26 22:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 22:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/01/14 19:29:45 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2007/10/25 16:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2005/12/30 22:24:53 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS7L.DLL
[2005/12/12 18:47:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2005/12/12 18:29:24 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2005/11/06 00:18:02 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/04/25 18:11:14 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/04/25 16:23:10 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/02/05 20:46:00 | 000,004,608 | ---- | C] () -- C:\WINDOWS\fgexec.dll
[2003/11/26 14:30:18 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2003/11/26 12:10:05 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/04/07 14:41:19 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpREG.DLL
[2003/04/07 14:41:19 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\syscontr.dll
[2003/04/07 14:32:00 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/04/07 14:31:52 | 000,000,139 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/01/15 00:50:12 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\RemoveCpl.exe
[2003/01/09 15:34:00 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\DetectHardware.exe
[2002/12/23 22:23:50 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\WinXPDisableZeroConfigation.exe
[2002/12/23 00:22:24 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\RemoveInstallShield.exe
[2002/09/09 23:47:10 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2002/09/09 16:16:06 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2002/09/09 16:15:50 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2002/09/09 16:02:16 | 000,503,480 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2002/09/09 16:02:16 | 000,087,564 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2002/09/09 15:56:08 | 000,232,776 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2002/09/09 15:49:10 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2002/09/09 15:44:10 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2002/08/29 03:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2002/08/29 03:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2002/08/29 03:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2002/08/29 03:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2002/08/29 03:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2002/08/29 03:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2002/08/29 03:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/05/28 08:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/05/28 08:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/10/25 14:54:54 | 000,036,864 | ---- | C] () -- C:\WINDOWS\hpfsched.exe
[2001/10/25 14:53:34 | 000,003,691 | ---- | C] () -- C:\WINDOWS\hphinfs.dat
[1999/01/22 19:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

< End of report >


OTL Extras logfile created on: 30/08/2011 21:50:04 - Run 2
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Documents and Settings\sworthin\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

702.98 Mb Total Physical Memory | 443.77 Mb Available Physical Memory | 63.13% Memory free
1.15 Gb Paging File | 0.92 Gb Available in Paging File | 80.43% Paging File free
Paging file location(s): C:\pagefile.sys 512 1024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.18 Gb Total Space | 10.18 Gb Free Space | 29.79% Space Free | Partition Type: NTFS
Drive E: | 40.35 Gb Total Space | 40.23 Gb Free Space | 99.70% Space Free | Partition Type: NTFS
Drive F: | 1.89 Gb Total Space | 1.34 Gb Free Space | 71.05% Space Free | Partition Type: FAT

Computer Name: SIMON | User Name: sworthin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-3532832697-4035846255-1194078510-1008\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with FastStone] -- "C:\Program Files\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"ANTIVIRUSDISABLENOTIFY" = 0
"FIREWALLDISABLENOTIFY" = 0
"UPDATESDISABLENOTIFY" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

[c

#8 bazza.a

bazza.a
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:35 AM

Posted 30 August 2011 - 05:11 PM

Hi shannon,sorry for the delay,i've been using a different laptop to download tools via memory stick for the infected laptop as internet very slow on infected one (hope the virus dont get onto this one) I am watching this and already have immediate emails requested,done what you requested with file viewing downloaded both tools OTL went fine but RKUnhooker had a problem, downloaded both rar and zip version, rar version gave this message
02 Error loading data file and the zip version caused a BSOD and restart,I ran them twice with the same results. Anyway here's the OTL logs
thanks
Bazza

OTL logfile created on: 30/08/2011 21:50:04 - Run 2
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Documents and Settings\sworthin\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

702.98 Mb Total Physical Memory | 443.77 Mb Available Physical Memory | 63.13% Memory free
1.15 Gb Paging File | 0.92 Gb Available in Paging File | 80.43% Paging File free
Paging file location(s): C:\pagefile.sys 512 1024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.18 Gb Total Space | 10.18 Gb Free Space | 29.79% Space Free | Partition Type: NTFS
Drive E: | 40.35 Gb Total Space | 40.23 Gb Free Space | 99.70% Space Free | Partition Type: NTFS
Drive F: | 1.89 Gb Total Space | 1.34 Gb Free Space | 71.05% Space Free | Partition Type: FAT

Computer Name: SIMON | User Name: sworthin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\sworthin\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mamutu\a2service.exe (Emsi Software GmbH)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\WINDOWS\system32\FsUsbExService.Exe (Teruten)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
PRC - C:\WINDOWS\system32\HPConfig.exe (Hewlett-Packard)
PRC - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe (Hewlett-Packard Co.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Alwil Software\Avast5\defs\11083001\algo.dll ()
MOD - C:\Program Files\Alwil Software\Avast5\defs\11083001\aswRep.dll ()


========== Win32 Services (SafeList) ==========

SRV - (UI Assistant Service) -- File not found
SRV - (iPod Service) -- File not found
SRV - (HidServ) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (Mamutu) -- C:\Program Files\Mamutu\a2service.exe (Emsi Software GmbH)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (vsmon) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SRV - (FsUsbExService) -- C:\WINDOWS\system32\FsUsbExService.Exe (Teruten)
SRV - (p2pgasvc) -- C:\WINDOWS\system32\p2pgasvc.dll (Microsoft Corporation)
SRV - (Iprip) -- C:\WINDOWS\system32\iprip.dll (Microsoft Corporation)
SRV - (HPConfig) -- C:\WINDOWS\system32\HPConfig.exe (Hewlett-Packard)
SRV - (HPWirelessMgr) -- C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe (Hewlett-Packard Co.)


========== Driver Services (SafeList) ==========

DRV - (a2acc) -- C:\Program Files\Mamutu\a2accx86.sys (Emsi Software GmbH)
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (uziznzu5) -- C:\WINDOWS\system32\drivers\uziznzu5.sys ()
DRV - (a2injectiondriver) -- C:\Program Files\Mamutu\a2dix86.sys (Emsi Software GmbH)
DRV - (epmntdrv) -- C:\WINDOWS\system32\epmntdrv.sys ()
DRV - (EuGdiDrv) -- C:\WINDOWS\system32\EuGdiDrv.sys ()
DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Check Point Software Technologies LTD)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (a2util) -- C:\Program Files\Mamutu\a2util32.sys (Emsi Software GmbH)
DRV - (FsUsbExDisk) -- C:\WINDOWS\system32\FsUsbExDisk.Sys ()
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation)
DRV - (BANTExt) -- C:\WINDOWS\System32\Drivers\BANTExt.sys ()
DRV - (sscdmdm) -- C:\WINDOWS\system32\drivers\sscdmdm.sys (MCCI Corporation)
DRV - (sscdmdfl) -- C:\WINDOWS\system32\drivers\sscdmdfl.sys (MCCI Corporation)
DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\WINDOWS\system32\drivers\sscdbus.sys (MCCI Corporation)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSFHWALI) -- C:\WINDOWS\system32\drivers\HSFHWALI.sys (Conexant Systems, Inc.)
DRV - (DP83815) -- C:\WINDOWS\system32\drivers\DP83815.sys (National Semiconductor Corp.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (MDC8021X) AEGIS Protocol (IEEE 802.1x) -- C:\WINDOWS\system32\drivers\mdc8021x.sys (Meetinghouse Data Communications)
DRV - (PCANDIS5) -- C:\WINDOWS\system32\PCANDIS5.SYS (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (WlanUIG) -- C:\WINDOWS\system32\drivers\WlanUIG.sys ( )
DRV - (CALIHALA) -- C:\WINDOWS\system32\drivers\calihal.sys (Conexant Systems Inc.)
DRV - (CALIAUD) -- C:\WINDOWS\system32\drivers\caliaud.sys (Conexant Systems Inc.)
DRV - (StreamDispatcher) -- C:\WINDOWS\system32\drivers\strmdisp.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\bcmwl5.sys (Belkin Corporation)
DRV - (LEX_NIC_SERVICE) -- C:\WINDOWS\system32\drivers\Express.sys (LAN-Express)
DRV - (Aspi32) -- C:\WINDOWS\System32\drivers\ASPI32.SYS (Adaptec)
DRV - (caboagp) -- C:\WINDOWS\System32\DRIVERS\atisgkaf.sys (ATI Technologies Inc.)
DRV - (HPCI) -- C:\WINDOWS\system32\drivers\hpci.sys (Hewlett-Packard)
DRV - (USBNET_XP) -- C:\WINDOWS\system32\drivers\netusbxp.sys (The LinkSys Group, Inc.)
DRV - (ALiIRDA) -- C:\WINDOWS\system32\drivers\aliirda.sys (Acer Laboratories Inc.)
DRV - (atimpab) -- C:\WINDOWS\system32\drivers\atimpab.sys (ATI Technologies Inc.)
DRV - (allegro) ESS Allegro Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\es198x.sys (ESS Technology, Inc.)
DRV - (CE3) -- C:\WINDOWS\system32\drivers\CE3N5.SYS (Xircom, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://autoconfig.cpqcorp.net

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://autoconfig.cpqcorp.net

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://autoconfig.cpqcorp.net

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://autoconfig.cpqcorp.net

IE - HKU\S-1-5-21-3532832697-4035846255-1194078510-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.co.uk/
IE - HKU\S-1-5-21-3532832697-4035846255-1194078510-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://web.orange.co.uk/p/communicate/home"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {ab91efd4-6975-4081-8552-1b3922ed79e2}:1.0.5.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bm

#9 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:08:35 PM

Posted 31 August 2011 - 08:53 AM

Hi-

Let's try something-

Boot into Safe Mode.
This can be done by tapping the F8 key as soon as you start your computer
You will be brought to a menu where you can choose to boot into safe mode.
Make sure you choose the option with networking support.
Please see here for additional details.

While in Safe Mode, download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • If the AV Scan window appears, select (none).
  • Click Scan (if asked to update the Avast anti-virus definitions, click on No).
  • When you get the "Scan finished successfully" message, click the save log button, save it to your desktop (MBR.txt) and post it in your next reply.
  • It will also copy the MBR (Master Boot Record) into a file on your desktop as MBR.dat.
If you are unable to download it in safe mode, reboot into normal mode. Download aswMBR on the good machine, copy it to the infected machine using your memeory stick. Run it.

In your reply, please let me know how it went and copy in contents of the aswMBR report.
Shannon

#10 bazza.a

bazza.a
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:35 AM

Posted 31 August 2011 - 12:42 PM

Hi Shannon
downloaded aswMBR from another pc and copied to infected one, tried to run it twice both times it caused a shut down. (ran as directed,safe mode etc looks like this maybe a bit of a pig to remove)
thanks
Bazza

#11 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:08:35 PM

Posted 31 August 2011 - 12:52 PM

Hi-

Were you able to get into safe mode ok? No internet connection? Before aswMBR died did it give any messages? When it died did it take the system down too? Did it create any files on the desktop (Dat & txt). Did you run asMBR in safe mode or normal mode?
Shannon

#12 bazza.a

bazza.a
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:35 AM

Posted 31 August 2011 - 03:35 PM

Hi Shannon,
I was able to get into safe mode ok, Internet a bit unstable on infected pc which is why I'm downloading tools from another laptop and transfering to infected one,when aswMBR was running (it ran for quite a long time)I must confess I didn't watch it as it's like a DOS program, it didnt produce any files,I did run the program in safe mode,sorry I cant be more help
Thanks
Bazza

#13 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:08:35 PM

Posted 31 August 2011 - 05:11 PM

Hi-

Thanks, I appreciate the additional info.

Download Combofix from either of the links below, and save it to your memory stick and then to the other desktop. For information regarding this download, please visit this webpage: how-to-use-combofix

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

How to Temporarily Disable your Anti-virusl


Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please copy the "C:\ComboFix.txt" into your reply.
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

Shannon

#14 bazza.a

bazza.a
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:35 AM

Posted 31 August 2011 - 06:17 PM

Hi Shannon
bad news, downloaded as instructed,all anti-virus/malware/spyware turned off, program ran till just past stage 50 then shutdown (searched for txt file but there isn't one)it's late now (12:15) and have to be up for work at 6 am, so I'll have to leave it for now, how you holding up bro,hope it aint driving you nuts yet
thanks
Bazza

#15 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:08:35 PM

Posted 01 September 2011 - 06:59 AM

Hi-

Rerun ComboFix. Did you get the Stage 50 completed message? Were there any other messages?
Shannon




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users