Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Similar problem with denied access to Hosts file


  • This topic is locked This topic is locked
22 replies to this topic

#1 Reena

Reena

  • Members
  • 391 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:UK
  • Local time:02:29 AM

Posted 24 September 2011 - 09:23 AM

I run Hijack This every now and then to try to keep my eye on what is happening on my PC and e to see a "written" report.

This time I received the message: "For some reason your system denied written access to the Hosts file. If any highjacked domains are in this file Highjack This may not be able to find them."

I don't seem to have any odd things happening on my computer BUT, and this is a very large BUT, yesterday, when I logged off,a dialogue box appeared stating that "another user" was still logged on.

I have my own PC ; my grandson has one downstairs but this was switched off.

Obviously I find this worrying.

I run Windows 7

Avira Antivirus Personal (Free)
Malwarebytes AntiMalware
SuperAntiSpyware Professional
ZoneAlarm
WinPatrol (free edition)

Internet Explorer 9

Any advise you can offer will be very gratefully received and I offer my thanks in advance.

Edited by Reena, 24 September 2011 - 09:23 AM.


BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,844 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:10:29 PM

Posted 24 September 2011 - 01:06 PM

Hello,

Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.

If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 Reena

Reena
  • Topic Starter

  • Members
  • 391 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:UK
  • Local time:02:29 AM

Posted 25 September 2011 - 09:22 AM

DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by reena at 15:18:06 on 2011-09-25
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3326.1736 [GMT 1:00]
.
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
FW: ZoneAlarm Firewall *Enabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\ZoneLabs\vsmon.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\AntiLogger\AntiLogger.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_L17651.EXE
C:\Program Files\Software Informer\softinfo.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\WinRAR\WinRAR.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.

============== Pseudo HJT Report ===============
.
uSearch Page =
uStart Page = about:blank
uSearch Bar =
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant =
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: IE to GetRight Helper: {31ff080d-12a3-439a-a2ef-4ba95a3148e8} - c:\program files\getright\xx2gr.dll
BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
TB: {91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [EPSON AL-M1200 Advanced] c:\windows\system32\spool\drivers\w32x86\3\e_l17651.exe /a "c:\windows\system32\E_L3C5A.tmp"
uRun: [Software Informer] "c:\program files\software informer\softinfo.exe" -autorun
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [ISW] "c:\program files\checkpoint\zaforcefield\ForceField.exe" /icon="hidden"
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [AntiLogger] "c:\program files\antilogger\AntiLogger.exe" /minimized
uPolicies-explorer: NoResolveTrack = 1 (0x1)
mPolicies-explorer: NoResolveTrack = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
Trusted Zone: greenmetropolis.com\www
Trusted Zone: mail.com\web
Trusted Zone: moneysavingexpert.com\www
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://pcpitstop.com/betapit/PCPitStop.CAB
DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} - hxxp://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} - hxxp://utilities.pcpitstop.com/DiskMD3/DiskMD3Ctrl.dll
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{37F599C9-A95C-4302-8CAE-2F1198198E8A} : DhcpNameServer = 192.168.1.1 192.168.1.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-10-16 64288]
R1 AntiLog32;AntiLog32;c:\program files\antilogger\AntiLog32.sys [2011-7-21 121560]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-2-17 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-5-4 116608]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-5-27 176128]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-8-24 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-8-24 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-8-24 66616]
R2 ES lite Service;ES lite Service for program management.;c:\program files\gigabyte\easysaver\essvr.exe [2010-5-7 68136]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2010-9-2 26872]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2010-9-2 493048]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-4-19 993848]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-4-19 399416]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-1-27 7566848]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-1-26 238592]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-5-7 189440]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-1-14 136176]
S3 APL531;OVT Scanner;c:\windows\system32\drivers\ov550i.sys [2006-7-31 580992]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-23 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2011-5-13 1492840]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-1-14 136176]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2009-7-14 20992]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-3-10 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-6-2 1343400]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2011-09-25 12:12:00 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{5d56d802-7f96-4124-aeff-2afd770321a7}\offreg.dll
2011-09-25 10:49:13 -------- d-----w- c:\users\maureen\appdata\local\{275F7EA0-70F7-4263-BB88-D823D32A232B}
2011-09-25 10:49:01 -------- d-----w- c:\users\maureen\appdata\local\{D8C48E67-0A32-4602-B594-7F333CF9C777}
2011-09-24 11:24:34 -------- d-----w- c:\users\maureen\appdata\local\Smilebox
2011-09-24 11:19:39 -------- d-----w- c:\users\maureen\appdata\roaming\Smilebox
2011-09-24 10:44:12 -------- d-----w- c:\users\maureen\appdata\local\{8BCF4D6C-6DD3-493C-A794-0CDD4FB653E6}
2011-09-24 10:43:59 -------- d-----w- c:\users\maureen\appdata\local\{81CAAB04-59CE-48FC-A8AB-DAADFA1DBCE4}
2011-09-23 11:05:05 7269712 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{5d56d802-7f96-4124-aeff-2afd770321a7}\mpengine.dll
2011-09-23 10:59:59 -------- d-----w- c:\users\maureen\appdata\local\{38F1B3E8-E27F-4CC9-968C-31225DF1BD70}
2011-09-23 10:59:45 -------- d-----w- c:\users\maureen\appdata\local\{6D1F4760-D5E1-4AE8-9C34-D89D31C414CA}
2011-09-22 11:09:53 -------- d-----w- c:\users\maureen\appdata\local\{DD7C86AD-22D8-4A03-A6EC-8BA9E12B9659}
2011-09-22 11:09:41 -------- d-----w- c:\users\maureen\appdata\local\{1AC3C1CB-DFA1-4372-BF32-3F00069DA48D}
2011-09-21 15:00:33 -------- d-----w- c:\users\maureen\appdata\local\{88D3EBDE-2135-4147-8872-380BB5F19C85}
2011-09-21 15:00:21 -------- d-----w- c:\users\maureen\appdata\local\{1C7C5C46-8AFA-4563-B075-C3781276A816}
2011-09-20 13:34:10 -------- d-----w- c:\users\maureen\appdata\local\GinoPlayer
2011-09-20 11:40:03 -------- d-----w- c:\program files\GinoPlayer
2011-09-20 10:09:47 -------- d-----w- c:\users\maureen\appdata\local\{55A53DD8-AF6E-45D2-BBFA-83D34513D6F8}
2011-09-20 10:09:34 -------- d-----w- c:\users\maureen\appdata\local\{FC99722C-0BF0-4EE8-9348-C774AE1A1588}
2011-09-19 15:25:33 -------- d-----w- c:\users\maureen\appdata\local\{8349E77E-A4B2-42B7-BAA4-9108DCABFC2D}
2011-09-19 15:25:21 -------- d-----w- c:\users\maureen\appdata\local\{9A69D932-D609-484D-8FEA-0D4D2917EE3C}
2011-09-18 18:36:18 -------- d-----w- c:\users\maureen\appdata\local\{A3E0B9EA-9AAB-4D23-B7C3-7C6ED60D21A2}
2011-09-18 18:35:59 -------- d-----w- c:\users\maureen\appdata\local\{FAFB29BA-2945-46F5-8F10-616C8065F782}
2011-09-03 11:27:59 -------- d-----w- c:\users\maureen\appdata\local\{095B7D40-3532-405F-BBBC-52FBF19C0F88}
2011-09-03 11:27:44 -------- d-----w- c:\users\maureen\appdata\local\{EECF507E-03A3-4045-9DCC-45F04B2F587F}
2011-09-02 11:42:02 -------- d-----w- c:\users\maureen\appdata\local\{C90910FA-DE8E-424F-893A-02F5A39126CB}
2011-09-02 11:41:50 -------- d-----w- c:\users\maureen\appdata\local\{57BE2680-3E06-4B6A-A580-CCDD3B516140}
2011-09-01 10:37:42 -------- d-----w- c:\users\maureen\appdata\local\{4714311B-6971-4369-AFED-E911633115AD}
2011-09-01 10:37:30 -------- d-----w- c:\users\maureen\appdata\local\{E725D4EB-6BCB-4AF3-9A35-97BB60609184}
2011-08-31 18:54:53 -------- d-----w- c:\users\maureen\appdata\local\{11F3C2F6-34BC-4C57-B2D7-C95D4923E7A7}
2011-08-31 18:54:41 -------- d-----w- c:\users\maureen\appdata\local\{E367A0BC-2814-405A-8AC2-27B87BA2FF40}
2011-08-30 08:56:54 -------- d-----w- c:\users\maureen\appdata\local\{C00A90FB-3D40-49CD-B7C1-22369A75098B}
2011-08-30 08:56:43 -------- d-----w- c:\users\maureen\appdata\local\{E9FADADF-B040-41B5-82BF-087B0BB7E182}
2011-08-29 19:51:11 -------- d-----w- c:\programdata\McAfee Security Scan
2011-08-29 19:51:09 -------- d-----w- c:\program files\McAfee Security Scan
2011-08-29 19:33:43 -------- d-----w- c:\users\maureen\appdata\local\{62934954-83C5-4616-942E-D19B1810CD4F}
2011-08-29 19:33:32 -------- d-----w- c:\users\maureen\appdata\local\{91128297-134D-4697-A051-3D87C75CEEE5}
2011-08-29 16:17:03 388096 ----a-r- c:\users\maureen\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-08-29 16:09:06 -------- d-----w- c:\program files\Trend Micro
2011-08-29 14:27:12 -------- d-----w- c:\users\maureen\appdata\local\{8A87C0EE-BFED-47CA-9147-2E1B43C94CCF}
2011-08-28 09:41:42 -------- d-----w- c:\users\maureen\appdata\local\{60A839E0-A945-45AC-94AC-0168C63DF097}
2011-08-28 09:41:30 -------- d-----w- c:\users\maureen\appdata\local\{FC42C3DD-C8D9-408B-957D-0507EDC94291}
2011-08-27 10:04:40 -------- d-----w- c:\users\maureen\appdata\local\{945818B8-E1D7-4465-B939-FFD46A67FFA7}
2011-08-27 10:04:28 -------- d-----w- c:\users\maureen\appdata\local\{572B401C-F6C4-467D-ABD3-6A1CAF37753B}
.
==================== Find3M ====================
.
2011-09-25 12:09:39 17488 ----a-w- c:\windows\gdrv.sys
2011-09-21 15:58:11 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-31 16:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-22 02:54:43 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-07-22 02:48:26 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-07-22 02:44:36 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-16 04:27:30 290816 ----a-w- c:\windows\system32\KernelBase.dll
2011-07-16 02:17:19 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:17:19 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:17:19 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17:19 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-09 04:29:46 2048 ----a-w- c:\windows\system32\tzres.dll
2011-07-09 02:30:00 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-07-02 18:36:07 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-03-30 15:51:00 49152 ----a-w- c:\program files\DOMSupport.dll
2011-03-30 15:51:00 2723840 ----a-w- c:\program files\DBEngine.dll
2011-03-30 15:50:59 315392 ----a-w- c:\program files\DBConverter.dll
.
============= FINISH: 15:18:22.05 ===============

Thank you, Orange Blossom.

Merged posts. ~ OB

Edited by Orange Blossom, 25 September 2011 - 03:03 PM.


#4 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:29 PM

Posted 29 September 2011 - 09:25 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/420273 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#5 Reena

Reena
  • Topic Starter

  • Members
  • 391 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:UK
  • Local time:02:29 AM

Posted 29 September 2011 - 10:03 AM

PROBLEM:

I run Hijack This every now and then to try to keep my eye on what is happening on my PC and to see a "written" report.

This time I received the message: "For some reason your system denied written access to the Hosts file. If any highjacked domains are in this file Highjack This may not be able to find them."

I am told to Run the following:

notepadC:\Windows\System32\drivers\etc\hosts

Find lines HJ reports and delete Save as File as "hosts" and reboot.

When I try this I get:

No programme associated to perform required action. Install programme or create association in default Programme Control Panel.

How do I do this, please? May I try this first?

I don't seem to have any odd things happening on my computer BUT, and this is a very large BUT, yesterday, when I logged off,a dialogue box appeared stating that "another user" was still logged on.

My anti-virus and anti-spyware programmes report all is well.However I am still unable to have a "written" copy of my Hijack This scan.

WINDOWS 7 Home Premium: 32 bit


Windows disk IS available.

#6 Reena

Reena
  • Topic Starter

  • Members
  • 391 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:UK
  • Local time:02:29 AM

Posted 29 September 2011 - 10:09 AM

DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Maureen at 16:05:24 on 2011-09-29
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3326.1787 [GMT 1:00]
.
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
FW: ZoneAlarm Firewall *Enabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\ZoneLabs\vsmon.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\AntiLogger\AntiLogger.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_L17651.EXE
C:\Program Files\Software Informer\softinfo.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Secunia\PSI\sua.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\notepad.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

#7 Reena

Reena
  • Topic Starter

  • Members
  • 391 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:UK
  • Local time:02:29 AM

Posted 29 September 2011 - 10:11 AM

============== Pseudo HJT Report ===============
.
uSearch Page =
uStart Page = about:blank
uSearch Bar =
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant =
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: IE to GetRight Helper: {31ff080d-12a3-439a-a2ef-4ba95a3148e8} - c:\program files\getright\xx2gr.dll
BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
TB: {91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [EPSON AL-M1200 Advanced] c:\windows\system32\spool\drivers\w32x86\3\e_l17651.exe /a "c:\windows\system32\E_L3C5A.tmp"
uRun: [Software Informer] "c:\program files\software informer\softinfo.exe" -autorun
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [ISW] "c:\program files\checkpoint\zaforcefield\ForceField.exe" /icon="hidden"
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [AntiLogger] "c:\program files\antilogger\AntiLogger.exe" /minimized
uPolicies-explorer: NoResolveTrack = 1 (0x1)
mPolicies-explorer: NoResolveTrack = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
Trusted Zone: greenmetropolis.com\www
Trusted Zone: mail.com\web
Trusted Zone: moneysavingexpert.com\www
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://pcpitstop.com/betapit/PCPitStop.CAB
DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} - hxxp://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} - hxxp://utilities.pcpitstop.com/DiskMD3/DiskMD3Ctrl.dll
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{37F599C9-A95C-4302-8CAE-2F1198198E8A} : DhcpNameServer = 192.168.1.1 192.168.1.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-10-16 64288]
R1 AntiLog32;AntiLog32;c:\program files\antilogger\AntiLog32.sys [2011-7-21 121560]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-2-17 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-5-4 116608]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-5-27 176128]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-8-24 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-8-24 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-8-24 66616]
R2 ES lite Service;ES lite Service for program management.;c:\program files\gigabyte\easysaver\essvr.exe [2010-5-7 68136]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2010-9-2 26872]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2010-9-2 493048]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-4-19 993848]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-4-19 399416]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-4-20 7772160]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-4-20 243712]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-5-7 189440]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-1-14 136176]
S3 APL531;OVT Scanner;c:\windows\system32\drivers\ov550i.sys [2006-7-31 580992]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-23 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2011-5-13 1492840]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-1-14 136176]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2009-7-14 20992]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-3-10 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-6-2 1343400]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2011-09-29 11:37:54 -------- d-----w- c:\users\maureen\appdata\local\{B5960EF1-0BE9-4B13-BA57-AF3FF3491BF4}
2011-09-29 11:37:41 -------- d-----w- c:\users\maureen\appdata\local\{415E7809-8DDC-48BA-8BDF-74228B6796F1}
2011-09-28 18:00:59 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{8dc38ec9-1422-448b-87d2-5d4b07baba1e}\offreg.dll
2011-09-28 09:11:19 -------- d-----w- c:\users\maureen\appdata\local\{83FE8C22-975F-49A5-B50C-D563CC70BA84}
2011-09-28 09:11:06 -------- d-----w- c:\users\maureen\appdata\local\{D304F8C5-0A5B-4F08-B071-3BA5A44C2A8B}
2011-09-27 19:04:42 -------- d-----w- c:\users\maureen\appdata\roaming\SAGA Photobooks
2011-09-27 16:17:34 -------- d-----w- c:\program files\SAGA Photobooks
2011-09-27 09:39:13 7269712 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{8dc38ec9-1422-448b-87d2-5d4b07baba1e}\mpengine.dll
2011-09-27 09:34:32 -------- d-----w- c:\users\maureen\appdata\local\{6079D6F8-CDDA-4EEF-A8F4-CEA6B6B5FB1D}
2011-09-27 09:34:15 -------- d-----w- c:\users\maureen\appdata\local\{7BB66BE4-81D6-45ED-9263-4DA7C6BD6780}
2011-09-26 16:06:21 -------- d-----w- C:\Acrobat3
2011-09-26 16:05:54 26624 ----a-w- c:\windows\system32\CAMCPL.CPL
2011-09-26 15:47:39 -------- d-----w- c:\users\maureen\appdata\roaming\Dpf
2011-09-26 15:47:39 -------- d-----w- c:\users\maureen\appdata\roaming\Digital Photo Finalizer
2011-09-26 15:47:39 -------- d-----w- c:\users\maureen\appdata\local\Digital Photo Finalizer
2011-09-26 15:47:31 -------- d-----w- c:\program files\Digital Photo Finalizer
2011-09-26 09:14:15 -------- d-----w- c:\users\maureen\appdata\local\{6C42CAB1-EDB8-4A26-82F5-8989F7348190}
2011-09-26 09:14:01 -------- d-----w- c:\users\maureen\appdata\local\{BFE5CDB9-3E62-41ED-B697-2CB888447370}
2011-09-25 10:49:13 -------- d-----w- c:\users\maureen\appdata\local\{275F7EA0-70F7-4263-BB88-D823D32A232B}
2011-09-25 10:49:01 -------- d-----w- c:\users\maureen\appdata\local\{D8C48E67-0A32-4602-B594-7F333CF9C777}
2011-09-24 11:24:34 -------- d-----w- c:\users\maureen\appdata\local\Smilebox
2011-09-24 11:19:39 -------- d-----w- c:\users\maureen\appdata\roaming\Smilebox
2011-09-24 10:44:12 -------- d-----w- c:\users\maureen\appdata\local\{8BCF4D6C-6DD3-493C-A794-0CDD4FB653E6}
2011-09-24 10:43:59 -------- d-----w- c:\users\maureen\appdata\local\{81CAAB04-59CE-48FC-A8AB-DAADFA1DBCE4}
2011-09-23 10:59:59 -------- d-----w- c:\users\maureen\appdata\local\{38F1B3E8-E27F-4CC9-968C-31225DF1BD70}
2011-09-23 10:59:45 -------- d-----w- c:\users\maureen\appdata\local\{6D1F4760-D5E1-4AE8-9C34-D89D31C414CA}
2011-09-22 11:09:53 -------- d-----w- c:\users\maureen\appdata\local\{DD7C86AD-22D8-4A03-A6EC-8BA9E12B9659}
2011-09-22 11:09:41 -------- d-----w- c:\users\maureen\appdata\local\{1AC3C1CB-DFA1-4372-BF32-3F00069DA48D}
2011-09-21 15:00:33 -------- d-----w- c:\users\maureen\appdata\local\{88D3EBDE-2135-4147-8872-380BB5F19C85}
2011-09-21 15:00:21 -------- d-----w- c:\users\maureen\appdata\local\{1C7C5C46-8AFA-4563-B075-C3781276A816}
2011-09-20 13:34:10 -------- d-----w- c:\users\maureen\appdata\local\GinoPlayer
2011-09-20 11:40:03 -------- d-----w- c:\program files\GinoPlayer
2011-09-20 10:09:47 -------- d-----w- c:\users\maureen\appdata\local\{55A53DD8-AF6E-45D2-BBFA-83D34513D6F8}
2011-09-20 10:09:34 -------- d-----w- c:\users\maureen\appdata\local\{FC99722C-0BF0-4EE8-9348-C774AE1A1588}
2011-09-19 15:25:33 -------- d-----w- c:\users\maureen\appdata\local\{8349E77E-A4B2-42B7-BAA4-9108DCABFC2D}
2011-09-19 15:25:21 -------- d-----w- c:\users\maureen\appdata\local\{9A69D932-D609-484D-8FEA-0D4D2917EE3C}
2011-09-18 18:36:18 -------- d-----w- c:\users\maureen\appdata\local\{A3E0B9EA-9AAB-4D23-B7C3-7C6ED60D21A2}
2011-09-18 18:35:59 -------- d-----w- c:\users\maureen\appdata\local\{FAFB29BA-2945-46F5-8F10-616C8065F782}
2011-09-03 11:27:59 -------- d-----w- c:\users\maureen\appdata\local\{095B7D40-3532-405F-BBBC-52FBF19C0F88}
2011-09-03 11:27:44 -------- d-----w- c:\users\maureen\appdata\local\{EECF507E-03A3-4045-9DCC-45F04B2F587F}
2011-09-02 11:42:02 -------- d-----w- c:\users\maureen\appdata\local\{C90910FA-DE8E-424F-893A-02F5A39126CB}
2011-09-02 11:41:50 -------- d-----w- c:\users\maureen\appdata\local\{57BE2680-3E06-4B6A-A580-CCDD3B516140}
2011-09-01 10:37:42 -------- d-----w- c:\users\maureen\appdata\local\{4714311B-6971-4369-AFED-E911633115AD}
2011-09-01 10:37:30 -------- d-----w- c:\users\maureen\appdata\local\{E725D4EB-6BCB-4AF3-9A35-97BB60609184}
2011-08-31 18:54:53 -------- d-----w- c:\users\maureen\appdata\local\{11F3C2F6-34BC-4C57-B2D7-C95D4923E7A7}
2011-08-31 18:54:41 -------- d-----w- c:\users\maureen\appdata\local\{E367A0BC-2814-405A-8AC2-27B87BA2FF40}
.
==================== Find3M ====================
.
2011-09-29 11:36:28 17488 ----a-w- c:\windows\gdrv.sys
2011-09-26 19:48:02 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-31 16:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-22 02:54:43 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-07-22 02:48:26 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-07-22 02:44:36 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-16 04:27:30 290816 ----a-w- c:\windows\system32\KernelBase.dll
2011-07-16 02:17:19 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:17:19 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:17:19 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17:19 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-09 04:29:46 2048 ----a-w- c:\windows\system32\tzres.dll
2011-07-09 02:30:00 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-07-02 18:36:07 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-03-30 15:51:00 49152 ----a-w- c:\program files\DOMSupport.dll
2011-03-30 15:51:00 2723840 ----a-w- c:\program files\DBEngine.dll
2011-03-30 15:50:59 315392 ----a-w- c:\program files\DBConverter.dll
.
============= FINISH: 16:06:02.12 ===============

#8 Reena

Reena
  • Topic Starter

  • Members
  • 391 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:UK
  • Local time:02:29 AM

Posted 29 September 2011 - 10:39 AM




MY THANKS IN ADVANCE!


#9 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:29 AM

Posted 29 September 2011 - 10:11 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

----------------------------------------------

Let's start by ruling out/in rootkit activity

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Posted Image
m0le is a proud member of UNITE

#10 Reena

Reena
  • Topic Starter

  • Members
  • 391 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:UK
  • Local time:02:29 AM

Posted 30 September 2011 - 06:55 AM

Thank you, M0le.

I am in the Uk so there will be a slight time-delay in our communication.

Here is the log you asked for:
....................................................................................



aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-09-30 12:51:25
-----------------------------
12:51:25.798 OS Version: Windows 6.1.7601 Service Pack 1
12:51:25.798 Number of processors: 2 586 0x402
12:51:25.798 ComputerName: MAUREEN-PC UserName: Maureen
12:51:37.826 Initialize success
12:51:52.621 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
12:51:52.621 Disk 0 Vendor: SAMSUNG_HD103SI 1AG01118 Size: 953869MB BusType: 3
12:51:54.649 Disk 0 MBR read successfully
12:51:54.649 Disk 0 MBR scan
12:51:54.649 Disk 0 Windows 7 default MBR code
12:51:54.649 Disk 0 scanning sectors +1953521664
12:51:54.727 Disk 0 scanning C:\Windows\system32\drivers
12:51:59.922 Service scanning
12:52:00.717 Service Vsdatant C:\Windows\system32\DRIVERS\vsdatant.sys **LOCKED** 32
12:52:01.263 Modules scanning
12:52:07.066 Disk 0 trace - called modules:
12:52:07.082 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
12:52:07.082 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86728030]
12:52:07.082 3 CLASSPNP.SYS[8c37759e] -> nt!IofCallDriver -> [0x8626f918]
12:52:07.082 5 ACPI.sys[8be283d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x8627f908]
12:52:07.410 Scan finished successfully
12:52:44.553 Disk 0 MBR has been saved successfully to "C:\Users\Maureen\Desktop\MBR.dat"
12:52:44.569 The log file has been saved successfully to "C:\Users\Maureen\Desktop\aswMBR log.txt"

#11 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:29 AM

Posted 30 September 2011 - 05:23 PM

I am in the Uk so there will be a slight time-delay in our communication.


Did you check where I was from? :wink:

We are going to run a batch file to restore the Hosts file. Save it to the desk top. (Vista and Windows 7 need to run as Administrator)

Copy and paste these lines into Notepad.

@Echo on
pushd\windows\system32\drivers\etc
attrib -h -s -r hosts
echo 127.0.0.1 localhost>HOSTS
attrib +r +h +s hosts
popd
ipconfig /release
ipconfig /renew
ipconfig /flushdns
netsh winsock reset all
netsh int ip reset all
shutdown -r -t 1
del %0
Save as flush.bat to your desktop.
Double click on the flush.bat file to run it.
Your computer will reboot itself.


Now please run OTL, a scanner similar to DDS

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Posted Image
m0le is a proud member of UNITE

#12 Reena

Reena
  • Topic Starter

  • Members
  • 391 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:UK
  • Local time:02:29 AM

Posted 01 October 2011 - 06:08 AM

Did you check where I was from?



Apologies, Mole : I didn't!! Greetings!

Only one Notepad text file appeared!

.................................................................




OTL logfile created on: 01/10/2011 12:00:03 - Run 4
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Maureen\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.25 Gb Total Physical Memory | 2.21 Gb Available Physical Memory | 67.90% Memory free
6.50 Gb Paging File | 5.31 Gb Available in Paging File | 81.69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931.41 Gb Total Space | 876.37 Gb Free Space | 94.09% Space Free | Partition Type: NTFS
Drive D: | 210.50 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MAUREEN-PC | User Name: Maureen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Maureen\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
PRC - C:\Program Files\AntiLogger\AntiLogger.exe (Zemana Ltd.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Program Files\Secunia\PSI\psia.exe (Secunia)
PRC - C:\Program Files\Secunia\PSI\sua.exe (Secunia)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
PRC - C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe (Check Point Software Technologies)
PRC - C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
PRC - C:\Windows\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\Software Informer\softinfo.exe (Informer Technologies, Inc.)
PRC - C:\Program Files\Gigabyte\EasySaver\essvr.exe ()
PRC - C:\Windows\System32\spool\drivers\w32x86\3\E_L17651.EXE (SEIKO EPSON CORPORATION)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll ()


========== Win32 Services (SafeList) ==========

SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (nosGetPlusHelper) getPlus® -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (Secunia PSI Agent) -- C:\Program Files\Secunia\PSI\PSIA.exe (Secunia)
SRV - (Secunia Update Agent) -- C:\Program Files\Secunia\PSI\sua.exe (Secunia)
SRV - (IswSvc) -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe (Check Point Software Technologies)
SRV - (vsmon) -- C:\Windows\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (ES lite Service) -- C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE ()
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows ® 2000 DDK provider)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (AntiLog32) -- C:\Program Files\AntiLogger\AntiLog32.sys (Zemana Ltd.)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (ISWKL) -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys (Check Point Software Technologies)
DRV - (PSI) -- C:\Windows\System32\drivers\psi_mf.sys (Secunia)
DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (Vsdatant) -- C:\Windows\System32\drivers\vsdatant.sys (Check Point Software Technologies LTD)
DRV - (RTHDMIAzAudService) -- C:\Windows\System32\drivers\RtHDMIV.sys (Realtek Semiconductor Corp.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (PID_PEPI) Logitech QuickCam IM(PID_PEPI) -- C:\Windows\System32\drivers\LV302V32.SYS (Logitech Inc.)
DRV - (pepifilter) -- C:\Windows\System32\drivers\lv302af.sys (Logitech Inc.)
DRV - (Afc) -- C:\Windows\System32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (APL531) -- C:\Windows\System32\drivers\ov550i.sys (Omnivision Technologies, Inc.)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SYSTEM32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\URLSearchHook: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - No CLSID value found

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+®,version=1.6.2.103: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+®,version=1.6.2.97: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2011/02/07 12:24:05 | 000,000,000 | ---D | M]


========== Chrome ==========


O1 HOSTS File: ([2011/09/24 14:54:49 | 000,000,021 | RHS- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (IE to GetRight Helper) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll (Headlight Software, Inc.)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [AntiLogger] C:\Program Files\AntiLogger\AntiLogger.exe (Zemana Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [EPSON AL-M1200 Advanced] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_L17651.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [Software Informer] C:\Program Files\Software Informer\softinfo.exe (Informer Technologies, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: greenmetropolis.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: mail.com ([web] https in Trusted sites)
O15 - HKCU\..Trusted Domains: moneysavingexpert.com ([www] https in Trusted sites)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://pcpitstop.com/betapit/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} http://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} http://utilities.pcpitstop.com/DiskMD3/DiskMD3Ctrl.dll (diskhealth Class)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadblocker.com/activex/sabspx.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{37F599C9-A95C-4302-8CAE-2F1198198E8A}: DhcpNameServer = 192.168.1.1 192.168.1.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O29 - HKLM SecurityProviders - (credssp.dll) -C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) -C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) -C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) -C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) -C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) -C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) -C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) -C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) -C:\Windows\System32\livessp.dll (Microsoft Corp.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [1999/03/16 14:12:52 | 000,000,000 | ---D | M] - D:\AUTOPLAY -- [ CDFS ]
O32 - AutoRun File - [1998/08/14 01:19:48 | 000,286,720 | R--- | M] (Adobe Systems, Incorporated) - D:\AUTOPLAY.EXE -- [ CDFS ]
O32 - AutoRun File - [1998/03/19 04:10:52 | 000,000,057 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/01 11:29:36 | 000,000,000 | ---D | C] -- C:\Users\Maureen\AppData\Local\{A78805B9-CA06-4E3C-9D7C-0403984C52DE}
[2011/10/01 11:29:21 | 000,000,000 | ---D | C] -- C:\Users\Maureen\AppData\Local\{341CCE86-EF9C-4987-BD9A-37C9B1B35383}
[2011/09/30 15:11:01 | 000,000,000 | ---D | C] -- C:\Users\Maureen\Desktop\gardensept30 3
[2011/09/30 15:09:46 | 000,000,000 | ---D | C] -- C:\Users\Maureen\Desktop\gardensept30 Les
[2011/09/30 12:03:35 | 000,000,000 | ---D | C] -- C:\Users\Maureen\Desktop\car damage 1
[2011/09/30 12:02:39 | 000,000,000 | ---D | C] -- C:\Users\Maureen\Desktop\car damage 2
[2011/09/30 11:14:30 | 000,000,000 | ---D | C] -- C:\Users\Maureen\AppData\Local\{9D4FA81D-AC1B-4521-82D5-F2C4EF6BB10E}
[2011/09/30 11:14:18 | 000,000,000 | ---D | C] -- C:\Users\Maureen\AppData\Local\{52F387D4-02C9-4DEB-949B-1BFFD5556783}
[2011/09/29 16:34:00 | 000,000,000 | ---D | C] -- C:\Users\Maureen\Desktop\bleeping computer items sept 30
[2011/09/29 12:37:54 | 000,000,000 | ---D | C] -- C:\Users\Maureen\AppData\Local\{B5960EF1-0BE9-4B13-BA57-AF3FF3491BF4}
[2011/09/29 12:37:41 | 000,000,000 | ---D | C] -- C:\Users\Maureen\AppData\Local\{415E7809-8DDC-48BA-8BDF-74228B6796F1}
[2011/09/28 20:19:44 | 000,000,000 | ---D | C] -- C:\Users\Maureen\Desktop\Corinium IMAGES
[2011/09/28 20:08:06 | 000,000,000 | ---D | C] -- C:\Users\Maureen\Desktop\Corinium 1
[2011/09/28 10:11:19 | 000,000,000 | ---D | C] -- C:\Users\Maureen\AppData\Local\{83FE8C22-975F-49A5-B50C-D563CC70BA84}
[2011/09/28 10:11:06 | 000,000,000 | ---D | C] -- C:\Users\Maureen\AppData\Local\{D304F8C5-0A5B-4F08-B071-3BA5A44C2A8B}
[2011/09/27 20:04:42 | 000,000,000 | ---D | C] -- C:\Users\Maureen\Documents\SAGA Photobooks Projects
[2011/09/27 20:04:42 | 000,000,000 | ---D | C] -- C:\Users\Maureen\AppData\Roaming\SAGA Photobooks
[2011/09/27 17:17:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SAGA Photobooks
[2011/09/27 17:17:34 | 000,000,000 | ---D | C] -- C:\Program Files\SAGA Photobooks
[2011/09/27 10:34:32 | 000,000,000 | ---D | C] -- C:\Users\Maureen\AppData\Local\{6079D6F8-CDDA-4EEF-A8F4-CEA6B6B5FB1D}
[2011/09/27 10:34:15 | 000,000,000 | ---D | C] -- C:\Users\Maureen\AppData\Local\{7BB66BE4-81D6-45ED-9263-4DA7C6BD6780}
[2011/09/26 17:06:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat
[2011/09/26 17:06:21 | 000,000,000 | ---D | C] -- C:\Acrobat3
[2011/09/26 17:05:54 | 000,026,624 | ---- | C] (FotoNation inc.) -- C:\Windows\System32\CAMCPL.CPL
[2011/09/26 16:52:07 | 000,000,000 | ---D | C] -- C:\Users\Maureen\Desktop\edited image
[2011/09/26 16:47:39 | 000,000,000 | ---D | C] -- C:\Users\Maureen\AppData\Roaming\Dpf
[2011/09/26 16:47:39 | 000,000,000 | ---D | C] -- C:\Users\Maureen\AppData\Roaming\Digital Photo Finalizer
[2011/09/26 16:47:39 | 000,000,000 | ---D | C] -- C:\Users\Maureen\AppData\Local\Digital Photo Finalizer
[2011/09/26 16:47:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Digital Photo Finalizer
[2011/09/26 16:47:31 | 000,000,000 | ---D | C] -- C:\Program Files\Digital Photo Finalizer
[2011/09/26 16:27:57 | 000,000,000 | ---D | C] -- C:\Users\Maureen\Desktop\ME Sept 2011
[2011/09/26 15:01:57 | 000,000,000 | ---D | C] -- C:\Users\Maureen\Desktop\ECCE
[2011/09/26 10:14:15 | 000,000,000 | ---D | C] -- C:\Users\Maureen\AppData\Local\{6C42CAB1-EDB8-4A26-82F5-8989F7348190}
[2011/09/26 10:14:01 | 000,000,000 | ---D | C] -- C:\Users\Maureen\AppData\Local\{BFE5CDB9-3E62-41ED-B697-2CB888447370}
[2011/09/25 16:22:39 | 000,000,000 | ---D | C] -- C:\Users\Maureen\Desktop\Fun with photos 14
[2011/09/25 15:29:11 | 000,000,000 | ---D | C] -- C:\Users\Maureen\Desktop\New folder (3)
[2011/09/25 11:49:13 | 000,000,000 | ---D | C] -- C:\Users\Maureen\AppData\Local\{275F7EA0-70F7-4263-BB88-D823D32A232B}
[2011/09/25 11:49:01 | 000,000,000 | ---D | C] -- C:\Users\Maureen\AppData\Local\{D8C48E67-0A32-4602-B594-7F333CF9C777}
[2011/09/24 12:24:34 | 000,000,000 | ---D | C] -- C:\Users\Maureen\AppData\Local\Smilebox
[2011/09/24 12:19:39 | 000,000,000 | ---D | C] -- C:\Users\Maureen\AppData\Roaming\Smilebox
[2011/09/24 11:44:12 | 000,000,000 | ---D | C] -- C:\Users\Maureen\AppData\Local\{8BCF4D6C-6DD3-493C-A794-0CDD4FB653E6}
[2011/09/24 11:43:59 | 000,000,000 | ---D | C] -- C:\Users\Maureen\AppData\Local\{81CAAB04-59CE-48FC-A8AB-DAADFA1DBCE4}
[2011/09/23 11:59:59 | 000,000,000 | ---D | C] -- C:\Users\Maureen\AppData\Local\{38F1B3E8-E27F-4CC9-968C-31225DF1BD70}
[2011/09/23 11:59:45 | 000,000,000 | ---D | C] -- C:\Users\Maureen\AppData\Local\{6D1F4760-D5E1-4AE8-9C34-D89D31C414CA}
[2011/09/22 12:09:53 | 000,000,000 | ---D | C] -- C:\Users\Maureen\AppData\Local\{DD7C86AD-22D8-4A03-A6EC-8BA9E12B9659}
[2011/09/22 12:09:41 | 000,000,000 | ---D | C] -- C:\Users\Maureen\AppData\Local\{1AC3C1CB-DFA1-4372-BF32-3F00069DA48D}
[2011/09/21 16:00:33 | 000,000,000 | ---D | C] -- C:\Users\Maureen\AppData\Local\{88D3EBDE-2135-4147-8872-380BB5F19C85}
[2011/09/21 16:00:21 | 000,000,000 | ---D | C] -- C:\Users\Maureen\AppData\Local\{1C7C5C46-8AFA-4563-B075-C3781276A816}
[2011/09/20 21:31:04 | 000,000,000 | ---D | C] -- C:\Users\Maureen\Desktop\September 2011
[2011/09/20 20:50:56 | 000,000,000 | ---D | C] -- C:\Users\Maureen\Desktop\MUSIC
[2011/09/20 14:34:10 | 000,000,000 | ---D | C] -- C:\Users\Maureen\AppData\Local\GinoPlayer
[2011/09/20 12:40:12 | 000,000,000 | ---D | C] -- C:\Users\Maureen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GinoPlayer
[2011/09/20 12:40:03 | 000,000,000 | ---D | C] -- C:\Program Files\GinoPlayer
[2011/09/20 11:09:47 | 000,000,000 | ---D | C] -- C:\Users\Maureen\AppData\Local\{55A53DD8-AF6E-45D2-BBFA-83D34513D6F8}
[2011/09/20 11:09:34 | 000,000,000 | ---D | C] -- C:\Users\Maureen\AppData\Local\{FC99722C-0BF0-4EE8-9348-C774AE1A1588}
[2011/09/19 17:33:17 | 000,000,000 | ---D | C] -- C:\Users\Maureen\Desktop\New folder (2)
[2011/09/19 16:25:33 | 000,000,000 | ---D | C] -- C:\Users\Maureen\AppData\Local\{8349E77E-A4B2-42B7-BAA4-9108DCABFC2D}
[2011/09/19 16:25:21 | 000,000,000 | ---D | C] -- C:\Users\Maureen\AppData\Local\{9A69D932-D609-484D-8FEA-0D4D2917EE3C}
[2011/09/18 19:36:18 | 000,000,000 | ---D | C] -- C:\Users\Maureen\AppData\Local\{A3E0B9EA-9AAB-4D23-B7C3-7C6ED60D21A2}
[2011/09/18 19:35:59 | 000,000,000 | ---D | C] -- C:\Users\Maureen\AppData\Local\{FAFB29BA-2945-46F5-8F10-616C8065F782}
[2011/09/03 12:27:59 | 000,000,000 | ---D | C] -- C:\Users\Maureen\AppData\Local\{095B7D40-3532-405F-BBBC-52FBF19C0F88}
[2011/09/03 12:27:44 | 000,000,000 | ---D | C] -- C:\Users\Maureen\AppData\Local\{EECF507E-03A3-4045-9DCC-45F04B2F587F}
[2011/09/02 12:42:02 | 000,000,000 | ---D | C] -- C:\Users\Maureen\AppData\Local\{C90910FA-DE8E-424F-893A-02F5A39126CB}
[2011/09/02 12:41:50 | 000,000,000 | ---D | C] -- C:\Users\Maureen\AppData\Local\{57BE2680-3E06-4B6A-A580-CCDD3B516140}
[2011/03/30 16:52:57 | 000,811,008 | ---- | C] (FileMaker, Inc.) -- C:\Program Files\libeay32.dll
[2011/03/30 16:52:57 | 000,159,744 | ---- | C] (FileMaker, Inc.) -- C:\Program Files\ssleay32.dll
[2011/03/30 16:52:56 | 000,245,760 | ---- | C] (Apache Software Foundation) -- C:\Program Files\XercesParserLiaison.dll
[2011/03/30 16:52:54 | 001,568,768 | ---- | C] (Apache Software Foundation) -- C:\Program Files\Xerces.dll
[2011/03/30 16:52:53 | 000,393,216 | ---- | C] (FileMaker, Inc.) -- C:\Program Files\XText.dll
[2011/03/30 16:52:53 | 000,212,992 | ---- | C] (Apache Software Foundation) -- C:\Program Files\XalanSourceTree.dll
[2011/03/30 16:52:53 | 000,122,880 | ---- | C] (Apache Software Foundation) -- C:\Program Files\XalanTransformer.dll
[2011/03/30 16:52:53 | 000,065,536 | ---- | C] (Apache Software Foundation) -- C:\Program Files\XalanDOM.dll
[2011/03/30 16:52:53 | 000,032,256 | ---- | C] (Apache Software Foundation) -- C:\Program Files\XalanExtensions.dll
[2011/03/30 16:52:52 | 000,905,216 | ---- | C] (Apache Software Foundation) -- C:\Program Files\XSLT.dll
[2011/03/30 16:52:51 | 000,516,096 | ---- | C] (Apache Software Foundation) -- C:\Program Files\XPath.dll
[2011/03/30 16:52:50 | 000,831,488 | ---- | C] (FileMaker, Inc.) -- C:\Program Files\XMLEngine.dll
[2011/03/30 16:52:50 | 000,163,840 | ---- | C] (Apache Software Foundation) -- C:\Program Files\XMLSupport.dll
[2011/03/30 16:52:49 | 000,204,800 | ---- | C] (FileMaker, Inc.) -- C:\Program Files\XGrfx.dll
[2011/03/30 16:52:48 | 000,561,152 | ---- | C] (FileMaker, Inc.) -- C:\Program Files\XFC.dll
[2011/03/30 16:52:48 | 000,446,464 | ---- | C] (FileMaker, Inc.) -- C:\Program Files\XDraw.dll
[2011/03/30 16:52:47 | 000,094,208 | ---- | C] (FileMaker, Inc.) -- C:\Program Files\XCore.dll
[2011/03/30 16:52:46 | 001,478,656 | ---- | C] (FileMaker, Inc.) -- C:\Program Files\Support.dll
[2011/03/30 16:52:45 | 000,540,672 | ---- | C] (FileMaker, Inc.) -- C:\Program Files\ProofReader.dll
[2011/03/30 16:52:45 | 000,270,336 | ---- | C] (Apache Software Foundation) -- C:\Program Files\PlatformSupport.dll
[2011/03/30 16:52:44 | 001,216,512 | ---- | C] (FileMaker, Inc.) -- C:\Program Files\OmniORB4.dll
[2011/03/30 16:52:44 | 000,022,016 | ---- | C] (FileMaker, Inc.) -- C:\Program Files\OmniThread.dll
[2011/03/30 16:52:40 | 001,505,280 | ---- | C] (FileMaker, Inc.) -- C:\Program Files\OmniDynamic4.dll
[2011/03/30 16:52:37 | 000,057,344 | ---- | C] (FileMaker, Inc.) -- C:\Program Files\NSViews.dll
[2011/03/30 16:52:36 | 005,935,104 | ---- | C] (FileMaker, Inc.) -- C:\Program Files\MyStory.exe
[2011/03/30 16:52:25 | 000,495,616 | ---- | C] (FileMaker, Inc.) -- C:\Program Files\HBAM.dll
[2011/03/30 16:52:25 | 000,114,688 | ---- | C] (FileMaker, Inc.) -- C:\Program Files\MFCX.dll
[2011/03/30 16:52:23 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Program Files\GdiPlus.dll
[2011/03/30 16:52:23 | 000,122,880 | ---- | C] (FileMaker, Inc.) -- C:\Program Files\FMWrapper.dll
[2011/03/30 16:52:22 | 000,495,616 | ---- | C] (FileMaker, Inc.) -- C:\Program Files\FMUserModel.dll
[2011/03/30 16:52:22 | 000,487,424 | ---- | C] (FileMaker, Inc.) -- C:\Program Files\FMScript.dll
[2011/03/30 16:52:21 | 008,151,040 | ---- | C] (FileMaker, Inc.) -- C:\Program Files\FMRSRC.dll
[2011/03/30 16:52:14 | 000,299,008 | ---- | C] (FileMaker, Inc.) -- C:\Program Files\FMLayout.dll
[2011/03/30 16:52:14 | 000,114,688 | ---- | C] (FileMaker, Inc.) -- C:\Program Files\FMOLE.dll
[2011/03/30 16:52:14 | 000,106,496 | ---- | C] (FileMaker, Inc.) -- C:\Program Files\FML10.dll
[2011/03/30 16:50:32 | 000,049,152 | ---- | C] (Apache Software Foundation) -- C:\Program Files\DOMSupport.dll
[2011/03/30 16:50:30 | 002,723,840 | ---- | C] (FileMaker, Inc.) -- C:\Program Files\DBEngine.dll
[2011/03/30 16:50:29 | 000,315,392 | ---- | C] (FileMaker, Inc.) -- C:\Program Files\DBConverter.dll
[2007/10/14 19:35:00 | 000,040,960 | ---- | C] ( ) -- C:\Windows\OMNIUNS.EXE
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/01 12:01:07 | 000,015,008 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/01 12:01:07 | 000,015,008 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/01 11:54:05 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/01 11:53:53 | 000,017,488 | ---- | M] (Windows ® 2000 DDK provider) -- C:\Windows\gdrv.sys
[2011/10/01 11:53:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/01 11:53:44 | 2616,057,856 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/01 11:37:08 | 000,001,884 | ---- | M] () -- C:\Users\Maureen\Desktop\Smilebox.lnk
[2011/10/01 11:37:08 | 000,001,864 | ---- | M] () -- C:\Users\Maureen\Application Data\Microsoft\Internet Explorer\Quick Launch\Smilebox.lnk
[2011/10/01 11:32:03 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/30 15:26:41 | 000,000,178 | ---- | M] () -- C:\Users\Maureen\Desktop\Free Email Addresses Web based and secure Email - mail.com.url
[2011/09/30 13:11:00 | 000,000,514 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 27b5abda-b8c7-4be7-a888-6231fb512097.job
[2011/09/29 20:46:27 | 000,011,890 | ---- | M] () -- C:\Users\Maureen\Desktop\book.jpg
[2011/09/29 16:38:14 | 000,000,374 | ---- | M] () -- C:\Users\Maureen\Desktop\BleepingComputer.com User CP.url
[2011/09/29 15:45:41 | 000,000,380 | ---- | M] () -- C:\Users\Maureen\Desktop\Similar problem with denied access to Hosts file (2).url
[2011/09/28 17:21:37 | 000,002,048 | ---- | M] () -- C:\Users\Maureen\AppData\Roaming\SAGA Photobooks Prefs
[2011/09/28 10:36:13 | 000,129,813 | ---- | M] () -- C:\Users\Maureen\Desktop\Scribbler_1.png
[2011/09/27 17:17:47 | 000,001,983 | ---- | M] () -- C:\Users\Public\Desktop\SAGA Photobooks.lnk
[2011/09/26 20:48:02 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/09/26 17:06:27 | 000,000,153 | ---- | M] () -- C:\Windows\ACROREAD.INI
[2011/09/26 17:05:56 | 000,000,165 | ---- | M] () -- C:\Windows\KPCMS.INI
[2011/09/26 16:50:00 | 000,570,227 | ---- | M] () -- C:\Users\Maureen\Desktop\CIMG1162_1 AGAIN.jpg
[2011/09/26 16:17:21 | 000,000,202 | ---- | M] () -- C:\Users\Maureen\Desktop\Becoming a Soldier.url
[2011/09/26 15:30:38 | 000,000,186 | ---- | M] () -- C:\Users\Maureen\Desktop\Testimonials Car Body Repairs Dorset, Vehicle Damage Services Poole, Alloy Wheel Refurbishment UK, Car Repairs Bournemouth, Windscreen Repairs Dorset.url
[2011/09/26 13:00:01 | 000,000,241 | ---- | M] () -- C:\Users\Maureen\Desktop\Flickr Flickr Mail Your Inbox.url
[2011/09/25 14:28:13 | 000,000,000 | ---- | M] () -- C:\Users\Maureen\defogger_reenable
[2011/09/24 16:46:25 | 000,125,523 | ---- | M] () -- C:\Users\Maureen\Desktop\fountain.jpg
[2011/09/24 15:24:25 | 000,000,290 | ---- | M] () -- C:\Users\Maureen\Desktop\Similar problem with denied access to Hosts file.url
[2011/09/23 12:53:02 | 000,000,288 | ---- | M] () -- C:\Users\Maureen\Desktop\Fun With Fotos~#14.url
[2011/09/20 22:03:23 | 000,000,185 | ---- | M] () -- C:\Users\Maureen\Desktop\LunaPic Free Online Photo Editor.url
[2011/09/20 22:01:30 | 000,000,295 | ---- | M] () -- C:\Users\Maureen\Desktop\Your View.url
[2011/09/20 21:38:13 | 000,069,632 | ---- | M] () -- C:\Users\Maureen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/20 16:00:43 | 000,000,463 | ---- | M] () -- C:\Users\Maureen\Desktop\Free Postcode Lottery.url
[2011/09/20 14:49:19 | 000,000,178 | ---- | M] () -- C:\Users\Maureen\Desktop\Free Email Addresses Web based and secure Email - mail.com (3).url
[2011/09/20 14:12:42 | 000,001,095 | ---- | M] () -- C:\Users\Maureen\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/09/01 20:14:47 | 000,628,024 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/09/01 20:14:47 | 000,110,208 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/01 11:37:08 | 000,001,884 | ---- | C] () -- C:\Users\Maureen\Desktop\Smilebox.lnk
[2011/10/01 11:37:08 | 000,001,870 | ---- | C] () -- C:\Users\Maureen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Smilebox.lnk
[2011/10/01 11:37:08 | 000,001,864 | ---- | C] () -- C:\Users\Maureen\Application Data\Microsoft\Internet Explorer\Quick Launch\Smilebox.lnk
[2011/09/29 20:47:13 | 000,011,890 | ---- | C] () -- C:\Users\Maureen\Desktop\book.jpg
[2011/09/29 16:38:14 | 000,000,374 | ---- | C] () -- C:\Users\Maureen\Desktop\BleepingComputer.com User CP.url
[2011/09/29 16:16:16 | 000,302,592 | ---- | C] () -- C:\Users\Maureen\Desktop\gmer.exe
[2011/09/29 15:45:41 | 000,000,380 | ---- | C] () -- C:\Users\Maureen\Desktop\Similar problem with denied access to Hosts file (2).url
[2011/09/28 10:36:13 | 000,129,813 | ---- | C] () -- C:\Users\Maureen\Desktop\Scribbler_1.png
[2011/09/27 20:04:54 | 000,002,048 | ---- | C] () -- C:\Users\Maureen\AppData\Roaming\SAGA Photobooks Prefs
[2011/09/27 17:17:47 | 000,001,983 | ---- | C] () -- C:\Users\Public\Desktop\SAGA Photobooks.lnk
[2011/09/26 17:06:23 | 000,000,153 | ---- | C] () -- C:\Windows\ACROREAD.INI
[2011/09/26 16:49:57 | 000,570,227 | ---- | C] () -- C:\Users\Maureen\Desktop\CIMG1162_1 AGAIN.jpg
[2011/09/26 16:17:21 | 000,000,202 | ---- | C] () -- C:\Users\Maureen\Desktop\Becoming a Soldier.url
[2011/09/26 15:30:38 | 000,000,186 | ---- | C] () -- C:\Users\Maureen\Desktop\Testimonials Car Body Repairs Dorset, Vehicle Damage Services Poole, Alloy Wheel Refurbishment UK, Car Repairs Bournemouth, Windscreen Repairs Dorset.url
[2011/09/26 13:00:01 | 000,000,241 | ---- | C] () -- C:\Users\Maureen\Desktop\Flickr Flickr Mail Your Inbox.url
[2011/09/25 14:28:13 | 000,000,000 | ---- | C] () -- C:\Users\Maureen\defogger_reenable
[2011/09/25 13:11:00 | 000,000,514 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 27b5abda-b8c7-4be7-a888-6231fb512097.job
[2011/09/24 16:47:04 | 000,125,523 | ---- | C] () -- C:\Users\Maureen\Desktop\fountain.jpg
[2011/09/24 15:24:25 | 000,000,290 | ---- | C] () -- C:\Users\Maureen\Desktop\Similar problem with denied access to Hosts file.url
[2011/09/23 12:53:02 | 000,000,288 | ---- | C] () -- C:\Users\Maureen\Desktop\Fun With Fotos~#14.url
[2011/09/20 22:01:30 | 000,000,295 | ---- | C] () -- C:\Users\Maureen\Desktop\Your View.url
[2011/09/20 20:40:23 | 000,000,185 | ---- | C] () -- C:\Users\Maureen\Desktop\LunaPic Free Online Photo Editor.url
[2011/09/20 16:00:43 | 000,000,463 | ---- | C] () -- C:\Users\Maureen\Desktop\Free Postcode Lottery.url
[2011/08/08 13:04:31 | 000,000,000 | ---- | C] () -- C:\Users\Maureen\AppData\Local\{F9AEA151-7C07-4837-900C-9EFFDCCBBF36}
[2011/07/26 12:47:48 | 000,034,704 | ---- | C] () -- C:\Windows\syscall.dat
[2011/04/20 01:21:02 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2011/03/30 16:57:22 | 000,000,000 | ---- | C] () -- C:\Windows\CDMP_RtfViewer.INI
[2011/03/30 16:52:14 | 000,038,368 | ---- | C] () -- C:\Program Files\FMPA Acknowledgements.pdf
[2011/03/30 16:50:32 | 033,906,688 | ---- | C] () -- C:\Program Files\Data.USR
[2011/03/30 16:49:14 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI
[2011/03/17 17:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011/02/28 21:30:06 | 000,233,012 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011/02/06 17:22:33 | 000,000,116 | ---- | C] () -- C:\Windows\homeDVD-Photos3_dlx.INI
[2011/02/06 16:33:27 | 000,019,968 | ---- | C] () -- C:\Windows\System32\cpuinf32.dll
[2011/02/04 16:40:05 | 000,000,022 | -HS- | C] () -- C:\Users\Maureen\AppData\Roaming\Sys6925.Config Collection.sys
[2011/02/04 16:40:05 | 000,000,022 | -HS- | C] () -- C:\Windows\Sys3390 SettingsCollection.bin
[2011/01/24 12:07:22 | 000,000,367 | ---- | C] () -- C:\Windows\FTREE.INI
[2011/01/23 17:09:02 | 000,000,159 | ---- | C] () -- C:\Windows\QTW.INI
[2011/01/20 22:15:11 | 000,000,088 | ---- | C] () -- C:\Windows\magix.ini
[2011/01/20 22:15:10 | 000,000,933 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2011/01/14 16:16:05 | 000,069,632 | ---- | C] () -- C:\Users\Maureen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/12 22:04:09 | 000,007,624 | ---- | C] () -- C:\Users\Maureen\AppData\Local\resmon.resmoncfg
[2011/01/11 23:04:31 | 000,000,031 | -H-- | C] () -- C:\Windows\UKCpInfo.sys
[2010/12/20 15:53:28 | 000,000,036 | ---- | C] () -- C:\Users\Maureen\AppData\Local\housecall.guid.cache
[2010/12/10 13:58:21 | 000,044,544 | ---- | C] () -- C:\Windows\System32\GIF89.DLL
[2010/12/10 13:58:19 | 000,484,352 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2010/10/27 11:21:33 | 000,019,831 | ---- | C] () -- C:\Users\Maureen\AppData\Roaming\UserTile.png
[2010/08/28 19:57:30 | 000,000,000 | ---- | C] () -- C:\Users\Maureen\AppData\Roaming\wklnhst.dat
[2010/08/28 19:39:57 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/05/23 20:28:15 | 000,000,165 | ---- | C] () -- C:\Windows\KPCMS.INI
[2010/05/23 20:28:14 | 000,210,944 | ---- | C] () -- C:\Windows\System32\MSVCRT10.DLL
[2010/05/23 20:28:13 | 000,100,864 | ---- | C] () -- C:\Windows\System32\Dc50ip32.dll
[2010/05/23 20:28:13 | 000,065,864 | ---- | C] () -- C:\Windows\System32\Digita.sys
[2010/05/23 20:28:13 | 000,006,144 | ---- | C] () -- C:\Windows\System32\ImgLibLead.dll
[2010/05/07 06:58:53 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/05/07 06:13:25 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2010/05/07 06:09:41 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2009/08/27 08:04:12 | 000,207,400 | R--- | C] () -- C:\Windows\GSetup.exe
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 05:33:53 | 000,433,928 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 03:05:48 | 000,628,024 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 03:05:48 | 000,110,208 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2007/05/09 20:35:54 | 000,057,126 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[1999/01/27 13:39:06 | 000,065,024 | ---- | C] () -- C:\Windows\System32\indounin.dll
[1997/06/13 07:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\Iyvu9_32.dll

========== LOP Check ==========

[2011/06/15 11:16:20 | 000,000,000 | ---D | M] -- C:\Users\Maureen\AppData\Roaming\Auslogics
[2010/10/31 21:09:35 | 000,000,000 | ---D | M] -- C:\Users\Maureen\AppData\Roaming\CheckPoint
[2011/03/25 17:42:31 | 000,000,000 | ---D | M] -- C:\Users\Maureen\AppData\Roaming\coupons
[2011/09/26 16:47:39 | 000,000,000 | ---D | M] -- C:\Users\Maureen\AppData\Roaming\Digital Photo Finalizer
[2011/09/26 16:47:39 | 000,000,000 | ---D | M] -- C:\Users\Maureen\AppData\Roaming\Dpf
[2010/08/11 22:45:53 | 000,000,000 | ---D | M] -- C:\Users\Maureen\AppData\Roaming\DriverFinder
[2011/04/26 14:30:01 | 000,000,000 | ---D | M] -- C:\Users\Maureen\AppData\Roaming\FreeBurner
[2010/11/09 19:58:49 | 000,000,000 | ---D | M] -- C:\Users\Maureen\AppData\Roaming\GetRight
[2011/01/15 18:24:04 | 000,000,000 | ---D | M] -- C:\Users\Maureen\AppData\Roaming\Magic Skin Filter
[2011/02/07 17:19:40 | 000,000,000 | ---D | M] -- C:\Users\Maureen\AppData\Roaming\OpenOffice.org
[2011/04/08 16:35:49 | 000,000,000 | ---D | M] -- C:\Users\Maureen\AppData\Roaming\RecordMax Burning Studio
[2011/09/27 20:04:42 | 000,000,000 | ---D | M] -- C:\Users\Maureen\AppData\Roaming\SAGA Photobooks
[2011/10/01 11:41:28 | 000,000,000 | ---D | M] -- C:\Users\Maureen\AppData\Roaming\Smilebox
[2011/10/01 11:32:46 | 000,000,000 | ---D | M] -- C:\Users\Maureen\AppData\Roaming\Software Informer
[2010/05/31 16:37:11 | 000,000,000 | ---D | M] -- C:\Users\Maureen\AppData\Roaming\Template
[2010/12/17 12:56:46 | 000,000,000 | ---D | M] -- C:\Users\Maureen\AppData\Roaming\Uniblue
[2011/04/20 19:48:18 | 000,000,000 | ---D | M] -- C:\Users\Maureen\AppData\Roaming\visualsearchpony.com
[2010/10/23 12:11:02 | 000,000,000 | ---D | M] -- C:\Users\Maureen\AppData\Roaming\Windows Live Writer
[2010/10/29 21:51:40 | 000,000,000 | ---D | M] -- C:\Users\Maureen\AppData\Roaming\WinPatrol
[2011/08/03 19:09:29 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/09/30 13:11:00 | 000,000,514 | ---- | M] () -- C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 27b5abda-b8c7-4be7-a888-6231fb512097.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 953 bytes -> C:\Users\Maureen\Documents\Fw_ Fwd_ AABB112 Beauty Bible Questionnaires_MUM here.eml:OECustomProperty
@Alternate Data Stream - 486 bytes -> C:\Users\Maureen\Documents\Error Nuker info.eml:OECustomProperty
@Alternate Data Stream - 169 bytes -> C:\ProgramData\TEMP:07BF512B
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:8178B8D6

< End of report >

#13 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:29 AM

Posted 01 October 2011 - 05:51 PM

Open OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O18 - Protocol\Handler\msdaipp - No CLSID value found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
@Alternate Data Stream - 169 bytes -> C:\ProgramData\TEMP:07BF512B
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:8178B8D6
:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
""=""%1" %*"


Then click the Run Fix button at the top

Let the program run unhindered.

When done it will say "Fix Complete press ok to open the log"
Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


Please run ESET after this

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • Copy and paste the resulting log in your next reply
If no log is generated that means nothing was found. Please let me know if this happens.
Posted Image
m0le is a proud member of UNITE

#14 Reena

Reena
  • Topic Starter

  • Members
  • 391 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:UK
  • Local time:02:29 AM

Posted 02 October 2011 - 06:29 AM

========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{91DA5E8A-3318-4F8C-B67E-5964DE3AB546} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91DA5E8A-3318-4F8C-B67E-5964DE3AB546}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\ deleted successfully.
File Protocol\Handler\msdaipp - No CLSID value found not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
ADS C:\ProgramData\TEMP:07BF512B deleted successfully.
ADS C:\ProgramData\TEMP:8178B8D6 deleted successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\\""|""%1" %*" /E : value set successfully!

OTL by OldTimer - Version 3.2.29.1 log created on 10022011_122721


....................

#15 Reena

Reena
  • Topic Starter

  • Members
  • 391 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:UK
  • Local time:02:29 AM

Posted 02 October 2011 - 06:37 AM

M0le, I cannot install ESET. I ca get as far as the "I agree" section but then a pale blue screen appears and I WAIT!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users