Browser hijacker problems

Solved
By rh1306
Aug 21, 2010
Topic Status:
Not open for further replies.
  1. Links in browser are redirected to what seem to be random sites.
    If internet explorer is open, sometimes a new internet explorer session will pop open by itself.
    Can't seem to access Microsoft Update/Windows Update.

    Requested logs from 8 steps are following:

    Malwarebytes log:
    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4453

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    8/20/2010 12:20:55 PM
    mbam-log-2010-08-20 (12-20-55).txt

    Scan type: Quick scan
    Objects scanned: 146137
    Time elapsed: 8 minute(s), 37 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 4
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\winlogon32.exe) Good: (userinit.exe) -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
  2. rh1306

    rh1306 Newcomer, in training Topic Starter Posts: 21

    Browser hijacker problems (part 2)

    gmer.log

    GMER 1.0.15.15281 - http://www.gmer.net
    Rootkit scan 2010-08-20 22:26:43
    Windows 5.1.2600 Service Pack 3
    Running: GMER.exe; Driver: C:\DOCUME~1\RACHEL~1\LOCALS~1\Temp\uwlcipog.sys


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0xB8D18E5E]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwClose [0xB8D19754]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwConnectPort [0xB8D1A580]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateEvent [0xB8D1AACA]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateFile [0xB8D19A30]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateKey [0xB8D17CD0]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateMutant [0xB8D1A9B0]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateNamedPipeFile [0xB8D18A4E]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreatePort [0xB8D1A884]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSection [0xB8D18BF6]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSemaphore [0xB8D1ABEA]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateThread [0xB8D193DE]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateWaitablePort [0xB8D1A91A]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDebugActiveProcess [0xB8D1C2C6]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeleteKey [0xB8D182DA]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeleteValueKey [0xB8D1868E]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeviceIoControlFile [0xB8D19EB2]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDuplicateObject [0xB8D1D4DE]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateKey [0xB8D187DA]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateValueKey [0xB8D18872]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwFsControlFile [0xB8D19CC0]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadDriver [0xB8D1C3B8]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadKey [0xB8D17CAC]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadKey2 [0xB8D17CBE]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwMapViewOfSection [0xB8D1CB2C]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwNotifyChangeKey [0xB8D1899E]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenEvent [0xB8D1AB60]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenFile [0xB8D197D6]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenKey [0xB8D17E90]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenMutant [0xB8D1AA40]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenProcess [0xB8D19096]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenSection [0xB8D1C8C6]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenSemaphore [0xB8D1AC80]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenThread [0xB8D18F8C]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryKey [0xB8D1890A]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryMultipleValueKey [0xB8D18542]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQuerySection [0xB8D1CE66]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryValueKey [0xB8D1816C]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueueApcThread [0xB8D1C758]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRenameKey [0xB8D183FC]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplaceKey [0xB8D176E6]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplyPort [0xB8D1AFE4]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0xB8D1AEAA]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0xB8D1C060]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRestoreKey [0xB8D17A5E]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwResumeThread [0xB8D1D380]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSaveKey [0xB8D1767E]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSecureConnectPort [0xB8D1A2CA]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetContextThread [0xB8D195F8]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetInformationToken [0xB8D1B908]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetSecurityObject [0xB8D1C556]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetSystemInformation [0xB8D1CFB6]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetValueKey [0xB8D17FE6]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSuspendProcess [0xB8D1D0A8]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSuspendThread [0xB8D1D1E2]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSystemDebugControl [0xB8D1C1EA]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwTerminateProcess [0xB8D1922A]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwTerminateThread [0xB8D1918A]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0xB8D1CD0A]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0xB8D19314]

    Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) FsRtlCheckLockForReadAccess
    Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) IoIsOperationSynchronous

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntoskrnl.exe!ZwYieldExecution + 1FA 804E4A54 12 Bytes [B8, C3, D1, B8, AC, 7C, D1, ...] {MOV EAX, 0xacb8d1c3; JL 0xffffffffffffffd8; MOV EAX, 0xb8d17cbe}
    .text ntoskrnl.exe!ZwYieldExecution + 376 804E4BD0 16 Bytes [FC, 83, D1, B8, E6, 76, D1, ...]
    .text ntoskrnl.exe!ZwYieldExecution + 46A 804E4CC4 12 Bytes [A8, D0, D1, B8, E2, D1, D1, ...]
    .text ntoskrnl.exe!IoIsOperationSynchronous
  3. rh1306

    rh1306 Newcomer, in training Topic Starter Posts: 21

    Browser hijacker problems (part 3)

    804EAFCE 5 Bytes JMP B8D0BCE4 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)
    .text ntoskrnl.exe!FsRtlCheckLockForReadAccess 804F45B3 5 Bytes JMP B8D0B90C \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)

    ---- User code sections - GMER 1.0.15 ----

    ? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] C:\WINDOWS\system32\ntdll.dll time/date stamp mismatch;
    ? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
    .text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] USER32.dll!AlignRects + FFFA5598 7E412A78 4 Bytes [E0, 13, 46, 6C] {LOOPNZ 0x15; INC ESI; INSB }
    .text C:\WINDOWS\system32\wuauclt.exe[1176] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00A0000A
    .text C:\WINDOWS\system32\wuauclt.exe[1176] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00A1000A
    .text C:\WINDOWS\system32\wuauclt.exe[1176] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 009F000C
    .text C:\WINDOWS\System32\svchost.exe[1548] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0073000A
    .text C:\WINDOWS\System32\svchost.exe[1548] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0074000A
    .text C:\WINDOWS\System32\svchost.exe[1548] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0072000C
    .text C:\WINDOWS\System32\svchost.exe[1548] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00EF000A
    ? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] C:\WINDOWS\system32\ntdll.dll time/date stamp mismatch;
    ? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
    .text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] USER32.dll!AlignRects + FFFA5598 7E412A78 4 Bytes [E0, 13, 46, 6C] {LOOPNZ 0x15; INC ESI; INSB }
    .text C:\WINDOWS\Explorer.EXE[3684] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00BD000A
    .text C:\WINDOWS\Explorer.EXE[3684] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00C7000A
    .text C:\WINDOWS\Explorer.EXE[3684] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00BC000C

    ---- Kernel IAT/EAT - GMER 1.0.15 ----

    IAT \SystemRoot\system32\DRIVERS\ipsec.sys[ntoskrnl.exe!IoCreateDevice] [F6EC2C00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
    IAT \SystemRoot\system32\DRIVERS\tcpip.sys[ntoskrnl.exe!IoCreateDevice] [F6EC2C00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
    IAT \SystemRoot\system32\DRIVERS\tcpip.sys[TDI.SYS!TdiRegisterDeviceObject] [F6EC2D50] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
    IAT \SystemRoot\system32\DRIVERS\ipnat.sys[ntoskrnl.exe!IoCreateDevice] [F6EC2C00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
    IAT \SystemRoot\system32\DRIVERS\netbt.sys[ntoskrnl.exe!IoCreateDevice] [F6EC2C00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
    IAT \SystemRoot\system32\DRIVERS\netbt.sys[TDI.SYS!TdiRegisterDeviceObject] [F6EC2D50] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
    IAT \SystemRoot\system32\DRIVERS\wanarp.sys[ntoskrnl.exe!IoCreateDevice] [F6EC2C00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
    IAT \SystemRoot\system32\DRIVERS\tcpip6.sys[ntoskrnl.exe!IoCreateDevice] [F6EC2C00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
    IAT \SystemRoot\system32\DRIVERS\tcpip6.sys[TDI.SYS!TdiRegisterDeviceObject] [F6EC2D50] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
    IAT \SystemRoot\System32\drivers\afd.sys[ntoskrnl.exe!IoCreateDevice] [F6EC2C00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
    IAT \SystemRoot\system32\drivers\ip6fw.sys[ntoskrnl.exe!IoCreateDevice] [F6EC2C00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
    IAT \SystemRoot\system32\DRIVERS\netbios.sys[ntoskrnl.exe!IoCreateDevice] [F6EC2C00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
    IAT \SystemRoot\system32\DRIVERS\rdbss.sys[ntoskrnl.exe!IoCreateDevice] [F6EC2C00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
    IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!IoCreateDevice] [F6EC2C00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
    IAT \SystemRoot\System32\Drivers\Fips.SYS[ntoskrnl.exe!IoCreateDevice] [F6EC2C00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
    IAT \SystemRoot\System32\Drivers\Cdfs.SYS[ntoskrnl.exe!IoCreateDevice] [F6EC2C00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
    IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[ntoskrnl.exe!IoCreateDevice] [F6EC2C00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
    IAT \SystemRoot\system32\DRIVERS\mrxdav.sys[ntoskrnl.exe!IoCreateDevice] [F6EC2C00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
    IAT \SystemRoot\System32\Drivers\HTTP.sys[ntoskrnl.exe!IoCreateDevice] [F6EC2C00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
    IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!IoCreateDevice] [F6EC2C00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
    IAT \SystemRoot\System32\Drivers\TDTCP.SYS[ntoskrnl.exe!IoCreateDevice] [F6EC2C00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
    IAT \SystemRoot\System32\Drivers\RDPWD.SYS[ntoskrnl.exe!IoCreateDevice] [F6EC2C00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap] 01660240
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlFreeHeap] 016602B0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlSizeHeap] 01660320
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap] 01660390
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetErrorMode] 018A0710
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 018A0780
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] 018A07F0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] 018A0860
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!FreeLibrary] 018A08D0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] 018A0940
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] 018A09B0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleHandleA] 018A0A20
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleFileNameA] 018A0A90
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!HeapDestroy] 01660550
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!HeapCreate] 016605C0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!VirtualFree] 01660630
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!VirtualAlloc] 016606A0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateThread] 01660780
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleFileNameW] 018A0B00
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] 018A0BE0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 018A0C50
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] 018A0CC0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!FreeLibrary] 018A0D30
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] 018A0DA0
  4. rh1306

    rh1306 Newcomer, in training Topic Starter Posts: 21

    Browser hijacker problems (part 4)

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetModuleFileNameA] 018A0E10
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!CreateThread] 01660860
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\NETAPI32.dll [ntdll.dll!RtlAllocateHeap] 016609B0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\NETAPI32.dll [ntdll.dll!RtlFreeHeap] 01660A20
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetErrorMode] 018A0E80
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 018A0EF0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleFileNameW] 018A0F60
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateThread] 01660A90
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleW] 7D1F0630
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7D1F06A0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleA] 7D1F0710
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] 7D1F0780
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] 7D1F07F0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] 7D1F0860
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 7D1F08D0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!VirtualAlloc] 01660BE0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!VirtualFree] 01660C50
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap] 01660CC0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap] 01660D30
  5. rh1306

    rh1306 Newcomer, in training Topic Starter Posts: 21

    Browser hijacker problems (part 5)

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlReAllocateHeap] 01660DA0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetModuleFileNameA] 7D1F0940
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] 7D1F09B0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] 7D1F0A20
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] 7D1F0A90
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!FreeLibrary] 7D1F0B00
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7D1F0B70
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateThread] 01660EF0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetModuleHandleW] 7D1F0BE0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualAlloc] 01660F60
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualFree] 7D1E0400
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap] 7D1E0470
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap] 7D1E04E0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7D1F0C50
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] 7D1F0CC0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetModuleHandleW] 7D1F0D30
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] 7D1F0DA0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetModuleFileNameW] 7D1F0E10
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 7D1F0E80
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!FreeLibrary] 7D1F0EF0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\Secur32.dll [ntdll.dll!RtlFreeHeap] 7D1E0550
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\Secur32.dll [ntdll.dll!RtlAllocateHeap] 7D1E05C0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetModuleHandleW] 7D1F0F60
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 018B0010
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateThread] 7D1E0630
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 018B0080
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameA] 018B00F0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetModuleHandleA] 018B0160
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] 018B01D0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 018B0240
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 018B02B0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] 018B0320
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!FreeLibrary] 018B0390
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameW] 018B0400
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!RtlAllocateHeap] 7D1E0860
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!RtlFreeHeap] 7D1E08D0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 018B0470
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 018B04E0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] 018B0550
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] 018B05C0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 018B0630
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] 018B06A0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] 7D1E0940
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] 7D1E09B0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!VirtualAlloc] 7D1E0A20
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetModuleHandleA] 018B0710
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!HeapCreate] 7D1E0A90
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!VirtualFree] 7D1E0B00
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!HeapDestroy] 7D1E0CC0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 018B0780
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] 018B07F0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] 018B0860
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetModuleHandleW] 018B08D0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetModuleFileNameW] 018B0940
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetErrorMode] 018B09B0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] 018B0A20
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] 018B0A90
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateThread] 7D1E0D30
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 018B0B00
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!FreeLibrary] 018B0B70
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] 018B0BE0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap] 7D1E0DA0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 018B0C50
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode] 018B0CC0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameW] 018B0D30
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleA] 018B0DA0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleW] 018B0E10
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] 018B0E80
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 018B0EF0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] 018B0F60
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] 018C0010
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] 018C0080
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] 018C00F0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] 7D1E0E10
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!HeapDestroy] 7D1E0E80
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!HeapCreate] 7D1E0F60
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] 018C0160
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 018C01D0
  6. rh1306

    rh1306 Newcomer, in training Topic Starter Posts: 21

    Browser hijacker problems (part 6)

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameA] 018C0240
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] 018C0E10
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!FreeLibrary] 018C0E80
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] 018C0EF0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!SetUnhandledExceptionFilter] 018C0F60
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 018D05C0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 018D0630
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 018D06A0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 018D0710
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetModuleFileNameW] 018D0780
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetModuleHandleW] 018D07F0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] 01680080
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 018D0860
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] 018D08D0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 018D0940
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!VirtualAlloc] 016800F0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 018D09B0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!RtlFreeHeap] 01680160
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] 018D0A20
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateThread] 016801D0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetErrorMode] 018D0A90
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetModuleHandleA] 018D0B00
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetModuleHandleW] 018D0B70
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetModuleFileNameA] 018D0BE0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 018D0C50
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] 018D0CC0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] 018D0D30
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] 018D0DA0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!FreeLibrary] 018D0E10
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetModuleFileNameW] 018D0E80
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary] 018E0E80
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 018E0EF0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] 018E0F60
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 018F0010
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] 018F0080
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 018F00F0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateThread] 01680940
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetModuleHandleA] 018F0160
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetModuleFileNameW] 018F01D0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetModuleFileNameA] 018F0240
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetErrorMode] 018F0A20
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryW] 018F0A90
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryExA] 018F0B00
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!CreateThread] 01680D30
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!CreateProcessW] 018F0B70
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!GetModuleFileNameW] 018F0BE0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!GetProcAddress] 018F0C50
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!FreeLibrary] 018F0CC0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryA] 018F0D30
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 018F0DA0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\userenv.dll [ntdll.dll!RtlFreeHeap] 01680DA0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!HeapCreate] 7D1E0240
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!HeapDestroy] 7D1E02B0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] 7D1F0320
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetModuleFileNameA] 7D1F0160
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] 7D1F0390
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!CreateThread] 7D1E01D0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!FreeLibrary] 7D1F00F0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7D1F05C0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!FreeLibrary] 7D1F00F0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7D1F05C0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetModuleHandleA] 7D1F0240
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] 7D1F0390
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetModuleFileNameA] 7D1F0160
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!CreateThread] 7D1E01D0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[808] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] 7D1F0320
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap] 01380240
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlFreeHeap] 013802B0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlSizeHeap] 01380320
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap] 01380390
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetErrorMode] 01660710
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 01660780
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] 016607F0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] 01660860
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!FreeLibrary] 016608D0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] 01660940
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] 016609B0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleHandleA] 01660A20
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleFileNameA] 01660A90
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!HeapDestroy] 01380550
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!HeapCreate] 013805C0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!VirtualFree] 01380630
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!VirtualAlloc] 013806A0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateThread] 01380780
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleFileNameW] 01660B00
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] 01660BE0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 01660C50
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] 01660CC0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!FreeLibrary] 01660D30
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] 01660DA0
  7. rh1306

    rh1306 Newcomer, in training Topic Starter Posts: 21

    Browser hijacker problems (part 7)

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetModuleFileNameA] 01660E10
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!CreateThread] 01380860
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\NETAPI32.dll [ntdll.dll!RtlAllocateHeap] 013809B0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\NETAPI32.dll [ntdll.dll!RtlFreeHeap] 01380A20
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetErrorMode] 01660E80
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 01660EF0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleFileNameW] 01660F60
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateThread] 01380A90
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleW] 7D1F0630
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7D1F06A0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleA] 7D1F0710
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] 7D1F0780
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] 7D1F07F0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] 7D1F0860
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 7D1F08D0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!VirtualAlloc] 01380BE0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!VirtualFree] 01380C50
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap] 01380CC0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap] 01380D30
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlReAllocateHeap] 01380DA0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetModuleFileNameA] 7D1F0940
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] 7D1F09B0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] 7D1F0A20
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] 7D1F0A90
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!FreeLibrary] 7D1F0B00
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7D1F0B70
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateThread] 01380EF0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetModuleHandleW] 7D1F0BE0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualAlloc] 01380F60
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualFree] 7D1E0400
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap] 7D1E0470
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap] 7D1E04E0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7D1F0C50
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] 7D1F0CC0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetModuleHandleW] 7D1F0D30
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] 7D1F0DA0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetModuleFileNameW] 7D1F0E10
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 7D1F0E80
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!FreeLibrary] 7D1F0EF0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\Secur32.dll [ntdll.dll!RtlFreeHeap] 7D1E0550
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\Secur32.dll [ntdll.dll!RtlAllocateHeap] 7D1E05C0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetModuleHandleW] 7D1F0F60
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 01670010
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateThread] 7D1E0630
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 01670080
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameA] 016700F0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetModuleHandleA] 01670160
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] 016701D0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 01670240
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 016702B0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] 01670320
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!FreeLibrary] 01670390
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameW] 01670400
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!RtlAllocateHeap] 7D1E0860
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!RtlFreeHeap] 7D1E08D0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 01670470
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 016704E0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] 01670550
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] 016705C0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 01670630
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] 016706A0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] 7D1E0940
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] 7D1E09B0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!VirtualAlloc] 7D1E0A20
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetModuleHandleA] 01670710
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!HeapCreate] 7D1E0A90
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!VirtualFree] 7D1E0B00
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!HeapDestroy] 7D1E0CC0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 01670780
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] 016707F0
  8. rh1306

    rh1306 Newcomer, in training Topic Starter Posts: 21

    Browser hijacker problems (part 8)

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] 01670860
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetModuleHandleW] 016708D0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetModuleFileNameW] 01670940
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetErrorMode] 016709B0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] 01670A20
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] 01670A90
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateThread] 7D1E0D30
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 01670B00
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!FreeLibrary] 01670B70
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] 01670BE0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap] 7D1E0DA0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 01670C50
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode] 01670CC0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameW] 01670D30
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleA] 01670DA0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleW] 01670E10
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] 01670E80
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 01670EF0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] 01670F60
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] 01680010
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] 01680080
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] 016800F0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] 7D1E0E10
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!HeapDestroy] 7D1E0E80
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!HeapCreate] 7D1E0F60
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] 01680160
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 016801D0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameA] 01680240
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] 01680E10
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!FreeLibrary] 01680E80
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] 01680EF0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!SetUnhandledExceptionFilter] 01680F60
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 016905C0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 01690630
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 016906A0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 01690710
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetModuleFileNameW] 01690780
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetModuleHandleW] 016907F0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] 013A0080
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 01690860
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] 016908D0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 01690940
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!VirtualAlloc] 013A00F0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 016909B0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!RtlFreeHeap] 013A0160
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] 01690A20
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateThread] 013A01D0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetErrorMode] 01690A90
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetModuleHandleA] 01690B00
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetModuleHandleW] 01690B70
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetModuleFileNameA] 01690BE0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 01690C50
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] 01690CC0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] 01690D30
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] 01690DA0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!FreeLibrary] 01690E10
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetModuleFileNameW] 01690E80
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary] 016A0E80
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 016A0EF0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] 016A0F60
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 016B0010
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] 016B0080
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 016B00F0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateThread] 013A0940
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetModuleHandleA] 016B0160
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetModuleFileNameW] 016B01D0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetModuleFileNameA] 016B0240
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetErrorMode] 016B0A20
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryW] 016B0A90
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryExA] 016B0B00
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!CreateThread] 013A0D30
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!CreateProcessW] 016B0B70
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!GetModuleFileNameW] 016B0BE0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!GetProcAddress] 016B0C50
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!FreeLibrary] 016B0CC0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryA] 016B0D30
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 016B0DA0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\userenv.dll [ntdll.dll!RtlFreeHeap] 013A0DA0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!HeapCreate] 7D1E0240
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!HeapDestroy] 7D1E02B0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] 7D1F0320
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetModuleFileNameA] 7D1F0160
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] 7D1F0390
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!CreateThread] 7D1E01D0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!FreeLibrary] 7D1F00F0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7D1F05C0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!FreeLibrary] 7D1F00F0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7D1F05C0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetModuleHandleA] 7D1F0240
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] 7D1F0390
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetModuleFileNameA] 7D1F0160
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!CreateThread] 7D1E01D0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] 7D1F0320
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7D1F05C0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!FreeLibrary] 7D1F00F0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!HeapCreate] 7D1E0240
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!HeapDestroy] 7D1E02B0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] 7D1F0320
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] 7D1F0390
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\iphlpapi.dll [ntdll.dll!RtlFreeHeap] 7D1E0080
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\iphlpapi.dll [ntdll.dll!RtlAllocateHeap] 7D1E0010
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\SAMLIB.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7D1F05C0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\SAMLIB.dll [KERNEL32.dll!VirtualFree] 7D1E0390
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2028] @ C:\WINDOWS\system32\SAMLIB.dll [KERNEL32.dll!VirtualAlloc] 7D1E0320

    ---- EOF - GMER 1.0.15 ----
  9. rh1306

    rh1306 Newcomer, in training Topic Starter Posts: 21

    Browser hijacker problems (part 9)

    dds logs:

    dds.txt


    DDS (Ver_10-03-17.01) - NTFSx86
    Run by RH at 23:32:19.57 on Fri 08/20/2010
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.464 [GMT -6:00]


    ============== Running Processes ===============

    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\xampp\apache\bin\httpd.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\xampp\mysql\bin\mysqld.exe
    C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\system32\fxssvc.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\xampp\apache\bin\httpd.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
    C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
    C:\Program Files\Escrip__Shopping\escripv.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\progra~1\common~1\instal~1\update~1\issch.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\DellSupport\DSAgnt.exe
    C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    C:\VSTASCAN\vsaccess.exe
    C:\Program Files\Escrip__Shopping\es.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Documents and Settings\rh\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = about:blank
    uSearch Page = hxxp://www.google.com
    uDefault_Page_URL = hxxp://www.dell4me.com/mywaybiz
    uSearch Bar = hxxp://www.google.com/ie
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    mStart Page = about:blank
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
    BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\acrobat\activex\AcroIEHelper.dll
    BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2011\ievkbd.dll
    BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
    BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
    BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7} - No File
    BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
    BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No File
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
    TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
    TB: {E19E589B-749F-4641-9ED3-032DEB7A8D92} - No File
    TB: {A057A204-BACC-4D26-DFC4-6BAE8BAD3DC9} - No File
    EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
    uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
    uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
    uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; GTB6.4; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; MS-RTC LM 8)" -"http://www.lego.com/eng/create/activities/junkbot2/default.asp?x=x"
    mRun: [IAAnotif] c:\program files\intel\intel application accelerator\iaanotif.exe
    mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
    mRun: [REGSHAVE] c:\program files\regshave\REGSHAVE.EXE /AUTORUN
    mRun: [escrm] "c:\program files\escrip__shopping\escripv.exe"
    mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
    mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
    mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
    mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [ISUSScheduler] "c:\progra~1\common~1\instal~1\update~1\issch.exe" -start
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2011\avp.exe"
    StartupFolder: c:\docume~1\rachel~1\startm~1\programs\startup\umaxvi~1.lnk - c:\vstascan\vsaccess.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 6.0\distillr\acrotray.exe
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: EnableLUA = 0 (0x0)
    IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2011\ie_banner_deny.htm
    IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: eScrip Shopping - file://c:\documents and settings\rh\application data\escrip__shopping\escrt\escrC6.htm
    IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
    IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
    IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
    IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
    IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll
    DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab
    DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
    DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
    DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} - hxxp://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab
    DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} - hxxp://www.amiuptodate.com/vsc/bin/1,0,0,7/McUpdatePortal.cab
    DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} - hxxp://www.facebook.com/controls/contactx.dll
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1220111276578
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} - hxxp://picture.vzw.com/activex/VerizonWirelessUploadControl.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {94B82441-A413-4E43-8422-D49930E69764} - hxxps://rtc1.webresponse.one.microsoft.com/media/xp/TLIEFlash.CAB
    DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} - hxxp://zone.msn.com/bingame/zpagames/zpa_txhe.cab79352.cab
    DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab
    DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
    DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
    DPF: {D6016EE7-A8FF-11D1-B37E-A4759ECD7909} - hxxp://www.pulse3d.com/players/english/PulsePlayerAxWin.cab
    DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://taxsalelistsevents.webex.com/client/T27L/event/ieatgpc.cab
    Notify: klogon - c:\windows\system32\klogon.dll
    AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\rachel~1\applic~1\mozilla\firefox\profiles\2nccftor.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/home.php?
    FF - component: c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
    FF - plugin: c:\documents and settings\rh\application data\facebook\npfbplugin_1_0_3.dll
    FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
  10. rh1306

    rh1306 Newcomer, in training Topic Starter Posts: 21

    Browser hijacker problems (part 10)

    ---- FIREFOX POLICIES ----
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
    c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
    c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

    ============= SERVICES / DRIVERS ===============

    R0 KL1;kl1;c:\windows\system32\drivers\kl1.sys [2010-6-9 132184]
    R1 DMX3191;DMX3191;c:\windows\system32\drivers\dmx3191.sys [2005-3-31 17700]
    R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2010-6-9 11352]
    R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2010-8-18 482392]
    R2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [2009-11-10 24640]
    R2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky internet security 2011\avp.exe [2010-7-1 357096]
    R2 UDNT;UDNT;c:\windows\system32\drivers\udnt.sys [2005-3-31 76260]
    R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2010-5-7 32856]
    R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-11-2 19472]
    R3 scsiscan;SCSI Scanner Driver;c:\windows\system32\drivers\scsiscan.sys [2010-2-20 11520]
    S1 AEC671X;AEC671X;c:\windows\system32\drivers\aec671x.sys [2005-3-31 12128]
    S2 gupdate1c9b97263ba3dd0;Google Update Service (gupdate1c9b97263ba3dd0);c:\program files\google\update\GoogleUpdate.exe [2009-4-9 133104]
    S2 Ias;MicroSoft Reporting Management;c:\windows\system32\svchost.exe -k netsvcs [2004-8-12 14336]
    S3 HPUATA;HP CD Writer Plus Controller Driver;c:\windows\system32\drivers\HPUATA.sys [2001-9-24 75776]
    S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]

    =============== Created Last 30 ================

    2010-08-20 18:10:15 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-08-20 18:10:13 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-08-20 18:10:13 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-08-18 22:36:08 97549 ----a-w- c:\windows\system32\drivers\klick.dat
    2010-08-18 22:36:08 113933 ----a-w- c:\windows\system32\drivers\klin.dat
    2010-08-18 22:34:08 0 d-----w- c:\program files\Kaspersky Lab
    2010-08-18 02:05:38 0 d-----w- c:\program files\Trend Micro
    2010-08-16 03:41:36 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2010-08-16 02:46:58 0 dc-h--w- c:\windows\ie8
    2010-08-15 20:30:35 0 d-----w- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files
    2010-08-15 02:40:40 0 d-----w- c:\docume~1\alluse~1\applic~1\Kaspersky Lab
    2010-08-11 17:33:18 3251 ----a-w- c:\windows\system32\wbem\Outlook_01cb397b49736110.mof
    2010-08-07 22:25:57 0 d-----w- c:\program files\iPod
    2010-08-07 22:09:45 0 d-----w- c:\program files\Bonjour

    ==================== Find3M ====================

    2010-08-16 01:29:04 23812 -c--a-w- c:\windows\system32\emptyregdb.dat
    2010-07-02 03:35:12 228024 ----a-w- c:\windows\system32\klogon.dll
    2010-07-01 21:23:14 334832 -c--a-w- c:\windows\fonts\AdobeFnt.lst
    2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
    2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys
    2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll
    2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll
    2010-02-20 18:22:41 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012010022020100221\index.dat

    ============= FINISH: 23:34:05.92 ===============
  11. rh1306

    rh1306 Newcomer, in training Topic Starter Posts: 21

    Browser hijacker problems (part 11)

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-03-17.01)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 2/20/2010 12:48:50 AM
    System Uptime: 8/20/2010 10:30:08 PM (1 hours ago)

    Motherboard: Dell Inc. | | 0J3492
    Processor: Intel(R) Pentium(R) 4 CPU 3.40GHz | Microprocessor | 3391/800mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 72 GiB total, 17.209 GiB free.
    E: is FIXED (NTFS) - 76 GiB total, 32.944 GiB free.
    F: is CDROM ()
    G: is CDROM ()

    ==== Disabled Device Manager Items =============

    Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
    Description: SCSI Controller
    Device ID: PCI\VEN_134A&DEV_0001&SUBSYS_00000000&REV_00\4&10416D21&0&00F0
    Manufacturer:
    Name: SCSI Controller
    PNP Device ID: PCI\VEN_134A&DEV_0001&SUBSYS_00000000&REV_00\4&10416D21&0&00F0
    Service:

    Class GUID:
    Description: Multimedia Audio Controller
    Device ID: PCI\VEN_8086&DEV_266E&SUBSYS_01771028&REV_03\3&172E68DD&0&F2
    Manufacturer:
    Name: Multimedia Audio Controller
    PNP Device ID: PCI\VEN_8086&DEV_266E&SUBSYS_01771028&REV_03\3&172E68DD&0&F2
    Service:

    ==== System Restore Points ===================

    RP2075: 6/28/2010 10:55:12 AM - System Checkpoint
    RP2076: 6/29/2010 1:00:38 PM - System Checkpoint
    RP2077: 6/30/2010 7:44:20 PM - System Checkpoint
    RP2078: 7/1/2010 11:45:40 PM - System Checkpoint
    RP2079: 7/3/2010 9:01:51 AM - System Checkpoint
    RP2080: 7/5/2010 3:48:22 AM - System Checkpoint
    RP2081: 7/7/2010 6:40:18 AM - System Checkpoint
    RP2082: 7/8/2010 10:30:00 AM - System Checkpoint
    RP2083: 7/9/2010 1:00:37 PM - System Checkpoint
    RP2084: 7/10/2010 1:21:11 PM - System Checkpoint
    RP2085: 7/11/2010 10:42:18 PM - System Checkpoint
    RP2086: 7/12/2010 11:28:44 PM - System Checkpoint
    RP2087: 7/14/2010 5:00:43 AM - Software Distribution Service 3.0
    RP2088: 7/15/2010 5:28:25 AM - System Checkpoint
    RP2089: 7/16/2010 6:28:24 AM - System Checkpoint
    RP2090: 7/17/2010 7:28:24 AM - System Checkpoint
    RP2091: 7/18/2010 8:28:24 AM - System Checkpoint
    RP2092: 7/19/2010 9:28:25 AM - System Checkpoint
    RP2093: 7/20/2010 11:09:34 AM - System Checkpoint
    RP2094: 7/21/2010 11:52:59 AM - System Checkpoint
    RP2095: 7/22/2010 12:28:28 PM - System Checkpoint
    RP2096: 7/23/2010 12:53:23 PM - System Checkpoint
    RP2097: 7/24/2010 1:33:03 PM - System Checkpoint
    RP2098: 7/25/2010 2:33:03 PM - System Checkpoint
    RP2099: 7/26/2010 5:15:02 PM - System Checkpoint
    RP2100: 7/27/2010 5:33:04 PM - System Checkpoint
    RP2101: 7/28/2010 6:33:04 PM - System Checkpoint
    RP2102: 7/29/2010 6:56:47 PM - System Checkpoint
    RP2103: 7/30/2010 7:32:59 PM - System Checkpoint
    RP2104: 7/31/2010 8:30:37 PM - System Checkpoint
    RP2105: 8/1/2010 8:57:01 PM - System Checkpoint
    RP2106: 8/2/2010 9:31:57 PM - System Checkpoint
    RP2107: 8/3/2010 5:00:20 AM - Software Distribution Service 3.0
    RP2108: 8/3/2010 10:45:22 AM - Removed Ad-Aware
    RP2109: 8/3/2010 10:49:09 AM - Removed Bonjour
    RP2110: 8/3/2010 10:52:20 AM - Configured Media Experience
    RP2111: 8/3/2010 10:52:37 AM - Removed Dell Picture Studio v3.0
    RP2112: 8/3/2010 10:53:48 AM - Removed DING!
    RP2113: 8/3/2010 10:54:43 AM - Removed FinePixViewer
    RP2114: 8/3/2010 10:56:37 AM - Removed Jasc Paint Shop Photo Album 5
    RP2115: 8/4/2010 11:24:13 AM - System Checkpoint
    RP2116: 8/5/2010 12:24:13 PM - System Checkpoint
    RP2117: 8/6/2010 1:24:16 PM - System Checkpoint
    RP2118: 8/7/2010 2:24:16 PM - System Checkpoint
    RP2119: 8/7/2010 8:44:13 PM - Removed Dell Media Experience
    RP2120: 8/8/2010 8:44:28 PM - System Checkpoint
    RP2121: 8/9/2010 10:57:25 PM - System Checkpoint
    RP2122: 8/10/2010 11:36:30 PM - System Checkpoint
    RP2123: 8/11/2010 5:00:34 AM - Software Distribution Service 3.0
    RP2124: 8/12/2010 5:37:37 AM - System Checkpoint
    RP2125: 8/13/2010 6:37:48 AM - System Checkpoint
    RP2126: 8/13/2010 11:45:44 PM - Removed Jasc Paint Shop Pro Studio, Dell Editon
    RP2127: 8/14/2010 8:40:16 PM - Installed Kaspersky Anti-Virus 2010.
    RP2128: 8/15/2010 2:25:05 PM - Removed Kaspersky Anti-Virus 2010.
    RP2129: 8/15/2010 2:32:58 PM - Installed Kaspersky Internet Security 2010.
    RP2130: 8/15/2010 8:47:23 PM - Installed Windows Internet Explorer 8.
    RP2131: 8/15/2010 11:24:41 PM - Software Distribution Service 3.0
    RP2132: 8/17/2010 9:52:40 PM - Removed 99bytes DVD to PSP / iPod Video Converter
    RP2133: 8/17/2010 10:06:29 PM - Removed Google Earth.
    RP2134: 8/17/2010 10:09:58 PM - Removed Photo Click
    RP2135: 8/17/2010 10:10:58 PM - Removed STOIK Video Converter 2
    RP2136: 8/17/2010 10:12:27 PM - Removed Windows Vista Upgrade Advisor
    RP2137: 8/17/2010 10:13:22 PM - Configured SoundMAX
    RP2138: 8/17/2010 10:13:37 PM - Removed SoundMAX
    RP2139: 8/18/2010 2:48:25 PM - Installed Kaspersky Anti-Virus 2011.
    RP2140: 8/18/2010 4:24:44 PM - Removed Kaspersky Internet Security 2011.
    RP2141: 8/18/2010 4:33:46 PM - Installed Kaspersky Internet Security 2011.
    RP2142: 8/19/2010 10:17:11 PM - System Checkpoint
    RP2143: 8/20/2010 10:46:35 PM - System Checkpoint

    ==== Installed Programs ======================

    AC-3 ACM Decompressor
    Adobe Acrobat - Reader 6.0.2 Update
    Adobe Acrobat 6.0.1 Professional
    Adobe Acrobat and Reader 6.0.3 Update
    Adobe Acrobat and Reader 6.0.4 Update
    Adobe Acrobat and Reader 6.0.5 Update
    Adobe Acrobat and Reader 6.0.6 Update
    Adobe Bridge 1.0
    Adobe Common File Installer
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Help Center 1.0
    Adobe PageMaker 7.0
    Adobe Photoshop CS2
    Adobe Reader 7.1.0
    Adobe Shockwave Player 11.5
    Adobe Stock Photos 1.0
    Adobe Type Manager 4.1
    AI RoboForm
    Amazon MP3 Downloader 1.0.3
    AnswerWorks Runtime
    Anvil Studio
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ArcView GIS Version 3.1
    AsfTools 3.1 (remove only)
    ATI - Software Uninstall Utility
    ATI Display Driver
    AutoCAD 2002
    AVIcodec (remove only)
    Banctec Service Agreement
    Bonjour
    BresnanClientSetup
    Broadcom Advanced Control Suite 2
    Cad Tools
    Canon Camera Access Library
    Canon Camera Support Core Library
    Canon Camera Window DC_DV 5 for ZoomBrowser EX
    Canon Camera Window DC_DV 6 for ZoomBrowser EX
    Canon Camera Window MC 6 for ZoomBrowser EX
    Canon G.726 WMP-Decoder
    Canon MovieEdit Task for ZoomBrowser EX
    Canon RAW Image Task for ZoomBrowser EX
    Canon RemoteCapture Task for ZoomBrowser EX
    Canon Utilities EOS Utility
    Canon Utilities PhotoStitch
    Canon Utilities ZoomBrowser EX
    Compatibility Pack for the 2007 Office system
    Conexant D850 56K V.9x DFVc Modem
    Corpscon 6.0
    Dell Driver Reset Tool
    Dell Networking Guide
    Dell Support Center (Support Software)
    Dell System Restore
    DellSupport
    Digital Line Detect
    Eagle Point
    eScrip Shopping
    Facebook Plug-In
    Family Tree Maker 2009
    FinePixViewer Ver.4.2
    FUJIFILM USB Driver
    Google Update Helper
    HijackThis 2.0.2
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    ImageMixer VCD2 for FinePix
    Inkscape 0.47
    Intel Application Accelerator
    Internet Explorer Default Page
    iTunes
    J2SE Runtime Environment 5.0 Update 10
    J2SE Runtime Environment 5.0 Update 11
    J2SE Runtime Environment 5.0 Update 2
    J2SE Runtime Environment 5.0 Update 4
    J2SE Runtime Environment 5.0 Update 6
    J2SE Runtime Environment 5.0 Update 9
    Java 2 Runtime Environment, SE v1.4.2_03
    Java 2 Runtime Environment, SE v1.4.2_06
    Java Auto Updater
    Java(TM) 6 Update 2
    Java(TM) 6 Update 20
    Java(TM) 6 Update 3
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7
    Java(TM) SE Runtime Environment 6 Update 1
    K-Lite Codec Pack 2.80 Standard
    Kaspersky Internet Security 2011
    Lame ACM MP3 Codec
    Logical Journey of the Zoombinis
    Macromedia Shockwave Player
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft FrontPage 2000
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Money 2007 Home & Business
    Microsoft Money Shared Libraries
    Microsoft National Language Support Downlevel APIs
    Microsoft Office 2000 Professional
    Microsoft Office 2003 Web Components
    Microsoft Office Basic Edition 2003
    Microsoft Office Live Meeting 2007
    Microsoft Office XP Web Components
    Microsoft Plus! Digital Media Edition Installer
    Microsoft Plus! Photo Story 2 LE
    Microsoft Primary Interoperability Assemblies 2005
    Microsoft Silverlight
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Windows XP Video Decoder Checkup Utility
    Microsoft Works Setup Launcher
    Microsoft WSE 3.0
    Modem Helper
    Mozilla Firefox (3.6.8)
    MSN Money Investment Toolbox
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6 Service Pack 2 (KB973686)
    My Way Search Assistant
    Netflix Movie Viewer
    NetWaiting
    OGA Notifier 2.0.0048.0
    OverDrive Media Console
    QuickTime
    RAW FILE CONVERTER LE
    RealPlayer
    Security Update for Step By Step Interactive Training (KB898458)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 7 (KB976325)
    Security Update for Windows Internet Explorer 7 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Media Encoder (KB979332)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    SmartFTP Client
    SmartFTP Client 3.0 Setup Files (remove only)
    SmartFTP Client 4.0 Setup Files (remove only)
    Sonic DLA
    Sonic RecordNow!
    Sonic Update Manager
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Update for Windows XP (KB978207)
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    Volo View Express
    WebEx
    WebFldrs XP
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage v1.3.0254.0
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Media Encoder 9 Series
    Windows Media Format 11 runtime
    Windows Media Format Runtime
    Windows Media Player 10
    Windows Media Player 11
    Windows XP Service Pack 3
    Yahoo! Install Manager
    Yahoo! Toolbar

    ==== Event Viewer Messages From Past Week ========

    8/18/2010 7:55:55 PM, error: DCOM [10000] - Unable to start a DCOM Server: {41C8D38D-3B56-4AF4-8BC2-361BC6ADED23}. The error: "%2" Happened while starting this command: "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtblfs.exe" -Embedding
    8/18/2010 7:33:27 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
    8/18/2010 5:48:09 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
    8/16/2010 6:51:12 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
    8/16/2010 6:41:34 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    8/16/2010 6:41:32 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
    8/15/2010 7:29:12 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file mtstocom.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 2001.12.4414.700.
    8/15/2010 7:29:12 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file migregdb.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 2001.12.4414.700.
    8/15/2010 12:00:32 AM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer GPATRICK that believes that it is the master browser for the domain on transport NetBT_Tcpip_{434E44DA-3430-4DFF-. The master browser is stopping or an election is being forced.
    8/13/2010 10:38:20 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service gusvc with arguments "" in order to run the server: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}
    8/13/2010 1:12:08 PM, error: TermServDevices [1111] - Driver Send To Microsoft OneNote Driver required for printer Send To OneNote 2007 is unknown. Contact the administrator to install the driver before you log in again.
    8/13/2010 1:12:07 PM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer MOM-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{434E44DA-3430-4DFF-A2. The master browser is stopping or an election is being forced.

    ==== End Of File ===========================
     
  12. crunchie

    crunchie Malware Helper Posts: 761

    Hi and welcome to TechSpot forums :).

    ====

    Please download JavaRa

    If you get this message:
    Problems with the download? Please use this direct link or try another mirror.

    Select the Direct link download unzip it to your Desktop.

    Double click JavaRa.exe then click Remove Older Versions.

    Follow any prompts; a log will popup (JavaRa.log)-- please post the contents of this log.

    Next, open JavaRa.exe again, and select Search For Updates.

    Select Update Using Sun Java's Website --> Search, and continue the instructions for downloading and installing the latest Java version. Look for JDK 6 Update 21 (JDK or JRE). On the right select this one Download JRE..

    In Vista and Windows 7 run the tool as Administrator.

    ================

    Please download ComboFix by sUBs from HERE or HERE
    • You must download it to and run it from your Desktop
    • Physically disconnect from the internet.
    • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
    • Double click combofix.exe & follow the prompts.
    • When finished, it will produce a log. Please save that log to post in your next reply.
    • Re-enable all the programs that were disabled during the running of ComboFix..

    Note:
    Do not mouse-click combofix's window while it is running. That may cause it to stall.

    CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

    Run Combofix ONCE only!!
  13. rh1306

    rh1306 Newcomer, in training Topic Starter Posts: 21

    JavaRa and ComboFix logs (part 1)

    Thank you so much for volunteering to help with this. Your time is truly appreciated. :)

    Below are the requested logs:

    JavaRa log
    JavaRa 1.16 Removal Log.Report follows after line.------------------------------------The JavaRa removal process was started on Sat Aug 21 15:46:12 2010

    Found and removed: C:\Program Files\Java\j2re1.4.2_03Found and removed: C:\Program Files\Java\jre1.5.0_02Found and removed: C:\Program Files\Java\jre1.5.0_04Found and removed: C:\Program Files\Java\jre1.5.0_06Found and removed: C:\Program Files\Java\jre1.5.0_09Found and removed: C:\Program Files\Java\jre1.5.0_10Found and removed: C:\Program Files\Java\jre1.5.0_11Found and removed: C:\Program Files\Java\jre1.6.0_01Found and removed: C:\Program Files\Java\jre1.6.0_02Found and removed: C:\Program Files\Java\jre1.6.0_03Found and removed: C:\Program Files\Java\jre1.6.0_05Found and removed: C:\Program Files\Java\jre1.6.0_07Found and removed: C:\Documents and Settings\rh\Application Data\Sun\Java\jre1.6.0_11Found and removed: C:\Documents and Settings\rh\Application Data\Sun\Java\jre1.6.0_12Found and removed: C:\Documents and Settings\rh\Application Data\Sun\Java\jre1.6.0_13Found and removed: C:\Documents and Settings\rh\Application Data\Sun\Java\jre1.6.0_14Found and removed: C:\Documents and Settings\rh\Application Data\Sun\Java\jre1.6.0_15Found and removed: C:\Documents and Settings\rh\Application Data\Sun\Java\jre1.6.0_17Found and removed: C:\WINDOWS\Installer\{7148F0A8-6813-11D6-A77B-00B0D0142030}Found and removed: C:\WINDOWS\Installer\{7148F0A8-6813-11D6-A77B-00B0D0142060}Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.4Found and removed: Software\JavaSoft\Java2D\1.5.0_02Found and removed: Software\JavaSoft\Java2D\1.5.0_04Found and removed: Software\JavaSoft\Java2D\1.5.0_06Found and removed: Software\JavaSoft\Java2D\1.5.0_09Found and removed: Software\JavaSoft\Java2D\1.5.0_10Found and removed: Software\JavaSoft\Java2D\1.5.0_11Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D510002Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D510004Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D510006Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D510009Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D511000Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D511001Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D510002Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D510004Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D510006Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D510009Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D511000Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D511001Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D510002Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D510004Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D510006Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D510009Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D511000Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D511001Found and removed: SOFTWARE\Classes\JavaPlugin.150_02Found and removed: SOFTWARE\Classes\JavaPlugin.150_04Found and removed: SOFTWARE\Classes\JavaPlugin.150_06Found and removed: SOFTWARE\Classes\JavaPlugin.150_09Found and removed: SOFTWARE\Classes\JavaPlugin.150_10Found and removed: SOFTWARE\Classes\JavaPlugin.150_11Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_02Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_04Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_06Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_09Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_10Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_11Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_02Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_04Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_06Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_09Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_10Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_11Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D510002Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D510004Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D510006Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D510009Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D511000Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D511001Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D510002Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D510004Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D510006Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D510009Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D511000Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D511001Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150020}Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150040}Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150060}Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150090}Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150100}Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150110}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610001Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610002Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610003Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610005Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610007Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610001Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610002Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610003Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610005Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610007Found and removed: SOFTWARE\Classes\JavaPlugin.160_01Found and removed: SOFTWARE\Classes\JavaPlugin.160_02Found and removed: SOFTWARE\Classes\JavaPlugin.160_03Found and removed: SOFTWARE\Classes\JavaPlugin.160_05Found and removed: SOFTWARE\Classes\JavaPlugin.160_07Found and removed: SOFTWARE\Classes\JavaPlugin.160_20Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_01Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_02Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_03Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_05Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_07Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_17Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_20Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_01Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_02Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_03Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_05Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_07Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_20Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610001Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610002Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610003Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610005Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610007Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610001Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610002Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610003Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610005Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610007Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610001Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610002Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610003Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610005Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610007Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160010}Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160020}Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160030}Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160050}Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160070}Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7148F0A8-6813-11D6-A77B-00B0D0142030}Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7148F0A8-6813-11D6-A77B-00B0D0142060}Found and removed: SOFTWARE\Classes\Installer\Products\8A0F841731866D117AB7000B0D410203Found and removed: SOFTWARE\Classes\Installer\Products\8A0F841731866D117AB7000B0D410206Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F841731866D117AB7000B0D410203Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F841731866D117AB7000B0D410206Found and removed: SOFTWARE\Classes\JavaPlugin.142_03Found and removed: SOFTWARE\Classes\JavaPlugin.142_06Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.4.2_03Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.4.2_06Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.4.2_03Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.4.2_06Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.4.2_03Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.4.2_06Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_02Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_04Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_06Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_09Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_10Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_11Found and removed: Software\Classes\JavaPlugin.142_03Found and removed: Software\Classes\JavaPlugin.142_06Found and removed: Software\Classes\JavaPlugin.160_01Found and removed: Software\Classes\JavaPlugin.160_02Found and removed: Software\Classes\JavaPlugin.160_03Found and removed: Software\Classes\JavaPlugin.160_05Found and removed: Software\Classes\JavaPlugin.160_07Found and removed: Software\Classes\JavaPlugin.160_17Found and removed: Software\Classes\JavaPlugin.160_20Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_02\Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_04\Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_06\Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_09\Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_10\Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_11\Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_01\Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_02\Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_03\Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_05\Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_01\bin\Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_02\bin\Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_03\bin\Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_05\bin\Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_07\bin\Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_01Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_02Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_03Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_05Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_07Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_20Found and removed: Software\JavaSoft\Java2D\1.6.0_01Found and removed: Software\JavaSoft\Java2D\1.6.0_02
  14. rh1306

    rh1306 Newcomer, in training Topic Starter Posts: 21

    JavaRa and ComboFix logs (part 2)

    Found and removed: Software\JavaSoft\Java2D\1.6.0_03Found and removed: Software\JavaSoft\Java2D\1.6.0_05Found and removed: Software\JavaSoft\Java2D\1.6.0_07Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_01Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_02Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_03Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_05Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_07Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_20Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610001Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610002Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610003Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610005Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACB9B14518A96D117A58000B0D410203Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACB9B14518A96D117A58000B0D410206Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_01.b06\Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_03.b05\Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_05.b13\Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core1.zipFound and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core2.zipFound and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core3.zipJavaRa 1.16 Removal Log.Report follows after line.------------------------------------The JavaRa removal process was started on Sat Aug 21 15:52:52 2010

    Found and removed: C:\Program Files\Java\j2re1.4.2_06------------------------------------Finished reporting.


    ComboFix log:
    ComboFix 10-08-21.01 - rh 08/21/2010 16:21:40.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.293 [GMT -6:00]
    Running from: c:\documents and settings\rh\Desktop\ComboFix.exe
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\rh\GoToAssistDownloadHelper.exe
    c:\windows\Downloaded Program Files\ODCTOOLS
    c:\windows\Downloaded Program Files\ODCTOOLS\ef6b26db-344d-4ad3-ba24-aca0bdaa999a.cab
    c:\windows\Downloaded Program Files\ODCTOOLS\f04d289f-c60a-422b-8396-6c372047042e.cab
    c:\windows\Downloaded Program Files\Temp
    c:\windows\jestertb.dll
    c:\windows\system\myocr.dll
    c:\windows\system\ocrutil.dll
    c:\windows\system\segment.dll
    c:\windows\system\segsdk.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_IAS
    -------\Service_Ias


    ((((((((((((((((((((((((( Files Created from 2010-07-21 to 2010-08-21 )))))))))))))))))))))))))))))))
    .

    2010-08-20 18:10 . 2010-04-29 21:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-08-20 18:10 . 2010-08-20 18:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-08-20 18:10 . 2010-04-29 21:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-08-18 22:36 . 2010-08-19 01:52 97549 ----a-w- c:\windows\system32\drivers\klick.dat
    2010-08-18 22:36 . 2010-08-19 01:52 113933 ----a-w- c:\windows\system32\drivers\klin.dat
    2010-08-18 22:34 . 2010-08-18 22:34 -------- d-----w- c:\program files\Kaspersky Lab
    2010-08-18 02:05 . 2010-08-18 02:05 -------- d-----w- c:\program files\Trend Micro
    2010-08-16 03:41 . 2010-08-16 03:41 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2010-08-16 03:32 . 2010-08-16 03:32 -------- d-----w- c:\documents and settings\rh\Local Settings\Application Data\Sunbelt Software
    2010-08-16 02:46 . 2010-08-16 02:48 -------- dc-h--w- c:\windows\ie8
    2010-08-16 01:45 . 2010-08-16 02:07 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
    2010-08-15 20:30 . 2010-08-18 22:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
    2010-08-15 02:40 . 2010-08-21 22:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
    2010-08-14 23:24 . 2010-08-14 23:24 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
    2010-08-14 23:24 . 2010-08-14 23:24 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM
    2010-08-07 22:25 . 2010-08-07 22:25 -------- d-----w- c:\program files\iPod
    2010-08-07 22:09 . 2010-08-07 22:09 -------- d-----w- c:\program files\Bonjour

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-08-21 22:40 . 2007-04-17 07:55 -------- d-----w- c:\documents and settings\rh\Application Data\Escrip__Shopping
    2010-08-21 22:02 . 2004-12-14 06:58 -------- d-----w- c:\program files\Common Files\Java
    2010-08-21 22:02 . 2010-04-28 18:42 423656 ----a-w- c:\windows\system32\deployJava1.dll
    2010-08-21 21:52 . 2004-12-14 06:58 -------- d-----w- c:\program files\Java
    2010-08-21 15:53 . 2008-10-11 21:28 1324 ----a-w- c:\windows\system32\d3d9caps.dat
    2010-08-19 01:54 . 2010-06-29 01:47 283984 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Bases\avengine.dll
    2010-08-19 01:52 . 2010-08-19 01:52 125624 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav11\11.0.1.400\shellex.dll
    2010-08-19 01:52 . 2010-08-19 01:52 404152 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav11\11.0.1.400\mcouas.dll
    2010-08-19 01:52 . 2010-08-19 01:52 113336 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav11\11.0.1.400\sbstart.exe
    2010-08-19 01:52 . 2010-08-19 01:52 170680 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav11\11.0.1.400\klwtblc.dll
    2010-08-19 01:52 . 2010-08-19 01:52 129720 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav11\11.0.1.400\shellex.dll
    2010-08-19 01:52 . 2010-08-19 01:52 113336 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav11\11.0.1.400\sbstart.exe
    2010-08-19 01:52 . 2010-08-19 01:52 404152 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav11\11.0.1.400\mcouas.dll
    2010-08-19 01:52 . 2010-08-19 01:52 170680 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav11\11.0.1.400\klwtblc.dll
    2010-08-19 01:42 . 2010-08-19 01:42 283984 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\bases\av\kdb\i386\win\avengine.dll
    2010-08-18 21:21 . 2005-01-07 17:17 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2010-08-18 21:18 . 2005-01-07 17:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2010-08-18 20:34 . 2008-11-11 21:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
    2010-08-18 04:13 . 2004-12-14 06:59 -------- d--h--w- c:\program files\InstallShield Installation Information
    2010-08-18 04:12 . 2008-10-11 21:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Corporation
    2010-08-18 04:11 . 2006-12-06 21:26 -------- d-----w- c:\documents and settings\rh\Application Data\GeoVid
    2010-08-18 04:08 . 2005-03-30 17:08 -------- d-----w- c:\program files\Google
    2010-08-16 01:46 . 2010-08-16 01:45 2788816 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe
    2010-08-16 01:29 . 2004-08-11 23:12 23812 -c--a-w- c:\windows\system32\emptyregdb.dat
    2010-08-15 02:25 . 2010-03-05 05:45 -------- d-----w- c:\program files\McAfeeMOBK
    2010-08-14 05:46 . 2004-12-14 07:03 -------- d-----w- c:\program files\Jasc Software Inc
    2010-08-08 02:36 . 2005-11-28 03:47 -------- d-----w- c:\documents and settings\rh\Application Data\Apple Computer
    2010-08-07 22:26 . 2006-02-06 20:03 -------- d-----w- c:\program files\iTunes
    2010-08-07 22:25 . 2009-04-24 01:33 -------- d-----w- c:\program files\Common Files\Apple
    2010-08-07 22:05 . 2010-08-07 22:05 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
    2010-08-06 08:22 . 2010-08-06 08:22 61440 ----a-w- c:\documents and settings\rh\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-3f9767f6-n\decora-sse.dll
    2010-08-06 08:22 . 2010-08-06 08:22 503808 ----a-w- c:\documents and settings\rh\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-30e7f38b-n\msvcp71.dll
    2010-08-06 08:22 . 2010-08-06 08:22 499712 ----a-w- c:\documents and settings\rh\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-30e7f38b-n\jmc.dll
    2010-08-06 08:22 . 2010-08-06 08:22 348160 ----a-w- c:\documents and settings\rh\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-30e7f38b-n\msvcr71.dll
    2010-08-06 08:22 . 2010-08-06 08:22 12800 ----a-w- c:\documents and settings\rh\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-3f9767f6-n\decora-d3d.dll
    2010-08-03 17:06 . 2005-04-14 16:16 -------- d-----w- c:\documents and settings\rh\Application Data\Musicmatch
    2010-08-03 17:06 . 2004-12-14 07:02 -------- d-----w- c:\program files\MUSICMATCH
    2010-08-03 16:52 . 2004-12-14 06:59 -------- d-----w- c:\program files\Dell
    2010-08-03 16:48 . 2005-01-11 18:33 -------- d-----w- c:\program files\Common Files\Autodesk Shared
    2010-08-03 00:54 . 2005-01-06 20:20 -------- d-----w- c:\documents and settings\rh\Application Data\AdobeUM
    2010-07-07 08:46 . 2010-07-07 08:46 68256 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2011 11.0.1.400\English\setup.exe
    2010-07-02 03:35 . 2010-07-02 03:35 228024 ----a-w- c:\windows\system32\klogon.dll
    2010-07-01 18:22 . 2010-07-01 18:22 92816 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 2011 11.0.1.400\English\setup.exe
    2010-07-01 14:06 . 2010-07-01 14:06 1037648 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Bases\klavasyswatch.dll
    2010-06-30 13:06 . 2010-06-30 13:06 271696 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Bases\sys_critical_obj.dll
    2010-06-30 12:31 . 2004-08-12 13:27 149504 ----a-w- c:\windows\system32\schannel.dll
    2010-06-24 12:22 . 2004-08-12 13:33 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-06-23 19:11 . 2010-06-23 19:11 501936 ----a-w- c:\documents and settings\All Users\Application Data\Google\Google Toolbar\Update\gtb358.tmp.exe
    2010-06-23 13:44 . 2004-08-12 13:33 1851904 ----a-w- c:\windows\system32\win32k.sys
    2010-06-21 15:27 . 2004-08-12 13:30 354304 ----a-w- c:\windows\system32\drivers\srv.sys
    2010-06-17 14:03 . 2004-08-12 13:19 80384 ----a-w- c:\windows\system32\iccvid.dll
    2010-06-14 14:31 . 2004-08-04 11:00 744448 ----a-w- c:\windows\PCHEALTH\HELPCTR\BINARIES\helpsvc.exe
    2010-06-14 07:41 . 2004-08-12 13:23 1172480 ----a-w- c:\windows\system32\msxml3.dll
    2010-06-09 23:43 . 2010-06-09 23:43 11352 ----a-w- c:\windows\system32\drivers\kl2.sys
    2010-06-09 23:43 . 2010-06-09 23:43 132184 ----a-w- c:\windows\system32\drivers\kl1.sys
    2010-05-28 08:22 . 2010-05-28 08:22 503808 ----a-w- c:\documents and settings\rh\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7208730f-n\msvcp71.dll
    2010-05-28 08:22 . 2010-05-28 08:22 61440 ----a-w- c:\documents and settings\rh\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-64a1c73a-n\decora-sse.dll
    2010-05-28 08:22 . 2010-05-28 08:22 499712 ----a-w- c:\documents and settings\rh\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7208730f-n\jmc.dll
    2010-05-28 08:22 . 2010-05-28 08:22 348160 ----a-w- c:\documents and settings\rh\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7208730f-n\msvcr71.dll
    2010-05-28 08:22 . 2010-05-28 08:22 12800 ----a-w- c:\documents and settings\rh\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-64a1c73a-n\decora-d3d.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
    "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1151601.exe" [2009-07-31 468408]
  15. rh1306

    rh1306 Newcomer, in training Topic Starter Posts: 21

    JavaRa and ComboFix logs (part 3)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IAAnotif"="c:\program files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-06-29 135168]
    "UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
    "REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-05 53248]
    "escrm"="c:\program files\Escrip__Shopping\escripv.exe" [2008-07-23 300336]
    "ISUSPM Startup"="c:\progra~1\common~1\instal~1\update~1\isuspm.exe" [2004-08-09 221184]
    "dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
    "dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
    "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
    "ISUSScheduler"="c:\progra~1\common~1\instal~1\update~1\issch.exe" [2004-08-09 81920]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
    "AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" [2010-07-02 357096]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

    c:\documents and settings\rh\Start Menu\Programs\Startup\
    UMAX VistaAccess.lnk - c:\vstascan\vsaccess.exe [2005-3-31 159232]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-23 217194]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\WINDOWS\\system32\\sessmgr.exe"=
    "c:\\WINDOWS\\SYSTEM32\\MMC.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office\\FRONTPG.EXE"=
    "c:\\WINDOWS\\SYSTEM32\\FXSCLNT.EXE"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:mad:xpsp2res.dll,-22009
    "3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
    "3540:UDP"= 3540:UDP:peer Name Resolution Protocol (PNRP)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
    "AllowInboundEchoRequest"= 1 (0x1)

    R1 DMX3191;DMX3191;c:\windows\SYSTEM32\DRIVERS\dmx3191.sys [3/31/2005 11:38 AM 17700]
    R1 kl2;kl2;c:\windows\SYSTEM32\DRIVERS\kl2.sys [6/9/2010 5:43 PM 11352]
    R2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [11/10/2009 10:17 PM 24640]
    R2 UDNT;UDNT;c:\windows\SYSTEM32\DRIVERS\udnt.sys [3/31/2005 11:38 AM 76260]
    R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\SYSTEM32\DRIVERS\klim5.sys [5/7/2010 12:06 PM 32856]
    R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\SYSTEM32\DRIVERS\klmouflt.sys [11/2/2009 8:27 PM 19472]
    R3 scsiscan;SCSI Scanner Driver;c:\windows\SYSTEM32\DRIVERS\scsiscan.sys [2/20/2010 1:12 AM 11520]
    S1 AEC671X;AEC671X;c:\windows\SYSTEM32\DRIVERS\aec671x.sys [3/31/2005 11:38 AM 12128]
    S2 gupdate1c9b97263ba3dd0;Google Update Service (gupdate1c9b97263ba3dd0);c:\program files\Google\Update\GoogleUpdate.exe [4/9/2009 6:22 PM 133104]
    S3 HPUATA;HP CD Writer Plus Controller Driver;c:\windows\SYSTEM32\DRIVERS\HPUATA.sys [9/24/2001 4:36 AM 75776]
    S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
    .
    Contents of the 'Scheduled Tasks' folder

    2010-08-12 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

    2010-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-10 00:22]

    2010-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-10 00:22]

    2010-08-21 c:\windows\Tasks\incremental backup.job
    - c:\windows\system32\ntbackup.exe [2004-08-12 00:12]

    2010-08-21 c:\windows\Tasks\User_Feed_Synchronization-{A533B267-DD31-40D0-839E-6F6F1783D774}.job
    - c:\windows\system32\msfeedssync.exe [2006-10-17 10:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = about:blank
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    mStart Page = about:blank
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm
    IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    IE: eScrip Shopping - file://c:\documents and settings\rh\Application Data\Escrip__Shopping\escrt\escrC6.htm
    IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} - hxxp://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab
    DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab
    DPF: {D6016EE7-A8FF-11D1-B37E-A4759ECD7909} - hxxp://www.pulse3d.com/players/english/PulsePlayerAxWin.cab
    FF - ProfilePath - c:\documents and settings\rh\Application Data\Mozilla\Firefox\Profiles\2nccftor.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/home.php?
    FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
    FF - plugin: c:\documents and settings\rh\Application Data\Facebook\npfbplugin_1_0_3.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    .
    - - - - ORPHANS REMOVED - - - -

    HKCU-Run-Weather - c:\program files\AWS\WeatherBug\Weather.exe
    AddRemove-Logical Journey of the Zoombinis - x:\program files\DeIsL1.isu
    AddRemove-Macromedia Shockwave Player - c:\windows\SYSTEM32\Macromed\SHOCKW~1\UNWISE.EXE



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-08-21 16:40
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

    device: opened successfully
    user: MBR read successfully
    called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86AF1ACE]<<
    kernel: MBR read successfully
    detected MBR rootkit hooks:
    \Driver\Disk -> CLASSPNP.SYS @ 0xf7750f28
    \Driver\ACPI -> ACPI.sys @ 0xf7643cb8
    \Driver\atapi -> atapi.sys @ 0xf75bd852
    \Driver\iaStor -> iaStor.sys @ 0xf7554aa8
    IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805e710a
    \Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805e710a
    NDIS: Broadcom NetXtreme 57xx Gigabit Controller -> SendCompleteHandler -> NDIS.sys @ 0xf73f9bb0
    PacketIndicateHandler -> NDIS.sys @ 0xf73e8a0d
    SendHandler -> NDIS.sys @ 0xf73fcb40
    user & kernel MBR OK

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-829665885-1056571389-27219253-1006\Software\Microsoft\SystemCertificates\AddressBook*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @DACL=(02 0010)
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @DACL=(02 0010)
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @DACL=(02 0010)
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(1112)
    c:\windows\system32\WININET.dll
    c:\windows\system32\l3codeca.acm
    c:\windows\system32\LameACM.acm
    c:\windows\system32\IEFRAME.dll
    c:\windows\system32\AC3ACM.acm

    - - - - - - - > 'lsass.exe'(1172)
    c:\windows\system32\WININET.dll

    - - - - - - - > 'explorer.exe'(5776)
    c:\windows\system32\WININET.dll
    c:\program files\SmartFTP Client\en-US\sfShellTools.dll.mui
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    c:\windows\system32\l3codeca.acm
    c:\windows\system32\LameACM.acm
    c:\windows\system32\AC3ACM.acm
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\Ati2evxx.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Intel\Intel Application Accelerator\iaantmon.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\xampp\mysql\bin\mysqld.exe
    c:\program files\Dell Support Center\bin\sprtsvc.exe
    c:\windows\system32\fxssvc.exe
    c:\program files\Canon\CAL\CALMAIN.exe
    c:\windows\system32\wscntfy.exe
    c:\program files\Escrip__Shopping\es.exe
    c:\program files\iPod\bin\iPodService.exe
    .
    **************************************************************************
    .
    Completion time: 2010-08-21 16:50:16 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-08-21 22:50

    Pre-Run: 19,488,763,904 bytes free
    Post-Run: 19,343,900,672 bytes free

    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

    - - End Of File - - B1EE6766665C37A30233470EC298AB2F
  16. crunchie

    crunchie Malware Helper Posts: 761

    How are things now?

    Download Bootkit Remover to your Desktop.

    • You then need to extract the remover.exe file from the RAR using a program capable of extracting RAR compressed files. If you don't have an extraction program, you can use 7-Zip: http://www.7-zip.org/
    • After extracting remover.exe to your Desktop, double-click on remover.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator.
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
  17. rh1306

    rh1306 Newcomer, in training Topic Starter Posts: 21

    bootkit remover data

    things seemed ok at first until I tried to go to microsoft update and now the redirect thing is still happening.

    bootkit remover data:
    Bootkit Remover
    (c) 2009 eSage Lab
    www.esagelab.com

    Program version: 1.1.0.0
    OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`02f10c00

    Size Device Name MBR Status
    --------------------------------------------
    74 GB \\.\PhysicalDrive0 Controlled by rootkit!

    Boot code on some of your physical disks is hidden by a rootkit.
    To disinfect the master boot sector, use the following command:
    remover.exe fix <device_name>
    To inspect the boot code manually, dump the master boot sector:
    remover.exe dump <device_name> [output_file]


    Done;
    Press any key to quit...
  18. crunchie

    crunchie Malware Helper Posts: 761

    Open Notepad
    Copy and paste following text into Notepad:
    Code:
    @ECHO OFF
    START remover.exe fix \\.\PhysicalDrive0
    EXIT
    Go FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES
    Then in the FILE NAME box type fix.bat.
    Save fix.bat to your Desktop.

    Run fix.bat by double clicking.
    You may see a black box appear; this is normal.

    When done, run remover.exe again and post its output.
  19. rh1306

    rh1306 Newcomer, in training Topic Starter Posts: 21

    bootkit remover data (2)

    bootkit remover data:

    Bootkit Remover
    (c) 2009 eSage Lab
    www.esagelab.com

    Program version: 1.1.0.0
    OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`02f10c00
    Boot sector MD5 is: 6def5ffcbcdbdb4082f1015625e597bd

    Size Device Name MBR Status
    --------------------------------------------
    74 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


    Done;
    Press any key to quit...
  20. crunchie

    crunchie Malware Helper Posts: 761

    How are things now?
  21. rh1306

    rh1306 Newcomer, in training Topic Starter Posts: 21

    seems to be fixed

    hmm...I don't even know what to say, but everything seems to be fixed now. thank you so much. just wish i could understand what we did. :)
  22. crunchie

    crunchie Malware Helper Posts: 761

    Lets have a look for any remains.

    Please Run the ESET Online Scanner and post the ScanLog with your post for assistance.
    • You will need to use Internet Explorer to complete this scan.
    • You will need to temporarily Disable your current Anti-virus program.
    • Be sure the option to Remove found threats is Un-checked at this time (we may have it clean what it finds at a later time), and the option to Scan unwanted applications is Checked.
    • When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please post that log for us as directed below.

    NOTE: If you are unable to complete the ESET scan, please try another from the list below:

  23. rh1306

    rh1306 Newcomer, in training Topic Starter Posts: 21

    ESET log

    ESETSmartInstaller@High as CAB hook log:
    OnlineScanner.ocx - registred OK
    # version=7
    # IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
    # OnlineScanner.ocx=1.0.0.6211
    # api_version=3.0.2
    # EOSSerial=1b8f1baf6f8fa5459a1ef2435709cdcb
    # end=finished
    # remove_checked=false
    # archives_checked=false
    # unwanted_checked=true
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2010-08-22 07:03:39
    # local_time=2010-08-22 01:03:39 (-0700, Mountain Daylight Time)
    # country="United States"
    # lang=1033
    # osver=5.1.2600 NT Service Pack 3
    # compatibility_mode=512 16777215 100 0 0 0 0 0
    # compatibility_mode=1280 16777191 100 0 241538 241538 0 0
    # compatibility_mode=8192 67108863 100 0 0 0 0 0
    # scanned=192843
    # found=1
    # cleaned=0
    # scan_time=5033
    C:\Documents and Settings\rh\Application Data\0DA2CE909F4FC7AA32C2B8FD7871513A\bff70700.exe Win32/Adware.AntimalwareDoctor application 00000000000000000000000000000000 I
  24. crunchie

    crunchie Malware Helper Posts: 761

    1. Please open Notepad
    • Click Start , then Run
    • Type notepad.exe in the Run Box.
    2. Now copy/paste the entire content of the codebox below into the Notepad window:
    Code:
    
    File::
    C:\Documents and Settings\rh\Application Data\0DA2CE909F4FC7AA32C2B8FD7871513A\bff70700.exe
    
    Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

    3. Save the above as CFScript.txt

    4. Physically disconnect from the internet.

    5. Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.

    6. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    7. After reboot, (in case it asks to reboot), please post the following reports/logs into your next replyafter you re-enable all the programs that were disabled during the running of ComboFix:
    • Combofix.txt
    Please take note:

    CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
  25. rh1306

    rh1306 Newcomer, in training Topic Starter Posts: 21

    combofix log 2.txt (part 1)

    ComboFix 10-08-21.01 - rh 08/22/2010 17:06:47.2.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.404 [GMT -6:00]
    Running from: c:\documents and settings\rh\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\rh\Desktop\CFScript.txt

    FILE ::
    "c:\documents and settings\rh\Application Data\0DA2CE909F4FC7AA32C2B8FD7871513A\bff70700.exe"
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\rh\Application Data\0DA2CE909F4FC7AA32C2B8FD7871513A\bff70700.exe

    .
    ((((((((((((((((((((((((( Files Created from 2010-07-22 to 2010-08-22 )))))))))))))))))))))))))))))))
    .

    2010-08-22 17:37 . 2010-08-22 17:37 -------- d-----w- c:\program files\ESET
    2010-08-22 04:07 . 2010-08-22 04:07 -------- d-----w- c:\program files\7-Zip
    2010-08-20 18:10 . 2010-04-29 21:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-08-20 18:10 . 2010-08-20 18:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-08-20 18:10 . 2010-04-29 21:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-08-19 01:52 . 2010-08-19 01:52 125624 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav11\11.0.1.400\shellex.dll
    2010-08-19 01:52 . 2010-08-19 01:52 404152 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav11\11.0.1.400\mcouas.dll
    2010-08-19 01:52 . 2010-08-19 01:52 113336 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav11\11.0.1.400\sbstart.exe
    2010-08-19 01:52 . 2010-08-19 01:52 170680 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav11\11.0.1.400\klwtblc.dll
    2010-08-19 01:52 . 2010-08-19 01:52 129720 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav11\11.0.1.400\shellex.dll
    2010-08-19 01:52 . 2010-08-19 01:52 113336 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav11\11.0.1.400\sbstart.exe
    2010-08-19 01:52 . 2010-08-19 01:52 404152 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav11\11.0.1.400\mcouas.dll
    2010-08-19 01:52 . 2010-08-19 01:52 170680 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav11\11.0.1.400\klwtblc.dll
    2010-08-19 01:42 . 2010-08-19 01:42 283984 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\bases\av\kdb\i386\win\avengine.dll
    2010-08-18 22:36 . 2010-08-19 01:52 97549 ----a-w- c:\windows\system32\drivers\klick.dat
    2010-08-18 22:36 . 2010-08-19 01:52 113933 ----a-w- c:\windows\system32\drivers\klin.dat
    2010-08-18 22:34 . 2010-08-18 22:34 -------- d-----w- c:\program files\Kaspersky Lab
    2010-08-18 02:05 . 2010-08-18 02:05 -------- d-----w- c:\program files\Trend Micro
    2010-08-16 03:41 . 2010-08-16 03:41 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2010-08-16 03:32 . 2010-08-16 03:32 -------- d-----w- c:\documents and settings\rh\Local Settings\Application Data\Sunbelt Software
    2010-08-16 02:46 . 2010-08-16 02:48 -------- dc-h--w- c:\windows\ie8
    2010-08-16 01:45 . 2010-08-16 01:46 2788816 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe
    2010-08-16 01:45 . 2010-08-16 02:07 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
    2010-08-15 20:30 . 2010-08-18 22:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
    2010-08-15 02:40 . 2010-08-22 22:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
    2010-08-14 23:24 . 2010-08-14 23:24 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
    2010-08-14 23:24 . 2010-08-14 23:24 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM
    2010-08-07 22:25 . 2010-08-07 22:25 -------- d-----w- c:\program files\iPod
    2010-08-07 22:09 . 2010-08-07 22:09 -------- d-----w- c:\program files\Bonjour
    2010-08-07 22:05 . 2010-08-07 22:05 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
    2010-08-06 08:22 . 2010-08-06 08:22 61440 ----a-w- c:\documents and settings\rh\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-3f9767f6-n\decora-sse.dll
    2010-08-06 08:22 . 2010-08-06 08:22 503808 ----a-w- c:\documents and settings\rh\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-30e7f38b-n\msvcp71.dll
    2010-08-06 08:22 . 2010-08-06 08:22 499712 ----a-w- c:\documents and settings\rh\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-30e7f38b-n\jmc.dll
    2010-08-06 08:22 . 2010-08-06 08:22 348160 ----a-w- c:\documents and settings\rh\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-30e7f38b-n\msvcr71.dll
    2010-08-06 08:22 . 2010-08-06 08:22 12800 ----a-w- c:\documents and settings\rh\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-3f9767f6-n\decora-d3d.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-08-22 23:17 . 2010-02-20 00:04 -------- d-----w- c:\documents and settings\rh\Application Data\0DA2CE909F4FC7AA32C2B8FD7871513A
    2010-08-22 06:21 . 2007-04-17 07:55 -------- d-----w- c:\documents and settings\rh\Application Data\Escrip__Shopping
    2010-08-22 04:39 . 2008-10-11 21:28 1324 ----a-w- c:\windows\system32\d3d9caps.dat
    2010-08-21 22:02 . 2004-12-14 06:58 -------- d-----w- c:\program files\Common Files\Java
    2010-08-21 22:02 . 2010-04-28 18:42 423656 ----a-w- c:\windows\system32\deployJava1.dll
    2010-08-21 21:52 . 2004-12-14 06:58 -------- d-----w- c:\program files\Java
    2010-08-19 01:54 . 2010-06-29 01:47 283984 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Bases\avengine.dll
    2010-08-18 21:21 . 2005-01-07 17:17 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2010-08-18 21:18 . 2005-01-07 17:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2010-08-18 20:34 . 2008-11-11 21:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
    2010-08-18 04:13 . 2004-12-14 06:59 -------- d--h--w- c:\program files\InstallShield Installation Information
    2010-08-18 04:12 . 2008-10-11 21:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Corporation
    2010-08-18 04:11 . 2006-12-06 21:26 -------- d-----w- c:\documents and settings\rh\Application Data\GeoVid
    2010-08-18 04:08 . 2005-03-30 17:08 -------- d-----w- c:\program files\Google
    2010-08-16 01:29 . 2004-08-11 23:12 23812 -c--a-w- c:\windows\system32\emptyregdb.dat
    2010-08-15 02:25 . 2010-03-05 05:45 -------- d-----w- c:\program files\McAfeeMOBK
    2010-08-14 05:46 . 2004-12-14 07:03 -------- d-----w- c:\program files\Jasc Software Inc
    2010-08-08 02:36 . 2005-11-28 03:47 -------- d-----w- c:\documents and settings\rh\Application Data\Apple Computer
    2010-08-07 22:26 . 2006-02-06 20:03 -------- d-----w- c:\program files\iTunes
    2010-08-07 22:25 . 2009-04-24 01:33 -------- d-----w- c:\program files\Common Files\Apple
    2010-08-03 17:06 . 2005-04-14 16:16 -------- d-----w- c:\documents and settings\rh\Application Data\Musicmatch
    2010-08-03 17:06 . 2004-12-14 07:02 -------- d-----w- c:\program files\MUSICMATCH
    2010-08-03 16:52 . 2004-12-14 06:59 -------- d-----w- c:\program files\Dell
    2010-08-03 16:48 . 2005-01-11 18:33 -------- d-----w- c:\program files\Common Files\Autodesk Shared
    2010-08-03 00:54 . 2005-01-06 20:20 -------- d-----w- c:\documents and settings\rh\Application Data\AdobeUM
    2010-07-07 08:46 . 2010-07-07 08:46 68256 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2011 11.0.1.400\English\setup.exe
    2010-07-02 03:35 . 2010-07-02 03:35 228024 ----a-w- c:\windows\system32\klogon.dll
    2010-07-01 18:22 . 2010-07-01 18:22 92816 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 2011 11.0.1.400\English\setup.exe
    2010-07-01 14:06 . 2010-07-01 14:06 1037648 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Bases\klavasyswatch.dll
    2010-06-30 13:06 . 2010-06-30 13:06 271696 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Bases\sys_critical_obj.dll
    2010-06-30 12:31 . 2004-08-12 13:27 149504 ----a-w- c:\windows\system32\schannel.dll
    2010-06-24 12:22 . 2004-08-12 13:33 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-06-23 19:11 . 2010-06-23 19:11 501936 ----a-w- c:\documents and settings\All Users\Application Data\Google\Google Toolbar\Update\gtb358.tmp.exe
    2010-06-23 13:44 . 2004-08-12 13:33 1851904 ----a-w- c:\windows\system32\win32k.sys
    2010-06-21 15:27 . 2004-08-12 13:30 354304 ----a-w- c:\windows\system32\drivers\srv.sys
    2010-06-17 14:03 . 2004-08-12 13:19 80384 ----a-w- c:\windows\system32\iccvid.dll
    2010-06-14 14:31 . 2004-08-04 11:00 744448 ----a-w- c:\windows\PCHEALTH\HELPCTR\BINARIES\helpsvc.exe
    2010-06-14 07:41 . 2004-08-12 13:23 1172480 ----a-w- c:\windows\system32\msxml3.dll
    2010-06-09 23:43 . 2010-06-09 23:43 11352 ----a-w- c:\windows\system32\drivers\kl2.sys
    2010-06-09 23:43 . 2010-06-09 23:43 132184 ----a-w- c:\windows\system32\drivers\kl1.sys
    2010-05-28 08:22 . 2010-05-28 08:22 503808 ----a-w- c:\documents and settings\rh\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7208730f-n\msvcp71.dll
    2010-05-28 08:22 . 2010-05-28 08:22 61440 ----a-w- c:\documents and settings\rh\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-64a1c73a-n\decora-sse.dll
    2010-05-28 08:22 . 2010-05-28 08:22 499712 ----a-w- c:\documents and settings\rh\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7208730f-n\jmc.dll
    2010-05-28 08:22 . 2010-05-28 08:22 348160 ----a-w- c:\documents and settings\rh\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7208730f-n\msvcr71.dll
    2010-05-28 08:22 . 2010-05-28 08:22 12800 ----a-w- c:\documents and settings\rh\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-64a1c73a-n\decora-d3d.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
    "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1151601.exe" [2009-07-31 468408]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IAAnotif"="c:\program files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-06-29 135168]
    "UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
    "REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-05 53248]
    "escrm"="c:\program files\Escrip__Shopping\escripv.exe" [2008-07-23 300336]
    "ISUSPM Startup"="c:\progra~1\common~1\instal~1\update~1\isuspm.exe" [2004-08-09 221184]
    "dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
    "dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
    "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
    "ISUSScheduler"="c:\progra~1\common~1\instal~1\update~1\issch.exe" [2004-08-09 81920]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
    "AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" [2010-07-02 357096]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

    c:\documents and settings\rh\Start Menu\Programs\Startup\
    UMAX VistaAccess.lnk - c:\vstascan\vsaccess.exe [2005-3-31 159232]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-23 217194]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\WINDOWS\\system32\\sessmgr.exe"=
    "c:\\WINDOWS\\SYSTEM32\\MMC.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office\\FRONTPG.EXE"=
    "c:\\WINDOWS\\SYSTEM32\\FXSCLNT.EXE"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:mad:xpsp2res.dll,-22009
    "3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
    "3540:UDP"= 3540:UDP:peer Name Resolution Protocol (PNRP)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
    "AllowInboundEchoRequest"= 1 (0x1)
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.