Program:Vista---Highjacked browers,main web pages, etc...nothing fixes it

View previous topic View next topic Go down

Program:Vista---Highjacked browers,main web pages, etc...nothing fixes it

Post by Tigerlilly77 on 2nd August 2009, 12:20 pm

Hi- I have previously posted about this issue but I have such problems getting re-directed it's difficult to download programs.

My computer has various virus-related issues that are on-going and getting progressively worse. The other day I restored the entire computer and after 4 hours I felt satisfied that I could feel safe again- this morning...not so much.
**I was careful during the restore and installed Norton before I plugged all the main connections back in (and in Safe mode).

Same problems are starting to occur and from past experiences, they get worse QUICK.
- I hear a slight sound as I type
- I am always redirected when trying to reach security-related websites (Malwarebyte's, etc.)
-I feel that my Comcast homepage is phony- I can' explain why...example: [You must be registered and logged in to see this link.] (the * will pop-up even after I delete it)
- The same with Windowsupdate.microsoft... after the/ there is a - sign?

Norton Internet Security is my safety net for now- I could really use some help.

Thank you

Tigerlilly77
Intermediate
Intermediate

Posts Posts : 63
Joined Joined : 2009-07-25
Gender Gender : Female
OS OS : Vista
Points Points : 27019
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Program:Vista---Highjacked browers,main web pages, etc...nothing fixes it

Post by Origin on 2nd August 2009, 7:51 pm

Hello Tigerlilly77,

Welcome to Geek Police, my name is Origin and I will be helping you today. Please keep the following in mind:

  • If you do not get a reply from me or another helper within 2 days, please reply to your topic with the phrase BUMP
  • If you have any cracked/pirated software in your computer delete them or we will not help you.
  • Only follow advise from Geek Police Staff and not a regular member.
  • Do NOT run any tool without Geek Police supervision as it could hinder your system useless.
Please download the current version of HijackThis from [You must be registered and logged in to see this link.]

  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  • After installing, you should get the user agreement, press accept and Hijack This will run.
  • Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31513
# Likes # Likes : 0

View user profile

Back to top Go down

BUMP

Post by Tigerlilly77 on 3rd August 2009, 2:41 pm

Hello Origin-
Thank you for thr advice- My one concern is that I have run HijackThis before and Trend Micro caused alot of problems on my computer.
What do you think?
Thank you,
Tigerlilly77

Tigerlilly77
Intermediate
Intermediate

Posts Posts : 63
Joined Joined : 2009-07-25
Gender Gender : Female
OS OS : Vista
Points Points : 27019
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Program:Vista---Highjacked browers,main web pages, etc...nothing fixes it

Post by Belahzur on 3rd August 2009, 7:19 pm

When you say Trend Micro, that doesn't really specify much. Hijack This wasn't designed by Trend Micro, they just bought it from the developer, so it's safe to use.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

HighjackThis Report-

Post by Tigerlilly77 on 4th August 2009, 12:07 am

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:05:35 PM, on 8/3/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18294)
Boot mode: Normal

Running processes:
C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\hp\support\hpsysdrv.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\KBD\kbd.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\Program Files\MSN\Toolbar\3.0.0541.0\msntask.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\IPSBHO.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll
O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [hpsysdrv] "c:\hp\support\hpsysdrv.exe"
O4 - HKLM\..\Run: [KBD] "C:\Program Files\Hewlett-Packard\KBD\KbdStub.EXE"
O4 - HKLM\..\Run: [NvCplDaemon] "C:\Windows\system32\RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] "C:\Windows\system32\RUNDLL32.EXE" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Health Check Scheduler] "c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe"
O4 - HKLM\..\Run: [TSMAgent] "c:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
O4 - HKLM\..\Run: [CLMLServer for HP TouchSmart] "c:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [DVDAgent] "c:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe"
O4 - HKLM\..\Run: [SmartMenu] "C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKCU\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
O4 - HKCU\..\Run: [HPAdvisor] "C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" autorun=AUTORUN
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (no file)
O13 - Gopher Prefix:
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 6551 bytes

Tigerlilly77
Intermediate
Intermediate

Posts Posts : 63
Joined Joined : 2009-07-25
Gender Gender : Female
OS OS : Vista
Points Points : 27019
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Program:Vista---Highjacked browers,main web pages, etc...nothing fixes it

Post by Tigerlilly77 on 4th August 2009, 3:37 am

...also we have 2 new user profiles in which we cannot access or delete and they have special permissions that we can't change either...grrrr

Tigerlilly77
Intermediate
Intermediate

Posts Posts : 63
Joined Joined : 2009-07-25
Gender Gender : Female
OS OS : Vista
Points Points : 27019
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Program:Vista---Highjacked browers,main web pages, etc...nothing fixes it

Post by Belahzur on 4th August 2009, 6:32 pm

vPlease download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Program:Vista---Highjacked browers,main web pages, etc...nothing fixes it

Post by Tigerlilly77 on 4th August 2009, 9:14 pm

Believe it or not (not), Malwarebytes said I had 0 viruses. Believe me- I wish this was true, but that is absolutely false. My settings are always reset, my browser is always redirecting me and there is a huge party of Groups, Administrators and Users on here besides muy husband and I...oh, yeah, the PeertoPeer Groups.
What the he!! is going on?

Tigerlilly

Tigerlilly77
Intermediate
Intermediate

Posts Posts : 63
Joined Joined : 2009-07-25
Gender Gender : Female
OS OS : Vista
Points Points : 27019
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Program:Vista---Highjacked browers,main web pages, etc...nothing fixes it

Post by Belahzur on 5th August 2009, 5:37 pm

Well, not showing anything is good for me, means something else is hiding and is able to avoid MBAM and not much can do that, a rootkit probably.
1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to Combo-Fix as follows:





3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.

  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouse click combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Program:Vista---Highjacked browers,main web pages, etc...nothing fixes it

Post by Tigerlilly77 on 6th August 2009, 7:54 pm

What a journey...the computer fought me every step of the way. Last night, after completing the ComboFix process, I came up with an incredibly long and detailed log- sadly, I was excited to get over to you! My computer froze and crashed. I restarted it and now the log is gone of AND I lost internet connection. (Lost connection tends to happen at very 'convenient' moments)
So I restored the computer this morning...even for the just the CONNECTION. It worked- I got the connection back but everything else stayed...hence, my entourage. (my husband, plus 3 unknown "USER'S")
Will I EVER be able to straighten this out? I had a VERY difficult time getting to the website today.....geek20%pl% sort of thing....SOS

Tigerlilly77
Intermediate
Intermediate

Posts Posts : 63
Joined Joined : 2009-07-25
Gender Gender : Female
OS OS : Vista
Points Points : 27019
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Program:Vista---Highjacked browers,main web pages, etc...nothing fixes it

Post by Origin on 6th August 2009, 7:58 pm

Hello, your log should be somewhere in your C:\ drive, it should say Combofix.txt, paste the results back here, if you can't paste it all in one posts use two or more if required.

For your internet connection problem visit this page:

[You must be registered and logged in to see this link.]

See if that helps.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31513
# Likes # Likes : 0

View user profile

Back to top Go down

part2

Post by Tigerlilly77 on 6th August 2009, 8:20 pm

.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2008-10-17 972080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"KBD"="c:\program files\Hewlett-Packard\KBD\KbdStub.EXE" [2008-07-21 12288]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-27 13539872]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-27 92704]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePSTShortCut"="c:\program files\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" [2008-09-11 210216]
"TSMAgent"="c:\program files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2008-10-18 1152296]
"CLMLServer for HP TouchSmart"="c:\program files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2008-10-18 189736]
"DVDAgent"="c:\program files\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2008-09-26 1148200]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2008-09-23 912688]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-08-25 144784]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-09 54840]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{B57B8239-FC5C-48EE-A745-126A94CCF75E}"= c:\program files\CyberLink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{A50A96B4-0900-48DF-A302-41D2472F453E}"= c:\program files\Hewlett-Packard\TouchSmart\Media\HPTouchSmartMusic.exe:HP TouchSmart Music
"{6914C447-EC39-4B62-833E-CF8DF72746C8}"= c:\program files\Hewlett-Packard\TouchSmart\Media\HPTouchSmartPhoto.exe:HP TouchSmart Photo
"{1162D46D-943B-4A68-A638-7FD699C8B460}"= c:\program files\Hewlett-Packard\TouchSmart\Media\HPTouchSmartVideo.exe:HP TouchSmart Video
"{61A05C15-58FD-4CFA-9540-880FDA70E189}"= c:\program files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe:HP TouchSmart Media Resident Program
"{A1647596-1F99-446E-8E60-8B9B6DA1D09F}"= c:\program files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe:CyberLink Media Service
"{81604A3A-605C-4DE1-909C-03575368850E}"= c:\program files\Hewlett-Packard\Media\DVD\HPTouchSmartMusic.exe:HP TouchSmart Music
"{A82A2F66-D74A-496F-9068-A5DCE94BCAF7}"= c:\program files\Hewlett-Packard\Media\DVD\HPTouchSmartPhoto.exe:HP TouchSmart Photo
"{9390706E-7278-469F-9BFF-4664197BC424}"= c:\program files\Hewlett-Packard\Media\DVD\HPTouchSmartVideo.exe:HP TouchSmart Video
"{8D657C82-DD0C-4447-BA7F-0B3D329737C5}"= c:\program files\Hewlett-Packard\Media\DVD\TSMAgent.exe:HP TouchSmart Media Resident Program
"{E6D6700A-1073-407E-9E6B-3330DC828CFF}"= c:\program files\Hewlett-Packard\Media\DVD\Kernel\CLML\CLMLSvc.exe:CyberLink Media Service
"{0D23A54B-92C9-4428-8366-5B1ECDD07BB9}"= c:\program files\Hewlett-Packard\Media\DVD\HPDVDSmart.exe:HP MediaSmart DVD

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

R0 SymEFA;Symantec Extended File Attributes;c:\windows\System32\drivers\NIS\1005000.087\SymEFA.sys [8/7/2009 2:41 AM 310320]
R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\IDSvix86.sys [8/7/2009 12:53 AM 293424]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};{55662437-DA8C-40c0-AADA-2C816A897A49};c:\program files\Hewlett-Packard\Media\DVD\000.fcl [9/26/2008 6:36 AM 59376]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe [8/7/2009 2:41 AM 115560]
R3 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\drivers\NIS\1000000.07D\BHDrvx86.sys [11/10/2008 2:24 AM 254512]
R3 ccHP;Symantec Hash Provider;c:\windows\System32\drivers\NIS\1000000.07D\ccHPx86.sys [11/10/2008 2:24 AM 362544]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/6/2009 5:03 AM 101936]
R3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\NIS\1000000.07D\symndisv.sys [11/10/2008 2:24 AM 40496]
S3 PCD5SRVC{BD6912E3-AC9D80E8-05040000};PCD5SRVC{BD6912E3-AC9D80E8-05040000} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\PC-DOC~1\PCD5SRVC.pkms [9/9/2008 8:58 PM 20640]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - ERASERUTILREBOOTDRV
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)


.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-08-07 16:09
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\TEMP\catchme.dll 53248 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.5.0.135\diMaster.dll\" /prefetch:1"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCD5SRVC{BD6912E3-AC9D80E8-05040000}]
"ImagePath"="\??\c:\progra~1\PC-DOC~1\PCD5SRVC.pkms"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-08-07 16:11
ComboFix-quarantined-files.txt 2009-08-07 20:11

Pre-Run: 277,621,088,256 bytes free
Post-Run: 277,609,623,552 bytes free

186 --- E O F --- 2009-08-07 04:08

Tigerlilly77
Intermediate
Intermediate

Posts Posts : 63
Joined Joined : 2009-07-25
Gender Gender : Female
OS OS : Vista
Points Points : 27019
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Program:Vista---Highjacked browers,main web pages, etc...nothing fixes it

Post by Tigerlilly77 on 7th August 2009, 2:20 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:19:04 AM, on 8/8/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18294)
Boot mode: Normal

Running processes:
C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\hp\support\hpsysdrv.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\Hewlett-Packard\KBD\kbd.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\Program Files\MSN\Toolbar\3.0.0541.0\msntask.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\IPSBHO.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll
O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\Program Files\Hewlett-Packard\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "c:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [UpdatePDIRShortCut] "c:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "c:\Program Files\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [TSMAgent] "c:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
O4 - HKLM\..\Run: [CLMLServer for HP TouchSmart] "c:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [DVDAgent] "c:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe"
O4 - HKLM\..\Run: [SmartMenu] %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O13 - Gopher Prefix:
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 5939 bytes

Tigerlilly77
Intermediate
Intermediate

Posts Posts : 63
Joined Joined : 2009-07-25
Gender Gender : Female
OS OS : Vista
Points Points : 27019
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Program:Vista---Highjacked browers,main web pages, etc...nothing fixes it

Post by Belahzur on 7th August 2009, 6:18 pm

Hello.
The first half of the Combofix log wasn't posted, can you post the full log please?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Program:Vista---Highjacked browers,main web pages, etc...nothing fixes it

Post by Tigerlilly77 on 8th August 2009, 2:45 am

ComboFix 09-08-07.07 - Elena 08/08/2009 22:25.2.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2942.1845 [GMT -4:00]
Running from: c:\users\Elena\Downloads\Combo-Fix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2009-07-09 to 2009-08-09 )))))))))))))))))))))))))))))))
.

2009-08-09 02:29 . 2009-08-09 02:29 -------- d-----w- c:\users\Ronnie\AppData\Local\temp
2009-08-09 02:29 . 2009-08-09 02:29 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-08-09 02:29 . 2009-08-09 02:29 -------- d-----w- c:\users\Elena\AppData\Local\temp
2009-08-09 01:33 . 2009-08-06 09:03 87888 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090807.024\NAVENG.SYS
2009-08-09 01:33 . 2009-08-06 09:03 875728 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090807.024\NAVEX15.SYS
2009-08-09 01:33 . 2009-08-06 09:03 371248 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090807.024\EECTRL.SYS
2009-08-09 01:33 . 2009-08-06 09:03 259368 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090807.024\ECMSVR32.DLL
2009-08-09 01:33 . 2009-08-06 09:03 2414128 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090807.024\CCERASER.DLL
2009-08-09 01:33 . 2009-08-06 09:03 177520 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090807.024\NAVENG32.DLL
2009-08-09 01:33 . 2009-08-06 09:03 1181040 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090807.024\NAVEX32A.DLL
2009-08-09 01:33 . 2009-08-06 09:03 101936 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090807.024\ERASER.SYS
2009-08-08 14:18 . 2009-08-08 14:18 -------- d-----w- c:\program files\Trend Micro
2009-08-07 05:52 . 2009-08-07 05:52 -------- d-----w- c:\users\Elena\AppData\Roaming\Hewlett-Packard
2009-08-07 04:53 . 2009-07-12 05:15 533880 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\Scxpx86.dll
2009-08-07 04:53 . 2009-07-12 05:15 451960 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\IDSxpx86.dll
2009-08-07 04:53 . 2009-07-12 05:15 397360 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\IDSviA64.sys
2009-08-07 04:53 . 2009-07-12 05:15 293424 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\IDSvix86.sys
2009-08-07 04:53 . 2009-07-12 05:15 276344 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\IDSXpx86.sys
2009-08-07 04:01 . 2008-10-22 01:22 2048 ----a-w- c:\windows\system32\tzres.dll
2009-08-07 03:52 . 2008-06-20 01:14 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-08-07 03:52 . 2008-06-20 01:14 97800 ----a-w- c:\windows\system32\infocardapi.dll
2009-08-07 03:52 . 2008-06-20 01:14 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2009-08-07 03:52 . 2008-06-20 01:14 11264 ----a-w- c:\windows\system32\icardres.dll
2009-08-07 03:52 . 2008-06-20 01:14 622080 ----a-w- c:\windows\system32\icardagt.exe
2009-08-07 03:52 . 2008-06-20 01:14 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2009-08-07 03:52 . 2008-06-20 01:14 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2009-08-07 03:48 . 2008-07-27 18:03 96760 ----a-w- c:\windows\system32\dfshim.dll
2009-08-07 03:48 . 2008-07-27 18:03 41984 ----a-w- c:\windows\system32\netfxperf.dll
2009-08-07 03:48 . 2008-07-27 18:03 282112 ----a-w- c:\windows\system32\mscoree.dll
2009-08-07 03:48 . 2008-07-27 18:03 158720 ----a-w- c:\windows\system32\mscorier.dll
2009-08-07 03:48 . 2008-07-27 18:03 83968 ----a-w- c:\windows\system32\mscories.dll
2009-08-07 03:47 . 2009-08-07 03:47 -------- d-----w- c:\program files\MSXML 4.0
2009-08-07 03:47 . 2009-04-30 12:37 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-08-07 03:47 . 2009-04-30 12:37 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-08-07 03:47 . 2009-06-15 15:24 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-08-07 03:47 . 2009-06-15 15:20 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-08-07 03:47 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-08-07 03:47 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-08-07 03:47 . 2008-08-28 03:40 712704 ----a-w- c:\windows\system32\WindowsCodecs.dll
2009-08-07 03:47 . 2008-08-28 03:40 347136 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2009-08-07 03:47 . 2008-08-28 03:40 425472 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2009-08-07 03:45 . 2008-11-01 01:21 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-07 03:44 . 2009-08-07 03:44 -------- d-----w- c:\users\Ronnie\AppData\Roaming\Hewlett-Packard
2009-08-07 03:43 . 2009-08-07 03:44 -------- d-----w- c:\users\Ronnie\AppData\Local\Hewlett-Packard
2009-08-07 03:41 . 2009-08-07 06:53 74456 ----a-w- c:\users\Ronnie\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-07 03:41 . 2008-09-10 03:40 1334272 ----a-w- c:\windows\system32\msxml6.dll
2009-08-07 03:38 . 2009-08-07 03:38 -------- d-----w- c:\users\Ronnie\AppData\Roaming\HP TCS
2009-08-07 03:38 . 2009-08-07 05:12 -------- d-----w- c:\program files\Microsoft Works
2009-08-07 03:36 . 2008-10-16 21:09 51224 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-07 03:36 . 2008-10-16 21:09 43544 ----a-w- c:\windows\system32\wups2.dll
2009-08-07 03:36 . 2008-10-16 21:13 1809944 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-07 03:36 . 2008-10-16 20:56 1524736 ----a-w- c:\windows\system32\wucltux.dll
2009-08-07 03:36 . 2008-10-16 21:08 34328 ----a-w- c:\windows\system32\wups.dll
2009-08-07 03:36 . 2008-10-16 21:12 561688 ----a-w- c:\windows\system32\wuapi.dll
2009-08-07 03:36 . 2008-10-16 20:55 83456 ----a-w- c:\windows\system32\wudriver.dll
2009-08-07 03:36 . 2008-10-16 18:08 162064 ----a-w- c:\windows\system32\wuwebv.dll
2009-08-07 03:36 . 2008-10-16 17:56 31232 ----a-w- c:\windows\system32\wuapp.exe
2009-08-07 03:36 . 2009-08-07 03:43 -------- d-----w- c:\users\Ronnie\AppData\Local\VirtualStore

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-07 06:41 . 2009-08-07 03:45 -------- d-----w- c:\program files\Symantec
2009-08-07 06:41 . 2009-08-07 03:45 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-08-07 06:41 . 2009-08-07 03:45 7386 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-08-07 06:41 . 2009-08-07 03:45 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-08-07 05:51 . 2009-08-07 05:51 74456 ----a-w- c:\users\Elena\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-07 05:13 . 2008-11-10 05:44 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-07 05:13 . 2008-11-10 05:50 -------- d-----w- c:\program files\Cyberlink
2009-08-07 05:13 . 2008-11-10 05:51 53319 ----a-w- c:\programdata\Temp\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\PostBuild.exe
2009-08-07 05:07 . 2008-11-10 06:13 -------- d-----w- c:\programdata\WildTangent
2009-08-07 04:52 . 2009-08-07 03:45 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-08-07 04:39 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-08-07 03:49 . 2008-11-10 06:24 -------- d-----w- c:\programdata\Symantec
2009-07-12 05:15 . 2008-11-10 06:24 397360 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSviA64.sys
2009-07-12 05:15 . 2008-11-10 06:24 293424 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSvix86.sys
2009-07-12 05:15 . 2008-11-10 06:24 276344 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSXpx86.sys
2009-07-12 05:15 . 2008-11-10 06:24 533880 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\Scxpx86.dll
2009-07-12 05:15 . 2008-11-10 06:24 451960 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSxpx86.dll
2008-11-10 05:21 . 2008-11-10 05:19 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT

Tigerlilly77
Intermediate
Intermediate

Posts Posts : 63
Joined Joined : 2009-07-25
Gender Gender : Female
OS OS : Vista
Points Points : 27019
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Program:Vista---Highjacked browers,main web pages, etc...nothing fixes it

Post by Tigerlilly77 on 8th August 2009, 2:50 am

((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-08 07:26 . 2009-04-11 06:28 51712 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\wrpint.dll
+ 2009-08-08 07:26 . 2009-04-11 06:28 83968 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\wmiutils.dll
+ 2009-08-08 07:26 . 2009-04-11 06:28 30208 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\wbemprox.dll
+ 2009-08-08 07:26 . 2009-04-11 06:28 35328 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\mspatcha.dll
+ 2009-08-08 07:26 . 2009-04-11 06:28 22016 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\CbsMsg.dll
+ 2008-01-21 01:58 . 2009-08-08 14:36 23578 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-08-09 00:55 62134 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-08-07 20:31 . 2009-03-12 08:42 25136 c:\windows\System32\DriverStore\FileRepository\symimv.inf_da6db522\SymIMV.sys
+ 2009-08-07 03:45 . 2009-03-12 08:42 25136 c:\windows\System32\drivers\SymIMV.sys
- 2009-08-07 03:45 . 2008-11-10 06:24 25136 c:\windows\System32\drivers\SymIMV.sys
+ 2009-08-06 19:33 . 2009-08-09 02:13 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-08-06 19:33 . 2009-08-07 05:51 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-08-06 19:33 . 2009-08-07 05:51 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-08-06 19:33 . 2009-08-09 02:13 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-08-06 19:33 . 2009-08-07 05:51 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-08-06 19:33 . 2009-08-09 02:13 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-07-30 03:40 . 2008-07-30 03:40 70648 c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
+ 2008-07-30 03:40 . 2008-07-30 03:40 91136 c:\windows\Microsoft.NET\Framework\v3.5\MSBuild.exe
- 2007-11-08 03:02 . 2007-11-08 03:02 91136 c:\windows\Microsoft.NET\Framework\v3.5\MSBuild.exe
- 2007-11-08 03:02 . 2007-11-08 03:02 41984 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft.VisualC.STLCLR.dll
+ 2008-07-30 03:40 . 2008-07-30 03:40 41984 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft.VisualC.STLCLR.dll
+ 2008-07-30 03:40 . 2008-07-30 03:40 40960 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft.Data.Entity.Build.Tasks.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 89080 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.2052.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 92664 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1042.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 95224 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1041.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 89592 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1028.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 84480 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.2052.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 94720 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1042.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 97792 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1041.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 84992 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1028.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 97280 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\DeleteTemp.exe
+ 2008-07-30 03:40 . 2008-07-30 03:40 95224 c:\windows\Microsoft.NET\Framework\v3.5\EdmGen.exe
+ 2008-07-30 03:40 . 2008-07-30 03:40 78856 c:\windows\Microsoft.NET\Framework\v3.5\DataSvcUtil.exe
+ 2008-07-30 03:40 . 2008-07-30 03:40 41984 c:\windows\Microsoft.NET\Framework\v3.5\AddInUtil.exe
- 2007-11-08 03:02 . 2007-11-08 03:02 41992 c:\windows\Microsoft.NET\Framework\v3.5\AddInProcess32.exe
+ 2008-07-30 03:40 . 2008-07-30 03:40 41992 c:\windows\Microsoft.NET\Framework\v3.5\AddInProcess32.exe
- 2007-11-08 03:02 . 2007-11-08 03:02 41992 c:\windows\Microsoft.NET\Framework\v3.5\AddInProcess.exe
+ 2008-07-30 03:40 . 2008-07-30 03:40 41992 c:\windows\Microsoft.NET\Framework\v3.5\AddInProcess.exe
+ 2006-11-02 10:25 . 2009-08-07 20:31 86016 c:\windows\inf\infstor.dat
- 2006-11-02 10:25 . 2009-08-07 03:45 86016 c:\windows\inf\infstor.dat
+ 2006-11-02 10:25 . 2009-08-07 20:31 51200 c:\windows\inf\infpub.dat
- 2006-11-02 10:25 . 2009-08-07 03:45 51200 c:\windows\inf\infpub.dat
+ 2009-08-08 15:21 . 2009-08-08 15:21 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\ade62baef300f037ae756f801663f9c5\System.Windows.Presentation.ni.dll
+ 2009-08-08 15:21 . 2009-08-08 15:21 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\40591112ed6a3fac4dbfa337c00d2122\System.Web.DynamicData.Design.ni.dll
+ 2009-08-08 15:20 . 2009-08-08 15:20 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\8e4110e20bba40ee1fe7f23aaff7d2ee\System.ComponentModel.DataAnnotations.ni.dll
+ 2009-08-08 15:20 . 2009-08-08 15:20 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\995b89ec2f32e0c5989f84a8a96ceb28\System.AddIn.Contract.ni.dll
+ 2009-08-08 15:19 . 2009-08-08 15:19 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\d05258f88517512acc1ba5ad8d0c44ff\Microsoft.Build.Framework.ni.dll
+ 2009-08-08 14:14 . 2009-08-08 14:14 12288 c:\windows\assembly\GAC_MSIL\System.Windows.Presentation\3.5.0.0__b77a5c561934e089\System.Windows.Presentation.dll
+ 2009-08-08 14:14 . 2009-08-08 14:14 61440 c:\windows\assembly\GAC_MSIL\System.Web.Routing\3.5.0.0__31bf3856ad364e35\System.Web.Routing.dll
+ 2009-08-08 14:14 . 2009-08-08 14:14 32768 c:\windows\assembly\GAC_MSIL\System.Web.DynamicData.Design\3.5.0.0__31bf3856ad364e35\System.Web.DynamicData.Design.dll
+ 2009-08-08 14:14 . 2009-08-08 14:14 77824 c:\windows\assembly\GAC_MSIL\System.Web.Abstractions\3.5.0.0__31bf3856ad364e35\System.Web.Abstractions.dll
+ 2009-08-08 14:14 . 2009-08-08 14:14 53248 c:\windows\assembly\GAC_MSIL\System.Data.DataSetExtensions\3.5.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
- 2008-11-10 05:34 . 2008-11-10 05:34 53248 c:\windows\assembly\GAC_MSIL\System.Data.DataSetExtensions\3.5.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
+ 2009-08-08 14:14 . 2009-08-08 14:14 57344 c:\windows\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\3.5.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
+ 2009-08-08 14:14 . 2009-08-08 14:14 45056 c:\windows\assembly\GAC_MSIL\System.AddIn.Contract\2.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
- 2008-11-10 05:34 . 2008-11-10 05:34 41984 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC.STLCLR\1.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.STLCLR.dll
+ 2009-08-08 14:14 . 2009-08-08 14:14 41984 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC.STLCLR\1.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.STLCLR.dll
+ 2009-08-08 14:14 . 2009-08-08 14:14 94208 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.v3.5.dll
- 2008-11-10 05:34 . 2008-11-10 05:34 94208 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.v3.5.dll
+ 2009-08-08 14:14 . 2009-08-08 14:14 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2008-11-10 05:34 . 2008-11-10 05:34 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2009-08-07 05:06 . 2009-08-07 20:38 1908 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-176351909-2730650317-751779939-1000_UserData.bin
- 2009-08-07 06:29 . 2009-08-07 06:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-08-09 00:50 . 2009-08-09 00:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-08-07 06:29 . 2009-08-07 06:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-08-09 00:50 . 2009-08-09 00:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-07-30 03:40 . 2008-07-30 03:40 5632 c:\windows\Microsoft.NET\Framework\v3.5\Sentinel.v3.5Client.dll
+ 2009-08-08 14:14 . 2009-08-08 14:14 5632

Tigerlilly77
Intermediate
Intermediate

Posts Posts : 63
Joined Joined : 2009-07-25
Gender Gender : Female
OS OS : Vista
Points Points : 27019
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Program:Vista---Highjacked browers,main web pages, etc...nothing fixes it

Post by Tigerlilly77 on 8th August 2009, 2:56 am

+ 2009-08-08 07:26 . 2009-04-11 06:28 182784 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\xmllite.dll
+ 2009-08-08 07:26 . 2009-04-11 06:28 218624 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\wdscore.dll
+ 2009-08-08 07:26 . 2009-04-11 06:28 744448 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\wbemcore.dll
+ 2009-08-08 07:26 . 2009-04-11 06:28 357888 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\wbemcomn.dll
+ 2009-08-08 07:26 . 2009-04-11 06:28 116736 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\smipi.dll
+ 2009-08-08 07:26 . 2009-04-11 06:28 139264 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\SmiInstaller.dll
+ 2009-08-08 07:26 . 2009-04-11 06:28 705536 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\smiengine.dll
+ 2009-08-08 07:26 . 2009-04-11 06:28 126464 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\rescinst.dll
+ 2009-08-08 07:26 . 2009-04-11 06:28 265728 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\repdrvfs.dll
+ 2009-08-08 07:26 . 2009-04-11 06:27 119296 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\poqexec.exe
+ 2009-08-08 07:26 . 2009-04-11 06:27 130560 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\PkgMgr.exe
+ 2009-08-08 07:26 . 2009-04-11 06:28 146432 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\OEMHelpIns.dll
+ 2009-08-08 07:26 . 2009-04-11 06:28 305152 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\msdelta.dll
+ 2009-08-08 07:26 . 2009-04-11 06:28 102400 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\mofinstall.dll
+ 2009-08-08 07:26 . 2009-04-11 06:28 189440 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\mofd.dll
+ 2009-08-08 07:26 . 2009-04-11 06:28 222720 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\locdrv.dll
+ 2009-08-08 07:26 . 2009-04-11 06:28 100352 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\helpcins.dll
+ 2009-08-08 07:26 . 2009-04-11 06:28 614912 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\fastprox.dll
+ 2009-08-08 07:26 . 2009-04-11 06:28 265728 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\esscli.dll
+ 2009-08-08 07:26 . 2009-04-11 06:28 247808 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\drvstore.dll
+ 2009-08-08 07:26 . 2009-04-11 06:28 100352 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\DrUpdate.dll
+ 2009-08-08 07:26 . 2009-04-11 06:28 258048 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\dpx.dll
+ 2009-08-08 07:26 . 2009-04-11 06:28 243712 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\CntrtextInstaller.dll
+ 2009-08-08 07:26 . 2009-04-11 06:28 271360 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\cmitrust.dll
+ 2009-08-08 07:26 . 2009-04-11 06:28 119808 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\cmiadapter.dll
+ 2009-08-08 07:26 . 2009-04-11 06:28 535040 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\CbsCore.dll
+ 2009-08-08 07:26 . 2009-04-11 06:28 199168 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\apss.dll
+ 2009-08-08 07:26 . 2009-04-11 06:28 222208 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\apircl.dll
+ 2009-08-07 21:34 . 2009-08-08 23:31 201198 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
- 2006-11-02 10:33 . 2009-08-07 06:33 595446 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-08-09 00:54 595446 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-08-07 06:33 101144 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2009-08-09 00:54 101144 c:\windows\System32\perfc009.dat
+ 2008-11-10 06:34 . 2009-08-09 00:49 833080 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2008-07-30 03:40 . 2008-07-30 03:40 196104 c:\windows\Microsoft.NET\Framework\v3.5\WFServicesReg.exe
+ 2008-07-30 03:40 . 2008-07-30 03:40 802816 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft.Build.Tasks.v3.5.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 984056 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapUI.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 107512 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 111096 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.3082.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 110072 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.2070.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 106488 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1055.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 105976 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1053.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 107000 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1049.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 107512 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1046.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 109048 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1045.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 106488 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1044.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 108536 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1043.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 110072 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1040.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 111096 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1038.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 101368 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1037.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 112120 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1036.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 106488 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1035.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 113656 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1032.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 111608 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1031.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 108536 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1030.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 108536 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1029.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 102904 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1025.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 689152 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vsscenario.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 413184 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vsbasereqs.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 632320 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs70uimgr.dll
+ 2008-07-30 03:44 . 2008-07-30 03:44 652800 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs_setup.msi
+ 2008-07-29 22:47 . 2008-07-29 22:47 110080 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 131584 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.3082.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 131072 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.2070.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 121344 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1055.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 121344 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1053.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 123904 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1049.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 122880 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1046.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 128512 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1045.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 121856 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1044.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 129024 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1043.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 128512 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1040.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 132096 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1038.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 111104 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1037.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 133120 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1036.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 122368 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1035.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 137728 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1032.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 130048 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1031.dll

Tigerlilly77
Intermediate
Intermediate

Posts Posts : 63
Joined Joined : 2009-07-25
Gender Gender : Female
OS OS : Vista
Points Points : 27019
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Program:Vista---Highjacked browers,main web pages, etc...nothing fixes it

Post by Tigerlilly77 on 8th August 2009, 2:57 am

+ 2008-07-29 22:47 . 2008-07-29 22:47 126464 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1030.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 125440 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1029.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 113152 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1025.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 269304 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
+ 2008-07-29 22:47 . 2008-07-29 22:47 177152 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\HtmlLite.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 276984 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\dlmgr.dll
+ 2008-07-30 03:15 . 2008-07-30 03:15 225490 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\baseline.dat
+ 2008-07-30 03:40 . 2008-07-30 03:40 233976 c:\windows\Microsoft.NET\Framework\v3.5\1033\vbc7ui.dll
- 2007-11-08 03:02 . 2007-11-08 03:02 233976 c:\windows\Microsoft.NET\Framework\v3.5\1033\vbc7ui.dll
- 2007-11-08 03:02 . 2007-11-08 03:02 168448 c:\windows\Microsoft.NET\Framework\v3.5\1033\cscompui.dll
+ 2008-07-30 03:40 . 2008-07-30 03:40 168448 c:\windows\Microsoft.NET\Framework\v3.5\1033\cscompui.dll
+ 2008-12-13 13:58 . 2008-12-13 13:58 754688 c:\windows\Installer\30656d6.msp
+ 2009-08-08 14:14 . 2009-08-08 14:14 648192 c:\windows\Installer\3065656.msi
- 2006-11-02 10:25 . 2009-08-07 03:45 143360 c:\windows\inf\infstrng.dat
+ 2006-11-02 10:25 . 2009-08-07 20:31 143360 c:\windows\inf\infstrng.dat
+ 2009-08-08 15:21 . 2009-08-08 15:21 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\85e2233bc3d7c5cf8fc07f9a8ce241cd\System.Xml.Linq.ni.dll
+ 2009-08-08 15:20 . 2009-08-08 15:20 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\71e9648c03c18a69e85293da03413183\System.Web.Routing.ni.dll
+ 2009-08-08 15:21 . 2009-08-08 15:21 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\40b16dc65e32c4b7800bbde94fd4f9b7\System.Web.Extensions.Design.ni.dll
+ 2009-08-08 15:21 . 2009-08-08 15:21 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\1ecd0493d33f74af1d96570662979a66\System.Web.Entity.ni.dll
+ 2009-08-08 15:21 . 2009-08-08 15:21 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\c52120bb862d84082d917c4bb0a738c5\System.Web.Entity.Design.ni.dll
+ 2009-08-08 15:21 . 2009-08-08 15:21 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\6f2bb0a35c228aba6e3a02a1238beb20\System.Web.DynamicData.ni.dll
+ 2009-08-08 15:20 . 2009-08-08 15:20 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\3b49817ad348c94fc41bbf26fdde9eec\System.Web.Abstractions.ni.dll
+ 2009-08-08 15:20 . 2009-08-08 15:20 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\892f786ce75bd2e0ca400a8dae347a58\System.Net.ni.dll
+ 2009-08-08 15:20 . 2009-08-08 15:20 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\9c1bbc7a8431ba14f3138a9b9d0b2758\System.Management.Instrumentation.ni.dll
+ 2009-08-08 15:20 . 2009-08-08 15:20 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\4c8a9e6f92e1274ad537e52cbbfe63b1\System.DirectoryServices.AccountManagement.ni.dll
+ 2009-08-08 15:20 . 2009-08-08 15:20 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\d14d5cbf6da54f47fa2480aabc3287a4\System.Data.Services.Design.ni.dll
+ 2009-08-08 15:20 . 2009-08-08 15:20 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\66e561a2111eb84b814de5ee29acfe6e\System.Data.Services.Client.ni.dll
+ 2009-08-08 15:20 . 2009-08-08 15:20 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\959bf3a05aa862385201a0fc7ff82b7c\System.Data.Entity.Design.ni.dll
+ 2009-08-08 15:20 . 2009-08-08 15:20 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\ae6e232c6323706a525ea09110674d84\System.Data.DataSetExtensions.ni.dll
+ 2009-08-08 15:20 . 2009-08-08 15:20 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\e40798cf217d051ccb60ce51df76608a\System.AddIn.ni.dll
+ 2009-08-08 15:19 . 2009-08-08 15:19 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\a6f1ced3df616396a4980276ce9324be\MSBuild.ni.exe
+ 2009-08-08 15:19 . 2009-08-08 15:19 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\141d01ee47d7293ff827c087bebc8f80\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2009-08-08 15:19 . 2009-08-08 15:19 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\300b894f5f93950e037a3e965f18d19a\Microsoft.Build.Conversion.v3.5.ni.dll
- 2008-11-10 05:34 . 2008-11-10 05:34 139264 c:\windows\assembly\GAC_MSIL\System.Xml.Linq\3.5.0.0__b77a5c561934e089\System.Xml.Linq.dll
+ 2009-08-08 14:14 . 2009-08-08 14:14 139264 c:\windows\assembly\GAC_MSIL\System.Xml.Linq\3.5.0.0__b77a5c561934e089\System.Xml.Linq.dll
+ 2009-08-08 14:14 . 2009-08-08 14:14 507904 c:\windows\assembly\GAC_MSIL\System.WorkflowServices\3.5.0.0__31bf3856ad364e35\System.WorkflowServices.dll
+ 2009-08-08 14:14 . 2009-08-08 14:14 335872 c:\windows\assembly\GAC_MSIL\System.Web.Extensions.Design\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.Design.dll
+ 2009-08-08 14:15 . 2009-08-08 14:15 139264 c:\windows\assembly\GAC_MSIL\System.Web.Entity\3.5.0.0__b77a5c561934e089\System.Web.Entity.dll
+ 2009-08-08 14:14 . 2009-08-08 14:14 131072 c:\windows\assembly\GAC_MSIL\System.Web.Entity.Design\3.5.0.0__b77a5c561934e089\System.Web.Entity.Design.dll
+ 2009-08-08 14:15 . 2009-08-08 14:15 229376 c:\windows\assembly\GAC_MSIL\System.Web.DynamicData\3.5.0.0__31bf3856ad364e35\System.Web.DynamicData.dll
+ 2009-08-08 14:14 . 2009-08-08 14:14 569344 c:\windows\assembly\GAC_MSIL\System.ServiceModel.Web\3.5.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll
- 2008-11-10 05:34 . 2008-11-10 05:34 233472 c:\windows\assembly\GAC_MSIL\System.Net\3.5.0.0__b03f5f7f11d50a3a\System.Net.dll
+ 2009-08-08 14:14 . 2009-08-08 14:14 233472 c:\windows\assembly\GAC_MSIL\System.Net\3.5.0.0__b03f5f7f11d50a3a\System.Net.dll
+ 2009-08-08 14:14 . 2009-08-08 14:14 143360 c:\windows\assembly\GAC_MSIL\System.Management.Instrumentation\3.5.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
+ 2009-08-08 14:14 . 2009-08-08 14:14 286720 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\3.5.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
+ 2009-08-08 14:15 . 2009-08-08 14:15 442368 c:\windows\assembly\GAC_MSIL\System.Data.Services\3.5.0.0__b77a5c561934e089\System.Data.Services.dll
+ 2009-08-08 14:14 . 2009-08-08 14:14 114688 c:\windows\assembly\GAC_MSIL\System.Data.Services.Design\3.5.0.0__b77a5c561934e089\System.Data.Services.Design.dll
+ 2009-08-08 14:15 . 2009-08-08 14:15 294912 c:\windows\assembly\GAC_MSIL\System.Data.Services.Client\3.5.0.0__b77a5c561934e089\System.Data.Services.Client.dll
+ 2009-08-08 14:14 . 2009-08-08 14:14 684032 c:\windows\assembly\GAC_MSIL\System.Data.Linq\3.5.0.0__b77a5c561934e089\System.Data.Linq.dll
+ 2009-08-08 14:14 . 2009-08-08 14:14 229376 c:\windows\assembly\GAC_MSIL\System.Data.Entity.Design\3.5.0.0__b77a5c561934e089\System.Data.Entity.Design.dll
+ 2009-08-08 14:14 . 2009-08-08 14:14 667648 c:\windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll
+ 2009-08-08 14:14 . 2009-08-08 14:14 163840 c:\windows\assembly\GAC_MSIL\System.AddIn\3.5.0.0__b77a5c561934e089\System.AddIn.dll
+ 2009-08-08 14:14 . 2009-08-08 14:14 802816 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.v3.5.dll
+ 2009-08-08 14:14 . 2009-08-08 14:14 733184 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2008-11-10 05:34 . 2008-11-10 05:34 106496 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Conversion.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Conversion.v3.5.dll
+ 2009-08-08 14:14 . 2009-08-08 14:14 106496 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Conversion.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Conversion.v3.5.dll
+ 2009-08-08 07:26 . 2009-04-11 06:28 1835520 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\wcp.dll
+ 2009-08-08 07:26 . 2009-04-11 06:28 2032640 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\cmiv2.dll
+ 2009-08-08 07:26 . 2009-04-11 06:28 1744384 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\apds.dll
- 2006-11-02 10:22 . 2009-08-07 06:28 6553600 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2006-11-02 10:22 . 2009-08-08 14:33 6553600 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2008-07-30 03:40 . 2008-07-30 03:40 1720824 c:\windows\Microsoft.NET\Framework\v3.5\vbc.exe
+ 2008-07-29 22:47 . 2008-07-29 22:47 1054208 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs_setup.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 1364992 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\SITSetup.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 1064448 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\gencomp.dll
+ 2008-07-30 03:40 . 2008-07-30 03:40 1548280 c:\windows\Microsoft.NET\Framework\v3.5\csc.exe
+ 2009-08-08 15:21 . 2009-08-08 15:21 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\770bd1f92877fcca1e7d5520deb1524b\System.WorkflowServices.ni.dll
+ 2009-08-08 15:20 . 2009-08-08 15:20 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\060fca61fc10971f381204ccb623fc58\System.Web.Extensions.ni.dll
+ 2009-08-08 15:20 . 2009-08-08 15:20 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\463d79ec2065b26873bffcd35615d00b\System.ServiceModel.Web.ni.dll
+ 2009-08-08 15:20 . 2009-08-08 15:20 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\58408e7157a149ee82d88687489d61ed\System.Data.Services.ni.dll
+ 2009-08-08 14:15 . 2009-08-08 14:15 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\62b42c4b95f35a32d08e0623c7e69f35\System.Data.Linq.ni.dll
+ 2009-08-08 15:20 . 2009-08-08 15:20 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\c17219ce79b8df5966381230bd9e2130\System.Data.Entity.ni.dll
+ 2009-08-08 14:15 . 2009-08-08 14:15 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\7749403068ce1f517692d61ae5af97cb\System.Core.ni.dll
+ 2009-08-08 15:19 . 2009-08-08 15:19 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\158f491d14b18b2c84dea624fa16f97e\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2009-08-08 15:19 . 2009-08-08 15:19 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\6be4f17a5301e550b4ba72e8c0954951\Microsoft.Build.Engine.ni.dll
+ 2009-08-08 14:15 . 2009-08-08 14:15 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2009-08-08 14:14 . 2009-08-08 14:14 2879488 c:\windows\assembly\GAC_MSIL\System.Data.Entity\3.5.0.0__b77a5c561934e089\System.Data.Entity.dll
+ 2008-11-10 05:08 . 2009-08-08 07:26 89138014 c:\windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
.
-- Snapshot reset to current date --

Tigerlilly77
Intermediate
Intermediate

Posts Posts : 63
Joined Joined : 2009-07-25
Gender Gender : Female
OS OS : Vista
Points Points : 27019
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Program:Vista---Highjacked browers,main web pages, etc...nothing fixes it

Post by Tigerlilly77 on 8th August 2009, 2:57 am

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{B57B8239-FC5C-48EE-A745-126A94CCF75E}"= c:\program files\CyberLink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{A50A96B4-0900-48DF-A302-41D2472F453E}"= c:\program files\Hewlett-Packard\TouchSmart\Media\HPTouchSmartMusic.exe:HP TouchSmart Music
"{6914C447-EC39-4B62-833E-CF8DF72746C8}"= c:\program files\Hewlett-Packard\TouchSmart\Media\HPTouchSmartPhoto.exe:HP TouchSmart Photo
"{1162D46D-943B-4A68-A638-7FD699C8B460}"= c:\program files\Hewlett-Packard\TouchSmart\Media\HPTouchSmartVideo.exe:HP TouchSmart Video
"{61A05C15-58FD-4CFA-9540-880FDA70E189}"= c:\program files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe:HP TouchSmart Media Resident Program
"{A1647596-1F99-446E-8E60-8B9B6DA1D09F}"= c:\program files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe:CyberLink Media Service
"{81604A3A-605C-4DE1-909C-03575368850E}"= c:\program files\Hewlett-Packard\Media\DVD\HPTouchSmartMusic.exe:HP TouchSmart Music
"{A82A2F66-D74A-496F-9068-A5DCE94BCAF7}"= c:\program files\Hewlett-Packard\Media\DVD\HPTouchSmartPhoto.exe:HP TouchSmart Photo
"{9390706E-7278-469F-9BFF-4664197BC424}"= c:\program files\Hewlett-Packard\Media\DVD\HPTouchSmartVideo.exe:HP TouchSmart Video
"{8D657C82-DD0C-4447-BA7F-0B3D329737C5}"= c:\program files\Hewlett-Packard\Media\DVD\TSMAgent.exe:HP TouchSmart Media Resident Program
"{E6D6700A-1073-407E-9E6B-3330DC828CFF}"= c:\program files\Hewlett-Packard\Media\DVD\Kernel\CLML\CLMLSvc.exe:CyberLink Media Service
"{0D23A54B-92C9-4428-8366-5B1ECDD07BB9}"= c:\program files\Hewlett-Packard\Media\DVD\HPDVDSmart.exe:HP MediaSmart DVD

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 SymEFA;Symantec Extended File Attributes;c:\windows\System32\drivers\NIS\1005000.087\SymEFA.sys [8/7/2009 2:41 AM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\drivers\NIS\1005000.087\BHDrvx86.sys [8/7/2009 2:41 AM 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\System32\drivers\NIS\1005000.087\cchpx86.sys [8/7/2009 2:41 AM 482352]
R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\IDSvix86.sys [8/7/2009 12:53 AM 293424]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};{55662437-DA8C-40c0-AADA-2C816A897A49};c:\program files\Hewlett-Packard\Media\DVD\000.fcl [9/26/2008 6:36 AM 59376]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe [8/7/2009 2:41 AM 115560]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/6/2009 5:03 AM 101936]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\drivers\NIS\1005000.087\symndisv.sys [8/7/2009 2:41 AM 39984]
S3 PCD5SRVC{BD6912E3-AC9D80E8-05040000};PCD5SRVC{BD6912E3-AC9D80E8-05040000} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\PC-DOC~1\PCD5SRVC.pkms [9/9/2008 8:58 PM 20640]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)


.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-08-08 22:29
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.5.0.135\diMaster.dll\" /prefetch:1"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCD5SRVC{BD6912E3-AC9D80E8-05040000}]
"ImagePath"="\??\c:\progra~1\PC-DOC~1\PCD5SRVC.pkms"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-08-09 22:31
ComboFix-quarantined-files.txt 2009-08-09 02:31
ComboFix2.txt 2009-08-07 20:11

Pre-Run: 271,715,610,624 bytes free
Post-Run: 271,685,218,304 bytes free

395 --- E O F --- 2009-08-08 14:15

Tigerlilly77
Intermediate
Intermediate

Posts Posts : 63
Joined Joined : 2009-07-25
Gender Gender : Female
OS OS : Vista
Points Points : 27019
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Program:Vista---Highjacked browers,main web pages, etc...nothing fixes it

Post by Belahzur on 8th August 2009, 3:27 pm

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

ComboFix/u

Post by Tigerlilly77 on 9th August 2009, 2:09 am

My computer would not accept it- "Windows cannot find ComboFix. Make sure you type the name correctly and try again".
I DID type in ComboFix/ u as directed. I'm not sure if this means anything but in my recent docs there is a "catch me" form...

Tigerlilly77
Intermediate
Intermediate

Posts Posts : 63
Joined Joined : 2009-07-25
Gender Gender : Female
OS OS : Vista
Points Points : 27019
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Program:Vista---Highjacked browers,main web pages, etc...nothing fixes it

Post by Tigerlilly77 on 9th August 2009, 2:32 am

Does this make any sense to you?

Thursday, November 02, 2006 4:49:33 AM
Administrative privileged user logged on.
Parsing template defltbase.inf.
----Configuration engine was initialized successfully.----

----Reading Configuration Template info...


----Configure User Rights...
SeImpersonatePrivilege must be assigned to administrators. This setting is adjusted.
SeImpersonatePrivilege must be assigned to SERVICE. This setting is adjusted.
Configure S-1-5-32-546.
remove SeInteractiveLogonRight.
Configure S-1-5-32-547.
remove SeNetworkLogonRight.
remove SeSystemtimePrivilege.
remove SeRemoteShutdownPrivilege.
remove SeIncreaseBasePriorityPrivilege.
remove SeInteractiveLogonRight.
remove SeProfileSingleProcessPrivilege.
remove SeShutdownPrivilege.
remove SeRemoteInteractiveLogonRight.
Configure S-1-5-19.
add SeSystemtimePrivilege.
add SeIncreaseQuotaPrivilege.
add SeAssignPrimaryTokenPrivilege.
add SeTimeZonePrivilege.
Configure S-1-5-20.
add SeIncreaseQuotaPrivilege.
add SeAssignPrimaryTokenPrivilege.
remove SeServiceLogonRight.
Configure S-1-5-32-544.
add SeChangeNotifyPrivilege.
add SeBatchLogonRight.
add SeUndockPrivilege.
add SeManageVolumePrivilege.
add SeRemoteInteractiveLogonRight.
add SeImpersonatePrivilege.
add SeCreateGlobalPrivilege.
add SeTimeZonePrivilege.
add SeCreateSymbolicLinkPrivilege.
Configure S-1-5-32-551.
add SeNetworkLogonRight.
add SeChangeNotifyPrivilege.
add SeBatchLogonRight.
Configure S-1-5-32-545.
add SeNetworkLogonRight.
add SeChangeNotifyPrivilege.
add SeUndockPrivilege.
add SeIncreaseWorkingSetPrivilege.
add SeTimeZonePrivilege.
Configure S-1-1-0.
remove SeInteractiveLogonRight.
remove SeShutdownPrivilege.
remove SeRemoteInteractiveLogonRight.
Configure S-1-5-6.
Configure S-1-5-21-2152478756-3922319563-605102323-501.
add SeInteractiveLogonRight.
add SeDenyNetworkLogonRight.
add SeDenyInteractiveLogonRight.
Configure S-1-5-32-555.
add SeRemoteInteractiveLogonRight.

User Rights configuration was completed successfully.


----Configure Group Membership...
Configure Users.
add INTERACTIVE.
add Authenticated Users.

Group Membership configuration was completed successfully.


----Configure Registry Keys...
Configure users\.default.
Configure users\.default\Control Panel.
Configure users\.default\Environment.
Configure users\.default\EUDC.
Configure users\.default\Keyboard Layout.
Configure users\.default\software.
Configure users\.default\software\Policies.
Configure users\.default\software\microsoft.
Configure users\.default\software\microsoft\Command Processor.
Configure users\.default\software\microsoft\CTF.
Configure users\.default\software\microsoft\Sticky Notes.
Configure users\.default\software\microsoft\Windows.
Configure users\.default\software\microsoft\Windows NT.
Configure users\.default\software\microsoft\systemcertificates.
Configure users\.default\software\microsoft\systemcertificates\CA.
Configure users\.default\software\microsoft\systemcertificates\Disallowed.
Configure users\.default\software\microsoft\systemcertificates\My.
Configure users\.default\software\microsoft\systemcertificates\SmartCardRoot.
Configure users\.default\software\microsoft\systemcertificates\trust.
Configure users\.default\software\microsoft\systemcertificates\TrustedPeople.
Configure users\.default\software\microsoft\systemcertificates\root.
Configure users\.default\software\microsoft\systemcertificates\root\Certificates.
Configure users\.default\software\microsoft\systemcertificates\root\CRLs.
Configure users\.default\software\microsoft\systemcertificates\root\CTLs.
Configure machine\software.
Configure machine\software\Clients.
Configure machine\software\Intel.
Configure machine\software\ODBC.
Configure machine\software\Policies.
Configure machine\software\RegisteredApplications.
Configure machine\software\Sonic.
Configure machine\software\classes.
Configure machine\software\classes\*.
Configure machine\software\classes\.386.
Configure machine\software\classes\.a.
Configure machine\software\classes\.aca.
Configure machine\software\classes\.acf.
Configure machine\software\classes\.acs.
Configure machine\software\classes\.ai.
Configure machine\software\classes\.aif.
Configure machine\software\classes\.aifc.
Configure machine\software\classes\.aiff.
Configure machine\software\classes\.ani.
Configure machine\software\classes\.ans.
Configure machine\software\classes\.application.
Configure machine\software\classes\.appref-ms.
Configure machine\software\classes\.aps.
Configure machine\software\classes\.art.
Configure machine\software\classes\.asa.
Configure machine\software\classes\.asc.
Configure machine\software\classes\.ascx.
Configure machine\software\classes\.asf.
Configure machine\software\classes\.asm.
Configure machine\software\classes\.asmx.
Configure machine\software\classes\.asp.
Configure machine\software\classes\.aspx.
Configure machine\software\classes\.asx.
Configure machine\software\classes\.au.
Configure machine\software\classes\.avi.
Configure machine\software\classes\.bas.
Configure machine\software\classes\.bat.
Configure machine\software\classes\.bcp.
Configure machine\software\classes\.bin.
Configure machine\software\classes\.bkf.
Configure machine\software\classes\.blg.
Configure machine\software\classes\.bmp.
Configure machine\software\classes\.bsc.
Configure machine\software\classes\.c.
Configure machine\software\classes\.c2r.
Configure machine\software\classes\.cab.
Configure machine\software\classes\.camp.
Configure machine\software\classes\.cat.
Configure machine\software\classes\.cc.
Configure machine\software\classes\.cda.
Configure machine\software\classes\.cdmp.
Configure machine\software\classes\.cdx.
Configure machine\software\classes\.cer.
Configure machine\software\classes\.cgm.
Configure machine\software\classes\.ChessTitansSave-ms.
Configure machine\software\classes\.chk.
Configure machine\software\classes\.chm.
Configure machine\software\classes\.cls.
Configure machine\software\classes\.cmd.
Configure machine\software\classes\.cod.
Configure machine\software\classes\.com.
Configure machine\software\classes\.ComfyCakesSave-ms.
Configure machine\software\classes\.compositefont.
Configure machine\software\classes\.contact.
Configure machine\software\classes\.cpl.
Configure machine\software\classes\.cpp.
Configure machine\software\classes\.crd.
Configure machine\software\classes\.crds.
Configure machine\software\classes\.crl.
Configure machine\software\classes\.crt.
Configure machine\software\classes\.cs.
Configure machine\software\classes\.csa.
Configure machine\software\classes\.css.
Configure machine\software\classes\.csv.
Configure machine\software\classes\.cur.
Configure machine\software\classes\.cxx.
Configure machine\software\classes\.dat.
Configure machine\software\classes\.db.
Configure machine\software\classes\.dbg.
Configure machine\software\classes\.dbs.
Configure machine\software\classes\.dct.
Configure machine\software\classes\.def.
Configure machine\software\classes\.der.
Configure machine\software\classes\.desklink.
Configure machine\software\classes\.dib.
Configure machine\software\classes\.dic.
Configure machine\software\classes\.diz.
Configure machine\software\classes\.dll.
Configure machine\software\classes\.dl_.
Configure machine\software\classes\.doc.
Configure machine\software\classes\.dos.
Configure machine\software\classes\.dot.
Configure machine\software\classes\.drv.
Configure machine\software\classes\.dsn.
Configure machine\software\classes\.dsp.
Configure machine\software\classes\.dsw.
Configure machine\software\classes\.DVR.
Configure machine\software\classes\.dvr-ms.
Configure machine\software\classes\.dwfx.
Configure machine\software\classes\.emf.
Configure machine\software\classes\.eml.
Configure machine\software\classes\.eps.
Configure machine\software\classes\.etp.
Configure machine\software\classes\.evt.
Configure machine\software\classes\.evtx.
Configure machine\software\classes\.exe.
Configure machine\software\classes\.exp.
Configure machine\software\classes\.ext.
Configure machine\software\classes\.ex_.
Configure machine\software\classes\.eyb.
Configure machine\software\classes\.faq.
Configure machine\software\classes\.fif.
Configure machine\software\classes\.fky.
Configure machine\software\classes\.fnd.
Configure machine\software\classes\.fnt.
Configure machine\software\classes\.fon.
Configure machine\software\classes\.FreeCellSave-ms.

Tigerlilly77
Intermediate
Intermediate

Posts Posts : 63
Joined Joined : 2009-07-25
Gender Gender : Female
OS OS : Vista
Points Points : 27019
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Program:Vista---Highjacked browers,main web pages, etc...nothing fixes it

Post by Tigerlilly77 on 9th August 2009, 2:33 am

Configure machine\software\classes\.gadget.
Configure machine\software\classes\.ghi.
Configure machine\software\classes\.gif.
Configure machine\software\classes\.gmmp.
Configure machine\software\classes\.group.
Configure machine\software\classes\.grp.
Configure machine\software\classes\.gz.
Configure machine\software\classes\.h.
Configure machine\software\classes\.H1C.
Configure machine\software\classes\.H1D.
Configure machine\software\classes\.H1F.
Configure machine\software\classes\.H1H.
Configure machine\software\classes\.H1K.
Configure machine\software\classes\.H1Q.
Configure machine\software\classes\.H1S.
Configure machine\software\classes\.H1T.
Configure machine\software\classes\.H1V.
Configure machine\software\classes\.H1W.
Configure machine\software\classes\.HeartsSave-ms.
Configure machine\software\classes\.hhc.
Configure machine\software\classes\.hpp.
Configure machine\software\classes\.hqx.
Configure machine\software\classes\.hta.
Configure machine\software\classes\.htc.
Configure machine\software\classes\.htm.
Configure machine\software\classes\.html.
Configure machine\software\classes\.htt.
Configure machine\software\classes\.htw.
Configure machine\software\classes\.htx.
Configure machine\software\classes\.hxx.
Configure machine\software\classes\.i.
Configure machine\software\classes\.ibq.
Configure machine\software\classes\.icc.
Configure machine\software\classes\.icl.
Configure machine\software\classes\.icm.
Configure machine\software\classes\.ico.
Configure machine\software\classes\.ics.
Configure machine\software\classes\.idl.
Configure machine\software\classes\.idq.
Configure machine\software\classes\.ilk.
Configure machine\software\classes\.imc.
Configure machine\software\classes\.inc.
Configure machine\software\classes\.inf.
Configure machine\software\classes\.ini.
Configure machine\software\classes\.inl.
Configure machine\software\classes\.inv.
Configure machine\software\classes\.inx.
Configure machine\software\classes\.in_.
Configure machine\software\classes\.IVF.
Configure machine\software\classes\.jav.
Configure machine\software\classes\.java.
Configure machine\software\classes\.jbf.
Configure machine\software\classes\.jfif.
Configure machine\software\classes\.jnt.
Configure machine\software\classes\.Job.
Configure machine\software\classes\.jod.
Configure machine\software\classes\.jpe.
Configure machine\software\classes\.jpeg.
Configure machine\software\classes\.jpg.
Configure machine\software\classes\.js.
Configure machine\software\classes\.JSE.
Configure machine\software\classes\.jtp.
Configure machine\software\classes\.jtx.
Configure machine\software\classes\.kci.
Configure machine\software\classes\.label.
Configure machine\software\classes\.latex.
Configure machine\software\classes\.lgn.
Configure machine\software\classes\.lib.
Configure machine\software\classes\.lnk.
Configure machine\software\classes\.local.
Configure machine\software\classes\.log.
Configure machine\software\classes\.lst.
Configure machine\software\classes\.lwv.
Configure machine\software\classes\.m14.
Configure machine\software\classes\.m1v.
Configure machine\software\classes\.M2V.
Configure machine\software\classes\.m3u.
Configure machine\software\classes\.MahjongTitansSave-ms.
Configure machine\software\classes\.mak.
Configure machine\software\classes\.man.
Configure machine\software\classes\.manifest.
Configure machine\software\classes\.map.
Configure machine\software\classes\.mapimail.
Configure machine\software\classes\.mcl.
Configure machine\software\classes\.mdb.
Configure machine\software\classes\.mht.
Configure machine\software\classes\.mhtml.
Configure machine\software\classes\.mid.
Configure machine\software\classes\.midi.
Configure machine\software\classes\.mig.
Configure machine\software\classes\.MinesweeperSave-ms.
Configure machine\software\classes\.mk.
Configure machine\software\classes\.mlc.
Configure machine\software\classes\.mmf.
Configure machine\software\classes\.MOD.
Configure machine\software\classes\.mov.
Configure machine\software\classes\.movie.
Configure machine\software\classes\.mp2.
Configure machine\software\classes\.mp2v.
Configure machine\software\classes\.mp3.
Configure machine\software\classes\.mpa.
Configure machine\software\classes\.mpe.
Configure machine\software\classes\.mpeg.
Configure machine\software\classes\.mpg.
Configure machine\software\classes\.mpv2.
Configure machine\software\classes\.msc.
Configure machine\software\classes\.msdm.
Configure machine\software\classes\.msdvd.
Warning 5: Access is denied.
Error setting security on machine\software\classes.
Configure machine\software\classes\.msg.
Configure machine\software\classes\.msi.
Configure machine\software\classes\.msp.
Configure machine\software\classes\.msrcincident.
Configure machine\software\classes\.msstyles.
Configure machine\software\classes\.msu.
Configure machine\software\classes\.MSWMM.
Configure machine\software\classes\.mv.
Configure machine\software\classes\.mydocs.
Configure machine\software\classes\.ncb.
Configure machine\software\classes\.nfo.
Configure machine\software\classes\.nls.
Configure machine\software\classes\.nvr.
Configure machine\software\classes\.nws.
Configure machine\software\classes\.obj.
Configure machine\software\classes\.ocx.
Configure machine\software\classes\.oc_.
Configure machine\software\classes\.odc.
Configure machine\software\classes\.odh.
Configure machine\software\classes\.odl.
Configure machine\software\classes\.otf.
Configure machine\software\classes\.p10.
Configure machine\software\classes\.p12.
Configure machine\software\classes\.p7b.
Configure machine\software\classes\.p7c.
Configure machine\software\classes\.p7m.
Configure machine\software\classes\.p7r.
Configure machine\software\classes\.p7s.
Configure machine\software\classes\.pbk.
Configure machine\software\classes\.pch.
Configure machine\software\classes\.pdb.
Configure machine\software\classes\.pds.
Configure machine\software\classes\.pfm.
Configure machine\software\classes\.pfx.
Configure machine\software\classes\.php3.
Configure machine\software\classes\.pic.
Configure machine\software\classes\.pif.
Configure machine\software\classes\.pko.
Configure machine\software\classes\.pl.
Configure machine\software\classes\.plg.
Configure machine\software\classes\.pma.
Configure machine\software\classes\.pmc.
Configure machine\software\classes\.pml.
Configure machine\software\classes\.pmr.
Configure machine\software\classes\.pnf.
Configure machine\software\classes\.png.
Configure machine\software\classes\.pot.
Configure machine\software\classes\.pps.
Configure machine\software\classes\.ppt.
Configure machine\software\classes\.prc.
Configure machine\software\classes\.prf.
Configure machine\software\classes\.ps.
Configure machine\software\classes\.psd.
Configure machine\software\classes\.PurblePairsSave-ms.
Configure machine\software\classes\.PurbleShopSave-ms.
Configure machine\software\classes\.qds.
Configure machine\software\classes\.rat.
Configure machine\software\classes\.rc.
Configure machine\software\classes\.rc2.
Configure machine\software\classes\.rct.
Configure machine\software\classes\.RDP.
Configure machine\software\classes\.reg.
Configure machine\software\classes\.res.
Configure machine\software\classes\.rgs.
Configure machine\software\classes\.rle.
Configure machine\software\classes\.rll.
Configure machine\software\classes\.rmi.
Configure machine\software\classes\.rpc.
Configure machine\software\classes\.rsp.
Configure machine\software\classes\.rtf.
Configure machine\software\classes\.rul.
Configure machine\software\classes\.s.
Configure machine\software\classes\.sbr.
Configure machine\software\classes\.sc2.
Configure machine\software\classes\.scc.
Configure machine\software\classes\.scd.
Configure machine\software\classes\.scf.
Configure machine\software\classes\.sch.
Configure machine\software\classes\.scp.
Configure machine\software\classes\.scr.
Configure machine\software\classes\.sct.
Configure machine\software\classes\.search-ms.
Configure machine\software\classes\.sed.
Configure machine\software\classes\.sfcache.
Warning 5: Access is denied.
Error setting security on machine\software\classes.

Tigerlilly77
Intermediate
Intermediate

Posts Posts : 63
Joined Joined : 2009-07-25
Gender Gender : Female
OS OS : Vista
Points Points : 27019
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Program:Vista---Highjacked browers,main web pages, etc...nothing fixes it

Post by Tigerlilly77 on 9th August 2009, 2:33 am

Configure machine\software\classes\.shtm.
Configure machine\software\classes\.shtml.
Configure machine\software\classes\.sit.
Configure machine\software\classes\.slupkg-ms.
Configure machine\software\classes\.snd.
Configure machine\software\classes\.sol.
Configure machine\software\classes\.SolitaireSave-ms.
Configure machine\software\classes\.sor.
Configure machine\software\classes\.spc.
Configure machine\software\classes\.SpiderSolitaireSave-ms.
Configure machine\software\classes\.sql.
Configure machine\software\classes\.srf.
Configure machine\software\classes\.sr_.
Configure machine\software\classes\.sst.
Configure machine\software\classes\.stl.
Configure machine\software\classes\.stm.
Configure machine\software\classes\.swf.
Configure machine\software\classes\.sym.
Configure machine\software\classes\.sys.
Configure machine\software\classes\.sy_.
Configure machine\software\classes\.tab.
Configure machine\software\classes\.tar.
Configure machine\software\classes\.tdl.
Configure machine\software\classes\.text.
Configure machine\software\classes\.tgz.
Configure machine\software\classes\.theme.
Configure machine\software\classes\.tif.
Configure machine\software\classes\.tiff.
Configure machine\software\classes\.tlb.
Configure machine\software\classes\.tlh.
Configure machine\software\classes\.tli.
Configure machine\software\classes\.trg.
Configure machine\software\classes\.tsp.
Configure machine\software\classes\.tsv.
Configure machine\software\classes\.ttc.
Configure machine\software\classes\.ttf.
Configure machine\software\classes\.txt.
Configure machine\software\classes\.udf.
Configure machine\software\classes\.UDL.
Configure machine\software\classes\.udt.
Configure machine\software\classes\.url.
Configure machine\software\classes\.user.
Configure machine\software\classes\.usr.
Configure machine\software\classes\.VBE.
Configure machine\software\classes\.vbs.
Configure machine\software\classes\.vbx.
Configure machine\software\classes\.vcf.
Configure machine\software\classes\.vcproj.
Configure machine\software\classes\.viw.
Configure machine\software\classes\.vob.
Configure machine\software\classes\.vspscc.
Configure machine\software\classes\.vsscc.
Configure machine\software\classes\.vssscc.
Configure machine\software\classes\.vxd.
Configure machine\software\classes\.wab.
Configure machine\software\classes\.wav.
Configure machine\software\classes\.wax.
Configure machine\software\classes\.wbcat.
Configure machine\software\classes\.wcinv.
Configure machine\software\classes\.wcinv-ms-p2p.
Configure machine\software\classes\.wdp.
Configure machine\software\classes\.WebAllowBlockList.
Warning 5: Access is denied.
Error setting security on machine\software\classes.
Configure machine\software\classes\.webpnp.
Configure machine\software\classes\.wll.
Configure machine\software\classes\.wlt.
Configure machine\software\classes\.wm.
Configure machine\software\classes\.wma.
Configure machine\software\classes\.WMD.
Configure machine\software\classes\.wmdb.
Configure machine\software\classes\.wmf.
Configure machine\software\classes\.wmp.
Configure machine\software\classes\.WMS.
Configure machine\software\classes\.wmv.
Configure machine\software\classes\.wmx.
Configure machine\software\classes\.wmz.
Configure machine\software\classes\.WPL.
Configure machine\software\classes\.wri.
Configure machine\software\classes\.wsc.
Configure machine\software\classes\.WSF.
Configure machine\software\classes\.WSH.
Configure machine\software\classes\.wsz.
Configure machine\software\classes\.wtx.
Configure machine\software\classes\.wvx.
Configure machine\software\classes\.x.
Configure machine\software\classes\.xaml.
Configure machine\software\classes\.xbap.
Configure machine\software\classes\.xix.
Configure machine\software\classes\.xlb.
Configure machine\software\classes\.xlc.
Configure machine\software\classes\.xls.
Configure machine\software\classes\.xlt.
Configure machine\software\classes\.xml.
Configure machine\software\classes\.xps.
Configure machine\software\classes\.xrm-ms.
Configure machine\software\classes\.xsd.
Configure machine\software\classes\.xsl.
Configure machine\software\classes\.xslt.
Configure machine\software\classes\.z.
Configure machine\software\classes\.z96.
Configure machine\software\classes\.zfsendtotarget.
Configure machine\software\classes\.zip.
Configure machine\software\classes\AccClientDocMgr.AccClientDocMgr.
Configure machine\software\classes\AccClientDocMgr.AccClientDocMgr.1.
Configure machine\software\classes\AccDictionary.AccDictionary.
Configure machine\software\classes\AccDictionary.AccDictionary.1.
Configure machine\software\classes\AccessControlEntry.
Configure machine\software\classes\AccessControlList.
Configure machine\software\classes\AccServerDocMgr.AccServerDocMgr.
Configure machine\software\classes\AccServerDocMgr.AccServerDocMgr.1.
Configure machine\software\classes\ADODB.Command.
Configure machine\software\classes\ADODB.Command.6.0.
Configure machine\software\classes\ADODB.Connection.
Configure machine\software\classes\ADODB.Connection.6.0.
Configure machine\software\classes\ADODB.Error.
Configure machine\software\classes\ADODB.Error.6.0.
Configure machine\software\classes\ADODB.ErrorLookup.
Configure machine\software\classes\ADODB.ErrorLookup.6.0.
Configure machine\software\classes\ADODB.Parameter.
Configure machine\software\classes\ADODB.Parameter.6.0.
Configure machine\software\classes\ADODB.Record.
Configure machine\software\classes\ADODB.Record.6.0.
Configure machine\software\classes\ADODB.Recordset.
Configure machine\software\classes\ADODB.Recordset.6.0.
Configure machine\software\classes\ADODB.Stream.
Configure machine\software\classes\ADODB.Stream.6.0.
Configure machine\software\classes\ADOMD.Catalog.
Configure machine\software\classes\ADOMD.Catalog.6.0.
Configure machine\software\classes\ADOMD.Cellset.
Configure machine\software\classes\ADOMD.Cellset.6.0.
Configure machine\software\classes\ADOR.Recordset.
Configure machine\software\classes\ADOR.Recordset.6.0.
Configure machine\software\classes\ADOX.Catalog.
Configure machine\software\classes\ADOX.Catalog.6.0.
Configure machine\software\classes\ADOX.Column.
Configure machine\software\classes\ADOX.Column.6.0.
Configure machine\software\classes\ADOX.Group.
Configure machine\software\classes\ADOX.Group.6.0.
Configure machine\software\classes\ADOX.Index.
Configure machine\software\classes\ADOX.Index.6.0.
Configure machine\software\classes\ADOX.Key.
Configure machine\software\classes\ADOX.Key.6.0.
Configure machine\software\classes\ADOX.Table.
Configure machine\software\classes\ADOX.Table.6.0.
Configure machine\software\classes\ADOX.User.
Configure machine\software\classes\ADOX.User.6.0.
Configure machine\software\classes\ADs.
Configure machine\software\classes\ADsDSOObject.
Configure machine\software\classes\ADsNamespaces.
Configure machine\software\classes\ADsSecurityUtility.
Configure machine\software\classes\ADSystemInfo.
Configure machine\software\classes\AdvancedDataFactory.
Configure machine\software\classes\Agent.Character.2.
Configure machine\software\classes\Agent.Character2.2.
Configure machine\software\classes\Agent.Control.
Configure machine\software\classes\Agent.Control.1.
Configure machine\software\classes\Agent.Control.2.
Configure machine\software\classes\Agent.Server.
Configure machine\software\classes\Agent.Server.2.
Configure machine\software\classes\AIFFFile.
Configure machine\software\classes\AllFilesystemObjects.
Configure machine\software\classes\AMOVIE.ActiveMovie Control.
Configure machine\software\classes\AMOVIE.ActiveMovie Control.2.
Configure machine\software\classes\AMOVIE.ActiveMovieControl.
Configure machine\software\classes\AMOVIE.ActiveMovieControl.2.
Configure machine\software\classes\anifile.
Configure machine\software\classes\AppID.
Configure machine\software\classes\Application.Manifest.
Configure machine\software\classes\Application.Reference.
Configure machine\software\classes\Applications.
Configure machine\software\classes\ASFFile.
Configure machine\software\classes\AsianBox.EASkinProps.
Warning 5: Access is denied.
Error setting security on machine\software\classes.
Configure machine\software\classes\AsianBox.EASkinProps.1.

Tigerlilly77
Intermediate
Intermediate

Posts Posts : 63
Joined Joined : 2009-07-25
Gender Gender : Female
OS OS : Vista
Points Points : 27019
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Program:Vista---Highjacked browers,main web pages, etc...nothing fixes it

Post by Tigerlilly77 on 9th August 2009, 2:34 am

Warning 5: Access is denied.
Error setting security on machine\software\classes.
Configure machine\software\classes\ASP.HostEncode.
Configure machine\software\classes\aspfile.
Configure machine\software\classes\ASXFile.
Configure machine\software\classes\ATL.Registrar.
Configure machine\software\classes\AudioCD.
Configure machine\software\classes\AudioEngine.
Configure machine\software\classes\AudioVBScript.
Configure machine\software\classes\AudioVBScript.1.
Configure machine\software\classes\AUFile.
Configure machine\software\classes\AutoProxyTypes.
Configure machine\software\classes\AVIFile.
Configure machine\software\classes\AzRoles.AzAuthorizationStore.
Configure machine\software\classes\AzRoles.AzAuthorizationStore.1.
Configure machine\software\classes\AzRoles.AzBizRuleContext.
Configure machine\software\classes\AzRoles.AzBizRuleContext.1.
Configure machine\software\classes\AzRoles.AzPrincipalLocator.
Configure machine\software\classes\AzRoles.AzPrincipalLocator.1.
Configure machine\software\classes\batfile.
Configure machine\software\classes\BDATuner.AnalogAudioComponentType.
Warning 5: Access is denied.
Error setting security on machine\software\classes.
Configure machine\software\classes\BDATuner.AnalogAudioComponentType.1.
Warning 5: Access is denied.
Error setting security on machine\software\classes.
Configure machine\software\classes\BDATuner.AnalogLocator.
Warning 5: Access is denied.
Error setting security on machine\software\classes.
Configure machine\software\classes\BDATuner.AnalogLocator.1.
Warning 5: Access is denied.
Error setting security on machine\software\classes.
Configure machine\software\classes\BDATuner.AnalogRadioTuningSpace.
Warning 5: Access is denied.
Error setting security on machine\software\classes.
Configure machine\software\classes\BDATuner.AnalogRadioTuningSpace.1.
Warning 5: Access is denied.
Error setting security on machine\software\classes.
Configure machine\software\classes\BDATuner.AnalogTVTuningSpace.
Warning 5: Access is denied.
Error setting security on machine\software\classes.
Configure machine\software\classes\BDATuner.AnalogTVTuningSpace.1.
Warning 5: Access is denied.
Error setting security on machine\software\classes.
Configure machine\software\classes\BDATuner.ATSCChannelTuneRequest.
Warning 5: Access is denied.
Error setting security on machine\software\classes.
Configure machine\software\classes\BDATuner.ATSCChannelTuneRequest.1.
Warning 5: Access is denied.
Error setting security on machine\software\classes.
Configure machine\software\classes\BDATuner.ATSCComponentType.
Warning 5: Access is denied.
Error setting security on machine\software\classes.
Configure machine\software\classes\BDATuner.ATSCComponentType.1.
Warning 5: Access is denied.
Error setting security on machine\software\classes.
Configure machine\software\classes\BDATuner.ATSCLocator.
Warning 5: Access is denied.
Error setting security on machine\software\classes.
Configure machine\software\classes\BDATuner.ATSCLocator.1.
Warning 5: Access is denied.
Error setting security on machine\software\classes.
Configure machine\software\classes\BDATuner.ATSCTuningSpace.
Warning 5: Access is denied.
Error setting security on machine\software\classes.
Configure machine\software\classes\BDATuner.ATSCTuningSpace.1.
Warning 5: Access is denied.
Error setting security on machine\software\classes.
Configure machine\software\classes\BDATuner.AuxiliaryInTuningSpace.
Warning 5: Access is denied.
Error setting security on machine\software\classes.
Configure machine\software\classes\BDATuner.AuxiliaryInTuningSpace.1.
Warning 5: Access is denied.
Error setting security on machine\software\classes.
Configure machine\software\classes\BDATuner.ChannelTuneRequest.
Warning 5: Access is denied.
Error setting security on machine\software\classes.
Configure machine\software\classes\BDATuner.ChannelTuneRequest.1.
Warning 5: Access is denied.
Error setting security on machine\software\classes.
Configure machine\software\classes\BDATuner.Component.
Warning 5: Access is denied.
Error setting security on machine\software\classes.
Configure machine\software\classes\BDATuner.Component.1.
Warning 5: Access is denied.
Error setting security on machine\software\classes.
Configure machine\software\classes\BDATuner.Components.
Warning 5: Access is denied.
Error setting security on machine\software\classes.
Configure machine\software\classes\BDATuner.Components.1.
Warning 5: Access is denied.
Error setting security on machine\software\classes.
Configure machine\software\classes\BDATuner.ComponentType.
Warning 5: Access is denied.
Error setting security on machine\software\classes.
Configure machine\software\classes\BDATuner.ComponentType.1.
Warning 5: Access is denied.
Error setting security on machine\software\classes.
Configure machine\software\classes\BDATuner.ComponentTypes.
Warning 5: Access is denied.
Error setting security on machine\software\classes.
Configure machine\software\classes\BDATuner.ComponentTypes.1.
Warning 5: Access is denied.
Error setting security on machine\software\classes.
Configure machine\software\classes\BDATuner.DigitalCableLocator.
Warning 5: Access is denied.
Error setting security on machine\software\classes.
Configure machine\software\classes\BDATuner.DigitalCableLocator.1.
Warning 5: Access is denied.
Error setting security on machine\software\classes.
Configure machine\software\classes\BDATuner.DigitalCableTuneRequest.
Warning 5: Access is denied.
Error setting security on machine\software\classes.
Configure machine\software\classes\BDATuner.DigitalCableTuneRequest.1.
Warning 5: Access is denied.
Error setting security on machine\software\classes.
Configure machine\software\classes\BDATuner.DigitalCableTuningSpace.
Warning 5: Access is denied.
Error setting security on machine\software\classes.
Configure machine\software\classes\BDATuner.DigitalCableTuningSpace.1.
Warning 5: Access is denied.
Error setting security on machine\software\classes.
Configure machine\software\classes\BDATuner.DVBCLocator.
Warning 5: Access is denied.
Error setting security on machine\software\classes.
Configure machine\software\classes\BDATuner.DVBCLocator.1.
Warning 5: Access is denied.
Error setting security on machine\software\classes.
Configure machine\software\classes\BDATuner.DVBSLocator.
Warning 5: Access is denied.
Error setting security on machine\software\classes.
Configure machine\software\classes\BDATuner.DVBSLocator.1.
Warning 5: Access is denied.
Error setting security on machine\software\classes.
Configure machine\software\classes\BDATuner.DVBSTuningSpace.
Warning 5: Access is denied.
Error setting security on machine\software\classes.
Configure machine\software\classes\BDATuner.DVBSTuningSpace.1.
Warning 5: Access is denied.
Error setting security on machine\software\classes.
Configure machine\software\classes\BDATuner.DVBTLocator.
Warning 5: Access is denied.
Error setting security on machine\software\classes.
Configure machine\software\classes\BDATuner.DVBTLocator.1.
Warning 5: Access is denied.
Error setting security on machine\software\classes.
Configure machine\software\classes\BDATuner.DVBTuneRequest.

Tigerlilly77
Intermediate
Intermediate

Posts Posts : 63
Joined Joined : 2009-07-25
Gender Gender : Female
OS OS : Vista
Points Points : 27019
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Program:Vista---Highjacked browers,main web pages, etc...nothing fixes it

Post by Tigerlilly77 on 9th August 2009, 2:34 am

Warning 5: Access is denied.
Error setting security on machine\software\classes.
Configure machine\software\classes\BDATuner.DVBTuneRequest.1.
Warning 5: Access is denied.
Error setting security on machine\software\classes.
Configure machine\software\classes\BDATuner.DVBTuningSpace.
Warning 5: Access is denied.
Error setting security on machine\software\classes.
Configure machine\software\classes\BDATuner.DVBTuningSpace.1.
Warning 5: Access is denied.
Error setting security on machine\software\classes.
Configure machine\software\classes\BDATuner.LanguageComponentType.
Warning 5: Access is denied.
Error setting security on machine\software\classes.
Configure machine\software\classes\BDATuner.LanguageComponentType.1.
Warning 5: Access is denied.
Error setting security on machine\software\classes.
Configure machine\software\classes\BDATuner.MPEG2Component.
Warning 5: Access is denied.
Error setting security on machine\software\classes.
Configure machine\software\classes\BDATuner.MPEG2Component.1.
Warning 5: Access is denied.
Error setting security on machine\software\classes.
Configure machine\software\classes\BDATuner.MPEG2ComponentType.
Warning 5: Access is denied.
Error setting security on machine\software\classes.
Configure machine\software\classes\BDATuner.MPEG2ComponentType.1.
Warning 5: Access is denied.
Error setting security on machine\software\classes.
Configure machine\software\classes\BDATuner.MPEG2TuneRequest.
Warning 5: Access is denied.
Error setting security on machine\software\classes.
Configure machine\software\classes\BDATuner.MPEG2TuneRequest.1.
Warning 5: Access is denied.
Error setting security on machine\software\classes.
Configure machine\software\classes\BDATuner.MPEG2TuneRequestFactory.
Warning 5: Access is denied.
Error setting security on machine\software\classes.
Configure machine\software\classes\BDATuner.MPEG2TuneRequestFactory.1.
Warning 5: Access is denied.
Error setting security on machine\software\classes.
Configure machine\software\classes\BDATuner.SystemTuningSpaces.
Warning 5: Access is denied.
Error setting security on machine\software\classes.
Configure machine\software\classes\BDATuner.SystemTuningSpaces.1.
Warning 5: Access is denied.
Error setting security on machine\software\classes.
Configure machine\software\classes\Behavior.Microsoft.DXTFilterBehavior.
Configure machine\software\classes\Behavior.Microsoft.DXTFilterBehavior.1.
Configure machine\software\classes\BehaviorFactory.Microsoft.DXTFilterFactory.
Configure machine\software\classes\BehaviorFactory.Microsoft.DXTFilterFactory.1.
Configure machine\software\classes\bidispl.bidirequest.
Configure machine\software\classes\bidispl.bidirequest.1.
Configure machine\software\classes\bidispl.bidirequestcontainer.
Configure machine\software\classes\bidispl.bidirequestcontainer.1.
Configure machine\software\classes\bidispl.bidispl.
Configure machine\software\classes\bidispl.bidispl.1.
Configure machine\software\classes\BMPFilter.CoBMPFilter.
Configure machine\software\classes\BMPFilter.CoBMPFilter.1.
Configure machine\software\classes\bootstrap.application.
Configure machine\software\classes\bootstrap.application.1.
Configure machine\software\classes\bootstrap.xaml.
Configure machine\software\classes\bootstrap.xaml.1.
Configure machine\software\classes\bootstrap.xbap.
Configure machine\software\classes\bootstrap.xbap.1.
Configure machine\software\classes\bootstrap.xps.
Configure machine\software\classes\bootstrap.xps.1.
Configure machine\software\classes\Briefcase.
Configure machine\software\classes\Byot.ByotServerEx.
Configure machine\software\classes\campfile.
Configure machine\software\classes\CATFile.
Configure machine\software\classes\Catsrv.CatalogServer.
Configure machine\software\classes\CCWU.ComCallWrapper.
Configure machine\software\classes\CCWU.ComCallWrapper.1.
Configure machine\software\classes\cdafile.
Configure machine\software\classes\cdmpfile.
Configure machine\software\classes\CDO.Configuration.
Configure machine\software\classes\CDO.Configuration.1.
Configure machine\software\classes\CDO.DropDirectory.
Configure machine\software\classes\CDO.DropDirectory.1.
Configure machine\software\classes\CDO.Message.
Configure machine\software\classes\CDO.Message.1.
Configure machine\software\classes\CDO.NNTPEarlyConnector.
Configure machine\software\classes\CDO.NNTPEarlyConnector.1.
Configure machine\software\classes\CDO.NNTPFinalConnector.
Configure machine\software\classes\CDO.NNTPFinalConnector.1.
Configure machine\software\classes\CDO.NNTPPostConnector.
Configure machine\software\classes\CDO.NNTPPostConnector.1.
Configure machine\software\classes\CDO.SMTPConnector.
Configure machine\software\classes\CDO.SMTPConnector.1.
Configure machine\software\classes\CDO.SS_NNTPOnPostEarlySink.
Configure machine\software\classes\CDO.SS_NNTPOnPostEarlySink.1.
Configure machine\software\classes\CDO.SS_NNTPOnPostFinalSink.
Configure machine\software\classes\CDO.SS_NNTPOnPostFinalSink.1.
Configure machine\software\classes\CDO.SS_NNTPOnPostSink.
Configure machine\software\classes\CDO.SS_NNTPOnPostSink.1.
Configure machine\software\classes\CDO.SS_SMTPOnArrivalSink.
Configure machine\software\classes\CDO.SS_SMTPOnArrivalSink.1.
Configure machine\software\classes\CE3x4.CE3x4InputModule.
Configure machine\software\classes\CE3x4.CE3x4InputModule.1.
Configure machine\software\classes\CEIPLuaElevationHelper.
Configure machine\software\classes\CERFile.
Configure machine\software\classes\CertificateAuthority.Config.
Configure machine\software\classes\CertificateAuthority.Config.1.
Configure machine\software\classes\CertificateAuthority.EncodeAltName.
Configure machine\software\classes\CertificateAuthority.EncodeAltName.1.
Configure machine\software\classes\CertificateAuthority.EncodeBitString.
Configure machine\software\classes\CertificateAuthority.EncodeBitString.1.
Configure machine\software\classes\CertificateAuthority.EncodeCRLDistInfo.
Configure machine\software\classes\CertificateAuthority.EncodeCRLDistInfo.1.
Configure machine\software\classes\CertificateAuthority.EncodeDateArray.
Configure machine\software\classes\CertificateAuthority.EncodeDateArray.1.
Configure machine\software\classes\CertificateAuthority.EncodeLongArray.
Configure machine\software\classes\CertificateAuthority.EncodeLongArray.1.
Configure machine\software\classes\CertificateAuthority.EncodeStringArray.
Configure machine\software\classes\CertificateAuthority.EncodeStringArray.1.
Configure machine\software\classes\CertificateAuthority.GetConfig.
Configure machine\software\classes\CertificateAuthority.GetConfig.1.
Configure machine\software\classes\CertificateAuthority.Request.
Configure machine\software\classes\CertificateAuthority.Request.1.
Configure machine\software\classes\CertificateAuthority.ServerExit.
Configure machine\software\classes\CertificateAuthority.ServerExit.1.
Configure machine\software\classes\CertificateAuthority.ServerPolicy.
Configure machine\software\classes\CertificateAuthority.ServerPolicy.1.
Configure machine\software\classes\certificatefile.
Configure machine\software\classes\CertificateStoreFile.
Configure machine\software\classes\certificate_wab_auto_file.
Configure machine\software\classes\CfgComp.CfgComp.
Configure machine\software\classes\CfgComp.CfgComp.1.
Configure machine\software\classes\CHHIme.CHHInputModule.
Configure machine\software\classes\CHHIme.CHHInputModule.1.
Configure machine\software\classes\chkfile.
Configure machine\software\classes\chm.file.
Configure machine\software\classes\CHSIme.CHSInputModule.
Configure machine\software\classes\CHSIme.CHSInputModule.1.
Configure machine\software\classes\CHTIme.CHTInputModule.
Configure machine\software\classes\CHTIme.CHTInputModule.1.
Configure machine\software\classes\CID.
Configure machine\software\classes\CID.Local.
Configure machine\software\classes\ClientCaps.ClientCaps.
Configure machine\software\classes\ClientCaps.ClientCaps.1.
Configure machine\software\classes\ClientSideRenderingCacheManager.ClientSideRenderingCacheManage.1.
Configure machine\software\classes\ClientSideRenderingCacheManager.ClientSideRenderingCacheManager.
Configure machine\software\classes\CLRMetaData.CLRRuntimeHost.
Configure machine\software\classes\CLRMetaData.CLRRuntimeHost.1.
Configure machine\software\classes\CLRMetaData.CLRRuntimeHost.2.
Configure machine\software\classes\CLRMetaData.CorMetaDataDispenser.
Configure machine\software\classes\CLRMetaData.CorMetaDataDispenser.2.
Configure machine\software\classes\CLRMetaData.CorMetaDataDispenserRuntime.
Configure machine\software\classes\CLRMetaData.CorMetaDataDispenserRuntime.2.
Configure machine\software\classes\CLRMetaData.CorRuntimeHost.
Configure machine\software\classes\CLRMetaData.CorRuntimeHost.2.
Configure machine\software\classes\CLSID.
Configure machine\software\classes\cmdfile.
Configure machine\software\classes\Cmiv2.CmiFactory.
Configure machine\software\classes\Cmiv2.CmiFactory.2.
Configure machine\software\classes\COMAdmin.COMAdminCatalog.
Configure machine\software\classes\COMAdmin.COMAdminCatalog.1.
Configure machine\software\classes\COMEXPS.CTrkEvntListener.
Configure machine\software\classes\comfile.
Configure machine\software\classes\CompatUI.SelectFile.1.
Configure machine\software\classes\CompatUI.Upload.
Configure machine\software\classes\CompatUI.Upload.1.
Configure machine\software\classes\CompatUI.Util.
Configure machine\software\classes\CompatUI.Util.1.
Configure machine\software\classes\ComPlusDebug.CorDebug.
Configure machine\software\classes\ComPlusDebug.CorDebug.1.
Configure machine\software\classes\ComPlusDebug.CorpubPublish.
Configure machine\software\classes\ComPlusDebug.CorpubPublish.1.
Configure machine\software\classes\Component Categories.
Configure machine\software\classes\CompressedFolder.
Configure machine\software\classes\COMSNAP.COMNSView.
Configure machine\software\classes\COMSNAP.COMNSView.1.
Configure machine\software\classes\COMSNAP.ComponentDataImpl.
Configure machine\software\classes\COMSNAP.ComponentDataImpl.1.
Configure machine\software\classes\COMSNAP.CPartitionContextMenu.
Configure machine\software\classes\COMSNAP.CPartitionContextMenu.1.

Tigerlilly77
Intermediate
Intermediate

Posts Posts : 63
Joined Joined : 2009-07-25
Gender Gender : Female
OS OS : Vista
Points Points : 27019
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Program:Vista---Highjacked browers,main web pages, etc...nothing fixes it

Post by Tigerlilly77 on 9th August 2009, 2:35 am

Configure machine\software\classes\COMSNAP.CPartitionNotify.
Configure machine\software\classes\COMSNAP.CPartitionNotify.1.
Configure machine\software\classes\COMSNAP.CPartitionPropPages.
Configure machine\software\classes\COMSNAP.CPartitionPropPages.1.
Configure machine\software\classes\COMSNAP.CPartitionSetContextMenu.
Configure machine\software\classes\COMSNAP.CPartitionSetContextMenu.1.
Configure machine\software\classes\COMSNAP.CPartitionSetPropPages.
Configure machine\software\classes\COMSNAP.CPartitionSetPropPages.1.
Configure machine\software\classes\COMSNAP.CUserPropPages.
Configure machine\software\classes\COMSNAP.CUserPropPages.1.
Configure machine\software\classes\COMSNAP.SnapinAboutImpl.
Configure machine\software\classes\COMSNAP.SnapinAboutImpl.1.
Configure machine\software\classes\COMSVCS.CServiceConfig.
Configure machine\software\classes\COMSVCS.CServiceConfig.1.
Configure machine\software\classes\COMSVCS.TrackerServer.
Configure machine\software\classes\ConflictFolder.
Configure machine\software\classes\ConsolePower.ConsolePower.
Configure machine\software\classes\ConsolePower.ConsolePower.1.
Configure machine\software\classes\contact_wab_auto_file.
Configure machine\software\classes\Control.TaskSymbol.
Configure machine\software\classes\Control.TaskSymbol.1.
Configure machine\software\classes\CorrectionIMX.CorrectionIMX.
Warning 5: Access is denied.
Error setting security on machine\software\classes.
Configure machine\software\classes\CorrectionIMX.CorrectionIMX.1.
Warning 5: Access is denied.
Error setting security on machine\software\classes.
Configure machine\software\classes\CorrectionSkin.CorrectionSkin.
Warning 5: Access is denied.
Error setting security on machine\software\classes.
Configure machine\software\classes\CorrectionSkin.CorrectionSkin.1.
Warning 5: Access is denied.
Error setting security on machine\software\classes.
Configure machine\software\classes\CorRegistration.CorFltr.
Configure machine\software\classes\CorRegistration.CorFltr.1.
Configure machine\software\classes\CorRegistration.CorIESecurityManager.
Configure machine\software\classes\CorRegistration.CorIESecurityManager.1.
Configure machine\software\classes\CorSymBinder_SxS.
Configure machine\software\classes\CorSymReader_SxS.
Configure machine\software\classes\CorSymWriter_SxS.
Configure machine\software\classes\CorTransientLoader.CorLoad.
Configure machine\software\classes\CorTransientLoader.CorLoad.1.
Configure machine\software\classes\cplfile.
Configure machine\software\classes\CRLFile.
Configure machine\software\classes\CryptPKO.CryptPKO.
Configure machine\software\classes\CryptPKO.CryptPKO.1.
Configure machine\software\classes\CryptSig.CryptSig.
Configure machine\software\classes\CryptSig.CryptSig.1.
Configure machine\software\classes\csc.
Warning 5: Access is denied.
Error setting security on machine\software\classes.
Configure machine\software\classes\CSSfile.
Configure machine\software\classes\CTapiLuaLib.
Configure machine\software\classes\CTapiLuaLib.1.
Configure machine\software\classes\CTREEVIEW.CTreeViewCtrl.1.
Configure machine\software\classes\curfile.
Configure machine\software\classes\CWin32_OsBaseline.CWin32_OsBaseline.
Configure machine\software\classes\CWin32_OsBaseline.CWin32_OsBaseline.1.
Configure machine\software\classes\cyrillic3x4.cyrillic3x4InputModule.
Configure machine\software\classes\cyrillic3x4.cyrillic3x4InputModule.1.
Configure machine\software\classes\DAO.DBEngine.36.
Configure machine\software\classes\DAO.Field.36.
Configure machine\software\classes\DAO.Group.36.
Configure machine\software\classes\DAO.Index.36.
Configure machine\software\classes\DAO.PrivateDBEngine.36.
Configure machine\software\classes\DAO.QueryDef.36.
Configure machine\software\classes\DAO.Relation.36.
Configure machine\software\classes\DAO.TableDef.36.
Configure machine\software\classes\DAO.User.36.
Configure machine\software\classes\DataLinks.
Configure machine\software\classes\dbfile.
Configure machine\software\classes\DBROWPRX.AsProxy.
Configure machine\software\classes\DBROWPRX.AsProxy.1.
Configure machine\software\classes\DBROWPRX.AsServer.
Configure machine\software\classes\DBROWPRX.AsServer.1.
Configure machine\software\classes\DBRSTPRX.AsProxy.
Configure machine\software\classes\DBRSTPRX.AsProxy.1.
Configure machine\software\classes\DBRSTPRX.AsServer.
Configure machine\software\classes\DBRSTPRX.AsServer.1.
Configure machine\software\classes\device.
Configure machine\software\classes\device.1.
Configure machine\software\classes\DeviceRect.DeviceRect.
Configure machine\software\classes\DeviceRect.DeviceRect.1.
Configure machine\software\classes\Dfrgifc.Defrag.
Configure machine\software\classes\Dfrgifc.Defrag.1.
Configure machine\software\classes\Dfrgifc.Format.
Configure machine\software\classes\Dfrgifc.Format.1.
Configure machine\software\classes\DfsShell.DfsShell.
Configure machine\software\classes\DfsShell.DfsShell.1.
Configure machine\software\classes\DfsShell.DfsShellAdmin.
Configure machine\software\classes\DfsShell.DfsShellAdmin.1.
Configure machine\software\classes\DirectDraw.
Configure machine\software\classes\DirectDraw7.
Configure machine\software\classes\DirectDrawClipper.
Configure machine\software\classes\Directory.
Configure machine\software\classes\DirectShow.
Configure machine\software\classes\DirectXFile.
Configure machine\software\classes\DiskManagement.Connection.
Configure machine\software\classes\DiskManagement.Control.
Configure machine\software\classes\DiskManagement.DataObject.
Configure machine\software\classes\DiskManagement.SnapIn.
Configure machine\software\classes\DiskManagement.SnapInAbout.
Configure machine\software\classes\DiskManagement.SnapInComponent.
Configure machine\software\classes\DiskManagement.SnapInExtension.
Configure machine\software\classes\DiskManagement.UITasks.
Configure machine\software\classes\DispatchMapper.DispatchMapper.
Configure machine\software\classes\DispatchMapper.DispatchMapper.1.
Configure machine\software\classes\dllfile.
Configure machine\software\classes\DllHostInitializer.
Configure machine\software\classes\DNWithBinary.
Configure machine\software\classes\DNWithString.
Configure machine\software\classes\DocWrap.DocWrap.
Configure machine\software\classes\DocWrap.DocWrap.1.
Configure machine\software\classes\DownloadBehavior.DownloadBehavior.
Configure machine\software\classes\DownloadBehavior.DownloadBehavior.1.
Configure machine\software\classes\Drive.
Configure machine\software\classes\DRM.GetLicense.
Warning 5: Access is denied.
Error setting security on machine\software\classes.
Configure machine\software\classes\DRM.GetLicense.1.
Warning 5: Access is denied.

Tigerlilly77
Intermediate
Intermediate

Posts Posts : 63
Joined Joined : 2009-07-25
Gender Gender : Female
OS OS : Vista
Points Points : 27019
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Program:Vista---Highjacked browers,main web pages, etc...nothing fixes it

Post by Tigerlilly77 on 9th August 2009, 2:39 am

I cut out most of the log because it was simply too long- This is just another strange log I found
edInstaller.
Configure machine\system\currentcontrolset\services\TSDDD.
Configure machine\system\currentcontrolset\services\tssecsrv.
Configure machine\system\currentcontrolset\services\uagp35.
Configure machine\system\currentcontrolset\services\udfs.
Configure machine\system\currentcontrolset\services\UGatherer.
Configure machine\system\currentcontrolset\services\UGTHRSVC.
Configure machine\system\currentcontrolset\services\UI0Detect.
Configure machine\system\currentcontrolset\services\uliagpkx.
Configure machine\system\currentcontrolset\services\uliahci.
Configure machine\system\currentcontrolset\services\UlSata.
Configure machine\system\currentcontrolset\services\ulsata2.
Configure machine\system\currentcontrolset\services\umbus.
Configure machine\system\currentcontrolset\services\upnphost.
Configure machine\system\currentcontrolset\services\usb.
Configure machine\system\currentcontrolset\services\usbccgp.
Configure machine\system\currentcontrolset\services\usbcir.
Configure machine\system\currentcontrolset\services\usbehci.
Configure machine\system\currentcontrolset\services\usbhub.
Configure machine\system\currentcontrolset\services\usbohci.
Configure machine\system\currentcontrolset\services\usbprint.
Configure machine\system\currentcontrolset\services\USBSTOR.
Configure machine\system\currentcontrolset\services\usbuhci.
Configure machine\system\currentcontrolset\services\UxSms.
Configure machine\system\currentcontrolset\services\vds.
Configure machine\system\currentcontrolset\services\VgaSave.
Configure machine\system\currentcontrolset\services\viaagp.
Configure machine\system\currentcontrolset\services\ViaC7.
Configure machine\system\currentcontrolset\services\viaide.
Configure machine\system\currentcontrolset\services\volmgr.
Configure machine\system\currentcontrolset\services\volmgrx.
Configure machine\system\currentcontrolset\services\volsnap.
Configure machine\system\currentcontrolset\services\vsmraid.
Configure machine\system\currentcontrolset\services\VSS.
Configure machine\system\currentcontrolset\services\W3SVC.
Configure machine\system\currentcontrolset\services\WacomPen.
Configure machine\system\currentcontrolset\services\wcncsvc.
Configure machine\system\currentcontrolset\services\WcsPlugInService.
Configure machine\system\currentcontrolset\services\Wd.
Configure machine\system\currentcontrolset\services\Wdf01000.
Configure machine\system\currentcontrolset\services\WdiServiceHost.
Configure machine\system\currentcontrolset\services\WdiSystemHost.
Configure machine\system\currentcontrolset\services\WebClient.
Configure machine\system\currentcontrolset\services\Wecsvc.
Configure machine\system\currentcontrolset\services\wercplsupport.
Configure machine\system\currentcontrolset\services\WerSvc.
Configure machine\system\currentcontrolset\services\WinDefend.
Configure machine\system\currentcontrolset\services\Windows Workflow Foundation 3.0.0.0.
Configure machine\system\currentcontrolset\services\WinHttpAutoProxySvc.
Configure machine\system\currentcontrolset\services\Winmgmt.
Configure machine\system\currentcontrolset\services\WinRM.
Configure machine\system\currentcontrolset\services\WinSock2.
Configure machine\system\currentcontrolset\services\Wlansvc.
Configure machine\system\currentcontrolset\services\WmiAcpi.
Configure machine\system\currentcontrolset\services\WmiApRpl.
Configure machine\system\currentcontrolset\services\wmiApSrv.
Configure machine\system\currentcontrolset\services\WMPNetworkSvc.
Configure machine\system\currentcontrolset\services\WPCSvc.
Configure machine\system\currentcontrolset\services\WPDBusEnum.
Configure machine\system\currentcontrolset\services\ws2ifsl.
Configure machine\system\currentcontrolset\services\wscsvc.
Configure machine\system\currentcontrolset\services\WSearch.
Configure machine\system\currentcontrolset\services\WSearchIdxPi.
Configure machine\system\currentcontrolset\services\wuauserv.
Configure machine\system\currentcontrolset\services\wudfsvc.
Configure machine\system\currentcontrolset\services\xmlprov.
Configure machine\system\currentcontrolset\services\appmgmt.
Warning 2: The system cannot find the file specified.
Error enumerating info for machine\system\currentcontrolset\services\appmgmt.
Configure machine\system\currentcontrolset\services\scardsvr.
Configure machine\system\currentcontrolset\services\scardsvr\Parameters.
Configure machine\system\currentcontrolset\services\scardsvr\security.
Warning 2: The system cannot find the file specified.
Error enumerating info for machine\system\currentcontrolset\services\scardsvr\security.
Configure machine\system\currentcontrolset\services\stisvc.
Configure machine\system\currentcontrolset\services\stisvc\Parameters.
Warning 5: Access is denied.
Error setting security on machine\system\currentcontrolset\services\stisvc.
Configure machine\system\currentcontrolset\services\stisvc\security.
Configure machine\system\currentcontrolset\services\sysmonlog.
Warning 2: The system cannot find the file specified.
Error enumerating info for machine\system\currentcontrolset\services\sysmonlog.
Configure machine\system\currentcontrolset\services\w32time.
Configure machine\system\currentcontrolset\services\w32time\Parameters.
Configure machine\system\currentcontrolset\services\w32time\config.
Configure machine\system\currentcontrolset\services\w32time\timeproviders.
Configure machine\system\currentcontrolset\services\w32time\timeproviders\NtpClient.
Configure machine\system\currentcontrolset\services\w32time\timeproviders\NtpServer.

Configuration of Registry Keys was completed successfully.


----Configure File Security...
Configure d:\program files\common files\speechengines\microsoft\tts.
Warning 2: The system cannot find the file specified.
Error setting security on d:\program files\common files\speechengines\microsoft\tts.
Configure d:\programdata\microsoft\windows\drm.
Configure d:\programdata\microsoft\windows\drm\cache.
Configure d:\windows\repair\default.
Warning 3: The system cannot find the path specified.
Error setting security on d:\windows\repair\default.
Configure d:\windows\repair\ntuser.dat.
Warning 3: The system cannot find the path specified.
Error setting security on d:\windows\repair\ntuser.dat.
Configure d:\windows\repair\sam.
Warning 3: The system cannot find the path specified.
Error setting security on d:\windows\repair\sam.
Configure d:\windows\repair\security.
Warning 3: The system cannot find the path specified.
Error setting security on d:\windows\repair\security.
Configure d:\windows\repair\software.
Warning 3: The system cannot find the path specified.
Error setting security on d:\windows\repair\software.
Configure d:\windows\repair\system.
Warning 3: The system cannot find the path specified.
Error setting security on d:\windows\repair\system.
Configure d:\windows\system32\wbem\mof.
Warning 2: The system cannot find the file specified.
Error setting security on d:\windows\system32\wbem\mof.
Configure d:\windows\system32\windows media.
Warning 2: The system cannot find the file specified.
Error setting security on d:\windows\system32\windows media.

File Security configuration was completed successfully.


----Configure Security Policy...
Configure password information.
Administrator account is disabled.
Guest account is disabled.

System Access configuration was completed successfully.
LSA anonymous lookup names setting : existing SD = D:(A;;0xf1fff;;;BA)(A;;0x20801;;;WD)(A;;0x801;;;AN)(A;;0x1000;;;LS)(A;;0x1000;;;NS)(A;;0x1000;;;S-1-5-17).
LSA anonymous lookup names setting : computed SD = D:(D;;0x800;;;AN)(A;;0xf1fff;;;BA)(A;;0x20801;;;WD)(A;;0x801;;;AN)(A;;0x1000;;;LS)(A;;0x1000;;;NS)(A;;0x1000;;;S-1-5-17).
Configure LSA anonymous lookup setting.
Configure machine\software\microsoft\windows nt\currentversion\setup\recoveryconsole\securitylevel.
Configure machine\software\microsoft\windows nt\currentversion\setup\recoveryconsole\setcommand.
Configure machine\software\microsoft\windows nt\currentversion\winlogon\cachedlogonscount.
Configure machine\software\microsoft\windows nt\currentversion\winlogon\forceunlocklogon.
Configure machine\software\microsoft\windows nt\currentversion\winlogon\passwordexpirywarning.
Configure machine\software\microsoft\windows nt\currentversion\winlogon\scremoveoption.
Configure machine\software\microsoft\windows\currentversion\policies\system\dontdisplaylastusername.
Configure machine\software\microsoft\windows\currentversion\policies\system\legalnoticecaption.
Configure machine\software\microsoft\windows\currentversion\policies\system\legalnoticetext.
Configure machine\software\microsoft\windows\currentversion\policies\system\scforceoption.
Configure machine\software\microsoft\windows\currentversion\policies\system\shutdownwithoutlogon.
Configure machine\software\microsoft\windows\currentversion\policies\system\undockwithoutlogon.
Configure machine\software\policies\microsoft\windows\safer\codeidentifiers\authenticodeenabled.
Configure machine\system\currentcontrolset\control\lsa\auditbaseobjects.
Configure machine\system\currentcontrolset\control\lsa\crashonauditfail.
Configure machine\system\currentcontrolset\control\lsa\disabledomaincreds.
Configure machine\system\currentcontrolset\control\lsa\everyoneincludesanonymous.
Configure machine\system\currentcontrolset\control\lsa\fipsalgorithmpolicy\enabled.
Configure machine\system\currentcontrolset\control\lsa\forceguest.
Configure machine\system\currentcontrolset\control\lsa\fullprivilegeauditing.
Configure machine\system\currentcontrolset\control\lsa\limitblankpassworduse.
Configure machine\system\currentcontrolset\control\lsa\lmcompatibilitylevel.
Configure machine\system\currentcontrolset\control\lsa\msv1_0\ntlmminclientsec.
Configure machine\system\currentcontrolset\control\lsa\msv1_0\ntlmminserversec.
Configure machine\system\currentcontrolset\control\lsa\nolmhash.
Configure machine\system\currentcontrolset\control\lsa\restrictanonymous.
Configure machine\system\currentcontrolset\control\lsa\restrictanonymoussam.
Configure machine\system\currentcontrolset\control\print\providers\lanman print services\servers\addprinterdrivers.
Configure machine\system\currentcontrolset\control\session manager\kernel\obcaseinsensitive.
Configure machine\system\currentcontrolset\control\session manager\memory management\clearpagefileatshutdown.
Configure machine\system\currentcontrolset\control\session manager\protectionmode.
Configure machine\system\currentcontrolset\services\lanmanserver\parameters\autodisconnect.
Configure machine\system\currentcontrolset\services\lanmanserver\parameters\enableforcedlogoff.
Configure machine\system\currentcontrolset\services\lanmanserver\parameters\enablesecuritysignature.
Configure machine\system\currentcontrolset\services\lanmanserver\parameters\requiresecuritysignature.
Configure machine\system\currentcontrolset\services\lanmanserver\parameters\restrictnullsessaccess.
Configure machine\system\currentcontrolset\services\lanmanworkstation\parameters\enableplaintextpassword.
Configure machine\system\currentcontrolset\services\lanmanworkstation\parameters\enablesecuritysignature.
Configure machine\system\currentcontrolset\services\lanmanworkstation\parameters\requiresecuritysignature.
Configure machine\system\currentcontrolset\services\ldap\ldapclientintegrity.
Configure machine\system\currentcontrolset\services\netlogon\parameters\disablepasswordchange.
Configure machine\system\currentcontrolset\services\netlogon\parameters\maximumpasswordage.
Configure machine\system\currentcontrolset\services\netlogon\parameters\requiresignorseal.
Configure machine\system\currentcontrolset\services\netlogon\parameters\requirestrongkey.
Configure machine\system\currentcontrolset\services\netlogon\parameters\sealsecurechannel.
Configure machine\system\currentcontrolset\services\netlogon\parameters\signsecurechannel.

Configuration of Registry Values was completed successfully.
Configure log settings.

Audit/Log configuration was completed successfully.


----Configure available attachment engines...

Configuration of attachment engines was completed successfully.


----Un-initialize configuration engine...

Tigerlilly77
Intermediate
Intermediate

Posts Posts : 63
Joined Joined : 2009-07-25
Gender Gender : Female
OS OS : Vista
Points Points : 27019
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Program:Vista---Highjacked browers,main web pages, etc...nothing fixes it

Post by Belahzur on 9th August 2009, 11:10 am

It's ok, just delete C:\Qoobox and delete Combofix from your Desktop.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Combo/Qoo

Post by Tigerlilly77 on 9th August 2009, 1:10 pm

Hello again- Either of the programs are on my desktop or anywhere else within my cmputer...unless they are hidden.
What should I do about my CombFix/ u problem- the system not allowing it??? Things are starting to decline again.

Thank you Belahzur, Tigerlilly Sad tearing

Tigerlilly77
Intermediate
Intermediate

Posts Posts : 63
Joined Joined : 2009-07-25
Gender Gender : Female
OS OS : Vista
Points Points : 27019
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Program:Vista---Highjacked browers,main web pages, etc...nothing fixes it

Post by Origin on 9th August 2009, 7:54 pm

Please use the Internet Explorer browser, and do an online scan with [You must be registered and logged in to see this link.]

Note: If you have used this particular scanner before, you MAY HAVE TO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component

Click Accept, when prompted to download and install the program files and database of malware definitions.

  • Click Run at the Security prompt.
  • The program will then begin downloading and installing and will also update the database.
  • Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

    **Note**

    To optimize scanning time and produce a more sensible report for review:

  • Close any open programs.
  • Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31513
# Likes # Likes : 0

View user profile

Back to top Go down

Kasp. didn't work

Post by Tigerlilly77 on 10th August 2009, 3:38 am

Hi Origin-
I tried to run the Kaspersky scan as directed and the "accept" button was disabled...faded out- unpressable (not a real word, but an accurate description) I tried several ways to get around it but I was redirected to bogus sites...

:con: Thanks! Tigerlilly

Tigerlilly77
Intermediate
Intermediate

Posts Posts : 63
Joined Joined : 2009-07-25
Gender Gender : Female
OS OS : Vista
Points Points : 27019
# Likes # Likes : 0

View user profile

Back to top Go down

Maybe GMER may help? It's long...PART 1

Post by Tigerlilly77 on 10th August 2009, 4:08 am

GMER 1.0.15.15020 [download[1].exe] - [You must be registered and logged in to see this link.]
Rootkit scan 2009-08-11 00:01:31
Windows 6.0.6001 Service Pack 1


---- System - GMER 1.0.15 ----

SSDT 877940B0 ZwAlertResumeThread
SSDT 8777D9B8 ZwAlertThread
SSDT 877FD708 ZwAllocateVirtualMemory
SSDT 8769F320 ZwAlpcConnectPort
SSDT 8783F488 ZwAssignProcessToJobObject
SSDT 8782B170 ZwCreateMutant
SSDT 87840190 ZwCreateSymbolicLinkObject
SSDT 87883780 ZwCreateThread
SSDT 8783E450 ZwDebugActiveProcess
SSDT 877FD920 ZwDuplicateObject
SSDT 87810EF0 ZwFreeVirtualMemory
SSDT 87811048 ZwImpersonateAnonymousToken
SSDT 877C3048 ZwImpersonateThread
SSDT 876A0510 ZwLoadDriver
SSDT 87810DD0 ZwMapViewOfSection
SSDT 87812048 ZwOpenEvent
SSDT 877FDB38 ZwOpenProcess
SSDT 8770C068 ZwOpenProcessToken
SSDT 8782D648 ZwOpenSection
SSDT 877FD9E8 ZwOpenThread
SSDT 87840EC0 ZwProtectVirtualMemory
SSDT 87814110 ZwResumeThread
SSDT 877807F8 ZwSetContextThread
SSDT 87810B38 ZwSetInformationProcess
SSDT 8782D400 ZwSetSystemInformation
SSDT 8782A048 ZwSuspendProcess
SSDT 877829E8 ZwSuspendThread
SSDT 87F243E8 ZwTerminateProcess
SSDT 87764298 ZwTerminateThread
SSDT 87739118 ZwUnmapViewOfSection
SSDT 877FD3C0 ZwWriteVirtualMemory
SSDT 878406A0 ZwCreateThreadEx

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetTimerEx + 350 820D6914 8 Bytes [B0, 40, 79, 87, B8, D9, 77, ...]
.text ntkrnlpa.exe!KeSetTimerEx + 364 820D6928 4 Bytes [08, D7, 7F, 87] {OR BH, DL; JG 0xffffffffffffff8b}
.text ntkrnlpa.exe!KeSetTimerEx + 370 820D6934 4 Bytes [20, F3, 69, 87]
.text ntkrnlpa.exe!KeSetTimerEx + 3C4 820D6988 4 Bytes [88, F4, 83, 87]
.text ntkrnlpa.exe!KeSetTimerEx + 428 820D69EC 4 Bytes [70, B1, 82, 87]
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[3776] USER32.dll!DialogBoxIndirectParamW 7608BD25 5 Bytes JMP 6F190696 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3776] USER32.dll!DialogBoxParamW 760A1FD5 5 Bytes JMP 6F190620 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3776] USER32.dll!DialogBoxParamA 760C80B2 5 Bytes JMP 6F19065B C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3776] USER32.dll!DialogBoxIndirectParamA 760C83DD 5 Bytes JMP 6F1906D1 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3776] USER32.dll!MessageBoxIndirectA 760DD471 5 Bytes JMP 6F1905DC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3776] USER32.dll!MessageBoxIndirectW 760DD56B 5 Bytes JMP 6F190598 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3776] USER32.dll!MessageBoxExA 760DD5D1 5 Bytes JMP 6F19055E C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3776] USER32.dll!MessageBoxExW 760DD5F5 5 Bytes JMP 6F190524 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3776] SHELL32.dll!SHRestricted + DFD 76AB8390 4 Bytes [99, 0B, 9B, 6E]
.text C:\Program Files\Internet Explorer\iexplore.exe[3776] SHELL32.dll!SHRestricted + E05 76AB8398 8 Bytes [A7, 0A, 9B, 6E, A4, 32, 9A, ...] {CMPSD ; OR BL, [EBX-0x65cd5b92]; OUTSB }
.text C:\Program Files\Internet Explorer\iexplore.exe[3776] SHELL32.dll!SHRestricted + FB1 76AB8544 4 Bytes [99, 0B, 9B, 6E]
.text C:\Program Files\Internet Explorer\iexplore.exe[3776] SHELL32.dll!SHRestricted + FB9 76AB854C 4 Bytes [A7, 0A, 9B, 6E]
.text C:\Program Files\Internet Explorer\iexplore.exe[3776] SHELL32.dll!ILFree + 5F3 76AB9AFC 4 Bytes [99, 0B, 9B, 6E]
.text C:\Program Files\Internet Explorer\iexplore.exe[3776] SHELL32.dll!ILFree + 5FB 76AB9B04 4 Bytes [A7, 0A, 9B, 6E]
.text C:\Program Files\Internet Explorer\iexplore.exe[3776] SHELL32.dll!SHBindToObject + 693 76ABA9B8 4 Bytes [99, 0B, 9B, 6E]
.text C:\Program Files\Internet Explorer\iexplore.exe[3776] SHELL32.dll!SHBindToObject + 69B 76ABA9C0 4 Bytes [A7, 0A, 9B, 6E]
.text C:\Program Files\Internet Explorer\iexplore.exe[3776] ole32.dll!OleLoadFromStream 77559726 5 Bytes JMP 6F190893 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6E99D537] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6E99D09C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CopyFileW] [6E99B6A1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6E99D221] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

Tigerlilly77
Intermediate
Intermediate

Posts Posts : 63
Joined Joined : 2009-07-25
Gender Gender : Female
OS OS : Vista
Points Points : 27019
# Likes # Likes : 0

View user profile

Back to top Go down

GM- PART 2

Post by Tigerlilly77 on 10th August 2009, 4:12 am

C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetPrivateProfileStringW] [6E99A970] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegQueryInfoKeyW] [6E9ADB0F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegEnumValueW] [6E9AE479] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegOpenKeyExW] [6E9ACB9D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegQueryValueExW] [6E9AD773] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegDeleteKeyW] [6E9ACEA5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegCreateKeyExW] [6E9AC625] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegCloseKey] [6E9ACD09] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindClose] [6E9A0D4C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindFirstFileA] [6E99FF42] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindNextFileA] [6E99FB96] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindFirstFileW] [6E9A02A5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindNextFileW] [6E99FC09] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetFileAttributesA] [6E9989D0] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetCurrentDirectoryA] [6E99EBFB] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetFileAttributesA] [6E998C26] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateDirectoryA] [6E99E3CB] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!RemoveDirectoryA] [6E99E9A5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!DeleteFileA] [6E99C1D6] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetFileAttributesW] [6E998AFB] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetCurrentDirectoryW] [6E99F49D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetFileAttributesW] [6E998D54] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateDirectoryW] [6E99E4F9] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!DeleteFileW] [6E99C301] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!MoveFileW] [6E99DE50] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!RemoveDirectoryW] [6E99EAD0] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!MoveFileA] [6E99DDDD] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [6E99D09C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateFileA] [6E99BBD2] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateFileW] [6E99BD1B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryW] [6E99D221] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6E99D221] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!ReplaceFileW] [6E99E151] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!WritePrivateProfileStringW] [6E99B114] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringW] [6E99A970] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringA] [6E99A819] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!DeleteFileW] [6E99C301] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6E99D537] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesW] [6E998D54] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [6E99BD1B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileW] [6E9A02A5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileW] [6E99FC09] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathW] [6E99F233] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesW] [6E998AFB] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesA] [6E998C26] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] [6E99BBD2] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileA] [6E99FF42] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileA] [6E99FB96] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindClose] [6E9A0D4C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathA] [6E99EFA8] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesA] [6E9989D0] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6E99D09C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

Tigerlilly77
Intermediate
Intermediate

Posts Posts : 63
Joined Joined : 2009-07-25
Gender Gender : Female
OS OS : Vista
Points Points : 27019
# Likes # Likes : 0

View user profile

Back to top Go down

Part 3

Post by Tigerlilly77 on 10th August 2009, 4:26 am

C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!WinHelpW] [6E99CF65] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!WinHelpA] [6E99CE2E] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCloseKey] [6E9ACD09] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExA] [6E9AC49D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteKeyA] [6E9ACD5C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryInfoKeyA] [6E9AD913] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExA] [6E9ACA25] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExW] [6E9AC625] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExW] [6E9ACB9D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyExW] [6E9AE169] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueW] [6E9AD437] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteKeyW] [6E9ACEA5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryInfoKeyW] [6E9ADB0F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExW] [6E9AD773] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumValueW] [6E9AE479] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyW] [6E9ADE75] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyExA] [6E9ADFE1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumValueA] [6E9AE2F1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyA] [6E9ADD0B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExA] [6E9AD5D3] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionW] [6E99A460] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindNextFileW] [6E99FC09] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!ReplaceFileW] [6E99E151] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionNamesW] [6E99A6E2] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileSectionW] [6E99AE92] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileStringW] [6E99B114] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateHardLinkW] [6E99C023] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CopyFileW] [6E99B6A1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetBinaryTypeW] [6E999700] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6E99D537] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileW] [6E99DE50] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindFirstFileW] [6E9A02A5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindClose] [6E9A0D4C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetShortPathNameA] [6E999362] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesA] [6E9989D0] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SearchPathW] [6E99F233] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileIntW] [6E99A1D8] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileStringW] [6E99A970] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!RemoveDirectoryW] [6E99EAD0] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateDirectoryW] [6E99E4F9] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!DeleteFileW] [6E99C301] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetFileAttributesW] [6E998D54] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesW] [6E998AFB] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW] [6E99DE75] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetShortPathNameW] [6E9994A1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6E99D221] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] [6E99BD1B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesExW] [6E998FC1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6E99D09C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetLongPathNameW] [6E999231] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetCurrentDirectoryW] [6E99F49D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\SHELL32.dll [USER32.dll!LoadImageW] [6E99C58B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\SHELL32.dll [USER32.dll!WinHelpW]

Tigerlilly77
Intermediate
Intermediate

Posts Posts : 63
Joined Joined : 2009-07-25
Gender Gender : Female
OS OS : Vista
Points Points : 27019
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Program:Vista---Highjacked browers,main web pages, etc...nothing fixes it

Post by Tigerlilly77 on 10th August 2009, 4:27 am

IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\SHELL32.dll [USER32.dll!WinHelpW] [6E99CF65] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\SHELL32.dll [USER32.dll!PrivateExtractIconsW] [6E99CA80] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyExW] [6E9ACB9D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegCreateKeyExW] [6E9AC625] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegEnumKeyW] [6E9ADE75] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegEnumValueW] [6E9AE479] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegDeleteKeyW] [6E9ACEA5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryInfoKeyW] [6E9ADB0F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryInfoKeyA] [6E9AD913] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegEnumKeyExW] [6E9AE169] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegSetValueW] [6E9AD13F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryValueExW] [6E9AD773] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryValueW] [6E9AD437] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyW] [6E9AC8E9] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegCreateKeyW] [6E9AC35D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryValueExA] [6E9AD5D3] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyExA] [6E9ACA25] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegCloseKey] [6E9ACD09] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtQueryDirectoryFile] [6E9A91AC] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FindClose] [6E9A0D4C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FindFirstFileW] [6E9A02A5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6E99D537] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!SearchPathW] [6E99F233] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!DeleteFileW] [6E99C301] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetShortPathNameW] [6E9994A1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileAttributesExW] [6E998FC1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateFileW] [6E99BD1B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6E99D221] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileAttributesW] [6E998AFB] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6E99D09C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegSetValueW] [6E9AD13F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueA] [6E9AD28F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegEnumKeyExW] [6E9AE169] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegEnumValueW] [6E9AE479] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegEnumKeyA] [6E9ADD0B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegDeleteKeyA] [6E9ACD5C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryInfoKeyW] [6E9ADB0F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryInfoKeyA] [6E9AD913] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueW] [6E9AD437] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegEnumKeyW] [6E9ADE75] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegCloseKey] [6E9ACD09] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueExW] [6E9AD773] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyExW] [6E9ACB9D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegDeleteKeyW] [6E9ACEA5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegCreateKeyExW] [6E9AC625] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueExA] [6E9AD5D3] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyExA] [6E9ACA25] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueW] [6E9A5CFD] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueA] [6E9A5C9F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathUnExpandEnvStringsA] [6E9A4D95] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteKeyA] [6E9A50AF] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteValueW] [6E9A519F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathCreateFromUrlW] [6E9A40A2] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueA] [6E9A5357] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueA] [6E9A619F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueW] [6E9A53B2] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueW] [6E9A61FA] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3776] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathCombineW] [6E9A3FFB] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

---- EOF - GMER 1.0.15 ----

Tigerlilly77
Intermediate
Intermediate

Posts Posts : 63
Joined Joined : 2009-07-25
Gender Gender : Female
OS OS : Vista
Points Points : 27019
# Likes # Likes : 0

View user profile

Back to top Go down

Bump

Post by Tigerlilly77 on 11th August 2009, 2:41 am

Is this hopeless?

Tigerlilly77
Intermediate
Intermediate

Posts Posts : 63
Joined Joined : 2009-07-25
Gender Gender : Female
OS OS : Vista
Points Points : 27019
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Program:Vista---Highjacked browers,main web pages, etc...nothing fixes it

Post by Belahzur on 11th August 2009, 1:51 pm

Please download GooredFix from one of the locations below and save it to your Desktop
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Program:Vista---Highjacked browers,main web pages, etc...nothing fixes it

Post by Tigerlilly77 on 11th August 2009, 3:26 pm

GooredFix by jpshortstuff (12.07.09)
Log created at 11:06 on 12/08/2009 (Elena)
Firefox version [Unable to determine]

========== GooredScan ==========
Hi again-
This is the result- I followed your instructions EXACTLY as told, I don't have Firefox (I right-clicked for Vista) and here is the log...I was not given the option to scan...argg.
I just don't understand, Belahzur. Will we ever be able to fix this?
Thank you so much for your time and efforts...Tigerlilly

C:\Program Files\Mozilla Firefox\extensions\
(none)
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [14:14 08/08/2009]

-=E.O.F=-

Tigerlilly77
Intermediate
Intermediate

Posts Posts : 63
Joined Joined : 2009-07-25
Gender Gender : Female
OS OS : Vista
Points Points : 27019
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Program:Vista---Highjacked browers,main web pages, etc...nothing fixes it

Post by Belahzur on 11th August 2009, 3:54 pm

Hello.
Lets see what's installed.

  • Open HijackThis.
  • When Hijack This opens, click "Open the Misc Tools section"
  • Then select "Open Uninstall Manager"
  • Click on "Save List..." (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum