Free Malware Removal Forum

by **mike73** » January 12th, 2010, 7:55 pm

Hello,

My computer is peforming very slowly. After I restart my computer, it takes about 4-5 min for me to open Internet explorer. Then, it takes good 2-3 min for the first page to load. I do have Kaspersky installed and scan runs fine. Any help is greatly appreciated. Here is the HT log...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:28:28 PM, on 1/12/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\CadViewer4\PDF-XChange\pdfSaver\pdfSaver3.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Common Files\SupportSoft\bin\bcont.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [pdfSaver3] "C:\CadViewer4\PDF-XChange\pdfSaver\pdfSaver3.exe"
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [Desktop Software] "C:\Program Files\Common Files\SupportSoft\bin\bcont.exe" /ini "C:\Program Files\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.winkflash.com/photo/loaders/ ... oader5.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/share ... cgdmgr.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by101fd.bay101.hotmail.msn.com/a ... Atchmt.ocx
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitch.com/TrueInstall.exe
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: UGNX License Server - Unknown owner - C:\Program Files\UGS\NX 3.0\UGFLEXLM\lmgrd.exe (file missing)

--
End of file - 8639 bytes

by **MWR 3 day Mod** » January 16th, 2010, 9:12 pm

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.

by **Blade81** » January 19th, 2010, 12:58 pm

Hi,

How much memory does your system have installed and has the hard drive been defragged lately?

Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool.

When done, DDS will open two (2) logs:
1. DDS.txt
2. Attach.txt
Save both reports to your desktop. Post them back to your topic.

---

Download GMER here by clicking download exe -button and then saving it your desktop:

Double-click .exe that you downloaded
Click rootkit-tab and then scan.
Don't check
Show All
box while scanning in progress!
When scanning is ready, click Copy.
This copies log to clipboard
Post log (if the log is long, archive it into a zip file and attach instead of posting) in your reply.

by **mike73** » January 19th, 2010, 10:57 pm

Thanks for helping me out.

My computer has 512 MB of RAM. It has been more than 6 months snce I defragmented the hard-drive.

Here is dds.txt....

DDS (Ver_09-12-01.01) - NTFSx86
Run by Shiva at 21:40:35.46 on Tue 01/19/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.511.130 [GMT -5:00]

AV: Kaspersky Internet Security *On-access scanning enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *enabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\CadViewer4\PDF-XChange\pdfSaver\pdfSaver3.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Common Files\SupportSoft\bin\bcont.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Palm\Hotsync.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\Documents and Settings\Shiva\Local Settings\Temporary Internet Files\Content.IE5\KYIJQL58\dds[1].scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [pdfSaver3] "c:\cadviewer4\pdf-xchange\pdfsaver\pdfSaver3.exe"
uRun: [NBJ] "c:\program files\ahead\nero backitup\NBJ.exe"
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
uRun: [Desktop Software] "c:\program files\common files\supportsoft\bin\bcont.exe" /ini "c:\program files\comcastui\desktop software\uinstaller.ini" /fromrun /starthidden
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe
mRun: [diagent] "c:\program files\creative\sblive\diagnostics\diagent.exe" startup
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [Microsoft Works Update Detection] c:\program files\common files\microsoft shared\works shared\WkUFind.exe
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRunOnce: [RunNarrator] Narrator.exe
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palm\Hotsync.exe
mPolicies-explorer: <NO NAME> =
IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2010\ie_banner_deny.htm
IE: {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/
IE: {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/
IE: {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - {DD6687B5-CB43-4211-BFC9-2942CCBDCB3E} - c:\program files\microsoft money\system\mnyside.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/sh ... tor/sw.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo.walgreens.com/WalgreensActivia.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/share ... insctl.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://www.winkflash.com/photo/loaders/ ... oader5.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - hxxp://web1.shutterfly.com/downloads/Uploader.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/C ... 5512615741
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/share ... cgdmgr.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shoc ... wflash.cab
DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} - hxxp://by101fd.bay101.hotmail.msn.com/a ... Atchmt.ocx
DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - hxxp://www.trueswitch.com/TrueInstall.exe
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: klogon - c:\windows\system32\klogon.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\kloehk.dll

============= SERVICES / DRIVERS ===============

R0 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2009-5-24 128016]
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-12-15 33808]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2009-12-15 296976]
R2 AVP;Kaspersky Internet Security;c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe [2009-5-25 303376]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2009-5-13 31760]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-5-16 19472]
S2 UGNX License Server;UGNX License Server;c:\program files\ugs\nx 3.0\ugflexlm\lmgrd.exe --> c:\program files\ugs\nx 3.0\ugflexlm\lmgrd.exe [?]

=============== Created Last 30 ================

2010-01-11 22:50:37 0 d-sha-r- C:\cmdcons
2010-01-11 22:48:04 98816 ----a-w- c:\windows\sed.exe
2010-01-11 22:48:04 77312 ----a-w- c:\windows\MBR.exe
2010-01-11 22:48:04 261632 ----a-w- c:\windows\PEV.exe
2010-01-11 22:48:04 161792 ----a-w- c:\windows\SWREG.exe
2010-01-06 00:55:43 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-01-06 00:55:43 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-05 01:23:02 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-05 01:22:57 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-05 01:22:57 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-05 01:13:29 0 d-----w- C:\_OTM
2010-01-03 01:31:32 0 d-----w- c:\docume~1\shiva\applic~1\Malwarebytes
2010-01-03 01:31:18 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

==================== Find3M ====================

2009-12-15 23:24:55 128016 ----a-w- c:\windows\system32\drivers\kl1.sys
2009-12-15 23:24:49 108059 ----a-w- c:\windows\system32\drivers\klin.dat
2009-12-15 23:24:48 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2009-12-15 23:20:41 604140 --sha-w- c:\windows\system32\drivers\ISwift3.dat
2009-10-29 07:45:38 916480 ------w- c:\windows\system32\wininet.dll
2009-10-29 05:48:04 1506304 ----a-w- c:\windows\system32\dllcache\shdocvw.dll
2009-10-29 05:48:03 55808 ----a-w- c:\windows\system32\dllcache\extmgr.dll
2009-10-29 05:48:02 151040 ----a-w- c:\windows\system32\dllcache\cdfview.dll
2009-10-29 05:48:02 1023488 ----a-w- c:\windows\system32\dllcache\browseui.dll
2009-10-27 11:06:22 18432 ----a-w- c:\windows\system32\dllcache\iedw.exe
2003-08-20 00:01:53 16251072 -c--a-w- c:\program files\AdbeRdr60_enu_full.exe
2001-07-07 04:47:50 3149 -c--a-w- c:\program files\ReadMe.txt
2001-07-06 21:59:54 372736 -c--a-w- c:\program files\Dragnifier.exe
2004-10-26 22:48:19 56 -csha-r- c:\windows\system32\C996166E60.sys
2004-10-26 22:48:19 1890 -csha-w- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 21:41:57.57 ===============

Here is the att

by **mike73** » January 19th, 2010, 10:59 pm

Here is the attach.txt...

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 8/5/2006 5:39:26 PM
System Uptime: 1/19/2010 9:27:25 PM (0 hours ago)

Motherboard: Dell Computer Corp. | | 02Y832
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | Microprocessor | 2793/533mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 56 GiB total, 36.569 GiB free.
D: is CDROM (CDFS)
E: is CDROM (CDFS)
F: is FIXED (NTFS) - 57 GiB total, 26.981 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP788: 12/10/2009 6:28:05 PM - Installed Comcast Desktop Software (v1.2.0.9)
RP789: 12/10/2009 7:56:31 PM - Software Distribution Service 3.0
RP790: 12/11/2009 12:00:25 AM - Software Distribution Service 3.0
RP791: 12/11/2009 5:00:03 PM - Removed DAO
RP792: 12/11/2009 5:05:21 PM - Removed TomTom HOME
RP793: 12/12/2009 5:51:05 PM - Software Distribution Service 3.0
RP794: 12/13/2009 6:23:15 PM - System Checkpoint
RP795: 12/14/2009 7:15:57 PM - System Checkpoint
RP796: 12/15/2009 6:14:17 PM - Installed Kaspersky Internet Security 2010.
RP797: 12/16/2009 10:26:57 PM - System Checkpoint
RP798: 12/18/2009 3:08:21 PM - System Checkpoint
RP799: 12/19/2009 3:40:35 PM - System Checkpoint
RP800: 12/19/2009 4:32:43 PM - Software Distribution Service 3.0
RP801: 12/19/2009 4:55:21 PM - Software Distribution Service 3.0
RP802: 12/20/2009 3:14:55 PM - Software Distribution Service 3.0
RP803: 12/27/2009 8:24:46 PM - System Checkpoint
RP804: 12/28/2009 12:00:31 AM - Software Distribution Service 3.0
RP805: 12/28/2009 6:47:04 AM - Software Distribution Service 3.0
RP806: 12/29/2009 11:02:38 AM - System Checkpoint
RP807: 12/30/2009 12:00:32 AM - Software Distribution Service 3.0
RP808: 12/31/2009 12:00:29 AM - Software Distribution Service 3.0
RP809: 1/1/2010 12:00:27 AM - Software Distribution Service 3.0
RP810: 1/1/2010 4:42:15 PM - Software Distribution Service 3.0
RP811: 1/2/2010 7:48:33 PM - Removed DAEMON Tools
RP812: 1/2/2010 9:17:36 PM - Software Distribution Service 3.0
RP813: 1/2/2010 10:09:49 PM - Software Distribution Service 3.0
RP814: 1/2/2010 10:13:04 PM - Software Distribution Service 3.0
RP815: 1/3/2010 12:01:12 AM - Software Distribution Service 3.0
RP816: 1/4/2010 7:36:45 AM - Software Distribution Service 3.0
RP817: 1/5/2010 7:10:27 PM - Software Distribution Service 3.0
RP818: 1/5/2010 7:26:17 PM - Installed Microsoft Fix it 50195
RP819: 1/5/2010 7:36:22 PM - Removed Adobe Reader 7.0.9
RP820: 1/5/2010 7:38:20 PM - Removed Java 2 Runtime Environment, SE v1.4.2_11
RP821: 1/5/2010 7:45:50 PM - Installed Adobe Reader 9.2.
RP822: 1/5/2010 7:53:28 PM - Installed Java(TM) 6 Update 17
RP823: 1/6/2010 7:32:38 AM - Software Distribution Service 3.0
RP824: 1/7/2010 7:22:16 AM - Software Distribution Service 3.0
RP825: 1/7/2010 7:32:20 AM - Software Distribution Service 3.0
RP826: 1/8/2010 8:47:14 AM - Software Distribution Service 3.0
RP827: 1/8/2010 9:18:03 AM - Software Distribution Service 3.0
RP828: 1/11/2010 5:41:26 PM - Software Distribution Service 3.0
RP829: 1/12/2010 5:04:17 PM - Software Distribution Service 3.0
RP830: 1/13/2010 8:40:48 AM - Software Distribution Service 3.0
RP831: 1/13/2010 8:46:54 AM - Software Distribution Service 3.0
RP832: 1/13/2010 10:23:54 AM - Software Distribution Service 3.0
RP833: 1/16/2010 5:21:44 PM - System Checkpoint
RP834: 1/17/2010 1:20:43 PM - Software Distribution Service 3.0
RP835: 1/18/2010 1:43:54 PM - System Checkpoint
RP836: 1/19/2010 6:44:58 PM - Software Distribution Service 3.0

==== Installed Programs ======================

1310
1310_Help
1310Tour
1310Trb
Adobe Flash Player 10 ActiveX
Adobe Reader 9.2
Adobe Shockwave Player 11
AiO_Scan
AiOSoftware
AutoCAD 2000
Banctec Service Agreement
BCM V.92 56K Modem
CDBurnerXP Pro 3
Comcast Desktop Software (v1.2.0.9)
Dell Networking Guide
Dell Solution Center
Dell Support
ERUNT 1.1j
Fax
Google Toolbar for Internet Explorer
Help and Support Customization
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976098-v2)
HP Diagnostic Assistant
HP PSC & OfficeJet 4.2
HP Software Update
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet
Internet Explorer Q903235
Java(TM) 6 Update 17
Kaspersky Internet Security 2010
Malwarebytes' Anti-Malware
MaxBlast 3
Microsoft .NET Framework (English)
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 1.0 Hotfix (KB928367)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Data Access Components KB870669
Microsoft Money 2003
Microsoft Money 2003 System Pack
Microsoft Office Professional Edition 2003
Microsoft Picture It! Photo 7.0
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Works 2003 Setup Launcher
Microsoft Works 7.0
Microsoft Works Suite Add-in for Microsoft Word
MSN Add-in for Windows Messenger
MSN Messenger 6.2
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
MyPublisher BookMaker
Nero Suite
NETGEAR Print Server Utility
NVIDIA Drivers
NX 3 Translators
Overland
Paint Shop Pro 7
Palm
PDF-XChange 3.0
Picasa 2
ProductContext
QFolder
Readme
RealOne Player
Roxio VideoWave Movie Creator
Scan
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB976325)
Shockwave
Sound Blaster Live!
TDK Digital MixMaster
Unigraphics NX FLEXlm
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows XP (KB894391)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8
Windows Media Player 9 Hotfix [See KB885492 for more information]
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Works Suite OS Pack

==== Event Viewer Messages From Past Week ========

1/19/2010 6:56:28 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
1/19/2010 6:41:13 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
1/13/2010 9:05:53 AM, error: System Error [1003] - Error code 00000050, parameter1 c6280000, parameter2 00000000, parameter3 804f35d6, parameter4 00000000.
1/13/2010 8:40:35 AM, error: Service Control Manager [7031] - The Kaspersky Internet Security service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
1/12/2010 7:27:10 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.
1/12/2010 5:07:45 PM, error: Service Control Manager [7000] - The UGNX License Server service failed to start due to the following error: The system cannot find the file specified.
1/12/2010 5:07:45 PM, error: Service Control Manager [7000] - The DS1410D service failed to start due to the following error: The system cannot find the file specified.
1/12/2010 5:04:34 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft XML Core Services 6.0 Service Pack 2 (KB954459).
1/12/2010 5:03:44 PM, error: Service Control Manager [7034] - The Terminal Services service terminated unexpectedly. It has done this 1 time(s).
1/12/2010 5:03:44 PM, error: Service Control Manager [7031] - The DCOM Server Process Launcher service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.

==== End Of File ===========================

by **mike73** » January 19th, 2010, 11:06 pm

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-19 22:06:40
Windows 5.1.2600 Service Pack 2
Running: wvctdcmg.exe; Driver: C:\DOCUME~1\Shiva\LOCALS~1\Temp\fwloapob.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0xF491636E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwClose [0xF4916A86]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwConnectPort [0xF491760C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateEvent [0xF4917B40]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateFile [0xF4916D78]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateKey [0xF4915460]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateMutant [0xF4917A18]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateNamedPipeFile [0xF4914D0A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreatePort [0xF49178D4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSection [0xF4916102]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSemaphore [0xF4917C72]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSymbolicLinkObject [0xF491940E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateThread [0xF4916886]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateWaitablePort [0xF4917976]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeleteKey [0xF4915A20]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeleteValueKey [0xF4915CF8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeviceIoControlFile [0xF491721C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDuplicateObject [0xF4919980]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateKey [0xF4915E3A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateValueKey [0xF4915EE4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwFsControlFile [0xF4917016]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadDriver [0xF4918EA6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadKey [0xF491543C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadKey2 [0xF491544E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwNotifyChangeKey [0xF4916030]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenEvent [0xF4917BE2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenFile [0xF4916B08]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenKey [0xF4915604]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenMutant [0xF4917AB0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenProcess [0xF491656E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenSection [0xF4919438]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenSemaphore [0xF4917D14]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenThread [0xF4916492]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryKey [0xF4915F8E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryMultipleValueKey [0xF4915BB6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryValueKey [0xF49158BC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueueApcThread [0xF4919128]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRenameKey [0xF4915B34]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplaceKey [0xF49150C2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplyPort [0xF491809E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0xF4917F64]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0xF4918C30]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRestoreKey [0xF4915224]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwResumeThread [0xF4919860]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSaveKey [0xF4914EC4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSecureConnectPort [0xF4917312]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetContextThread [0xF4916984]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetInformationToken [0xF49185F2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetSecurityObject [0xF4918FA0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetSystemInformation [0xF49194C2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetValueKey [0xF4915744]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSuspendProcess [0xF49195A6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSuspendThread [0xF49196D2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSystemDebugControl [0xF4918DD2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwTerminateProcess [0xF49166EA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwTerminateThread [0xF491663C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0xF49167C8]

Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) FsRtlCheckLockForReadAccess
Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) IoIsOperationSynchronous

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 114 804E2770 16 Bytes [02, 61, 91, F4, 72, 7C, 91, ...] {ADD AH, [ECX-0x6f]; HLT ; JB 0x82; XCHG ECX, EAX; HLT ; PUSH CS; XCHG ESP, EAX; XCHG ECX, EAX; HLT ; XCHG [EAX-0x6f], CH; HLT }
.text ntoskrnl.exe!_abnormal_termination + 1D9 804E2835 3 Bytes [54, 91, F4] {PUSH ESP; XCHG ECX, EAX; HLT }
.text ntoskrnl.exe!_abnormal_termination + 34C 804E29A8 16 Bytes [34, 5B, 91, F4, C2, 50, 91, ...] {XOR AL, 0x5b; XCHG ECX, EAX; HLT ; RET 0x9150; HLT ; SAHF ; ADC BYTE [ECX-0x6e809b0c], 0xf4}
.text ntoskrnl.exe!_abnormal_termination + 440 804E2A9C 12 Bytes [A6, 95, 91, F4, D2, 96, 91, ...] {CMPSB ; XCHG EBP, EAX; XCHG ECX, EAX; HLT ; RCL BYTE [ESI-0x722d0b6f], CL; XCHG ECX, EAX; HLT }
.text ntoskrnl.exe!_abnormal_termination + 450 804E2AAC 8 Bytes JMP 3CF49166
.text ntoskrnl.exe!IoIsOperationSynchronous 804E8752 5 Bytes JMP F490B7DE \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)
.text ntoskrnl.exe!FsRtlCheckLockForReadAccess 80503C29 5 Bytes JMP F490B424 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)
? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
? C:\WINDOWS\System32\Drivers\SPTDDRV1.SYS The process cannot access the file because it is being used by another process.
.text C:\WINDOWS\System32\DRIVERS\nv4_mini.sys section is writeable [0xF6C66360, 0x24BB1D, 0xE8000020]
.text USBPORT.SYS!DllUnload F6C4762C 5 Bytes JMP 839B01B8
? C:\DOCUME~1\Shiva\LOCALS~1\Temp\fwloapog.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[200] USER32.dll!VRipOutput + FFFA4DE7 7E412A78 4 Bytes [70, 11, 32, 6D]
.text C:\Program Files\Palm\Hotsync.exe[1128] msvcrt.dll!??2@YAPAXI@Z 77C29CC5 5 Bytes JMP 0A93C080 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\Hotsync.exe[1128] msvcrt.dll!??3@YAXPAX@Z 77C29CDD 5 Bytes JMP 0A93C0E0 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\Hotsync.exe[1128] msvcrt.dll!?set_new_handler@@YAP6AXXZP6AXXZ@Z 77C29D9F 5 Bytes JMP 0A93C110 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\Hotsync.exe[1128] msvcrt.dll!_aligned_offset_malloc 77C29DAF 5 Bytes JMP 0A93BFE0 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\Hotsync.exe[1128] msvcrt.dll!_aligned_free 77C29E33 5 Bytes JMP 0A93C0E0 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\Hotsync.exe[1128] msvcrt.dll!_aligned_malloc 77C29E52 5 Bytes JMP 0A93BFC0 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\Hotsync.exe[1128] msvcrt.dll!_aligned_offset_realloc 77C29E6E 5 Bytes JMP 0A93C020 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\Hotsync.exe[1128] msvcrt.dll!_aligned_realloc 77C29FC6 5 Bytes JMP 0A93C000 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\Hotsync.exe[1128] msvcrt.dll!_expand 77C29FE5 5 Bytes JMP 0A93BFA0 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\Hotsync.exe[1128] msvcrt.dll!_heapadd 77C2BC9F 5 Bytes JMP 0A93C160 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\Hotsync.exe[1128] msvcrt.dll!_heapchk 77C2BCB3 5 Bytes JMP 0A93C170 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\Hotsync.exe[1128] msvcrt.dll!_heapset + 1 77C2BD83 4 Bytes JMP 0A93C191 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\Hotsync.exe[1128] msvcrt.dll!_heapmin 77C2BD8C 5 Bytes JMP 0A93C260 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\Hotsync.exe[1128] msvcrt.dll!_heapused 77C2BE3A 5 Bytes JMP 0A93C230 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\Hotsync.exe[1128] msvcrt.dll!_heapwalk 77C2BE4D 5 Bytes JMP 0A93C1A0 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\Hotsync.exe[1128] msvcrt.dll!_msize 77C2BF6C 5 Bytes JMP 0A93BEB0 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\Hotsync.exe[1128] msvcrt.dll!calloc 77C2C0C3 5 Bytes JMP 0A93BE50 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\Hotsync.exe[1128] msvcrt.dll!free 77C2C21B 5 Bytes JMP 0A93C0E0 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\Hotsync.exe[1128] msvcrt.dll!malloc 77C2C407 5 Bytes JMP 0A93BE10 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\Hotsync.exe[1128] msvcrt.dll!realloc 77C2C437 5 Bytes JMP 0A93BE90 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2004] C:\WINDOWS\system32\ntdll.dll time/date stamp mismatch;
? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2004] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
.text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2004] USER32.dll!VRipOutput + FFFA4DE7 7E412A78 4 Bytes [70, 11, 32, 6D]
.text C:\Program Files\Internet Explorer\iexplore.exe[2284] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 3E254602 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2284] USER32.dll!CallNextHookEx 7E41F85B 5 Bytes JMP 3E2DCEE9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2284] USER32.dll!CreateWindowExW 7E41FC25 5 Bytes JMP 3E2ED6EC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2284] USER32.dll!DialogBoxParamW 7E42555F 5 Bytes JMP 3E21541D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2284] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 3E2E9865 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2284] USER32.dll!DialogBoxIndirectParamW 7E432032 5 Bytes JMP 3E3E441F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2284] USER32.dll!MessageBoxIndirectA 7E43A04A 5 Bytes JMP 3E3E4351 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2284] USER32.dll!DialogBoxParamA 7E43B10C 5 Bytes JMP 3E3E43BC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2284] USER32.dll!MessageBoxExW 7E4505D8 5 Bytes JMP 3E3E4222 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2284] USER32.dll!MessageBoxExA 7E4505FC 5 Bytes JMP 3E3E4284 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2284] USER32.dll!DialogBoxIndirectParamA 7E456B50 5 Bytes JMP 3E3E4482 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2284] USER32.dll!MessageBoxIndirectW 7E4662AB 5 Bytes JMP 3E3E42E6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2284] ole32.dll!CoCreateInstance 774FFAC3 5 Bytes JMP 3E2ED748 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2284] ole32.dll!OleLoadFromStream 7752A257 5 Bytes JMP 3E3E47A0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3988] USER32.dll!CreateWindowExW 7E41FC25 5 Bytes JMP 3E2ED6EC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3988] USER32.dll!DialogBoxParamW 7E42555F 5 Bytes JMP 3E21541D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3988] USER32.dll!DialogBoxIndirectParamW 7E432032 5 Bytes JMP 3E3E441F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3988] USER32.dll!MessageBoxIndirectA 7E43A04A 5 Bytes JMP 3E3E4351 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3988] USER32.dll!DialogBoxParamA 7E43B10C 5 Bytes JMP 3E3E43BC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3988] USER32.dll!MessageBoxExW 7E4505D8 5 Bytes JMP 3E3E4222 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3988] USER32.dll!MessageBoxExA 7E4505FC 5 Bytes JMP 3E3E4284 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3988] USER32.dll!DialogBoxIndirectParamA 7E456B50 5 Bytes JMP 3E3E4482 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3988] USER32.dll!MessageBoxIndirectW 7E4662AB 5 Bytes JMP 3E3E42E6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F869E6C4] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F86B4394] sptd.sys
IAT atapi.sys[ntoskrnl.exe!IoConnectInterrupt] [F869E718] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F868EAB6] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F868EBEE] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F868EB76] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F868F71C] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F868F5F2] sptd.sys
IAT disk.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F86B44E8] sptd.sys
IAT \SystemRoot\System32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F86B37AE] sptd.sys
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F86B44E8] sptd.sys
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[ntoskrnl.exe!IoCreateDevice] [F7FFD6D0] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[TDI.SYS!TdiRegisterDeviceObject] [F7FFD820] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\System32\DRIVERS\netbt.sys[ntoskrnl.exe!IoCreateDevice] [F7FFD6D0] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\System32\DRIVERS\netbt.sys[TDI.SYS!TdiRegisterDeviceObject] [F7FFD820] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\System32\drivers\afd.sys[ntoskrnl.exe!IoCreateDevice] [F7FFD6D0] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\System32\DRIVERS\netbios.sys[ntoskrnl.exe!IoCreateDevice] [F7FFD6D0] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\System32\DRIVERS\rdbss.sys[ntoskrnl.exe!IoCreateDevice] [F7FFD6D0] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\System32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!IoCreateDevice] [F7FFD6D0] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\System32\Drivers\Fips.SYS[ntoskrnl.exe!IoCreateDevice] [F7FFD6D0] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\DRIVERS\ipnat.sys[ntoskrnl.exe!IoCreateDevice] [F7FFD6D0] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[ntoskrnl.exe!IoCreateDevice] [F7FFD6D0] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\System32\DRIVERS\arp1394.sys[ntoskrnl.exe!IoCreateDevice] [F7FFD6D0] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\DRIVERS\HIDCLASS.SYS[ntoskrnl.exe!IoCreateDevice] [F7FFD6D0] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\DRIVERS\kbdhid.sys[ntoskrnl.exe!IoCreateDevice] [F7FFD6D0] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\DRIVERS\mouhid.sys[ntoskrnl.exe!IoCreateDevice] [F7FFD6D0] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\System32\Drivers\Cdfs.SYS[ntoskrnl.exe!IoCreateDevice] [F7FFD6D0] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\System32\DRIVERS\nwlnkipx.sys[ntoskrnl.exe!IoCreateDevice] [F7FFD6D0] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\System32\DRIVERS\nwlnkipx.sys[TDI.SYS!TdiRegisterDeviceObject] [F7FFD820] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\System32\DRIVERS\nwlnknb.sys[ntoskrnl.exe!IoCreateDevice] [F7FFD6D0] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\System32\DRIVERS\nwlnknb.sys[TDI.SYS!TdiRegisterDeviceObject] [F7FFD820] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[ntoskrnl.exe!IoCreateDevice] [F7FFD6D0] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\System32\DRIVERS\nwlnkspx.sys[ntoskrnl.exe!IoCreateDevice] [F7FFD6D0] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\System32\DRIVERS\nwlnkspx.sys[TDI.SYS!TdiRegisterDeviceObject] [F7FFD820] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\System32\DRIVERS\mrxdav.sys[ntoskrnl.exe!IoCreateDevice] [F7FFD6D0] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\drivers\wdmaud.sys[ntoskrnl.exe!IoCreateDevice] [F7FFD6D0] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\drivers\sysaudio.sys[ntoskrnl.exe!IoCreateDevice] [F7FFD6D0] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\System32\Drivers\ParVdm.SYS[ntoskrnl.exe!IoCreateDevice] [F7FFD6D0] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!IoCreateDevice] [F7FFD6D0] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\System32\Drivers\HTTP.sys[ntoskrnl.exe!IoCreateDevice] [F7FFD6D0] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\drivers\kmixer.sys[ntoskrnl.exe!IoCreateDevice] [F7FFD6D0] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Internet Explorer\iexplore.exe[2284] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 83B701D8

AttachedDevice \Driver\Tcpip \Device\Ip kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

Device \Driver\usbuhci \Device\USBPDO-0 839AF1D8
Device \Driver\usbuhci \Device\USBPDO-1 839AF1D8
Device \Driver\usbuhci \Device\USBPDO-2 839AF1D8
Device \Driver\usbuhci \Device\USBPDO-3 839AF1D8
Device \FileSystem\Cdfs \Cdfs 836E8248

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 12038
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 2049328659
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 94076017
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{703FDB1E-A014-4ED1-81A5-C81118BA4F06}@DhcpRetryTime 322
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{703FDB1E-A014-4ED1-81A5-C81118BA4F06}@DhcpRetryStatus 1
Reg HKLM\SOFTWARE\Classes\.application\bootstrap@ bootstrap.application.1
Reg HKLM\SOFTWARE\Classes\.xaml\bootstrap@ bootstrap.xaml.1
Reg HKLM\SOFTWARE\Classes\.xbap\bootstrap@ bootstrap.xbap.1
Reg HKLM\SOFTWARE\Classes\.xps\bootstrap@ bootstrap.xps.1
Reg HKLM\SOFTWARE\Classes\htafile\CLSID@ {3050f4d8-98B5-11CF-BB82-00AA00BDCE0B}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00EF2092-6AC5-47C0-BD25-CF2D5D657FEB}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00EF2092-6AC5-47C0-BD25-CF2D5D657FEB}\iexplore
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00EF2092-6AC5-47C0-BD25-CF2D5D657FEB}\iexplore@Type 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00EF2092-6AC5-47C0-BD25-CF2D5D657FEB}\iexplore@Count 160
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00EF2092-6AC5-47C0-BD25-CF2D5D657FEB}\iexplore@Time 0xD8 0x07 0x0B 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}\iexplore
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}\iexplore@Type 3
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}\iexplore@Count 43
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}\iexplore@Time 0xD7 0x07 0x04 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\iexplore
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\iexplore@Type 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\iexplore@Count 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\iexplore@Time 0xD7 0x07 0x0B 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\iexplore@Count 4314
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\iexplore@Type 4
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\iexplore@Count 4104
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{166B1BCA-3F9C-11CF-8075-444553540000}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{166B1BCA-3F9C-11CF-8075-444553540000}\iexplore
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{166B1BCA-3F9C-11CF-8075-444553540000}\iexplore@Type 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{166B1BCA-3F9C-11CF-8075-444553540000}\iexplore@Count 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{166B1BCA-3F9C-11CF-8075-444553540000}\iexplore@Time 0xD8 0x07 0x07 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{227B8AA8-DAF2-4892-BD1D-73F568BCB24E}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{227B8AA8-DAF2-4892-BD1D-73F568BCB24E}\iexplore
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{227B8AA8-DAF2-4892-BD1D-73F568BCB24E}\iexplore@Type 3
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{227B8AA8-DAF2-4892-BD1D-73F568BCB24E}\iexplore@Count 3775
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{227B8AA8-DAF2-4892-BD1D-73F568BCB24E}\iexplore@Time 0xD8 0x07 0x09 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{22D6F312-B0F6-11D0-94AB-0080C74C7E95}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{22D6F312-B0F6-11D0-94AB-0080C74C7E95}\iexplore
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{22D6F312-B0F6-11D0-94AB-0080C74C7E95}\iexplore@Type 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{22D6F312-B0F6-11D0-94AB-0080C74C7E95}\iexplore@Count 14
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{22D6F312-B0F6-11D0-94AB-0080C74C7E95}\iexplore@Time 0xD8 0x07 0x08 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\iexplore@Count 6071
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{243B17DE-77C7-46BF-B94B-0B5F309A0E64}\iexplore@Count 4314
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25336920-03F9-11CF-8FD0-00AA00686F13}\iexplore@Type 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25336920-03F9-11CF-8FD0-00AA00686F13}\iexplore@Count 17
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2D360201-FFF5-11D1-8D03-00A0C959BC0A}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2D360201-FFF5-11D1-8D03-00A0C959BC0A}\iexplore
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2D360201-FFF5-11D1-8D03-00A0C959BC0A}\iexplore@Type 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2D360201-FFF5-11D1-8D03-00A0C959BC0A}\iexplore@Count 126
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2D360201-FFF5-11D1-8D03-00A0C959BC0A}\iexplore@Time 0xD8 0x07 0x0C 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2D8ED06D-3C30-438B-96AE-4D110FDC1FB8}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2D8ED06D-3C30-438B-96AE-4D110FDC1FB8}\iexplore
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2D8ED06D-3C30-438B-96AE-4D110FDC1FB8}\iexplore@Type 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2D8ED06D-3C30-438B-96AE-4D110FDC1FB8}\iexplore@Count 4
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2D8ED06D-3C30-438B-96AE-4D110FDC1FB8}\iexplore@Time 0xD8 0x07 0x0A 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2D8ED06D-3C30-438B-96AE-4D110FDC1FB8}\iexplore@Blocked 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3050F819-98B5-11CF-BB82-00AA00BDCE0B}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3050F819-98B5-11CF-BB82-00AA00BDCE0B}\iexplore
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3050F819-98B5-11CF-BB82-00AA00BDCE0B}\iexplore@Type 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3050F819-98B5-11CF-BB82-00AA00BDCE0B}\iexplore@Count 10
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3050F819-98B5-11CF-BB82-00AA00BDCE0B}\iexplore@Time 0xD8 0x07 0x06 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{36C417C6-13C6-448B-9784-DD73A93B0582}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{36C417C6-13C6-448B-9784-DD73A93B0582}\iexplore
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{36C417C6-13C6-448B-9784-DD73A93B0582}\iexplore@Type 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{36C417C6-13C6-448B-9784-DD73A93B0582}\iexplore@Count 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{36C417C6-13C6-448B-9784-DD73A93B0582}\iexplore@Time 0xD8 0x07 0x06 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{38481807-CA0E-42D2-BF39-B33AF135CC4D}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{38481807-CA0E-42D2-BF39-B33AF135CC4D}\iexplore
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{38481807-CA0E-42D2-BF39-B33AF135CC4D}\iexplore@Type 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{38481807-CA0E-42D2-BF39-B33AF135CC4D}\iexplore@Count 11
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{38481807-CA0E-42D2-BF39-B33AF135CC4D}\iexplore@Time 0xD8 0x07 0x09 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\iexplore@Count 443
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3EC8255F-E043-4CAE-8B3B-B191550C2A22}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3EC8255F-E043-4CAE-8B3B-B191550C2A22}\iexplore
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3EC8255F-E043-4CAE-8B3B-B191550C2A22}\iexplore@Type 3
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3EC8255F-E043-4CAE-8B3B-B191550C2A22}\iexplore@Count 3774
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3EC8255F-E043-4CAE-8B3B-B191550C2A22}\iexplore@Time 0xD8 0x07 0x09 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{406B5949-7190-4245-91A9-30A17DE16AD0}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{406B5949-7190-4245-91A9-30A17DE16AD0}\iexplore
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{406B5949-7190-4245-91A9-30A17DE16AD0}\iexplore@Type 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{406B5949-7190-4245-91A9-30A17DE16AD0}\iexplore@Count 3
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{406B5949-7190-4245-91A9-30A17DE16AD0}\iexplore@Time 0xD7 0x07 0x0B 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{406B5949-7190-4245-91A9-30A17DE16AD0}\iexplore@Blocked 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{41524153-46FB-488C-8E53-7624AB83C46F}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{41524153-46FB-488C-8E53-7624AB83C46F}\iexplore
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{41524153-46FB-488C-8E53-7624AB83C46F}\iexplore@Type 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{41524153-46FB-488C-8E53-7624AB83C46F}\iexplore@Count 6
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{41524153-46FB-488C-8E53-7624AB83C46F}\iexplore@Time 0xD8 0x07 0x0A 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4453D895-F2A1-4A38-A285-1EF9BD3F6D5D}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4453D895-F2A1-4A38-A285-1EF9BD3F6D5D}\iexplore
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4453D895-F2A1-4A38-A285-1EF9BD3F6D5D}\iexplore@Type 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4453D895-F2A1-4A38-A285-1EF9BD3F6D5D}\iexplore@Count 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4453D895-F2A1-4A38-A285-1EF9BD3F6D5D}\iexplore@Time 0xD7 0x07 0x0A 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{48123BC4-99D9-11D1-A6B3-00C04FD91555}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{48123BC4-99D9-11D1-A6B3-00C04FD91555}\iexplore
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{48123BC4-99D9-11D1-A6B3-00C04FD91555}\iexplore@Type 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{48123BC4-99D9-11D1-A6B3-00C04FD91555}\iexplore@Count 92
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{48123BC4-99D9-11D1-A6B3-00C04FD91555}\iexplore@Time 0xD8 0x07 0x08 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4C29D864-C55A-46DD-865C-17A1B7CC1A1A}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4C29D864-C55A-46DD-865C-17A1B7CC1A1A}\iexplore
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4C29D864-C55A-46DD-865C-17A1B7CC1A1A}\iexplore@Type 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4C29D864-C55A-46DD-865C-17A1B7CC1A1A}\iexplore@Count 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4C29D864-C55A-46DD-865C-17A1B7CC1A1A}\iexplore@Time 0xD8 0x07 0x06 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}\iexplore
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}\iexplore@Type 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}\iexplore@Count 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}\iexplore@Time 0xD8 0x07 0x06 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4F1E5B1A-2A80-42CA-8532-2D05CB959537}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4F1E5B1A-2A80-42CA-8532-2D05CB959537}\iexplore
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4F1E5B1A-2A80-42CA-8532-2D05CB959537}\iexplore@Type 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4F1E5B1A-2A80-42CA-8532-2D05CB959537}\iexplore@Count 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4F1E5B1A-2A80-42CA-8532-2D05CB959537}\iexplore@Time 0xD8 0x07 0x03 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4F1E5B1A-2A80-42CA-8532-2D05CB959537}\iexplore@Blocked 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5220CB21-C88D-11CF-B347-00AA00A28331}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5220CB21-C88D-11CF-B347-00AA00A28331}\iexplore
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5220CB21-C88D-11CF-B347-00AA00A28331}\iexplore@Type 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5220CB21-C88D-11CF-B347-00AA00A28331}\iexplore@Count 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5220CB21-C88D-11CF-B347-00AA00A28331}\iexplore@Time 0xD8 0x07 0x06 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5940894F-4BA9-4FAC-ACFD-2F56F7CE0E3B}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5940894F-4BA9-4FAC-ACFD-2F56F7CE0E3B}\iexplore
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5940894F-4BA9-4FAC-ACFD-2F56F7CE0E3B}\iexplore@Type 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5940894F-4BA9-4FAC-ACFD-2F56F7CE0E3B}\iexplore@Count 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5940894F-4BA9-4FAC-ACFD-2F56F7CE0E3B}\iexplore@Time 0xD8 0x07 0x06 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5D637FAD-E202-48D1-8F18-5B9C459BD1E3}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5D637FAD-E202-48D1-8F18-5B9C459BD1E3}\iexplore
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5D637FAD-E202-48D1-8F18-5B9C459BD1E3}\iexplore@Type 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5D637FAD-E202-48D1-8F18-5B9C459BD1E3}\iexplore@Count 7
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5D637FAD-E202-48D1-8F18-5B9C459BD1E3}\iexplore@Time 0xD8 0x07 0x08 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5D637FAD-E202-48D1-8F18-5B9C459BD1E3}\iexplore@Blocked 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{63B78BC1-A711-4D46-AD2F-C581AC420D41}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{63B78BC1-A711-4D46-AD2F-C581AC420D41}\iexplore
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{63B78BC1-A711-4D46-AD2F-C581AC420D41}\iexplore@Type 3
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{63B78BC1-A711-4D46-AD2F-C581AC420D41}\iexplore@Count 49
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{63B78BC1-A711-4D46-AD2F-C581AC420D41}\iexplore@Time 0xD7 0x07 0x04 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64AB4BB7-111E-11D1-8F79-00C04FC2FBE1}\iexplore@Count 15
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{669B269B-0D4E-41FB-A3D8-FD67CA94F646}\iexplore@Count 4047
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{67DABFBF-D0AB-41FA-9C46-CC0F21721616}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{67DABFBF-D0AB-41FA-9C46-CC0F21721616}\iexplore
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{67DABFBF-D0AB-41FA-9C46-CC0F21721616}\iexplore@Type 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{67DABFBF-D0AB-41FA-9C46-CC0F21721616}\iexplore@Count 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{67DABFBF-D0AB-41FA-9C46-CC0F21721616}\iexplore@Time 0xD7 0x07 0x0C 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{67DABFBF-D0AB-41FA-9C46-CC0F21721616}\iexplore@Blocked 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6BF52A52-394A-11D3-B153-00C04F79FAA6}\iexplore@Count 18
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{72267F6A-A6F9-11D0-BC94-00C04FB67863}\iexplore@Count 1363
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore@Type 3
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore@Count 200
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore@Time 0xD7 0x07 0x0B 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}\iexplore
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}\iexplore@Type 3
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}\iexplore@Count 75
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}\iexplore@Time 0xD8 0x07 0x0A 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{87766247-311C-43B4-8499-3D5FEC94A183}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{87766247-311C-43B4-8499-3D5FEC94A183}\iexplore
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{87766247-311C-43B4-8499-3D5FEC94A183}\iexplore@Type 3
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{87766247-311C-43B4-8499-3D5FEC94A183}\iexplore@Count 49
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{87766247-311C-43B4-8499-3D5FEC94A183}\iexplore@Time 0xD7 0x07 0x04 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8828075D-D097-4055-AA02-2DBFA9D85E8A}\iexplore@Count 4047
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8856F961-340A-11D0-A96B-00C04FD705A2}\iexplore@Count 87
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\iexplore
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\iexplore@Type 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\iexplore@Count 2
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\iexplore@Time 0xD7 0x07 0x0A 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\iexplore@Blocked 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{92780B25-18CC-41C8-B9BE-3C9C571A8263}\iexplore@Count 4047
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9600F64D-755F-11D4-A47F-0001023E6D5A}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9600F64D-755F-11D4-A47F-0001023E6D5A}\iexplore
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9600F64D-755F-11D4-A47F-0001023E6D5A}\iexplore@Type 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9600F64D-755F-11D4-A47F-0001023E6D5A}\iexplore@Count 6
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9600F64D-755F-11D4-A47F-0001023E6D5A}\iexplore@Time 0xD8 0x07 0x08 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9600F64D-755F-11D4-A47F-0001023E6D5A}\iexplore@Blocked 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{97809617-3937-4F84-B335-9BB05EF1A8D4}\iexplore@Count 4047
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9BE8D7B2-329C-442A-A4AC-ABA9D7572602}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9BE8D7B2-329C-442A-A4AC-ABA9D7572602}\iexplore
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9BE8D7B2-329C-442A-A4AC-ABA9D7572602}\iexplore@Type 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9BE8D7B2-329C-442A-A4AC-ABA9D7572602}\iexplore@Count 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9BE8D7B2-329C-442A-A4AC-ABA9D7572602}\iexplore@Time 0xD8 0x07 0x06 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7EA8AD2-287F-11D3-B120-006008C39542}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7EA8AD2-287F-11D3-B120-006008C39542}\iexplore
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7EA8AD2-287F-11D3-B120-006008C39542}\iexplore@Type 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7EA8AD2-287F-11D3-B120-006008C39542}\iexplore@Count 2
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7EA8AD2-287F-11D3-B120-006008C39542}\iexplore@Time 0xD7 0x07 0x0A 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7EA8AD2-287F-11D3-B120-006008C39542}\iexplore@Blocked 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AA58ED58-01DD-4D91-8333-CF10577473F7}\iexplore@Count 4145
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B45FF030-4447-11D2-85DE-00C04FA35C89}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B45FF030-4447-11D2-85DE-00C04FA35C89}\iexplore
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B45FF030-4447-11D2-85DE-00C04FA35C89}\iexplore@Type 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B45FF030-4447-11D2-85DE-00C04FA35C89}\iexplore@Count 14
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B45FF030-4447-11D2-85DE-00C04FA35C89}\iexplore@Time 0xD8 0x07 0x08 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA52B914-B692-46C4-B683-905236F6F655}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA52B914-B692-46C4-B683-905236F6F655}\iexplore
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA52B914-B692-46C4-B683-905236F6F655}\iexplore@Type 2
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA52B914-B692-46C4-B683-905236F6F655}\iexplore@Count 5496
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA52B914-B692-46C4-B683-905236F6F655}\iexplore@Time 0xD8 0x07 0x09 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BCC0FF27-31D9-4614-A68E-C18E1ADA4389}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BCC0FF27-31D9-4614-A68E-C18E1ADA4389}\iexplore
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BCC0FF27-31D9-4614-A68E-C18E1ADA4389}\iexplore@Type 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BCC0FF27-31D9-4614-A68E-C18E1ADA4389}\iexplore@Count 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BCC0FF27-31D9-4614-A68E-C18E1ADA4389}\iexplore@Time 0xD8 0x07 0x06 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BD96C556-65A3-11D0-983A-00C04FC29E36}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BD96C556-65A3-11D0-983A-00C04FC29E36}\iexplore
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BD96C556-65A3-11D0-983A-00C04FC29E36}\iexplore@Type 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BD96C556-65A3-11D0-983A-00C04FC29E36}\iexplore@Count 8
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BD96C556-65A3-11D0-983A-00C04FC29E36}\iexplore@Time 0xD8 0x07 0x0B 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA145D71-4BCB-461D-BCBE-C01C42867380}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA145D71-4BCB-461D-BCBE-C01C42867380}\iexplore
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA145D71-4BCB-461D-BCBE-C01C42867380}\iexplore@Type 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA145D71-4BCB-461D-BCBE-C01C42867380}\iexplore@Count 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA145D71-4BCB-461D-BCBE-C01C42867380}\iexplore@Time 0xD8 0x07 0x06 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA8A9780-280D-11CF-A24D-444553540000}\iexplore@Count 18
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CD3AFA74-B84F-48F0-9393-7EDC34128127}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CD3AFA74-B84F-48F0-9393-7EDC34128127}\iexplore
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CD3AFA74-B84F-48F0-9393-7EDC34128127}\iexplore@Type 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CD3AFA74-B84F-48F0-9393-7EDC34128127}\iexplore@Count 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CD3AFA74-B84F-48F0-9393-7EDC34128127}\iexplore@Time 0xD7 0x07 0x0C 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CD3AFA7B-B84F-48F0-9393-7EDC34128127}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CD3AFA7B-B84F-48F0-9393-7EDC34128127}\iexplore
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CD3AFA7B-B84F-48F0-9393-7EDC34128127}\iexplore@Type 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CD3AFA7B-B84F-48F0-9393-7EDC34128127}\iexplore@Count 2
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CD3AFA7B-B84F-48F0-9393-7EDC34128127}\iexplore@Time 0xD8 0x07 0x07 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CD3AFA8F-B84F-48F0-9393-7EDC34128127}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CD3AFA8F-B84F-48F0-9393-7EDC34128127}\iexplore
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CD3AFA8F-B84F-48F0-9393-7EDC34128127}\iexplore@Type 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CD3AFA8F-B84F-48F0-9393-7EDC34128127}\iexplore@Count 2
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CD3AFA8F-B84F-48F0-9393-7EDC34128127}\iexplore@Time 0xD8 0x07 0x05 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CD3AFA94-B84F-48F0-9393-7EDC34128127}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CD3AFA94-B84F-48F0-9393-7EDC34128127}\iexplore
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CD3AFA94-B84F-48F0-9393-7EDC34128127}\iexplore@Type 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CD3AFA94-B84F-48F0-9393-7EDC34128127}\iexplore@Count 2
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CD3AFA94-B84F-48F0-9393-7EDC34128127}\iexplore@Time 0xD7 0x07 0x08 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CD67F990-D8E9-11D2-98FE-00C0F0318AFE}\iexplore@Count 4047
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA}\iexplore
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA}\iexplore@Type 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA}\iexplore@Count 23
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA}\iexplore@Time 0xD8 0x07 0x08 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore@Count 25473
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D2D8D3C0-C750-4703-A6AD-75D6B578FFE6}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D2D8D3C0-C750-4703-A6AD-75D6B578FFE6}\iexplore
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D2D8D3C0-C750-4703-A6AD-75D6B578FFE6}\iexplore@Type 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D2D8D3C0-C750-4703-A6AD-75D6B578FFE6}\iexplore@Count 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D2D8D3C0-C750-4703-A6AD-75D6B578FFE6}\iexplore@Time 0xD8 0x07 0x06 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D6DFF6D8-B94B-4720-B730-1C38C7065C3B}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D6DFF6D8-B94B-4720-B730-1C38C7065C3B}\iexplore
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D6DFF6D8-B94B-4720-B730-1C38C7065C3B}\iexplore@Type 3
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D6DFF6D8-B94B-4720-B730-1C38C7065C3B}\iexplore@Count 4313
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D6DFF6D8-B94B-4720-B730-1C38C7065C3B}\iexplore@Time 0xD9 0x07 0x02 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DFEAF541-F3E1-4C24-ACAC-99C30715084A}\iexplore@Count 158
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E023F504-0C5A-4750-A1E7-A9046DEA8A21}\iexplore@Count 4047
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\iexplore
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\iexplore@Type 2
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\iexplore@Count 85
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\iexplore@Time 0xD7 0x07 0x04 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F04A8AE2-A59D-11D2-8792-00C04F8EF29D}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F04A8AE2-A59D-11D2-8792-00C04F8EF29D}\iexplore
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F04A8AE2-A59D-11D2-8792-00C04F8EF29D}\iexplore@Type 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F04A8AE2-A59D-11D2-8792-00C04F8EF29D}\iexplore@Count 5
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F04A8AE2-A59D-11D2-8792-00C04F8EF29D}\iexplore@Time 0xD7 0x07 0x04 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F04A8AE2-A59D-11D2-8792-00C04F8EF29D}\iexplore@Blocked 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F0D4B231-DA4B-4DAF-81E4-DFEE4931A4AA}\iexplore@Count 459
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}\iexplore@Count 643
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FB5F1910-F110-11D2-BB9E-00C04F795683}\iexplore@Count 4047
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FDD3B846-8D59-4FFB-8758-209B6AD74ACC}\iexplore@Count 4313

---- EOF - GMER 1.0.15 ----

by **Blade81** » January 20th, 2010, 11:39 am

Hi,

I notice you've run ComboFix there earlier (not recommended to do so unsupervised!). Please post contents of c:\ComboFix.txt file.

by **mike73** » January 20th, 2010, 1:21 pm

Hello,

I was actually helped by Dakeyras orignally. Here is the link to that....

http://malwareremoval.com/forum/viewtop ... 14#p496114

Since I could not reply to him within 3 days once, that topic was closed. Hence, I opened this new topic.

I have the combofix.txt posted there. If you still need it, please let me know. I think when dakeyras was helping me out, at one point it was working fine until when my desktop crashed and 'automatic desktop recovery' did not work. Launching in the safe mode and selected 'Last known good configuration' did not help either. Since then, when I reboot my machine, I cannot do anything for almost 5 min. After that, IE can be opened and then it gets a little faster.

Regards,
Mike73.

by **Blade81** » January 20th, 2010, 2:11 pm

Yes, please post ComboFix log. Might be a good moment to defrag the hard drive now too.

by **Blade81** » January 23rd, 2010, 3:32 pm

Due to inactivity this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.

Free Malware Removal Forum

Computer performing very slowly - Please help

Computer performing very slowly - Please help

Re: Computer performing very slowly - Please help

Re: Computer performing very slowly - Please help

Re: Computer performing very slowly - Please help

Re: Computer performing very slowly - Please help

Re: Computer performing very slowly - Please help

Re: Computer performing very slowly - Please help

Re: Computer performing very slowly - Please help

Re: Computer performing very slowly - Please help

Re: Computer performing very slowly - Please help

Who is online