total security, hellish virus thing!!

View previous topic View next topic Go down

total security, hellish virus thing!!

Post by debbie76 on 23rd September 2009, 5:32 pm

I have picked up a virus called total security and it is blocking everything i do, this is a new computer and so i put Norton 360 on it when i bought it but it seems to have got through,when i scan the system it is coming up with nothing found and computer running fine.Is there any way that i can get rid of this thing without paying money for it?I would be really grateful of any help as i need my computer to keep in touch with my husband out of the country with the Armed forces. Please help!!!!!!!!!!

debbie76
Intermediate
Intermediate

Posts Posts : 84
Joined Joined : 2009-09-23
OS OS : vista
Points Points : 27151
# Likes # Likes : 0

View user profile

Back to top Go down

Re: total security, hellish virus thing!!

Post by Belahzur on 23rd September 2009, 7:05 pm

Please download the current version of HijackThis from [You must be registered and logged in to see this link.]

  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  • After installing, you should get the user agreement, press accept and Hijack This will run.
  • Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

reply

Post by debbie76 on 24th September 2009, 7:08 am

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:04:17, on 24/09/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\TS\tsc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Thomson\ST330\diagnostics\diagnostics.exe
C:\Program Files\Lexmark 2600 Series\lxdnmon.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Norton AntiVirus\Engine\17.0.0.136\ccSvcHst.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\internet explorer\ieuser.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
O1 - Hosts: ::1 localhost
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: &IE Help - {35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC} - C:\Windows\System32\iehelpmod.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\17.0.0.136\IPSBHO.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [diagnostics] "C:\Program Files\Thomson\ST330\diagnostics\diagnostics.exe" /icon -l:en
O4 - HKLM\..\Run: [lxdnmon.exe] "C:\Program Files\Lexmark 2600 Series\lxdnmon.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O8 - Extra context menu item: &Search - [You must be registered and logged in to see this link.]
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - [You must be registered and logged in to see this link.]
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - [You must be registered and logged in to see this link.]
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Windows\system32\AERTSrv.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Unknown owner - C:\Program Files\NETGEAR\WN111v2\jswpsapi.exe (file missing)
O23 - Service: lxdnCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdnserv.exe
O23 - Service: lxdn_device - - C:\Windows\system32\lxdncoms.exe
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe
O23 - Service: Norton AntiVirus (NAV) - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\17.0.0.136\ccSvcHst.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SpeedTouch 330 Manager (st330service) - THOMSON Telecom Belgium - C:\Program Files/Thomson/ST330/service/st330service.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 10306 bytes

debbie76
Intermediate
Intermediate

Posts Posts : 84
Joined Joined : 2009-09-23
OS OS : vista
Points Points : 27151
# Likes # Likes : 0

View user profile

Back to top Go down

Re: total security, hellish virus thing!!

Post by Belahzur on 24th September 2009, 5:50 pm

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: total security, hellish virus thing!!

Post by debbie76 on 25th September 2009, 6:20 am

I have followed the instruc tions as above but when i get to the scan window it disappears before i get chance to activate the scan and then when i did press scan there was no bar at the bottom as it just closed iotsself, is this the virus doing this.How can i get through this damn virus as it blocks everything i do?

debbie76
Intermediate
Intermediate

Posts Posts : 84
Joined Joined : 2009-09-23
OS OS : vista
Points Points : 27151
# Likes # Likes : 0

View user profile

Back to top Go down

Re: total security, hellish virus thing!!

Post by Belahzur on 25th September 2009, 9:20 am

Download the GMER rootkit scan from here: [You must be registered and logged in to see this link.]

  1. Unzip it and start GMER.
  2. Click the >>> tab and then click the Scan button.
  3. Once done, click the Copy button.
  4. This will copy the results to your clipboard.
  5. Paste the results in your next reply.
Note:
If you're having problems with running GMER.exe, try it in safe mode. This tools works in safe mode.
You can also try renaming it since some malware blocks GMER.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: total security, hellish virus thing!!

Post by debbie76 on 25th September 2009, 5:06 pm

How do i send it as it says that the message is too big to send?

debbie76
Intermediate
Intermediate

Posts Posts : 84
Joined Joined : 2009-09-23
OS OS : vista
Points Points : 27151
# Likes # Likes : 0

View user profile

Back to top Go down

Re: total security, hellish virus thing!!

Post by Belahzur on 25th September 2009, 6:39 pm

Split it up into more than one post, or upload it at rapidshare.com


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: total security, hellish virus thing!!

Post by debbie76 on 25th September 2009, 8:37 pm

Windows 6.0.6002 Service Pack 2

debbie76
Intermediate
Intermediate

Posts Posts : 84
Joined Joined : 2009-09-23
OS OS : vista
Points Points : 27151
# Likes # Likes : 0

View user profile

Back to top Go down

Re: total security, hellish virus thing!!

Post by debbie76 on 25th September 2009, 8:38 pm

ZwOpenThread
SSDT 87DDC2F8 ZwProtectVirtualMemory
SSDT 879B9048 ZwResumeThread
SSDT 872E7048 ZwSetContextThread
SSDT 87D9D4B0 ZwSetInformationProcess
SSDT 87DDA308 ZwSetSystemInformation
SSDT 87DDAC90 ZwSuspendProcess
SSDT 879805E8 ZwSuspendThread
SSDT 872AF120 ZwTerminateProcess
SSDT 871E9048 ZwTerminateThread
SSDT 872C4048 ZwUnmapViewOfSection
SSDT 87D9DAB8 ZwWriteVirtualMemory
SSDT 87DDDB68 ZwCreateThreadEx

---- Kernel code sections - GMER 1.0.15 ----

debbie76
Intermediate
Intermediate

Posts Posts : 84
Joined Joined : 2009-09-23
OS OS : vista
Points Points : 27151
# Likes # Likes : 0

View user profile

Back to top Go down

Re: total security, hellish virus thing!!

Post by debbie76 on 25th September 2009, 8:39 pm

---- User code sections - GMER 1.0.15 ----

debbie76
Intermediate
Intermediate

Posts Posts : 84
Joined Joined : 2009-09-23
OS OS : vista
Points Points : 27151
# Likes # Likes : 0

View user profile

Back to top Go down

Re: total security, hellish virus thing!!

Post by debbie76 on 25th September 2009, 8:40 pm

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3404] kernel32.dll!FindResourceExA 76BA2575 7 Bytes JMP 28001D80 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3404] kernel32.dll!FindResourceA 76BA2653 5 Bytes JMP 28001CF0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3404] kernel32.dll!CreateEventA 76BC44C0 5 Bytes JMP 28001840 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3404] kernel32.dll!LockResource 76BC68DF 5 Bytes JMP 28001F50 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3404] kernel32.dll!FindResourceExW 76BC69FD 7 Bytes JMP 28001C60 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3404] kernel32.dll!LoadResource 76BC6ADB 7 Bytes JMP 28001E20 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

debbie76
Intermediate
Intermediate

Posts Posts : 84
Joined Joined : 2009-09-23
OS OS : vista
Points Points : 27151
# Likes # Likes : 0

View user profile

Back to top Go down

Re: total security, hellish virus thing!!

Post by debbie76 on 25th September 2009, 8:40 pm

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3404] kernel32.dll!FindResourceExA 76BA2575 7 Bytes JMP 28001D80 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3404] kernel32.dll!FindResourceA 76BA2653 5 Bytes JMP 28001CF0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3404] kernel32.dll!CreateEventA 76BC44C0 5 Bytes JMP 28001840 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3404] kernel32.dll!LockResource 76BC68DF 5 Bytes JMP 28001F50 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3404] kernel32.dll!FindResourceExW 76BC69FD 7 Bytes JMP 28001C60 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3404] kernel32.dll!LoadResource 76BC6ADB 7 Bytes JMP 28001E20 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

debbie76
Intermediate
Intermediate

Posts Posts : 84
Joined Joined : 2009-09-23
OS OS : vista
Points Points : 27151
# Likes # Likes : 0

View user profile

Back to top Go down

Re: total security, hellish virus thing!!

Post by debbie76 on 25th September 2009, 8:41 pm

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3404] kernel32.dll!FindResourceExA 76BA2575 7 Bytes JMP 28001D80 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3404] kernel32.dll!FindResourceA 76BA2653 5 Bytes JMP 28001CF0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3404] kernel32.dll!CreateEventA 76BC44C0 5 Bytes JMP 28001840 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3404] kernel32.dll!LockResource 76BC68DF 5 Bytes JMP 28001F50 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3404] kernel32.dll!FindResourceExW 76BC69FD 7 Bytes JMP 28001C60 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3404] kernel32.dll!LoadResource 76BC6ADB 7 Bytes JMP 28001E20 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

debbie76
Intermediate
Intermediate

Posts Posts : 84
Joined Joined : 2009-09-23
OS OS : vista
Points Points : 27151
# Likes # Likes : 0

View user profile

Back to top Go down

Re: total security, hellish virus thing!!

Post by debbie76 on 25th September 2009, 8:42 pm

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3404] USER32.dll!LoadImageW 758FC9E5 5 Bytes JMP 28006770 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3404] USER32.dll!LoadIconW 758FDA9F 5 Bytes JMP 28006960 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3404] USER32.dll!CreateWindowExW 75901305 5 Bytes JMP 28003CF0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3404] USER32.dll!GetWindowLongW 7590F8BF 7 Bytes JMP 28006B00 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3404] USER32.dll!PeekMessageW 7591045A 5 Bytes JMP 280046C0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3404] USER32.dll!TrackPopupMenuEx 75920CE7 5 Bytes JMP 28004FA0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3404] USER32.dll!MessageBoxIndirectW 7594D5D3 5 Bytes JMP 28006310 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3404] WS2_32.dll!closesocket 7718330C 5 Bytes JMP 2800BB90 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3404] WS2_32.dll!recv 7718343A 5 Bytes JMP 2800B3B0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3404] WS2_32.dll!WSASend 77184496 5 Bytes JMP 2800B950 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3404] WS2_32.dll!send 7718659B 5 Bytes JMP 2800B770 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3404] WS2_32.dll!WSARecv 77188400 5 Bytes JMP 2800B550 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3404] SHELL32.dll!Shell_NotifyIconW 760C8626 5 Bytes JMP 28003440 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3404] ole32.dll!CoRegisterClassObject 75AC7DB6 5 Bytes JMP 28002360 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3404] ole32.dll!CoCreateInstance 75B09EA6 5 Bytes JMP 28002600 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3404] ole32.dll!CoInitializeEx 75B0AD63 5 Bytes JMP 28002260 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3404] WININET.dll!HttpOpenRequestA 75CD2972 5 Bytes JMP 2800A220 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3404] WININET.dll!InternetCloseHandle 75CD5CE9 5 Bytes JMP 2800A560 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3404] WININET.dll!InternetReadFile 75CDA299 5 Bytes JMP 2800A3B0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3404] WININET.dll!HttpSendRequestA 75CDF1A8 5 Bytes JMP 2800A490 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\internet explorer\iexplore.exe[4004] ntdll.dll!RtlEncodeSystemPointer + 873 7706938B 10 Bytes JMP 04FB003A
.text C:\Program Files\internet explorer\iexplore.exe[4004] kernel32.dll!GetStartupInfoA + 225 76B81BEE 7 Bytes JMP 04FC003A
.text C:\Program Files\internet explorer\iexplore.exe[4004] kernel32.dll!CreateProcessW + 30 76B81C23 7 Bytes JMP 04FC00E4
.text C:\Program Files\internet explorer\iexplore.exe[4004] kernel32.dll!ReadProcessMemory + 3E 76B81CB3 7 Bytes JMP 04FB0AE9
.text C:\Program Files\internet explorer\iexplore.exe[4004] kernel32.dll!DuplicateConsoleHandle + 196 76BA9104 7 Bytes JMP 04FB0E3B
.text C:\Program Files\internet explorer\iexplore.exe[4004] kernel32.dll!LoadLibraryExW + 254 76BA935D 7 Bytes JMP 04FC01

debbie76
Intermediate
Intermediate

Posts Posts : 84
Joined Joined : 2009-09-23
OS OS : vista
Points Points : 27151
# Likes # Likes : 0

View user profile

Back to top Go down

Re: total security, hellish virus thing!!

Post by debbie76 on 25th September 2009, 8:43 pm

8E
.text C:\Program Files\internet explorer\iexplore.exe[4004] kernel32.dll!CreateMutexExA + 58 76BA94AF 7 Bytes JMP 04FB0CE7
.text C:\Program Files\internet explorer\iexplore.exe[4004] kernel32.dll!LoadLibraryExA + 23 76BA94D7 7 Bytes JMP 04FB08EB
.text C:\Program Files\internet explorer\iexplore.exe[4004] kernel32.dll!DosDateTimeToFileTime + 3AD 76BC9036 7 Bytes JMP 04FB0A3F
.text C:\Program Files\internet explorer\iexplore.exe[4004] kernel32.dll!CloseHandle + 39 76BCAEC6 7 Bytes JMP 04FB0D91
.text C:\Program Files\internet explorer\iexplore.exe[4004] kernel32.dll!GetCurrentProcess + 4 76BCC909 7 Bytes JMP 04FB0841
.text C:\Program Files\internet explorer\iexplore.exe[4004] kernel32.dll!CreateThread + 22 76BCC930 10 Bytes JMP 04FB0EE5
.text C:\Program Files\internet explorer\iexplore.exe[4004] kernel32.dll!MultiByteToWideChar + 17F 76BCCE5A 7 Bytes JMP 04FB0995
.text C:\Program Files\internet explorer\iexplore.exe[4004] kernel32.dll!_lopen + 4D 76C120D7 7 Bytes JMP 04FB0C3D
.text C:\Program Files\internet explorer\iexplore.exe[4004] kernel32.dll!NeedCurrentDirectoryForExePathA + A1 76C15CF2 7 Bytes JMP 04FB0B93
.text C:\Program Files\internet explorer\iexplore.exe[4004] ADVAPI32.dll!RegFlushKey + C9 771DCEB4 7 Bytes JMP 04FB0797
.text C:\Program Files\internet explorer\iexplore.exe[4004] ADVAPI32.dll!ElfDeregisterEventSource + 99 771F1C87 7 Bytes JMP 04FB00F3
.text C:\Program Files\internet explorer\iexplore.exe[4004] ADVAPI32.dll!DestroyPrivateObjectSecurity + 1D 771F1EE4 7 Bytes JMP 04FB039B
.text C:\Program Files\internet explorer\iexplore.exe[4004] ADVAPI32.dll!OpenServiceA + 97 771F2F54 7 Bytes JMP 04FB019D
.text C:\Program Files\internet explorer\iexplore.exe[4004] ADVAPI32.dll!IsWellKnownSid + 1BE 771F38C8 7 Bytes JMP 04FB04EF
.text C:\Program Files\internet explorer\iexplore.exe[4004] ADVAPI32.dll!RegDeleteKeyW + D9 771F39A6 7 Bytes JMP 04FB0599
.text C:\Program Files\internet explorer\iexplore.exe[4004] ADVAPI32.dll!SystemFunction040 + 1A9 771F3BA4 7 Bytes JMP 04FB06ED
.text C:\Program Files\internet explorer\iexplore.exe[4004] ADVAPI32.dll!AddAccessAllowedAceEx + BB 771F3FB1 7 Bytes JMP 04FB0247
.text C:\Program Files\internet explorer\iexplore.exe[4004] ADVAPI32.dll!LsaLookupPrivilegeValue + 17C 77203919 7 Bytes JMP 04FB02F1
.text C:\Program Files\internet explorer\iexplore.exe[4004] ADVAPI32.dll!RegGetValueW + 2F3 772041EC 7 Bytes JMP 04FB0643
.text C:\Program Files\internet explorer\iexplore.exe[4004] ADVAPI32.dll!I_QueryTagInformation + 11ED 772380BC 7 Bytes JMP 04FB0445
.text C:\Program Files\internet explorer\iexplore.exe[4004] USER32.dll!GetCaretBlinkTime + D 758F631D 7 Bytes JMP 04FC099E
.text C:\Program Files\internet explorer\iexplore.exe[4004] USER32.dll!CreateCaret + B8 758F87A8 7 Bytes JMP 04FC08F4
.text C:\Program Files\internet explorer\iexplore.exe[4004] USER32.dll!DialogBoxParamW 759210B0 5 Bytes JMP 6D54BFA7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4004] USER32.dll!DialogBoxIndirectParamW 75922EF5 5 Bytes JMP 6D68B43B C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4004] USER32.dll!EnumPropsExW + 19 75936244 7 Bytes JMP 04FC0AF2
.text C:\Program Files\internet explorer\iexplore.exe[4004] USER32.dll!SetWindowsHookA + 16 7593625F 7 Bytes JMP 04FC0A48
.text C:\Program Files\internet explorer\iexplore.exe[4004] USER32.dll!DialogBoxParamA 75938152 5 Bytes JMP 6D68B400 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4004] USER32.dll!DialogBoxIndirectParamA 7593847D 5 Bytes JMP 6D68B476 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4004] USER32.dll!MessageBoxIndirectA 7594D4D9 5 Bytes JMP 6D68B3BC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4004] USER32.dll!MessageBoxIndirectW 7594D5D3 5 Bytes JMP 6D68B378 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4004] USER32.dll!MessageBoxExA 7594D639 5 Bytes JMP 6D68B33E C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4004] USER32.dll!MessageBoxExW 7594D65D 5 Bytes JMP 6D68B304 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4004] SHELL32.dll!SHGetPathFromIDList + 269 76089720 7 Bytes JMP 04FC05A2
.text C:\Program Files\internet explorer\iexplore.exe[4004] SHELL32.dll!SHAppBarMessage + 91F 760DC130 7 Bytes JMP 04FC044E
.text C:\Program Files\internet explorer\iexplore.exe[4004] SHELL32.dll!SHRestricted + D95 760F8988 4 Bytes [99, 0B, D6, 63]
.text C:\Program Files\internet explorer\iexplore.exe[4004] SHELL32.dll!SHRestricted + D9D 760F8990 8 Bytes [A7, 0A, D6, 63, A4, 32, D5, ...]
.text C:\Program Files\internet explorer\iexplore.exe[4004] SHELL32.dll!WOWShellExecute + 100 76289FDD 7 Bytes JMP 04FC04F8
.text C:\Program Files\internet explorer\iexplore.exe[4004] SHELL32.dll!ShellExecuteEx + 96 7628A078 7 Bytes JMP 04FC03A4
.text C:\Program Files\internet explorer\iexplore.exe[4004] ole32.dll!OleLoadFromStream 75AD1E12 5 Bytes JMP 6D68B638 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4004] ole32.dll!CoGetTreatAsClass + D2F 75AEFAB7 7 Bytes JMP 04FC02EE
.text C:\Program Files\internet explorer\iexplore.exe[4004] ole32.dll!CoCreateInstance + 3E 75B09EE4 7 Bytes JMP 04FC0238
.text C:\Program Files\internet explorer\iexplore.exe[4004] WS2_32.dll!closesocket 7718330C 4 Bytes JMP 6336EEE9 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)

debbie76
Intermediate
Intermediate

Posts Posts : 84
Joined Joined : 2009-09-23
OS OS : vista
Points Points : 27151
# Likes # Likes : 0

View user profile

Back to top Go down

Re: total security, hellish virus thing!!

Post by debbie76 on 25th September 2009, 8:44 pm

.text C:\Program Files\internet explorer\iexplore.exe[4004] WS2_32.dll!recv 7718343A 4 Bytes JMP 6336F1C3 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4004] WS2_32.dll!recv + AC 771834E6 7 Bytes JMP 054E04E0
.text C:\Program Files\internet explorer\iexplore.exe[4004] WS2_32.dll!socket 771836D1 5 Bytes JMP 054E0788
.text C:\Program Files\internet explorer\iexplore.exe[4004] WS2_32.dll!connect 771840D9 5 Bytes JMP 054E0830
.text C:\Program Files\internet explorer\iexplore.exe[4004] WS2_32.dll!getaddrinfo 7718418A 4 Bytes JMP 6336E71D C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4004] WS2_32.dll!__WSAFDIsSet + 3F 7718652A 7 Bytes JMP 054E058A
.text C:\Program Files\internet explorer\iexplore.exe[4004] WS2_32.dll!send 7718659B 4 Bytes JMP 6336E9ED C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4004] WS2_32.dll!WahCreateNotificationHandle + 27F 77188CD2 7 Bytes JMP 054E0982
.text C:\Program Files\internet explorer\iexplore.exe[4004] WS2_32.dll!recvfrom + 18F 77188FA4 7 Bytes JMP 054E0436
.text C:\Program Files\internet explorer\iexplore.exe[4004] WS2_32.dll!WSASetEvent + B1 7718D7AB 7 Bytes JMP 054E0A2C
.text C:\Program Files\internet explorer\iexplore.exe[4004] WS2_32.dll!getpeername + 958 7719B1BB 7 Bytes JMP 054E06DE
.text C:\Program Files\internet explorer\iexplore.exe[4004] WS2_32.dll!WSAConnectByList + 543 7719B703 7 Bytes JMP 054E038C
.text C:\Program Files\internet explorer\iexplore.exe[4004] WS2_32.dll!WSAConnectByNameW + 369 7719BA71 7 Bytes JMP 054E02E2
.text C:\Program Files\internet explorer\iexplore.exe[4004] WS2_32.dll!WSAConnectByNameA + DB 7719BB51 7 Bytes JMP 054E08D8
.text C:\Program Files\internet explorer\iexplore.exe[4004] WS2_32.dll!WSAJoinLeaf + DE 7719BDF1 7 Bytes JMP 054E0634
.text C:\Program Files\internet explorer\iexplore.exe[4004] WININET.dll!HttpOpenRequestA + AD3 75CD3445 7 Bytes JMP 04FC0B9C
.text C:\Program Files\internet explorer\iexplore.exe[4004] WININET.dll!InternetReadFile + 1143 75CDB3DC 7 Bytes JMP 054E018E
.text C:\Program Files\internet explorer\iexplore.exe[4004] WININET.dll!ReadUrlCacheEntryStream + DC7 75CDF1A3 7 Bytes JMP 04FC0E44
.text C:\Program Files\internet explorer\iexplore.exe[4004] WININET.dll!HttpSendRequestA + D8 75CDF280 7 Bytes JMP 04FC0CF0
.text C:\Program Files\internet explorer\iexplore.exe[4004] WININET.dll!InternetOpenA + 358 75CDF5DD 7 Bytes JMP 054E00E4
.text C:\Program Files\internet explorer\iexplore.exe[4004] WININET.dll!InternetOpenW + 266C 75CE1C4E 7 Bytes JMP 04FC0C46
.text C:\Program Files\internet explorer\iexplore.exe[4004] WININET.dll!DetectAutoProxyUrl + 517 75CED638 7 Bytes JMP 04FC0EEE
.text C:\Program Files\internet explorer\iexplore.exe[4004] WININET.dll!FindNextUrlCacheContainerA + 95B 75CEEB1F 7 Bytes JMP 054E003A
.text C:\Program Files\internet explorer\iexplore.exe[4004] WININET.dll!CreateMD5SSOHash + 286 75D2BDC4 7 Bytes JMP 054E0238
.text C:\Program Files\internet explorer\iexplore.exe[4004] WININET.dll!HttpCheckDavCompliance + 3E9 75D3E8DD 7 Bytes JMP 04FC0D9A

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[280] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [740C7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[280] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7411A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[280] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [740CBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[280] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [740BF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[280] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [740C75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[280] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [740BE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[280] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [740F8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[280] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [740CDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[280] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [740BFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[280] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [740BFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[280] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [740B71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[280] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7414CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[280] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [740EC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[280] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [740BD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[280] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [740B6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[280] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [740B687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[280] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [740C2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [63D4D537] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [63D4D09C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CopyFileW] [63D4B6A1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [63D4D221] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CreateFileW] [63D4BD1B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SearchPathW] [63D4F233] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!DeleteFileW] [63D4C301] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SearchPathW] [63D4F233] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [63D4D537] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CopyFileW] [63D4B6A1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!MoveFileW] [63D4DE50] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!DeleteFileW] [63D4C301] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetCurrentDirectoryW] [63D4F49D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindClose] [63D50D4C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindNextFileW] [63D4FC09] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindFirstFileW] [63D502A5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [63D4D09C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateFileW] [63D4BD1B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!WritePrivateProfileStringW] [63D4B114] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [63D4D221] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetPrivateProfileStringW] [63D4A970] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegQueryInfoKeyW] [63D5DB0F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegEnumValueW] [63D5E479] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegOpenKeyExW] [63D5CB9D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegQueryValueExW] [63D5D773] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegDeleteKeyW] [63D5CEA5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegCreateKeyExW] [63D5C625] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegCloseKey] [63D5CD09] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindClose] [63D50D4C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindFirstFileA] [63D4FF42] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindNextFileA] [63D4FB96] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindFirstFileW] [63D502A5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindNextFileW] [63D4FC09] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetFileAttributesA] [63D489D0] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetCurrentDirectoryA] [63D4EBFB] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetFileAttributesA] [63D48C26] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateDirectoryA] [63D4E3CB] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!RemoveDirectoryA] [63D4E9A5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!DeleteFileA] [63D4C1D6] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetFileAttributesW] [63D48AFB] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetCurrentDirectoryW] [63D4F49D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\ie

debbie76
Intermediate
Intermediate

Posts Posts : 84
Joined Joined : 2009-09-23
OS OS : vista
Points Points : 27151
# Likes # Likes : 0

View user profile

Back to top Go down

Re: total security, hellish virus thing!!

Post by debbie76 on 25th September 2009, 8:45 pm

xplore.exe[4004] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetFileAttributesW] [63D48D54] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateDirectoryW] [63D4E4F9] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!DeleteFileW] [63D4C301] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!MoveFileW] [63D4DE50] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!RemoveDirectoryW] [63D4EAD0] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!MoveFileA] [63D4DDDD] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [63D4D09C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateFileA] [63D4BBD2] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateFileW] [63D4BD1B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryW] [63D4D221] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [63D4D221] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!ReplaceFileW] [63D4E151] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!WritePrivateProfileStringW] [63D4B114] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringW] [63D4A970] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringA] [63D4A819] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!DeleteFileW] [63D4C301] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [63D4D537] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesW] [63D48D54] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [63D4BD1B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileW] [63D502A5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileW] [63D4FC09] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathW] [63D4F233] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesW] [63D48AFB] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesA] [63D48C26] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] [63D4BBD2] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileA] [63D4FF42] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileA] [63D4FB96] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindClose] [63D50D4C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathA] [63D4EFA8] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesA] [63D489D0] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [63D4D09C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!WinHelpW] [63D4CF65] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!WinHelpA] [63D4CE2E] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCloseKey] [63D5CD09] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExA] [63D5C49D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteKeyA] [63D5CD5C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryInfoKeyA] [63D5D913] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExA] [63D5CA25] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExW] [63D5C625] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExW] [63D5CB9D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyExW] [63D5E169] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueW] [63D5D437] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteKeyW] [63D5CEA5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryInfoKeyW] [63D5DB0F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExW] [63D5D773] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumValueW] [63D5E479] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyW] [63D5DE75] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyExA] [63D5DFE1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumValueA] [63D5E2F1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyA] [63D5DD0B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExA] [63D5D5D3] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionW] [63D4A460] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindNextFileW] [63D4FC09] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!ReplaceFileW] [63D4E151] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionNamesW] [63D4A6E2] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileSectionW] [63D4AE92] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileStringW] [63D4B114] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateHardLinkW] [63D4C023] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetCurrentDirectoryW] [63D4F49D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CopyFileW] [63D4B6A1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetBinaryTypeW] [63D49700] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [63D4D537] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileW] [63D4DE50] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindFirstFileW] [63D502A5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindClose] [63D50D4C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetShortPathNameA] [63D49362] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesA] [63D489D0] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SearchPathW] [63D4F233] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileIntW] [63D4A1D8] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileStringW] [63D4A970] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!RemoveDirectoryW] [63D4EAD0] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateDirectoryW] [63D4E4F9] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!DeleteFileW] [63D4C301] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetFileAttributesW] [63D48D54] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesW] [63D48AFB] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW] [63D4DE75] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetShortPathNameW] [63D494A1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [63D4D221] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] [63D4BD1B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesExW] [63D48FC1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [63D4D09C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetLongPathNameW] [63D49231] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHELL32.dll [USER32.dll!LoadImageW] [63D4C58B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHELL32.dll [USER32.dll!WinHelpW] [63D4CF65] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHELL32.dll [USER32.dll!PrivateExtractIconsW] [63D4CA80] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyExW] [63D5CB9D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegCreateKeyExW] [63D5C625] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegEnumKeyW] [63D5DE75] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegEnumValueW] [63D5E479] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegDeleteKeyW] [63D5CEA5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryInfoKeyW] [63D5DB0F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryInfoKeyA] [63D5D913] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegEnumKeyExW] [63D5E169] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegSetValueW] [63D5D13F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryValueExW] [63D5D773] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryValueW] [63D5D437] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyW] [63D5C8E9] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegCreateKeyW] [63D5C35D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryValueExA] [63D5D5D3] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyExA] [63D5CA25] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegCloseKey] [63D5CD09] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtQueryDirectoryFile] [63D591AC] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FindClose] [63D50D4C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FindFirstFileW] [63D502A5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [63D4D537] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!SearchPathW] [63D4F233] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!DeleteFileW] [63D4C301] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetShortPathNameW] [63D494A1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileAttributesExW] [63D48FC1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateFileW] [63D4BD1B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [63D4D221] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileAttributesW] [63D48AFB] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [63D4D09C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegSetValueW] [63D5D13F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueA] [63D5D28F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegEnumKeyExW] [63D5E169] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegEnumValueW] [63D5E479] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegEnumKeyA] [63D5DD0B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegDeleteKeyA] [63D5CD5C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryInfoKeyW] [63D5DB0F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

debbie76
Intermediate
Intermediate

Posts Posts : 84
Joined Joined : 2009-09-23
OS OS : vista
Points Points : 27151
# Likes # Likes : 0

View user profile

Back to top Go down

Re: total security, hellish virus thing!!

Post by debbie76 on 25th September 2009, 8:46 pm

IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryInfoKeyA] [63D5D913] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueW] [63D5D437] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegEnumKeyW] [63D5DE75] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegCloseKey] [63D5CD09] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueExW] [63D5D773] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyExW] [63D5CB9D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegDeleteKeyW] [63D5CEA5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegCreateKeyExW] [63D5C625] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueExA] [63D5D5D3] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyExA] [63D5CA25] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueW] [63D55CFD] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueA] [63D55C9F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathUnExpandEnvStringsA] [63D54D95] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteKeyA] [63D550AF] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteValueW] [63D5519F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathCreateFromUrlW] [63D540A2] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueA] [63D55357] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueA] [63D5619F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueW] [63D553B2] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueW] [63D561FA] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathCombineW] [63D53FFB] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Udp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\RawIp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Services - GMER 1.0.15 ----

Service C:\Windows\system32\drivers\gasfkykfpqcmtv.sys (*** hidden *** ) [DISABLED] gasfkyxsimdtwc <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\gasfkyxsimdtwc@start 4
Reg HKLM\SYSTEM\CurrentControlSet\Services\gasfkyxsimdtwc@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\gasfkyxsimdtwc@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\gasfkyxsimdtwc@imagepath \systemroot\system32\drivers\gasfkykfpqcmtv.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\gasfkyxsimdtwc\main
Reg HKLM\SYSTEM\CurrentControlSet\Services\gasfkyxsimdtwc\main@aid 20025
Reg HKLM\SYSTEM\CurrentControlSet\Services\gasfkyxsimdtwc\main@sid 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\gasfkyxsimdtwc\main@cmddelay 14400
Reg HKLM\SYSTEM\CurrentControlSet\Services\gasfkyxsimdtwc\main\delete
Reg HKLM\SYSTEM\CurrentControlSet\Services\gasfkyxsimdtwc\main\injector
Reg HKLM\SYSTEM\CurrentControlSet\Services\gasfkyxsimdtwc\main\injector@* gasfkywsp8.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\gasfkyxsimdtwc\main\tasks
Reg HKLM\SYSTEM\CurrentControlSet\Services\gasfkyxsimdtwc\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\gasfkyxsimdtwc\modules@gasfkyrk.sys \systemroot\system32\drivers\gasfkykfpqcmtv.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\gasfkyxsimdtwc\modules@gasfkycmd.dll \systemroot\system32\gasfkyvqjorpsn.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\gasfkyxsimdtwc\modules@gasfkylog.dat \systemroot\system32\gasfkyhmtcunje.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\gasfkyxsimdtwc\modules@gasfkywsp.dll \systemroot\system32\gasfkydyuxepiu.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\gasfkyxsimdtwc\modules@gasfky.dat \systemroot\system32\gasfkybnhkqtpo.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\gasfkyxsimdtwc\modules@gasfkywsp8.dll \systemroot\system32\gasfkyooftmiea.dll
Reg HKLM\SYSTEM\ControlSet003\Services\gasfkyxsimdtwc@start 4
Reg HKLM\SYSTEM\ControlSet003\Services\gasfkyxsimdtwc@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\gasfkyxsimdtwc@group file system
Reg HKLM\SYSTEM\ControlSet003\Services\gasfkyxsimdtwc@imagepath \systemroot\system32\drivers\gasfkykfpqcmtv.sys
Reg HKLM\SYSTEM\ControlSet003\Services\gasfkyxsimdtwc\main (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\gasfkyxsimdtwc\main@aid 20025
Reg HKLM\SYSTEM\ControlSet003\Services\gasfkyxsimdtwc\main@sid 0
Reg HKLM\SYSTEM\ControlSet003\Services\gasfkyxsimdtwc\main@cmddelay 14400
Reg HKLM\SYSTEM\ControlSet003\Services\gasfkyxsimdtwc\main\delete (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\gasfkyxsimdtwc\main\injector (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\gasfkyxsimdtwc\main\injector@* gasfkywsp8.dll
Reg HKLM\SYSTEM\ControlSet003\Services\gasfkyxsimdtwc\main\tasks (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\gasfkyxsimdtwc\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\gasfkyxsimdtwc\modules@gasfkyrk.sys \systemroot\system32\drivers\gasfkykfpqcmtv.sys
Reg HKLM\SYSTEM\ControlSet003\Services\gasfkyxsimdtwc\modules@gasfkycmd.dll \systemroot\system32\gasfkyvqjorpsn.dll
Reg HKLM\SYSTEM\ControlSet003\Services\gasfkyxsimdtwc\modules@gasfkylog.dat \systemroot\system32\gasfkyhmtcunje.dat
Reg HKLM\SYSTEM\ControlSet003\Services\gasfkyxsimdtwc\modules@gasfkywsp.dll \systemroot\system32\gasfkydyuxepiu.dll
Reg HKLM\SYSTEM\ControlSet003\Services\gasfkyxsimdtwc\modules@gasfky.dat \systemroot\system32\gasfkybnhkqtpo.dat
Reg HKLM\SYSTEM\ControlSet003\Services\gasfkyxsimdtwc\modules@gasfkywsp8.dll \systemroot\system32\gasfkyooftmiea.dll

---- EOF - GMER 1.0.15 ----

debbie76
Intermediate
Intermediate

Posts Posts : 84
Joined Joined : 2009-09-23
OS OS : vista
Points Points : 27151
# Likes # Likes : 0

View user profile

Back to top Go down

Re: total security, hellish virus thing!!

Post by debbie76 on 25th September 2009, 8:47 pm

This is everything that you asked me for i hope it is right!!!


Kind Regards

debbie76
Intermediate
Intermediate

Posts Posts : 84
Joined Joined : 2009-09-23
OS OS : vista
Points Points : 27151
# Likes # Likes : 0

View user profile

Back to top Go down

Re: total security, hellish virus thing!!

Post by Belahzur on 26th September 2009, 12:12 am

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: total security, hellish virus thing!!

Post by debbie76 on 26th September 2009, 8:06 am

I did everything that was asked and now i closed the page by mistake with the results on and when i have located it it won't let me open it and comes up with a sign saying illegal operation attempted on a registry key that has been marked for deletion!!!! so what do i do now?

debbie76
Intermediate
Intermediate

Posts Posts : 84
Joined Joined : 2009-09-23
OS OS : vista
Points Points : 27151
# Likes # Likes : 0

View user profile

Back to top Go down

Re: total security, hellish virus thing!!

Post by Belahzur on 26th September 2009, 6:31 pm

Re-run GMER, and when the new log opens, check if this is still there at the bottom of the log:

"Service C:\Windows\system32\drivers\gasfkykfpqcmtv.sys (*** hȋdden *** ) [DISABLED] gasfkyxsimdtwc <-- ROOTKIT !!!"


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: total security, hellish virus thing!!

Post by debbie76 on 27th September 2009, 1:34 pm

Hi, I have checked to see if it is at the bottom and it isn't there!!

debbie76
Intermediate
Intermediate

Posts Posts : 84
Joined Joined : 2009-09-23
OS OS : vista
Points Points : 27151
# Likes # Likes : 0

View user profile

Back to top Go down

Re: total security, hellish virus thing!!

Post by debbie76 on 27th September 2009, 1:36 pm

Just taken another look at it and it is there but not right at the bottom of the page maybe three quarters of the way down.

debbie76
Intermediate
Intermediate

Posts Posts : 84
Joined Joined : 2009-09-23
OS OS : vista
Points Points : 27151
# Likes # Likes : 0

View user profile

Back to top Go down

combo fix results!

Post by debbie76 on 27th September 2009, 1:43 pm

ComboFix 09-09-25.01 - Robert Hornshaw 26/09/2009 8:33.1.4 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3292.2139 [GMT 1:00]
Running from: c:\users\Robert Hornshaw\Downloads\combo-fix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2587230002-3812537154-1661091937-500
c:\$recycle.bin\S-1-5-21-2773397201-2855733099-4214572315-500
c:\program files\FunWebProducts
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
c:\program files\MyWebSearch\bar\1.bin\F3CJpeg.dll
c:\program files\MyWebSearch\bar\1.bin\F3DTactl.dll
c:\program files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HKSTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HTmlmu.dll
c:\program files\MyWebSearch\bar\1.bin\F3HTtpct.dll
c:\program files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
c:\program files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
c:\program files\MyWebSearch\bar\1.bin\F3REGHK.DLL
c:\program files\MyWebSearch\bar\1.bin\F3REPROX.DLL
c:\program files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
c:\program files\MyWebSearch\bar\1.bin\F3SCrctr.dll
c:\program files\MyWebSearch\bar\1.bin\F3SPACER.WMV
c:\program files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
c:\program files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
c:\program files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE
c:\program files\MyWebSearch\bar\1.bin\M3HTml.dll
c:\program files\MyWebSearch\bar\1.bin\M3IDLE.DLL
c:\program files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
c:\program files\MyWebSearch\bar\1.bin\M3MEDINT.EXE
c:\program files\MyWebSearch\bar\1.bin\M3MSG.DLL
c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\M3OUtlcn.dll
c:\program files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
c:\program files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
c:\program files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSBAR.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSSrcas.dll
c:\program files\MyWebSearch\bar\1.bin\MWSSVC.EXE
c:\program files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S
c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files\MyWebSearch\bar\Game\CHESS.F3S
c:\program files\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files\MyWebSearch\bar\icons\CM.ICO
c:\program files\MyWebSearch\bar\icons\MFC.ICO
c:\program files\MyWebSearch\bar\icons\PSS.ICO
c:\program files\MyWebSearch\bar\icons\SMILEY.ICO
c:\program files\MyWebSearch\bar\icons\WB.ICO
c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO
c:\program files\MyWebSearch\bar\Message\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\DOG.F3S
c:\program files\MyWebSearch\bar\Notifier\FISH.F3S
c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\program files\MyWebSearch\bar\Notifier\MAID.F3S
c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S
c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\windows\system32\drivers\gasfkykfpqcmtv.sys
c:\windows\system32\f3PSSavr.scr
c:\windows\system32\gasfkybnhkqtpo.dat
c:\windows\system32\gasfkydyuxepiu.dll
c:\windows\system32\gasfkyhmtcunje.dat
c:\windows\system32\gasfkyvqjorpsn.dll
c:\windows\System32\ieHElpmod.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_gasfkyxsimdtwc
-------\Service_gasfkyxsimdtwc
-------\Service_MyWebSearchService


((((((((((((((((((((((((( Files Created from 2009-08-26 to 2009-09-26 )))))))))))))))))))))))))))))))
.

2009-09-24 18:10 . 2009-09-24 18:10 -------- d-----w- c:\users\Robert Hornshaw\AppData\Roaming\Malwarebytes
2009-09-24 18:10 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-24 18:09 . 2009-09-24 18:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-24 18:09 . 2009-09-24 18:09 -------- d-----w- c:\programdata\Malwarebytes
2009-09-24 18:09 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-24 07:04 . 2009-09-24 07:04 -------- d-----w- c:\program files\Trend Micro
2009-09-23 15:51 . 2009-09-24 16:35 -------- d-----w- c:\users\Robert Hornshaw\AppData\Local\CrashDumps
2009-09-23 14:22 . 2009-09-23 14:29 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-09-23 14:22 . 2009-09-23 14:22 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-09-23 14:21 . 2009-09-23 14:21 -------- d-----w- c:\windows\system32\drivers\NAV
2009-09-23 14:21 . 2009-09-23 14:21 -------- d-----w- c:\program files\Norton AntiVirus
2009-09-23 14:21 . 2009-09-23 14:21 -------- d-----w- c:\program files\NortonInstaller
2009-09-20 19:32 . 2009-09-20 19:32 -------- d-----w- c:\programdata\Messenger Plus!
2009-09-20 16:55 . 2009-09-20 16:55 -------- d-----w- c:\program files\Common Files\TSUninstall
2009-09-20 16:53 . 2009-09-25 12:30 -------- d-----w- c:\program files\TS
2009-09-10 08:00 . 2009-08-14 16:27 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-09-10 08:00 . 2009-08-14 13:49 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-09-10 08:00 . 2009-08-14 13:49 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-09-10 08:00 . 2009-08-14 13:49 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-09-10 08:00 . 2009-08-14 13:49 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-09-10 08:00 . 2009-08-14 13:49 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-09-10 08:00 . 2009-08-14 13:49 10240 ----a-w- c:\windows\system32\finger.exe
2009-09-10 08:00 . 2009-08-14 13:48 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-09-10 08:00 . 2009-08-14 13:48 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-09-10 08:00 . 2009-08-14 15:53 17920 ----a-w- c:\windows\system32\netevent.dll
2009-09-10 08:00 . 2009-08-14 13:49 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-09-10 07:59 . 2009-07-11 19:01 513536 ----a-w- c:\windows\system32\wlansvc.dll
2009-09-10 07:59 . 2009-07-11 19:01 302592 ----a-w- c:\windows\system32\wlansec.dll
2009-09-10 07:59 . 2009-07-11 19:01 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2009-09-10 07:59 . 2009-07-11 19:01 65024 ----a-w- c:\windows\system32\wlanapi.dll
2009-09-10 07:59 . 2009-07-11 17:03 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2009-09-10 07:59 . 2009-06-10 11:41 2868224 ----a-w- c:\windows\system32\mf.dll
2009-08-28 15:15 . 2009-08-28 15:16 -------- d-----w- c:\windows\system32\ca-ES
2009-08-28 15:15 . 2009-08-28 15:16 -------- d-----w- c:\windows\system32\eu-ES
2009-08-28 15:15 . 2009-08-28 15:16 -------- d-----w- c:\windows\system32\vi-VN
2009-08-28 14:29 . 2009-08-28 14:29 -------- d-----w- c:\windows\system32\EventProviders
2009-08-27 09:30 . 2009-06-22 10:09 2048 ----a-w- c:\windows\system32\tzres.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-25 20:21 . 2009-05-07 03:42 -------- d-----w- c:\programdata\Microsoft Help
2009-09-23 14:22 . 2009-09-23 14:22 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-09-23 14:22 . 2009-09-23 14:22 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-09-23 14:22 . 2009-06-21 13:16 -------- d-----w- c:\program files\Symantec
2009-09-23 14:21 . 2009-06-21 13:15 -------- d-----w- c:\programdata\Norton
2009-09-23 14:21 . 2009-06-21 13:09 -------- d-----w- c:\programdata\NortonInstaller
2009-09-20 20:26 . 2009-06-21 13:29 -------- d-----w- c:\programdata\Lx_cats
2009-09-20 16:39 . 2009-08-01 14:56 -------- d-----w- c:\program files\Messenger Plus! Live
2009-09-10 12:11 . 2009-05-07 03:40 -------- d-----w- c:\program files\Microsoft Silverlight
2009-08-28 15:16 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-08-28 15:16 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-08-28 15:16 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-08-28 15:16 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-08-28 15:16 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-08-28 15:16 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-08-28 15:16 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-08-21 11:54 . 2009-05-07 03:28 -------- d-----w- c:\program files\Microsoft Works
2009-08-21 11:10 . 2009-08-15 12:32 -------- d-----w- c:\program files\Google
2009-08-20 15:52 . 2009-06-21 13:17 -------- d-----w- c:\programdata\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
2009-08-20 15:51 . 2009-06-21 13:17 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-08-20 15:51 . 2009-06-21 13:17 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2009-08-18 13:57 . 2009-08-18 13:57 127832 ----a-w- c:\programdata\SPL2FF6.tmp
2009-08-15 12:32 . 2009-08-15 12:32 -------- d-----w- c:\program files\Common Files\xing shared
2009-08-15 12:32 . 2009-08-15 12:32 -------- d-----w- c:\program files\Common Files\Real
2009-08-15 12:32 . 2009-08-15 12:32 -------- d-----w- c:\program files\Real
2009-08-15 09:14 . 2009-06-22 10:58 40 ----a-w- c:\users\Robert Hornshaw\AppData\Roaming\wklnhst.dat
2009-08-14 12:52 . 2009-08-14 12:52 -------- d-----w- c:\users\Robert Hornshaw\AppData\Roaming\Template
2009-08-06 15:13 . 2009-08-06 15:12 -------- d-----w- c:\programdata\PopCap Games
2009-07-18 16:01 . 2009-07-29 16:09 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-07-18 11:35 . 2009-07-29 16:09 828416 ----a-w- c:\windows\system32\wininet.dll
2009-07-17 13:54 . 2009-08-13 14:33 71680 ----a-w- c:\windows\system32\atl.dll
2009-07-15 12:40 . 2009-08-13 14:32 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-07-15 12:39 . 2009-08-13 14:32 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-15 12:39 . 2009-08-13 14:32 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-07-15 12:39 . 2009-08-13 14:32 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-05-07 11:44 . 2009-05-07 11:41 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-20 39408]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-02 3882312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-23 150552]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-01-29 206064]
"diagnostics"="c:\program files\Thomson\ST330\diagnostics\diagnostics.exe" [2009-06-21 557149]
"lxdnmon.exe"="c:\program files\Lexmark 2600 Series\lxdnmon.exe" [2008-03-27 660136]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2008-05-21 451896]
"Malwarebytes Anti-Malware (rootkit-scan)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-07-18 6246400]

c:\users\Robert Hornshaw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-27 1316192]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-05-07 03:31 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=""
"FirewallOverride"=""
"UpdatesDisableNotify"=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):f2,a4,65,52,f3,27,ca,01

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{5A1FA1EA-F1B3-4F58-825A-9EF2803C50A4}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{C5FAFAD4-C758-4EA6-908E-527BED9310DD}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{6A30DA07-2A55-432B-8F8E-FE84A1F3290C}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{84ED107A-6E5C-431A-829D-969D3ACF964F}"= UDP:c:\temp\Thomson\Installer.exe:SpeedTouch Home Install Wizard
"{A47B9268-E9E5-4940-8C02-078E80032B3C}"= TCP:c:\temp\Thomson\Installer.exe:SpeedTouch Home Install Wizard
"{3DF131A0-5AF2-426F-AE1A-331A27735D67}"= UDP:c:\program files\Thomson\ST330\service\st330service.exe:ST330 service
"{35456785-B615-4850-A193-58D33A10DF3A}"= TCP:c:\program files\Thomson\ST330\service\st330service.exe:ST330 service
"{43CB9605-B552-4483-9723-93F748DE14C4}"= UDP:c:\windows\System32\lxdncoms.exe:Lexmark Communications System
"{27E39C45-709C-46DE-8987-6650ACE0208F}"= TCP:c:\windows\System32\lxdncoms.exe:Lexmark Communications System
"{19D83132-FB43-4313-9931-3D24A132E52A}"= UDP:c:\program files\Lexmark 2600 Series\lxdnamon.exe:Lexmark Device Monitor
"{42A88315-B474-44DE-990F-AE4F2B509E5C}"= TCP:c:\program files\Lexmark 2600 Series\lxdnamon.exe:Lexmark Device Monitor
"{9B284FE5-381C-42DB-9CDA-30DACA0869A7}"= UDP:c:\program files\Lexmark 2600 Series\frun.exe:Lexmark Productivity Studio
"{D566A54C-A5E2-40F0-8EF4-544BAA2D2E1C}"= TCP:c:\program files\Lexmark 2600 Series\frun.exe:Lexmark Productivity Studio
"{BE7CEF1B-2C04-42FA-9DA8-660A35BF6BC2}"= UDP:c:\program files\Lexmark 2600 Series\lxdnmon.exe:Printer Device Monitor
"{D0B5792A-8358-4BBD-B45F-58ACF6F00101}"= TCP:c:\program files\Lexmark 2600 Series\lxdnmon.exe:Printer Device Monitor
"{A0394046-1A7D-435E-9118-38B81838F99A}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxdnpswx.exe:Printer Status Window Interface
"{A1A415A1-E5F8-41E9-A153-B2D017884C78}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxdnpswx.exe:Printer Status Window Interface
"{44C239BD-DB61-443B-A617-8503C9211135}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxdntime.exe:Lexmark Connect Time Executable
"{2CC80878-552E-4CC2-8054-6CE167EA4792}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxdntime.exe:Lexmark Connect Time Executable
"{C3DB1580-1139-424D-A3C4-6A08B9576D24}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxdnjswx.exe:Job Status Window Interface
"{CCD07AD0-BA84-4124-8D94-E5FA23612659}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxdnjswx.exe:Job Status Window Interface
"{A95A1F38-8624-4B66-874F-1D2F6C927D1B}"= TCP:67:DHCP Discovery Service
"{3085A600-4BA7-4923-89F5-2AB2D732A81A}"= UDP:c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:Pure Networks Platform Service
"{3803BFC0-5A8B-4C67-922A-1EB8DD9D720B}"= TCP:c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:Pure Networks Platform Service

R0 SymDS;Symantec Data Store;c:\windows\System32\drivers\NAV\1100000.088\SymDS.sys [23/09/2009 15:21 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\System32\drivers\NAV\1100000.088\SymEFA.sys [23/09/2009 15:21 169008]
R1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20090911.001\BHDrvx86.sys [11/09/2009 23:45 507440]
R1 ccHP;Symantec Hash Provider;c:\windows\System32\drivers\NAV\1100000.088\ccHPx86.sys [23/09/2009 15:21 501888]
R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20090911.001\IDSvix86.sys [23/09/2009 16:39 342576]
R1 jswpslwf;JumpStart reƖ Filter Driver;c:\windows\System32\drivers\jswpslwf.sys [01/10/2008 16:44 20384]
R1 SymIRON;Symantec Iron Driver;c:\windows\System32\drivers\NAV\1100000.088\Ironx86.sys [23/09/2009 15:21 114736]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\drivers\NAV\1100000.088\symtdiv.sys [23/09/2009 15:21 338480]
R2 AERTFilters;Andrea RT Filters Service;c:\windows\System32\AERTSrv.exe [07/05/2009 13:04 73728]
R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [18/12/2008 13:05 155648]
R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]
R2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\System32\spool\drivers\w32x86\3\lxdnserv.exe [28/02/2008 00:07 98984]
R2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\17.0.0.136\ccSvcHst.exe [23/09/2009 15:21 126392]
R2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\System32\drivers\RtNdPt60.sys [07/05/2009 04:24 27648]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [24/09/2009 16:13 102448]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\System32\drivers\IntcHdmi.sys [07/05/2009 13:04 112128]
S2 EraserSvc10922;Symantec Eraser Service;c:\program files\Norton AntiVirus\Engine\17.0.0.136\ccSvcHst.exe [23/09/2009 15:21 126392]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\NETGEAR\WN111v2\jswpsapi.exe --> c:\program files\NETGEAR\WN111v2\jswpsapi.exe [?]
S3 PCD5SRVC{3F6A8B78-EC003E00-05040104};PCD5SRVC{3F6A8B78-EC003E00-05040104} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms [05/11/2008 00:16 22904]
.
Contents of the 'Scheduled Tasks' folder

2009-09-26 c:\windows\Tasks\RtlNICDiagVistaStart.job
- c:\program files\Realtek\RTNICDiag\RTNICDiag.exe [2009-05-07 11:18]

2009-09-25 c:\windows\Tasks\User_Feed_Synchronization-{3029CC5B-A8AC-4EB4-BEDF-4B0C09E576F6}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
IE: &Search - [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-MyWebSearch Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL
AddRemove-TS - c:\program files\TS\tsc.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-09-26 08:42
Windows 6.0.6002 Service Pack 2 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NAV]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\17.0.0.136\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\17.0.0.136\diMaster.dll\" /prefetch:1"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCD5SRVC{3F6A8B78-EC003E00-05040104}]
"ImagePath"="\??\c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\st330service]
"ImagePath"="C:\Program Files/Thomson/ST330/service/st330service.exe -service"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(5244)
c:\program files\Common Files\Pure Networks Shared\Platform\10.2.8216.0.nmcorePS.dll
c:\program files\Pure Networks\Network Magic\nmrsrc.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Thomson\ST330\service\st330service.exe
c:\windows\System32\lxdncoms.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\windows\System32\WUDFHost.exe
c:\windows\System32\dllhost.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\System32\igfxsrvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Dell Support Center\gs_agent\dsc.exe
c:\windows\System32\wbem\WMIADAP.exe
.
**************************************************************************
.
Completion time: 2009-09-26 8:44 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-26 07:44

Pre-Run: 447,814,729,728 bytes free
Post-Run: 448,219,844,608 bytes free

308 --- E O F --- 2009-09-10 12:13

debbie76
Intermediate
Intermediate

Posts Posts : 84
Joined Joined : 2009-09-23
OS OS : vista
Points Points : 27151
# Likes # Likes : 0

View user profile

Back to top Go down

Re: total security, hellish virus thing!!

Post by debbie76 on 27th September 2009, 1:46 pm

here are the results of the combo fix results as required and the virus has completely gone!!! Does that mean that is it? If so i will be recommending your site to other people if they have problems as you have been so so helpful, will also be making a donation to say thankyou for everthing.

Kind regards
Debbie

debbie76
Intermediate
Intermediate

Posts Posts : 84
Joined Joined : 2009-09-23
OS OS : vista
Points Points : 27151
# Likes # Likes : 0

View user profile

Back to top Go down

Re: total security, hellish virus thing!!

Post by Belahzur on 27th September 2009, 5:13 pm

One more thing to do.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: total security, hellish virus thing!!

Post by debbie76 on 27th September 2009, 5:36 pm

Malwarebytes' Anti-Malware 1.41
Database version: 2865
Windows 6.0.6002 Service Pack 2

27/09/2009 18:27:37
mbam-log-2009-09-27 (18-27-37).txt

Scan type: Quick Scan
Objects scanned: 86166
Time elapsed: 3 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 59
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 9

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1e0de227-5ce4-4ea3-ab0c-8b03e1aa76bc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\(default) (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\Common Files\TSUninstall (Rogue.TotalSecurity) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\Common Files\TSUninstall\Uninstall.lnk (Rogue.TotalSecurity) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\TS\Computer Scan.lnk (Rogue.TotalSecurity) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\TS\Help.lnk (Rogue.TotalSecurity) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\TS\Registration.lnk (Rogue.TotalSecurity) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\TS\Security Center.lnk (Rogue.TotalSecurity) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\TS\Settings.lnk (Rogue.TotalSecurity) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\TS\Total Security.lnk (Rogue.TotalSecurity) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\TS\Update.lnk (Rogue.TotalSecurity) -> Quarantined and deleted successfully.
C:\Users\Robert Hornshaw\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\TS.lnk (Rogue.TotalSecurity) -> Quarantined and deleted successfully.

debbie76
Intermediate
Intermediate

Posts Posts : 84
Joined Joined : 2009-09-23
OS OS : vista
Points Points : 27151
# Likes # Likes : 0

View user profile

Back to top Go down

Re: total security, hellish virus thing!!

Post by Belahzur on 27th September 2009, 5:44 pm

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: total security, hellish virus thing!!

Post by debbie76 on 28th September 2009, 7:29 am

How do i get that last window up that you have told me to run please?

debbie76
Intermediate
Intermediate

Posts Posts : 84
Joined Joined : 2009-09-23
OS OS : vista
Points Points : 27151
# Likes # Likes : 0

View user profile

Back to top Go down

Re: total security, hellish virus thing!!

Post by Origin on 28th September 2009, 2:42 pm

I see you are running Vista, in vista the run command is hȋdden so you will have to use the keyboard shortcut, to open up run please do the following:

Click and hold on the windows key (it should be on the bottom left of your keyboard between Ctrl and ALT) once you have located the windows key click and hold it and then press the "R" key.

So in general: Windows key + R, then the run window should pop up. Once it appears you can then input the following:

ComboFix /u


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31503
# Likes # Likes : 0

View user profile

Back to top Go down

Re: total security, hellish virus thing!!

Post by debbie76 on 28th September 2009, 6:09 pm

it's saying it can't be found

debbie76
Intermediate
Intermediate

Posts Posts : 84
Joined Joined : 2009-09-23
OS OS : vista
Points Points : 27151
# Likes # Likes : 0

View user profile

Back to top Go down

Re: total security, hellish virus thing!!

Post by Belahzur on 28th September 2009, 6:28 pm

Hello.
Doesn't matter then, sometimes the uninstall command works, sometimes it doesn't.

Just delete Qoobox folder from the C: drive, then this should be fine.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: total security, hellish virus thing!!

Post by debbie76 on 29th September 2009, 6:58 am

thankyou so much for all of your help and patience, it has been much appreciated.

Kind regards
Mrs Debbie Hornshaw x

debbie76
Intermediate
Intermediate

Posts Posts : 84
Joined Joined : 2009-09-23
OS OS : vista
Points Points : 27151
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum