Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot update Windows Defender or Spy sweeper Definitions


  • Please log in to reply
9 replies to this topic

#1 chrisryanrey

chrisryanrey

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:25 AM

Posted 02 February 2009 - 01:29 PM

I am getting a message saying the program was unable to check for updates, and the same happens with windows defender .

I am also recently having a problem where i click on a link from google results and it opens in a new window and sometimes shows an ad or something entirely different .

thanks for the help . here is my Hijack this log.

( this is the first time im doing this so tell me if im doing it right )




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:27:07 PM, on 02/02/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\V0350Mon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: 65.54.239.80 messenger.hotmail.com
O1 - Hosts: 65.54.239.80 dp.msnmessenger.akadns.net
O1 - Hosts: ::1 localhost
O2 - BHO: Microsoft copyright - {32C620D6-CC10-4e6a-9715-BACACD5B0E61} - sxmg4.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [V0350Mon.exe] "C:\Windows\V0350Mon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [Internet Security Service] "c:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\svchost.exe"
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - HKCU\..\Run: [Systray] "C:\Windows\system32\rundll32.exe" sxmg4.dll,RunMain
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/...NPUplden-ca.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{802F68A0-6231-4321-B9AF-370D84E468DC}: NameServer = 85.255.115.36,85.255.112.132
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.36,85.255.112.132
O17 - HKLM\System\CS1\Services\Tcpip\..\{802F68A0-6231-4321-B9AF-370D84E468DC}: NameServer = 85.255.115.36,85.255.112.132
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.36,85.255.112.132
O17 - HKLM\System\CS2\Services\Tcpip\..\{802F68A0-6231-4321-B9AF-370D84E468DC}: NameServer = 85.255.115.36,85.255.112.132
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.36,85.255.112.132
O21 - SSODL: WebProxy - {A744F16C-B2D5-4138-81A2-085CDFCDE83A} - sxmg4.dll (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:01:25 AM

Posted 15 February 2009 - 09:55 AM

Hello chrisryanrey

Welcome to BleepingComputer :thumbup2:
========================

Please download DDS and save it to your desktop.
  • Disable any script blocking protection
  • Double click dds.scr to run the tool.
  • When done, DDS.txt will open.
  • Click Yes at the next prompt for Optional Scan.
  • Save both reports to your desktop.
---------------------------------------------------

Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.
================
Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any
"<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
  • Click NO
  • In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
  • Now click the Scan button.
    Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  • Save it where you can easily find it, such as your desktop.
Post the contents of GMER.txt in your next reply.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#3 chrisryanrey

chrisryanrey
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:25 AM

Posted 22 February 2009 - 09:21 PM

DDS (Ver_09-02-01.01) - NTFSx86
Run by CHRISTOPHER REYNOLDS at 15:35:31.49 on 22/02/2009
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.2.1033.18.893.361 [GMT -5:00]

AV: BitDefender Antivirus *On-access scanning disabled* (Updated)
FW: Webroot Internet Security Essentials *enabled*
FW: BitDefender Firewall *disabled*

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\V0350Mon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Webroot\WebrootSecurity\SSU.EXE
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\CHRISTOPHER REYNOLDS\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
BHO: Microsoft copyright: {32c620d6-cc10-4e6a-9715-bacacd5b0e61} - sxmg4.dll
BHO: WormRadar.com IESiteBlocker.NavFilter: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - AVG Safe Search
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [Internet Security Service] "c:\recycler\s-1-5-21-1482476501-1644491937-682003330-1013\svchost.exe"
uRun: [WMPNSCFG] "c:\program files\windows media player\WMPNSCFG.exe"
uRun: [Systray] "c:\windows\system32\rundll32.exe" sxmg4.dll,RunMain
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [V0350Mon.exe] "c:\windows\V0350Mon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [SpySweeper] "c:\program files\webroot\webrootsecurity\SpySweeperUI.exe" /startintray
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wirele~1.lnk - c:\program files\d-link\d-link rangebooster n dwa-142\wirelesscm.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
Trusted Zone: creative.com\www.support
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w3/resources/VistaMSNPUplden-ca.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
TCP: NameServer = 85.255.115.36,85.255.112.132
TCP: {802F68A0-6231-4321-B9AF-370D84E468DC} = 85.255.115.36,85.255.112.132
SSODL: WebProxy - {A744F16C-B2D5-4138-81A2-085CDFCDE83A} - sxmg4.dll

============= SERVICES / DRIVERS ===============

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2008-12-7 29808]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-1-21 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-1-21 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-1-21 51792]
S3 VF0350Afx;VF0350 Audio FX;c:\windows\system32\drivers\V0350Afx.sys [2008-9-1 142656]
S3 VF0350Vfx;VF0350 Video FX;c:\windows\system32\drivers\V0350Vfx.sys [2008-9-1 7424]
S3 VF0350Vid;Live! Cam Video Chat (VF0350);c:\windows\system32\drivers\V0350Vid.sys [2008-9-1 170368]

=============== Created Last 30 ================

2009-02-09 14:00 <DIR> --d----- c:\windows\USBdevice
2009-02-09 14:00 <DIR> --d----- c:\program files\D-Link
2009-02-05 11:15 <DIR> --d----- c:\program files\common files\PX Storage Engine
2009-02-05 11:15 <DIR> --d----- c:\windows\system32\IOSUBSYS
2009-02-03 23:34 <DIR> --d----- c:\program files\common files\eSellerate
2009-02-02 13:12 <DIR> --d----- c:\program files\Trend Micro
2009-01-28 10:20 1,553,272 a------- c:\windows\WRSetup.dll
2009-01-28 10:20 <DIR> --d----- c:\users\christ~1\appdata\roaming\Webroot
2009-01-28 10:20 <DIR> --d----- c:\programdata\Webroot
2009-01-28 10:20 <DIR> --d----- c:\program files\Webroot
2009-01-28 10:20 <DIR> --d----- c:\progra~2\Webroot
2009-01-24 12:36 <DIR> --d----- c:\programdata\Lavasoft

==================== Find3M ====================

2009-01-21 15:03 86,016 a------- c:\windows\inf\infstor.dat
2009-01-21 15:03 51,200 a------- c:\windows\inf\infpub.dat
2009-01-21 15:03 86,016 a------- c:\windows\inf\infstrng.dat
2009-01-19 20:52 81,984 a------- c:\windows\system32\bdod.bin
2008-11-22 03:04 56 a---h--- c:\programdata\ezsidmv.dat
2008-11-22 03:04 56 a---h--- c:\progra~2\ezsidmv.dat
2008-11-21 08:41 174 a--sh--- c:\program files\desktop.ini
2008-11-21 08:32 665,600 a------- c:\windows\inf\drvindex.dat
2006-11-02 07:39 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 07:39 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 07:39 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 07:39 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 15:38:36.96 ===============










GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-02-22 21:13:33
Windows 6.0.6001 Service Pack 1


---- System - GMER 1.0.14 ----

SSDT 83885A80 ZwAllocateVirtualMemory
SSDT 83884BD8 ZwCreateKey
SSDT 83885FA8 ZwCreateProcess
SSDT 83885F30 ZwCreateProcessEx
SSDT 83885D50 ZwCreateThread
SSDT 842222F8 ZwDeleteKey
SSDT 83885020 ZwDeleteValueKey
SSDT 83885AF8 ZwQueueApcThread
SSDT 83885990 ZwReadVirtualMemory
SSDT 84222280 ZwRenameKey
SSDT 83885BE8 ZwSetContextThread
SSDT 84222208 ZwSetInformationKey
SSDT 83885E40 ZwSetInformationProcess
SSDT 83885C60 ZwSetInformationThread
SSDT 84222190 ZwSetValueKey
SSDT 83885DC8 ZwSuspendProcess
SSDT 83885B70 ZwSuspendThread
SSDT 83885EB8 ZwTerminateProcess
SSDT 83885CD8 ZwTerminateThread
SSDT 83885A08 ZwWriteVirtualMemory
SSDT 838858A0 ZwCreateThreadEx
SSDT 83885918 ZwCreateUserProcess

---- Kernel code sections - GMER 1.0.14 ----

.text ntkrnlpa.exe!KeSetTimerEx + 364 81AC5928 4 Bytes [ 80, 5A, 88, 83 ]
.text ntkrnlpa.exe!KeSetTimerEx + 41C 81AC59E0 4 Bytes [ D8, 4B, 88, 83 ]
.text ntkrnlpa.exe!KeSetTimerEx + 43C 81AC5A00 8 Bytes [ A8, 5F, 88, 83, 30, 5F, 88, ... ]
.text ntkrnlpa.exe!KeSetTimerEx + 454 81AC5A18 4 Bytes [ 50, 5D, 88, 83 ]
.text ntkrnlpa.exe!KeSetTimerEx + 508 81AC5ACC 4 Bytes [ F8, 22, 22, 84 ]
.text ...

---- User code sections - GMER 1.0.14 ----

.text C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe[3172] kernel32.dll!CreateThread + 1A 772346E2 4 Bytes [ 7A, C0, 21, 89 ]
.text C:\Program Files\Webroot\WebrootSecurity\SSU.EXE[3496] ntdll.dll!KiUserExceptionDispatcher + A 77C399F2 5 Bytes JMP 00016B30 C:\Program Files\Webroot\WebrootSecurity\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))
.text C:\Program Files\Webroot\WebrootSecurity\SSU.EXE[3496] kernel32.dll!VirtualProtect 771F1DD1 5 Bytes JMP 00017AD0 C:\Program Files\Webroot\WebrootSecurity\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))
.text C:\Program Files\Webroot\WebrootSecurity\SSU.EXE[3496] kernel32.dll!LoadLibraryExW 772130C3 3 Bytes JMP 00017280 C:\Program Files\Webroot\WebrootSecurity\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))
.text C:\Program Files\Webroot\WebrootSecurity\SSU.EXE[3496] kernel32.dll!LoadLibraryExW + 4 772130C7 1 Byte [ 88 ]
.text C:\Program Files\Webroot\WebrootSecurity\SSU.EXE[3496] kernel32.dll!VirtualFree 77231866 5 Bytes JMP 00017AB0 C:\Program Files\Webroot\WebrootSecurity\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))
.text C:\Program Files\Webroot\WebrootSecurity\SSU.EXE[3496] kernel32.dll!VirtualAlloc 7723B86F 5 Bytes JMP 00017A80 C:\Program Files\Webroot\WebrootSecurity\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))
.text C:\Program Files\Webroot\WebrootSecurity\SSU.EXE[3496] kernel32.dll!CreateFileA 7723CF71 5 Bytes JMP 00017280 C:\Program Files\Webroot\WebrootSecurity\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))
.text C:\Program Files\Internet Explorer\iexplore.exe[5020] USER32.dll!DialogBoxIndirectParamW 777DBD25 5 Bytes JMP 70365BF3 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5020] USER32.dll!DialogBoxParamW 777F1FD5 5 Bytes JMP 70365B7D C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5020] USER32.dll!DialogBoxParamA 778180B2 5 Bytes JMP 70365BB8 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5020] USER32.dll!DialogBoxIndirectParamA 778183DD 5 Bytes JMP 70365C2E C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5020] USER32.dll!MessageBoxIndirectA 7782D471 5 Bytes JMP 70365B39 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5020] USER32.dll!MessageBoxIndirectW 7782D56B 5 Bytes JMP 70365AF5 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5020] USER32.dll!MessageBoxExA 7782D5D1 5 Bytes JMP 70365ABB C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5020] USER32.dll!MessageBoxExW 7782D5F5 5 Bytes JMP 70365A81 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5020] SHELL32.dll!SHRestricted + DFD 766B8390 4 Bytes [ 99, 0B, 83, 6B ]
.text C:\Program Files\Internet Explorer\iexplore.exe[5020] SHELL32.dll!SHRestricted + E05 766B8398 8 Bytes [ A7, 0A, 83, 6B, A4, 32, 82, ... ]
.text C:\Program Files\Internet Explorer\iexplore.exe[5020] SHELL32.dll!SHBindToObject + 693 766BA9B8 4 Bytes [ 99, 0B, 83, 6B ]
.text C:\Program Files\Internet Explorer\iexplore.exe[5020] SHELL32.dll!SHBindToObject + 69B 766BA9C0 4 Bytes [ A7, 0A, 83, 6B ]

---- User IAT/EAT - GMER 1.0.14 ----

IAT C:\Windows\system32\services.exe[584] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00060002
IAT C:\Windows\system32\services.exe[584] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 00060000
IAT C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe[3172] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!QueueUserWorkItem] [004508B8] C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe (Spy Sweeper Client Executable/Webroot Software, Inc.)
IAT C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe[3172] @ C:\Windows\system32\shell32.dll [KERNEL32.dll!QueueUserWorkItem] [004508B8] C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe (Spy Sweeper Client Executable/Webroot Software, Inc.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6B81D537] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6B81D09C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CopyFileW] [6B81B6A1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6B81D221] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CreateFileW] [6B81BD1B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SearchPathW] [6B81F233] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!DeleteFileW] [6B81C301] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SearchPathW] [6B81F233] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6B81D537] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CopyFileW] [6B81B6A1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!MoveFileW] [6B81DE50] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!DeleteFileW] [6B81C301] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetCurrentDirectoryW] [6B81F49D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindClose] [6B820D4C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindNextFileW] [6B81FC09] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindFirstFileW] [6B8202A5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6B81D09C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateFileW] [6B81BD1B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!WritePrivateProfileStringW] [6B81B114] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6B81D221] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetPrivateProfileStringW] [6B81A970] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegQueryInfoKeyW] [6B82DB0F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegEnumValueW] [6B82E479] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegOpenKeyExW] [6B82CB9D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegQueryValueExW] [6B82D773] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegDeleteKeyW] [6B82CEA5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegCreateKeyExW] [6B82C625] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegCloseKey] [6B82CD09] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6B81D221] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!ReplaceFileW] [6B81E151] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!WritePrivateProfileStringW] [6B81B114] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringW] [6B81A970] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringA] [6B81A819] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!DeleteFileW] [6B81C301] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6B81D537] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesW] [6B818D54] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [6B81BD1B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileW] [6B8202A5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileW] [6B81FC09] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathW] [6B81F233] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesW] [6B818AFB] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesA] [6B818C26] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] [6B81BBD2] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileA] [6B81FF42] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileA] [6B81FB96] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindClose] [6B820D4C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathA] [6B81EFA8] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesA] [6B8189D0] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6B81D09C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!WinHelpW] [6B81CF65] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!WinHelpA] [6B81CE2E] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCloseKey] [6B82CD09] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExA] [6B82C49D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteKeyA] [6B82CD5C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryInfoKeyA] [6B82D913] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExA] [6B82CA25] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExW] [6B82C625] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExW] [6B82CB9D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyExW] [6B82E169] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueW] [6B82D437] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteKeyW] [6B82CEA5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryInfoKeyW] [6B82DB0F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExW] [6B82D773] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumValueW] [6B82E479] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyW] [6B82DE75] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyExA] [6B82DFE1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumValueA] [6B82E2F1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyA] [6B82DD0B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExA] [6B82D5D3] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionW] [6B81A460] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindNextFileW] [6B81FC09] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!ReplaceFileW] [6B81E151] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionNamesW] [6B81A6E2] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileSectionW] [6B81AE92] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileStringW] [6B81B114] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateHardLinkW] [6B81C023] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CopyFileW] [6B81B6A1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetBinaryTypeW] [6B819700] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6B81D537] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileW] [6B81DE50] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindFirstFileW] [6B8202A5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindClose] [6B820D4C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetShortPathNameA] [6B819362] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesA] [6B8189D0] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SearchPathW] [6B81F233] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileIntW] [6B81A1D8] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileStringW] [6B81A970] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!RemoveDirectoryW] [6B81EAD0] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateDirectoryW] [6B81E4F9] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!DeleteFileW] [6B81C301] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetFileAttributesW] [6B818D54] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesW] [6B818AFB] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW] [6B81DE75] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetShortPathNameW] [6B8194A1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6B81D221] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] [6B81BD1B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesExW] [6B818FC1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6B81D09C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetLongPathNameW] [6B819231] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetCurrentDirectoryW] [6B81F49D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\SHELL32.dll [USER32.dll!LoadImageW] [6B81C58B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\SHELL32.dll [USER32.dll!WinHelpW] [6B81CF65] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\SHELL32.dll [USER32.dll!PrivateExtractIconsW] [6B81CA80] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyExW] [6B82CB9D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegCreateKeyExW] [6B82C625] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegEnumKeyW] [6B82DE75] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegEnumValueW] [6B82E479] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegDeleteKeyW] [6B82CEA5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryInfoKeyW] [6B82DB0F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryInfoKeyA] [6B82D913] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegEnumKeyExW] [6B82E169] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegSetValueW] [6B82D13F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryValueExW] [6B82D773] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryValueW] [6B82D437] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyW] [6B82C8E9] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegCreateKeyW] [6B82C35D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryValueExA] [6B82D5D3] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyExA] [6B82CA25] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegCloseKey] [6B82CD09] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtQueryDirectoryFile] [6B8291AC] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FindClose] [6B820D4C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FindFirstFileW] [6B8202A5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6B81D537] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!SearchPathW] [6B81F233] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!DeleteFileW] [6B81C301] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetShortPathNameW] [6B8194A1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileAttributesExW] [6B818FC1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateFileW] [6B81BD1B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6B81D221] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileAttributesW] [6B818AFB] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6B81D09C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegSetValueW] [6B82D13F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueA] [6B027C75] C:\Windows\AppPatch\AcSpecfc.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegEnumKeyExW] [6B82E169] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegEnumValueW] [6B82E479] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegEnumKeyA] [6B82DD0B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegDeleteKeyA] [6B82CD5C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryInfoKeyW] [6B82DB0F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryInfoKeyA] [6B82D913] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueW] [6B82D437] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegEnumKeyW] [6B82DE75] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegCloseKey] [6B82CD09] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueExW] [6B82D773] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyExW] [6B82CB9D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegDeleteKeyW] [6B82CEA5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegCreateKeyExW] [6B82C625] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueExA] [6B82D5D3] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyExA] [6B82CA25] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueW] [6B825CFD] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueA] [6B825C9F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathUnExpandEnvStringsA] [6B824D95] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteKeyA] [6B8250AF] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteValueW] [6B82519F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathCreateFromUrlW] [6B8240A2] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueA] [6B825357] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueA] [6B82619F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueW] [6B8253B2] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueW] [6B8261FA] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5020] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathCombineW] [6B823FFB] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

---- Devices - GMER 1.0.14 ----

AttachedDevice \FileSystem\Ntfs \Ntfs ssfs0bbc.sys (Spy Sweeper FileSystem Filter Driver/Webroot Software, Inc. (www.webroot.com))
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \FileSystem\fastfat \Fat ssfs0bbc.sys (Spy Sweeper FileSystem Filter Driver/Webroot Software, Inc. (www.webroot.com))
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Services - GMER 1.0.14 ----

Service system32\drivers\gaopdxdpbvfvpf.sys (*** hidden *** ) [SYSTEM] gaopdxserv.sys <-- ROOTKIT !!!

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys@imagepath \systemroot\system32\drivers\gaopdxdpbvfvpf.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet002\Services\gaopdxserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet002\Services\gaopdxserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet002\Services\gaopdxserv.sys@imagepath \systemroot\system32\drivers\gaopdxdpbvfvpf.sys
Reg HKLM\SYSTEM\ControlSet002\Services\gaopdxserv.sys@group file system

---- EOF - GMER 1.0.14 ----

Attached Files



#4 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:01:25 AM

Posted 23 February 2009 - 08:24 AM

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3


* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#5 chrisryanrey

chrisryanrey
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:25 AM

Posted 23 February 2009 - 10:14 PM

ComboFix 09-02-21.01 - CHRISTOPHER REYNOLDS 2009-02-23 21:49:10.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.893.348 [GMT -5:00]
Running from: c:\users\CHRISTOPHER REYNOLDS\Desktop\ComboFix.exe
AV: BitDefender Antivirus *On-access scanning disabled* (Updated)
FW: BitDefender Firewall *disabled*
FW: Webroot Internet Security Essentials *enabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013
c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini
c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\svchost.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_seneka


((((((((((((((((((((((((( Files Created from 2009-01-24 to 2009-02-24 )))))))))))))))))))))))))))))))
.

2009-02-22 15:41 . 2009-02-22 15:41 250 --a------ c:\windows\gmer.ini
2009-02-12 20:19 . 2009-02-15 13:28 <DIR> d-------- c:\users\CHRISTOPHER REYNOLDS\AppData\Roaming\dvdcss
2009-02-09 14:00 . 2009-02-09 14:00 <DIR> d-------- c:\windows\USBdevice
2009-02-09 14:00 . 2009-02-09 14:00 <DIR> d-------- c:\program files\D-Link
2009-02-05 11:15 . 2009-02-05 11:15 <DIR> d-------- c:\windows\System32\IOSUBSYS
2009-02-05 11:15 . 2009-02-05 11:36 <DIR> d-------- c:\program files\Common Files\PX Storage Engine
2009-02-05 11:14 . 2009-02-05 11:36 <DIR> d-------- c:\program files\Google
2009-02-03 23:34 . 2009-02-03 23:34 <DIR> d-------- c:\program files\Common Files\eSellerate
2009-02-02 13:12 . 2009-02-02 13:12 <DIR> d-------- c:\program files\Trend Micro
2009-02-02 11:19 . 2009-02-06 12:04 <DIR> d-------- c:\users\CHRISTOPHER REYNOLDS\Saved Games
2009-01-28 10:20 . 2009-02-05 23:01 <DIR> d-------- c:\users\CHRISTOPHER REYNOLDS\AppData\Roaming\Webroot
2009-01-28 10:20 . 2009-01-28 10:24 <DIR> d-------- c:\users\All Users\Webroot
2009-01-28 10:20 . 2009-01-28 10:24 <DIR> d-------- c:\programdata\Webroot
2009-01-28 10:20 . 2009-01-28 10:20 <DIR> d-------- c:\program files\Webroot
2009-01-28 10:20 . 2009-01-20 09:07 1,553,272 --a------ c:\windows\WRSetup.dll
2009-01-24 12:36 . 2009-01-25 01:07 <DIR> d-------- c:\users\All Users\Lavasoft
2009-01-24 12:36 . 2009-01-25 01:07 <DIR> d-------- c:\programdata\Lavasoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-23 07:26 --------- d-----w c:\users\CHRISTOPHER REYNOLDS\AppData\Roaming\LimeWire
2009-02-09 19:00 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-06 17:27 --------- d-----w c:\users\CHRISTOPHER REYNOLDS\AppData\Roaming\uTorrent
2009-01-21 20:03 --------- d-----w c:\program files\Lexmark 1200 Series
2009-01-20 02:27 --------- d-----w c:\programdata\avg8
2009-01-20 01:53 --------- d-----w c:\program files\Common Files\BitDefender
2009-01-20 01:52 81,984 ----a-w c:\windows\System32\bdod.bin
2009-01-20 00:07 --------- d-----w c:\users\CHRISTOPHER REYNOLDS\AppData\Roaming\cogad
2009-01-20 00:06 --------- d-----w c:\programdata\BitDefender
2009-01-20 00:02 --------- d-----w c:\users\CHRISTOPHER REYNOLDS\AppData\Roaming\BitDefender
2009-01-15 08:01 --------- d-----w c:\programdata\Microsoft Help
2009-01-14 08:02 --------- d-----w c:\program files\Windows Mail
2009-01-09 02:59 --------- d-----w c:\program files\Real Alternative
2009-01-08 16:36 --------- d-----w c:\users\CHRISTOPHER REYNOLDS\AppData\Roaming\vlc
2009-01-08 16:35 --------- d-----w c:\program files\VideoLAN
2009-01-03 00:31 --------- d-----w c:\program files\LimeWire
2008-12-29 01:57 --------- d-----w c:\programdata\32111
2008-11-22 08:04 56 ---ha-w c:\users\All Users\ezsidmv.dat
2008-11-22 08:04 56 ---ha-w c:\programdata\ezsidmv.dat
2008-11-21 13:41 174 --sha-w c:\program files\desktop.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"V0350Mon.exe"="c:\windows\V0350Mon.exe" [2007-08-23 28672]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"SpySweeper"="c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe" [2009-01-20 6278520]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Wireless Connection Manager.lnk - c:\program files\D-Link\D-Link RangeBooster N DWA-142\wirelesscm.exe [2009-02-09 10018816]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{20208AC6-693F-45B7-8AAC-77679AAA1096}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{72000F36-2F79-4187-84E3-DF4D2479516E}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{8A79D1DD-F259-4535-B726-8E374A11836B}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{AFA311BE-ED3F-4981-8CEA-D32A81285775}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{08C42071-52F1-49AB-92BC-08DC63A67ED3}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"{20757297-0CE8-44A2-86B4-53146D4331CD}"= UDP:c:\program files\vghd\vghd.exe:VirtuaGirl HD
"{C9C95B64-CF6D-4FC7-832C-309021D5F76F}"= TCP:c:\program files\vghd\vghd.exe:VirtuaGirl HD
"{E23EB762-9C94-4A24-B624-A5E17584A735}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{5EA8A160-9DCE-400E-B7D2-77371C86C045}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{0B322E31-3499-4F71-B18B-58B121029D81}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{58A149BF-E99F-44C0-91EB-7222D6EA0F81}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{345D96E9-4D7C-43F6-AAED-8CCCB58D1A38}"= UDP:c:\windows\System32\lxczcoms.exe:Lexmark Communications System
"{063095E0-EE80-436A-89F3-D7C24CD9EAC6}"= TCP:c:\windows\System32\lxczcoms.exe:Lexmark Communications System
"{01840DF7-A1FE-41A7-A8D5-CB4A9309F6A1}"= UDP:c:\program files\iMesh Applications\iMesh\iMesh.exe:iMesh
"{8C9A4786-2C13-438D-A49F-215518D328E2}"= TCP:c:\program files\iMesh Applications\iMesh\iMesh.exe:iMesh
"{61464ECD-D6CD-4E57-85E4-119DC6E9209A}"= UDP:c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe:Spy Sweeper
"{339000DA-2502-4E75-B5CC-8BA98620B7BD}"= TCP:c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe:Spy Sweeper

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"®8qx@"= ®8qx@:*:Enabled:Windows Service Processor
"ř?qx@"= ř?qx@:*:Enabled:Windows Service Processor
"ŕ3qx@"= ŕ3qx@:*:Enabled:Windows Service Processor
"27qx@"= 27qx@:*:Enabled:Windows Service Processor

R0 ssfs0bbc;ssfs0bbc;c:\windows\System32\drivers\ssfs0bbc.sys [2008-12-07 29808]
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [2009-01-21 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [2009-01-21 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [2009-01-21 51792]
R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe [2009-01-28 1090936]
S3 VF0350Afx;VF0350 Audio FX;c:\windows\System32\drivers\V0350Afx.sys [2008-09-01 142656]
S3 VF0350Vfx;VF0350 Video FX;c:\windows\System32\drivers\V0350Vfx.sys [2008-09-01 7424]
S3 VF0350Vid;Live! Cam Video Chat (VF0350);c:\windows\System32\drivers\V0350Vid.sys [2008-09-01 170368]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{073f5cff-f152-11dd-aad3-0019d13296d6}]
\shell\AutoRun\command - K:\LaunchU3.exe -a

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A744F16C-B2D5-4138-81A2-085CDFCDE83A}]
rundll32 sxmg4.dll,InitModule
.
Contents of the 'Scheduled Tasks' folder

2009-02-23 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe []

2009-02-23 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe []

2009-02-23 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\ []

2009-02-23 c:\windows\Tasks\User_Feed_Synchronization-{3CC4487B-3315-470B-9AA2-3B66796CDE89}.job
- c:\windows\system32\msfeedssync.exe [2008-01-19 02:33]

2009-02-20 c:\windows\Tasks\wrSpySweeper_L6529260FBF14499783EAEFBE8A52B93B.job
- c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2009-01-20 09:08]

2009-02-20 c:\windows\Tasks\wrSpySweeper_L6529260FBF14499783EAEFBE8A52B93B.job
- c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2009-01-20 09:08]

2009-02-20 c:\windows\Tasks\wrSpySweeper_L6529260FBF14499783EAEFBE8A52B93B.job
- C:\ [2009-02-23 21:54]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
Trusted Zone: creative.com\www.support
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-23 22:03:58
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Webroot\WebrootSecurity\SpySweeper.exe
c:\windows\System32\drivers\XAudio.exe
c:\windows\System32\WUDFHost.exe
c:\windows\System32\conime.exe
c:\program files\Alwil Software\Avast4\ashDisp.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-02-23 22:08:00 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-24 03:07:47

Pre-Run: 63,785,275,392 bytes free
Post-Run: 63,506,296,832 bytes free

174 --- E O F --- 2009-01-16 06:56:21

#6 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:01:25 AM

Posted 24 February 2009 - 08:02 AM

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#7 chrisryanrey

chrisryanrey
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:25 AM

Posted 24 February 2009 - 05:51 PM

Malwarebytes' Anti-Malware 1.34
Database version: 1799
Windows 6.0.6001 Service Pack 1

24/02/2009 5:50:03 PM
mbam-log-2009-02-24 (17-50-03).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 237016
Time elapsed: 2 hour(s), 54 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{a744f16c-b2d5-4138-81a2-085cdfcde83a} (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Users\CHRISTOPHER REYNOLDS\AppData\Roaming\cogad (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
C:\Windows.old\Windows\ewxs.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

#8 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:01:25 AM

Posted 24 February 2009 - 10:18 PM

Looks good please post a new dds log and let me know how things are running?
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#9 chrisryanrey

chrisryanrey
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:25 AM

Posted 25 February 2009 - 01:06 AM

Thanks for all your help

#10 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:01:25 AM

Posted 25 February 2009 - 07:34 AM

You are welcome can you post the dds log and let me know if everything is back to normal?
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users