Author Topic: AV security suite issue on Vista machine (Read 8805 times)

justin caise · « **on:** August 12, 2010, 01:40:36 PM »

I'm getting notifications/pop ups from AV security suite saying my computer is infected, "Application cannot be executed. File xxxx is infected. Do you want to activate your antivirus software now?."

Thank you so much for helping with my desktop last month - still doin O.K.
But this post is about my wifes laptop running Vista.

Allan · « **Reply #1 on:** August 12, 2010, 01:41:10 PM »

http://www.computerhope.com/forum/index.php/topic,46313.0.html

SuperDave · « **Reply #2 on:** August 14, 2010, 05:22:18 PM »

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer. I am working under the guidance of one of the specialist of this forum so it may take a bit longer to process your logs.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
Save Rkill to your desktop.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.exe
Rkill.com
Rkill.scr
Rkill.pif

Once you've gotten one of them to run then try to immediately run the following.

Now download and Run exeHelper.

Please download exeHelper from Raktor to your desktop.

Double-click on exeHelper.com to run the fix. A black window should pop up, press any key to close once the fix is completed. A log file named log.txt will be created in the directory where you ran exeHelper.com Attach the log.txt file to your next message.

Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

*****************************************
SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

Download SuperAntispyware Free Edition (SAS)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
•Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
******************************************

Please download: HiJackThis to your Desktop.
- Double Click the HijackThis icon, located on your Desktop.
- By Default, it will install to: C:\Program Files\Trend Micro\HijackThis
- Accept the license agreement.
- Click the Open the Misc Tools section button.
- Place a checkmark beside Calculate MD5 of files if possible. Then, click Back.
- Click Do a System Scan and Save a Logfile. Or, if you see a white screen, click Scan.
- Please post the log in your next reply.

justin caise · « **Reply #3 on:** December 02, 2010, 02:14:32 PM »

Resurrecting this thread due to Vista machine coming off of shelf and hopefully back into service.
I have followed directions and will now attach logs.

This log file is located at C:\rkill.log.
Ran as GSV on 12/02/2010 at 14:58:02.

Services Stopped:

Processes terminated by Rkill or while it was running:

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
D:\rkill.exe

Rkill completed on 12/02/2010 at 14:58:08.

exeHelper by Raktor
Build 20100414
Run at 15:03:39 on 12/02/10
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/01/2010 at 11:46 AM

Application Version : 4.40.1002

Core Rules Database Version : 5134
Trace Rules Database Version: 2946

Scan type : Complete Scan
Total Scan Time : 01:12:09

Memory items scanned : 708
Memory threats detected : 2
Registry items scanned : 7764
Registry threats detected : 26
File items scanned : 107047
File threats detected : 7

Adware.Gamevance
   C:\PROGRAM FILES\GAMEVANCE\GAMEVANCE32.EXE
   C:\PROGRAM FILES\GAMEVANCE\GAMEVANCE32.EXE
   C:\PROGRAM FILES\GAMEVANCE\GAMEVANCELIB32.DLL
   C:\PROGRAM FILES\GAMEVANCE\GAMEVANCELIB32.DLL
   [Gamevance] C:\PROGRAM FILES\GAMEVANCE\GAMEVANCE32.EXE
   HKLM\Software\Classes\CLSID\{BEAC7DC8-E106-4C6A-931E-5A42E7362883}
   HKCR\CLSID\{BEAC7DC8-E106-4C6A-931E-5A42E7362883}
   HKCR\CLSID\{BEAC7DC8-E106-4C6A-931E-5A42E7362883}
   HKCR\CLSID\{BEAC7DC8-E106-4C6A-931E-5A42E7362883}\InprocServer32
   HKCR\CLSID\{BEAC7DC8-E106-4C6A-931E-5A42E7362883}\InprocServer32#ThreadingModel
   HKCR\CLSID\{BEAC7DC8-E106-4C6A-931E-5A42E7362883}\ProgID
   HKCR\CLSID\{BEAC7DC8-E106-4C6A-931E-5A42E7362883}\Programmable
   HKCR\CLSID\{BEAC7DC8-E106-4C6A-931E-5A42E7362883}\TypeLib
   HKCR\CLSID\{BEAC7DC8-E106-4C6A-931E-5A42E7362883}\VersionIndependentProgID
   HKCR\GamevanceText.Linker.1
   HKCR\GamevanceText.Linker.1\CLSID
   HKCR\GamevanceText.Linker
   HKCR\GamevanceText.Linker\CLSID
   HKCR\GamevanceText.Linker\CurVer
   HKCR\TypeLib\{014C4232-6904-47B9-9144-7E0FB7277444}
   C:\PROGRAM FILES\GAMEVANCE\GVTL.DLL
   HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BEAC7DC8-E106-4C6A-931E-5A42E7362883}
   HKU\S-1-5-21-2827505683-1119549940-1742987190-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BEAC7DC8-E106-4C6A-931E-5A42E7362883}
   C:\Program Files\Gamevance\ars.cfg
   C:\Program Files\Gamevance\gvun.exe
   C:\Program Files\Gamevance\icon.ico
   C:\Program Files\Gamevance
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run#Gamevance [ C:\Program Files\Gamevance\gamevance32.exe a ]
   HKCR\AppId\GamevanceText.DLL
   HKCR\AppId\GamevanceText.DLL#AppID
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Gamevance
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Gamevance#DisplayName
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Gamevance#UninstallString
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Gamevance#DisplayIcon

Malware.Trace
   HKU\S-1-5-21-2827505683-1119549940-1742987190-1000\SOFTWARE\AVSUITE

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:05:08 AM, on 12/2/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18527)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\windows\SMINST\Components\scheduler\STService.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Dell V305\dldtmon.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files\Dell Remote Access\ezi_ra.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Dell V305\dldtMsdMon.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Trend Micro\sniper.exe\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5577
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "c:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Dell DataSafe Online] "C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe" /m
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [dldtmon.exe] "C:\Program Files\Dell V305\dldtmon.exe"
O4 - HKLM\..\Run: [dldtamon] "C:\Program Files\Dell V305\dldtamon.exe"
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\Components\scheduler\Launcher.exe
O4 - HKLM\..\RunOnce: [DSUpdateLauncher] "C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\runhstart.bat"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Global Startup: Dell Remote Access.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: dldtCATSCustConnectService - Unknown owner - C:\Windows\system32\spool\DRIVERS\W32X86\3\\dldtserv.exe
O23 - Service: dldt_device - - C:\Windows\system32\dldtcoms.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Advanced Networking Service (hnmsvc) - Dell Inc. - c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks - C:\Windows\sminst\sftservice.EXE
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.EXE (file missing)

--
End of file - 9113 bytes

Thank you.

SuperDave · « **Reply #4 on:** December 03, 2010, 01:12:06 PM »

Open HijackThis and select Do a system scan only

Place a check mark next to the following entries: (if there)

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5577
R3 - URLSearchHook: (no name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

Important: Close all open windows except for HijackThis and then click Fix checked.

Once completed, exit HijackThis.
****************************************

Please download Malwarebytes Anti-Malware from here.

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
Please save the log to a location you will remember.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
*****************************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Unzip SecurityCheck.zip and a folder named Security Check should appear.
* Open the Security Check folder and double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
**********************************************
Please download ComboFix

from BleepingComputer.com

Alternate link: GeeksToGo.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
Click Start then copy paste the following command into the search box & hit enter: "%userprofile%\desktop\commy.exe" /stepdel
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.
When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

If you have problems with ComboFix usage, see How to use ComboFix

justin caise · « **Reply #5 on:** December 18, 2010, 07:10:15 PM »

OK here we go -

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:05:08 AM, on 12/2/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18527)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\windows\SMINST\Components\scheduler\STService.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Dell V305\dldtmon.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files\Dell Remote Access\ezi_ra.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Dell V305\dldtMsdMon.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Trend Micro\sniper.exe\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5577
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "c:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Dell DataSafe Online] "C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe" /m
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [dldtmon.exe] "C:\Program Files\Dell V305\dldtmon.exe"
O4 - HKLM\..\Run: [dldtamon] "C:\Program Files\Dell V305\dldtamon.exe"
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\Components\scheduler\Launcher.exe
O4 - HKLM\..\RunOnce: [DSUpdateLauncher] "C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\runhstart.bat"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Global Startup: Dell Remote Access.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: dldtCATSCustConnectService - Unknown owner - C:\Windows\system32\spool\DRIVERS\W32X86\3\\dldtserv.exe
O23 - Service: dldt_device - - C:\Windows\system32\dldtcoms.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Advanced Networking Service (hnmsvc) - Dell Inc. - c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks - C:\Windows\sminst\sftservice.EXE
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.EXE (file missing)

--
End of file - 9113 bytes

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5264

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

12/7/2010 6:18:32 PM
mbam-log-2010-12-07 (18-18-32).txt

Scan type: Quick scan
Objects scanned: 132701
Time elapsed: 3 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Results of screen317's Security Check version 0.99.6
Windows Vista Service Pack 1 (UAC is enabled)
Out of date service pack!![/b]
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
AVG 2011
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
HijackThis 2.0.2
CCleaner
Java(TM) 6 Update 22
Adobe Flash Player
Adobe Reader 9
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

ComboFix 10-12-18.01 - GSV 12/18/2010 17:13:59.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3034.1765 [GMT -6:00]
Running from: c:\users\GSV\Desktop\commy.exe
Command switches used :: /stepdel
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\arp.exe

.
((((((((((((((((((((((((( Files Created from 2010-11-18 to 2010-12-18 )))))))))))))))))))))))))))))))
.

2010-12-18 23:17 . 2010-12-18 23:17   --------   d-----w-   c:\users\GSV\AppData\Local\temp
2010-12-18 23:17 . 2010-12-18 23:17   --------   d-----w-   c:\users\Default\AppData\Local\temp
2010-12-18 23:00 . 2010-12-18 23:08   --------   d-----w-   C:\Commy
2010-12-02 16:00 . 2010-12-02 16:02   --------   d-----w-   c:\program files\Trend Micro
2010-12-02 15:59 . 2010-12-02 15:59   --------   d-----w-   c:\program files\Common Files\Java
2010-12-02 15:58 . 2010-12-02 15:58   472808   ----a-w-   c:\windows\system32\deployJava1.dll
2010-12-02 15:58 . 2010-12-02 15:58   --------   d-----w-   c:\program files\Java
2010-12-02 15:12 . 2010-12-02 15:12   --------   d-----w-   c:\users\GSV\AppData\Roaming\Malwarebytes
2010-12-02 15:12 . 2010-11-29 23:42   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-02 15:12 . 2010-12-08 00:09   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2010-12-02 15:12 . 2010-12-02 15:12   --------   d-----w-   c:\programdata\Malwarebytes
2010-12-02 15:12 . 2010-11-29 23:42   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
2010-12-01 16:26 . 2010-12-01 16:26   --------   d-----w-   c:\users\GSV\AppData\Roaming\SUPERAntiSpyware.com
2010-12-01 16:26 . 2010-12-01 16:26   --------   d-----w-   c:\programdata\SUPERAntiSpyware.com
2010-12-01 16:26 . 2010-12-01 16:26   --------   d-----w-   c:\program files\SUPERAntiSpyware
2010-12-01 16:17 . 2010-12-01 16:17   --------   d-----w-   c:\program files\CCleaner
2010-12-01 00:17 . 2010-12-01 00:17   --------   d-----w-   C:\$AVG
2010-11-30 02:35 . 2010-11-30 02:35   --------   d-----w-   c:\users\GSV\AppData\Roaming\AVG10
2010-11-30 02:34 . 2010-11-30 02:34   --------   d--h--w-   c:\programdata\Common Files
2010-11-30 02:32 . 2010-12-18 22:37   --------   d-----w-   c:\programdata\AVG10
2010-11-30 02:21 . 2010-11-30 02:31   --------   d-----w-   c:\programdata\MFAData
2010-11-29 16:05 . 2010-11-10 04:33   6273872   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{6F44817D-FF8D-4AF3-9A86-A5FCBB63C69E}\mpengine.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 16:41 . 2010-11-17 02:16   222080   ------w-   c:\windows\system32\MpSigStub.exe
2010-09-20 09:25 . 2010-11-16 09:03   231936   ----a-w-   c:\windows\system32\msshsq.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-03 3882312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-04-01 217088]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-04-01 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-04-01 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-04-01 150552]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-22 3810304]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-05-07 178712]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"Dell DataSafe Online"="c:\program files\Dell DataSafe Online\DataSafeOnline.exe" [2009-07-07 1779952]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064]
"dldtmon.exe"="c:\program files\Dell V305\dldtmon.exe" [2008-06-24 668912]
"dldtamon"="c:\program files\Dell V305\dldtamon.exe" [2008-06-24 16624]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\Components\scheduler\Launcher.exe" [2009-02-23 165104]
"DSUpdateLauncher"="c:\program files\Dell DataSafe Local Backup\Components\DSUpdate\runhstart.bat" [2008-10-29 123]

c:\users\GSV\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-27 1316192]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Remote Access.lnk - c:\windows\Installer\{F66A31D9-7831-4FBA-BA02-C411C0047CC5}\NewShortcut4_F66A31D978314FBABA02C411C0047CC5.exe [2009-6-19 53248]

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-27 1316192]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-06-19 08:44   10536   ----a-w-   c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 dldtCATSCustConnectService;dldtCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\dldtserv.exe [2008-02-25 99568]
R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32coinst,serviceStartProc

R3 PCD5SRVC{3F6A8B78-EC003E00-05040104};PCD5SRVC{3F6A8B78-EC003E00-05040104} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms [2008-11-04 22904]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe [2009-04-01 81920]
S2 dldt_device;dldt_device;c:\windows\system32\dldtcoms.exe [2008-02-25 595184]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
S2 SftService;SoftThinks Agent Service;c:\windows\sminst\sftservice.EXE [2009-02-23 632048]

.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-18 17:17
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCD5SRVC{3F6A8B78-EC003E00-05040104}]
"ImagePath"="\??\c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms"
.
Completion time: 2010-12-18 17:18:24
ComboFix-quarantined-files.txt 2010-12-18 23:18
ComboFix2.txt 2010-12-18 23:08

Pre-Run: 165,804,863,488 bytes free
Post-Run: 165,780,496,384 bytes free

- - End Of File - - 7A8A69A7FB2E4934417C9AAEF255DA70

Sorry for my delay - had trouble removing AVG to allow commy... and life gets in the way too.

O, also it still doesn't connect to the net yet - ?

thanks.

SuperDave · « **Reply #6 on:** December 19, 2010, 12:55:40 PM »

You didn't follow the instructions to fix some items in HJT. Please try again.

Please download the newest version of Adobe Acrobat Reader from Adobe.com

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.
****************************************************

Quote

O, also it still doesn't connect to the net yet - ?

Are you connected to your modem with a hard-wire or wireless? Have you tried resetting your Modem? Power off for about 30 secs. and then power back on.

***********************************
Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

Click NO
In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
Now click the Scan button.
Once the scan is complete, you may receive another notice about rootkit activity.
Click OK.
GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
Save it where you can easily find it, such as your desktop.

justin caise · « **Reply #7 on:** December 31, 2010, 02:28:30 PM »

I ran the HJT again, and non of the computerhope listed items showed - so I assume all is correct.

Intalled latest Adobe Acrobat.

It now connects to the net.

and here is the GMER file
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-12-30 11:31:12
Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.FG00
Running: gmer.exe; Driver: C:\Users\GSV\AppData\Local\Temp\kwldqpow.sys

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[5416] USER32.dll!DialogBoxIndirectParamW 774BBD25 5 Bytes JMP 68680D2D C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5416] USER32.dll!DialogBoxParamW 774D1FD5 5 Bytes JMP 68680CB7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5416] USER32.dll!DialogBoxParamA 774F80B2 5 Bytes JMP 68680CF2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5416] USER32.dll!DialogBoxIndirectParamA 774F83DD 5 Bytes JMP 68680D68 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5416] USER32.dll!MessageBoxIndirectA 7750D471 5 Bytes JMP 68680C73 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5416] USER32.dll!MessageBoxIndirectW 7750D56B 5 Bytes JMP 68680C2F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5416] USER32.dll!MessageBoxExA 7750D5D1 5 Bytes JMP 68680BF5 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5416] USER32.dll!MessageBoxExW 7750D5F5 5 Bytes JMP 68680BBB C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5416] SHELL32.dll!SHRestricted + DFD 768F8390 4 Bytes [99, 0B, 68, 74] {CDQ ; OR EBP, [EAX+0x74]}
.text C:\Program Files\Internet Explorer\iexplore.exe[5416] SHELL32.dll!SHRestricted + E05 768F8398 8 Bytes [A7, 0A, 68, 74, A4, 32, 67, ...] {CMPSD ; OR CH, [EAX+0x74]; MOVSB ; XOR AH, [EDI+0x74]}
.text C:\Program Files\Internet Explorer\iexplore.exe[5416] ole32.dll!OleLoadFromStream 76579794 5 Bytes JMP 68680F2A C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe[1208] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetProcessHeap] 00B8E660
IAT c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe[1208] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FindFirstFileW] 00B8E140
IAT c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe[1208] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!DuplicateHandle] 00B8D2A0
IAT c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe[1208] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!IsDebuggerPresent] 00B8EBE0
IAT c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe[1208] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateThread] 00B8C260
IAT c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe[1208] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 00B8BBD0
IAT c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe[1208] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetEnvironmentStringsW] 00B8BF90
IAT c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe[1208] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!SetFilePointer] 00B8D100
IAT c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe[1208] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!MapViewOfFileEx] 00B8D7C0
IAT c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe[1208] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateFileMappingW] 00B8D550
IAT c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe[1208] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!MapViewOfFile] 00B8D740
IAT c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe[1208] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!OpenFileMappingW] 00B8DC20
IAT c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe[1208] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!UnmapViewOfFile] 00B8D930
IAT c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe[1208] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileType] 00B8D450
IAT c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe[1208] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FlushViewOfFile] 00B8D690
IAT c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe[1208] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileSize] 00B8D240
IAT c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe[1208] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!WriteFile] 00B8D0C0
IAT c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe[1208] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetACP] 00B8E680
IAT c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe[1208] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!TerminateProcess] 00B8C110
IAT c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe[1208] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GlobalAlloc] 00B8E3A0
IAT c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe[1208] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GlobalLock] 00B8E2C0
IAT c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe[1208] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GlobalUnlock] 00B8E280
IAT c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe[1208] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateFileW] 00B8C940
IAT c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe[1208] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 00B8BA30
IAT c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe[1208] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CloseHandle] 00B8D340
IAT c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe[1208] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 00B8B9A0
IAT c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe[1208] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 00B8BC80
IAT c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe[1208] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 00B8A730
IAT c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe[1208] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!ReadFile] 00B8CC90
IAT c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe[1208] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetVersion] 00B8E650
IAT c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe[1208] @ C:\Windows\system32\ole32.dll [USER32.dll!LoadIconW] 00B8E920
IAT c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe[1208] @ C:\Windows\system32\ole32.dll [USER32.dll!LoadCursorW] 00B8E8C0
IAT c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe[1208] @ C:\Windows\system32\ole32.dll [USER32.dll!CreateDialogParamW] 00B8EB10
IAT c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe[1208] @ C:\Windows\system32\ole32.dll [USER32.dll!DialogBoxParamW] 00B8EBB0
IAT c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe[1208] @ C:\Windows\system32\ole32.dll [USER32.dll!LoadStringW] 00B8E9E0
IAT c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe[1208] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueA] 00B8E5D0
IAT c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe[1208] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegCreateKeyExW] 00B8E580
IAT C:\Program Files\Internet Explorer\iexplore.exe[5416] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [7466D537] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5416] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [7466D09C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5416] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CopyFileW] [7466B6A1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5416] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [7466D221] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5416] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CreateFileW] [7466BD1B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5416] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SearchPathW] [7466F233] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5416] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!DeleteFileW] [7466C301] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5416] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SearchPathW] [7466F233] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5416] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [7466D537] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5416] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CopyFileW] [7466B6A1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5416] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!MoveFileW] [7466DE50] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5416] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!DeleteFileW] [7466C301] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5416] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetCurrentDirectoryW] [7466F49D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5416] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindClose] [74670D4C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5416] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindNextFileW] [7466FC09] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5416] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindFirstFileW] [746702A5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5416] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [7466D09C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5416] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateFileW] [7466BD1B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5416] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!WritePrivateProfileStringW] [7466B114] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5416] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [7466D221] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5416] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetPrivateProfileStringW] [7466A970] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5416] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegQueryInfoKeyW] [7467DB0F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5416] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegEnumValueW] [7467E479] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5416] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegOpenKeyExW] [7467CB9D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5416] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegQueryValueExW] [7467D773] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5416] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegDeleteKeyW] [7467CEA5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5416] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegCreateKeyExW] [7467C625] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5416] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegCloseKey] [7467CD09] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5416] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindClose] [74670D4C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5416] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindFirstFileA] [7466FF42] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5416] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindNextFileA] [7466FB96] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5416] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindFirstFileW] [746702A5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5416] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindNextFileW] [7466FC09] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5416] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetFileAttributesA] [746689D0] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5416] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetCurrentDirectoryA] [7466EBFB] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5416] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetFileAttributesA] [74668C26] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5416] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateDirectoryA] [7466E3CB] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5416] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!RemoveDirectoryA] [7466E9A5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5416] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!DeleteFileA] [7466C1D6] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5416] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetFileAttributesW] [74668AFB] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5416] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetCurrentDirectoryW] [7466F49D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5416] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetFileAttributesW] [74668D54] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5416] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateDirectoryW] [7466E4F9] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5416] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!DeleteFileW] [7466C301] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5416] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!MoveFileW] [7466DE50] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5416] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!RemoveDirectoryW] [7466EAD0] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5416] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!MoveFileA] [7466DDDD] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5416] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [7466D09C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5416] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateFileA] [7466BBD2] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5416] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateFileW] [7466BD1B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5416] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryW] [7466D221] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5416] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [7466D221] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5416] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!ReplaceFileW] [7466E151] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5416] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!WritePrivateProfileStringW] [7466B114] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5416] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringW] [7466A970] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5416] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringA] [7466A819] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5416] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!DeleteFileW] [7466C301] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5416] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [7466D537] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5416] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesW] [74668D54] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5416] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [7466BD1B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5416] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileW] [746702A5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5416] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileW] [7466FC09] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5416] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathW] [7466F233] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5416] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesW] [74668AFB] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5416] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesA] [74668C26] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5416] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] [7466BBD2] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5416] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileA] [7466FF42] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5416] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileA] [7466FB96] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5416] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindClose] [74670D4C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5416] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathA] [7466EFA8] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5416] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesA] [746689D0] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5416] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [7466D09C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5416] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!WinHelpW] [7466CF65] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5416] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!WinHelpA] [7466CE2E] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5416] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCloseKey] [7467CD09] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5416] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExA] [7467C49D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5416] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteKeyA] [7467CD5C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5416] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryInfoKeyA] [7467D913] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5416] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExA] [7467CA25] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5416] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExW] [7467C625] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5416] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExW] [7467CB9D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5416] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyExW] [7467E169] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5416] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueW] [7467D437] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5416] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteKeyW] [7467CEA5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5416] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryInfoKeyW] [7467DB0F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5416] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExW] [7467D773] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5416] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumValueW] [7467E479] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5416] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyW] [7467DE75] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5416] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyExA] [7467DFE1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5416] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumValueA] [7467E2F1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5416] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyA] [7467DD0B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5416] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExA] [7467D5D3] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5416] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionW] [7466A460] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5416] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindNextFileW] [7466FC09] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5416] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!ReplaceFileW] [7466E151] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5416] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionNamesW] [7466A6E2] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5416] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileSectionW] [7466AE92] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5416] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileStringW] [7466B114] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5416] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateHardLinkW] [7466C023] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5416] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CopyFileW] [7466B6A1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5416] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetBinaryTypeW] [74669700] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5416] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [7466D537] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5416] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileW] [7466DE50] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5416] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindFirstFileW] [746702A5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5416] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindClose] [74670D4C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5416] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetShortPathNameA] [74669362] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5416] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesA] [746689D0] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5416] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SearchPathW] [7466F233] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5416] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileIntW] [7466A1D8] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5416] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileStringW] [7466A970] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5416] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!RemoveDirectoryW] [7466EAD0] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5416] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateDirectoryW] [7466E4F9] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5416] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!DeleteFileW] [7466C301] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5416] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetFileAttributesW] [74668D54] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5416] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesW] [74668AFB] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5416] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW] [7466DE75] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5416] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetShortPathNameW] [746694A1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5416] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [7466D221] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5416] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] [7466BD1B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5416] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesExW] [74668FC1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5416] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [7466D09C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5416] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetLongPathNameW] [74669231] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5416] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetCurrentDirectoryW] [7466F49D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5416] @ C:\Windows\system32\SHELL32.dll [USER32.dll!LoadImageW] [7466C58B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5416] @ C:\Windows\system32\SHELL32.dll [USER32.dll!WinHelpW] [7466CF65] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5416] @ C:\Windows\system32\SHELL32.dll [USER32.dll!PrivateExtractIconsW] [7466CA80] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5416] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyExW] [7467CB9D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5416] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegCreateKeyExW] [7467C625] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5416] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegEnumKeyW] [7467DE75] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5416] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegEnumValueW] [7467E479] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5416] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegDeleteKeyW] [7467CEA5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5416] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryInfoKeyW] [7467DB0F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5416] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryInfoKeyA] [7467D913] C:\Windows\AppPatch\AcRedir.DLL (Windo

SuperDave · « **Reply #8 on:** December 31, 2010, 04:43:43 PM »

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the

button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

Click on to download the ESET Smart Installer. Save it to your desktop.
Double click on the icon on your desktop.

•Check

•Click the

button.
•Accept any security warnings from your browser.
•Check

•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push

•Push

, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the

button.
•Push

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

justin caise · « **Reply #9 on:** January 03, 2011, 07:11:50 PM »

Hi,
I trust you had a good holiday - or two...
My ESET scan report -

C:\Users\GSV\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\1ea7eb82-2de44a61   multiple threats
C:\Users\GSV\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\53dc8a73-743b30f6   multiple threats
C:\Users\GSV\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]\components\FFTextLinks.dll   probably a variant of Win32/Adware.Gamevance.AG application

I'm able to connect the net on the laptop - but logging onto computerhope.com yeilds an error which states "unable to log in. Please check your cookie settings."
What does it actually want me to do with cookies settings? Allow? Disallow? Maybe this will be self correcting as we go through the rest of my process here. (?)

SuperDave · « **Reply #10 on:** January 04, 2011, 04:23:43 PM »

Quote

Hi,
I trust you had a good holiday - or two...

Thanks, we had wonderful Holidays. My favourite time of year but for the first time in a log while, we had a green Christmas. Very unusual for this part of the country where I live.

Please run the ESET scan and, this time, fix the infections.
You should allow the cookies. The Security check log shows that you're running IE 7. Have you upgraded to 8?

justin caise · « **Reply #11 on:** January 04, 2011, 08:20:27 PM »

Hi,
I have run the ESET scan and fixed the infections.
Upgraded to IE8.
Still no go on loggin in to computerhope on the vista machine...
How DO we enable/allow cookies in vista?

Anything else to do?
Also, would you suggest Comodo for security on Vista?

SuperDave · « **Reply #12 on:** January 05, 2011, 05:18:01 PM »

Quote

How DO we enable/allow cookies in vista?

It's not in Vista; it's in IE8 Go to Tools, Internet Options, Privacy tab, Advanced

Quote

Anything else to do?
Also, would you suggest Comodo for security on Vista?

I have Comodo on my XP machine because I use it for banking on-line. I don't use anything but the Windows Firewall on my laptop because I hardly use it for anything.
Let's do some cleanup.

Delete the Combo-Fix.exe file, C:\Combo-Fix folder, C:\QooBox folder, C:\WINDOWS\nircmd.exe, C:\combo-fix.txt and C:\Combo-Fix-quarantined-files.txt
*************************************
To set a new Restore Point.

Click Start button , click Control Panel, click System and Maintenance, and then clicking System. In the left pane, click System Protection. If you are prompted for an administrator password or confirmation, type the password or provide confirmation. To turn off System Protection for a hard disk, clear the check box next to the disk, and then click OK. Reboot to Normal Mode.
Click the Start button , click Control Panel, click System and Maintenance, and then click System.
In the left pane, click System Protection. If you are prompted for an administrator password or confirmation, type the password or provide confirmation.
To turn on System Protection for a hard disk, select the check box next to the disk, and then click OK.
This will give you a new, clean Restore Point.

*****************************************
Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
************************************************

Firewalls protect against hackers and malicious intruders. You need to download a free firewall from one of these reliable vendors.

Remember only install ONE firewall

1) Comodo Personal Firewall (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one)
2) Online Armor
3) Agnitum Outpost
4) PC Tools Firewall Plus

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.
********************************************
Use the Secunia Software Inspector to check for out of date software.

•Click Start Now

•Check the box next to Enable thorough system inspection.

•Click Start

•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!

justin caise · « **Reply #13 on:** January 10, 2011, 08:27:52 PM »

Hey, its great to have my machine back! Er, Uh... I mean my wifes machine back. (we don't have to tell her yet do we?)

Fast and clean! Can't thank you enough.
I'm using Comodo for firewall. Works well on my XP - no issues in first hour with it on Vista.

Any more clean up to do?

SuperDave · « **Reply #14 on:** January 11, 2011, 11:47:06 AM »

Clean-up is completed. Good luck.

Computer Hope Forum

News:

Author Topic: AV security suite issue on Vista machine (Read 8805 times)

justin caise

AV security suite issue on Vista machine

Allan

Re: AV security suite issue on Vista machine

SuperDave

Re: AV security suite issue on Vista machine

justin caise

Re: AV security suite issue on Vista machine

SuperDave

Re: AV security suite issue on Vista machine

justin caise

Re: AV security suite issue on Vista machine

SuperDave

Re: AV security suite issue on Vista machine

justin caise

Re: AV security suite issue on Vista machine

SuperDave

Re: AV security suite issue on Vista machine

justin caise

Re: AV security suite issue on Vista machine

SuperDave

Re: AV security suite issue on Vista machine

justin caise

Re: AV security suite issue on Vista machine

SuperDave

Re: AV security suite issue on Vista machine

justin caise

Re: AV security suite issue on Vista machine

SuperDave

Re: AV security suite issue on Vista machine