total security, hellish virus thing!!

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3404] kernel32.dll!FindResourceExA 76BA2575 7 Bytes JMP 28001D80 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3404] kernel32.dll!FindResourceA 76BA2653 5 Bytes JMP 28001CF0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3404] kernel32.dll!CreateEventA 76BC44C0 5 Bytes JMP 28001840 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3404] kernel32.dll!LockResource 76BC68DF 5 Bytes JMP 28001F50 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3404] kernel32.dll!FindResourceExW 76BC69FD 7 Bytes JMP 28001C60 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3404] kernel32.dll!LoadResource 76BC6ADB 7 Bytes JMP 28001E20 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3404] kernel32.dll!FindResourceExA 76BA2575 7 Bytes JMP 28001D80 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3404] kernel32.dll!FindResourceA 76BA2653 5 Bytes JMP 28001CF0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3404] kernel32.dll!CreateEventA 76BC44C0 5 Bytes JMP 28001840 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3404] kernel32.dll!LockResource 76BC68DF 5 Bytes JMP 28001F50 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3404] kernel32.dll!FindResourceExW 76BC69FD 7 Bytes JMP 28001C60 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3404] kernel32.dll!LoadResource 76BC6ADB 7 Bytes JMP 28001E20 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3404] kernel32.dll!FindResourceExA 76BA2575 7 Bytes JMP 28001D80 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3404] kernel32.dll!FindResourceA 76BA2653 5 Bytes JMP 28001CF0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3404] kernel32.dll!CreateEventA 76BC44C0 5 Bytes JMP 28001840 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3404] kernel32.dll!LockResource 76BC68DF 5 Bytes JMP 28001F50 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3404] kernel32.dll!FindResourceExW 76BC69FD 7 Bytes JMP 28001C60 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3404] kernel32.dll!LoadResource 76BC6ADB 7 Bytes JMP 28001E20 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3404] USER32.dll!LoadImageW 758FC9E5 5 Bytes JMP 28006770 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3404] USER32.dll!LoadIconW 758FDA9F 5 Bytes JMP 28006960 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3404] USER32.dll!CreateWindowExW 75901305 5 Bytes JMP 28003CF0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3404] USER32.dll!GetWindowLongW 7590F8BF 7 Bytes JMP 28006B00 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3404] USER32.dll!PeekMessageW 7591045A 5 Bytes JMP 280046C0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3404] USER32.dll!TrackPopupMenuEx 75920CE7 5 Bytes JMP 28004FA0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3404] USER32.dll!MessageBoxIndirectW 7594D5D3 5 Bytes JMP 28006310 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3404] WS2_32.dll!closesocket 7718330C 5 Bytes JMP 2800BB90 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3404] WS2_32.dll!recv 7718343A 5 Bytes JMP 2800B3B0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3404] WS2_32.dll!WSASend 77184496 5 Bytes JMP 2800B950 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3404] WS2_32.dll!send 7718659B 5 Bytes JMP 2800B770 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3404] WS2_32.dll!WSARecv 77188400 5 Bytes JMP 2800B550 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3404] SHELL32.dll!Shell_NotifyIconW 760C8626 5 Bytes JMP 28003440 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3404] ole32.dll!CoRegisterClassObject 75AC7DB6 5 Bytes JMP 28002360 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3404] ole32.dll!CoCreateInstance 75B09EA6 5 Bytes JMP 28002600 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3404] ole32.dll!CoInitializeEx 75B0AD63 5 Bytes JMP 28002260 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3404] WININET.dll!HttpOpenRequestA 75CD2972 5 Bytes JMP 2800A220 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3404] WININET.dll!InternetCloseHandle 75CD5CE9 5 Bytes JMP 2800A560 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3404] WININET.dll!InternetReadFile 75CDA299 5 Bytes JMP 2800A3B0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3404] WININET.dll!HttpSendRequestA 75CDF1A8 5 Bytes JMP 2800A490 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\internet explorer\iexplore.exe[4004] ntdll.dll!RtlEncodeSystemPointer + 873 7706938B 10 Bytes JMP 04FB003A
.text C:\Program Files\internet explorer\iexplore.exe[4004] kernel32.dll!GetStartupInfoA + 225 76B81BEE 7 Bytes JMP 04FC003A
.text C:\Program Files\internet explorer\iexplore.exe[4004] kernel32.dll!CreateProcessW + 30 76B81C23 7 Bytes JMP 04FC00E4
.text C:\Program Files\internet explorer\iexplore.exe[4004] kernel32.dll!ReadProcessMemory + 3E 76B81CB3 7 Bytes JMP 04FB0AE9
.text C:\Program Files\internet explorer\iexplore.exe[4004] kernel32.dll!DuplicateConsoleHandle + 196 76BA9104 7 Bytes JMP 04FB0E3B
.text C:\Program Files\internet explorer\iexplore.exe[4004] kernel32.dll!LoadLibraryExW + 254 76BA935D 7 Bytes JMP 04FC01

8E
.text C:\Program Files\internet explorer\iexplore.exe[4004] kernel32.dll!CreateMutexExA + 58 76BA94AF 7 Bytes JMP 04FB0CE7
.text C:\Program Files\internet explorer\iexplore.exe[4004] kernel32.dll!LoadLibraryExA + 23 76BA94D7 7 Bytes JMP 04FB08EB
.text C:\Program Files\internet explorer\iexplore.exe[4004] kernel32.dll!DosDateTimeToFileTime + 3AD 76BC9036 7 Bytes JMP 04FB0A3F
.text C:\Program Files\internet explorer\iexplore.exe[4004] kernel32.dll!CloseHandle + 39 76BCAEC6 7 Bytes JMP 04FB0D91
.text C:\Program Files\internet explorer\iexplore.exe[4004] kernel32.dll!GetCurrentProcess + 4 76BCC909 7 Bytes JMP 04FB0841
.text C:\Program Files\internet explorer\iexplore.exe[4004] kernel32.dll!CreateThread + 22 76BCC930 10 Bytes JMP 04FB0EE5
.text C:\Program Files\internet explorer\iexplore.exe[4004] kernel32.dll!MultiByteToWideChar + 17F 76BCCE5A 7 Bytes JMP 04FB0995
.text C:\Program Files\internet explorer\iexplore.exe[4004] kernel32.dll!_lopen + 4D 76C120D7 7 Bytes JMP 04FB0C3D
.text C:\Program Files\internet explorer\iexplore.exe[4004] kernel32.dll!NeedCurrentDirectoryForExePathA + A1 76C15CF2 7 Bytes JMP 04FB0B93
.text C:\Program Files\internet explorer\iexplore.exe[4004] ADVAPI32.dll!RegFlushKey + C9 771DCEB4 7 Bytes JMP 04FB0797
.text C:\Program Files\internet explorer\iexplore.exe[4004] ADVAPI32.dll!ElfDeregisterEventSource + 99 771F1C87 7 Bytes JMP 04FB00F3
.text C:\Program Files\internet explorer\iexplore.exe[4004] ADVAPI32.dll!DestroyPrivateObjectSecurity + 1D 771F1EE4 7 Bytes JMP 04FB039B
.text C:\Program Files\internet explorer\iexplore.exe[4004] ADVAPI32.dll!OpenServiceA + 97 771F2F54 7 Bytes JMP 04FB019D
.text C:\Program Files\internet explorer\iexplore.exe[4004] ADVAPI32.dll!IsWellKnownSid + 1BE 771F38C8 7 Bytes JMP 04FB04EF
.text C:\Program Files\internet explorer\iexplore.exe[4004] ADVAPI32.dll!RegDeleteKeyW + D9 771F39A6 7 Bytes JMP 04FB0599
.text C:\Program Files\internet explorer\iexplore.exe[4004] ADVAPI32.dll!SystemFunction040 + 1A9 771F3BA4 7 Bytes JMP 04FB06ED
.text C:\Program Files\internet explorer\iexplore.exe[4004] ADVAPI32.dll!AddAccessAllowedAceEx + BB 771F3FB1 7 Bytes JMP 04FB0247
.text C:\Program Files\internet explorer\iexplore.exe[4004] ADVAPI32.dll!LsaLookupPrivilegeValue + 17C 77203919 7 Bytes JMP 04FB02F1
.text C:\Program Files\internet explorer\iexplore.exe[4004] ADVAPI32.dll!RegGetValueW + 2F3 772041EC 7 Bytes JMP 04FB0643
.text C:\Program Files\internet explorer\iexplore.exe[4004] ADVAPI32.dll!I_QueryTagInformation + 11ED 772380BC 7 Bytes JMP 04FB0445
.text C:\Program Files\internet explorer\iexplore.exe[4004] USER32.dll!GetCaretBlinkTime + D 758F631D 7 Bytes JMP 04FC099E
.text C:\Program Files\internet explorer\iexplore.exe[4004] USER32.dll!CreateCaret + B8 758F87A8 7 Bytes JMP 04FC08F4
.text C:\Program Files\internet explorer\iexplore.exe[4004] USER32.dll!DialogBoxParamW 759210B0 5 Bytes JMP 6D54BFA7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4004] USER32.dll!DialogBoxIndirectParamW 75922EF5 5 Bytes JMP 6D68B43B C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4004] USER32.dll!EnumPropsExW + 19 75936244 7 Bytes JMP 04FC0AF2
.text C:\Program Files\internet explorer\iexplore.exe[4004] USER32.dll!SetWindowsHookA + 16 7593625F 7 Bytes JMP 04FC0A48
.text C:\Program Files\internet explorer\iexplore.exe[4004] USER32.dll!DialogBoxParamA 75938152 5 Bytes JMP 6D68B400 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4004] USER32.dll!DialogBoxIndirectParamA 7593847D 5 Bytes JMP 6D68B476 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4004] USER32.dll!MessageBoxIndirectA 7594D4D9 5 Bytes JMP 6D68B3BC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4004] USER32.dll!MessageBoxIndirectW 7594D5D3 5 Bytes JMP 6D68B378 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4004] USER32.dll!MessageBoxExA 7594D639 5 Bytes JMP 6D68B33E C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4004] USER32.dll!MessageBoxExW 7594D65D 5 Bytes JMP 6D68B304 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4004] SHELL32.dll!SHGetPathFromIDList + 269 76089720 7 Bytes JMP 04FC05A2
.text C:\Program Files\internet explorer\iexplore.exe[4004] SHELL32.dll!SHAppBarMessage + 91F 760DC130 7 Bytes JMP 04FC044E
.text C:\Program Files\internet explorer\iexplore.exe[4004] SHELL32.dll!SHRestricted + D95 760F8988 4 Bytes [99, 0B, D6, 63]
.text C:\Program Files\internet explorer\iexplore.exe[4004] SHELL32.dll!SHRestricted + D9D 760F8990 8 Bytes [A7, 0A, D6, 63, A4, 32, D5, ...]
.text C:\Program Files\internet explorer\iexplore.exe[4004] SHELL32.dll!WOWShellExecute + 100 76289FDD 7 Bytes JMP 04FC04F8
.text C:\Program Files\internet explorer\iexplore.exe[4004] SHELL32.dll!ShellExecuteEx + 96 7628A078 7 Bytes JMP 04FC03A4
.text C:\Program Files\internet explorer\iexplore.exe[4004] ole32.dll!OleLoadFromStream 75AD1E12 5 Bytes JMP 6D68B638 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4004] ole32.dll!CoGetTreatAsClass + D2F 75AEFAB7 7 Bytes JMP 04FC02EE
.text C:\Program Files\internet explorer\iexplore.exe[4004] ole32.dll!CoCreateInstance + 3E 75B09EE4 7 Bytes JMP 04FC0238
.text C:\Program Files\internet explorer\iexplore.exe[4004] WS2_32.dll!closesocket 7718330C 4 Bytes JMP 6336EEE9 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)

.text C:\Program Files\internet explorer\iexplore.exe[4004] WS2_32.dll!recv 7718343A 4 Bytes JMP 6336F1C3 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4004] WS2_32.dll!recv + AC 771834E6 7 Bytes JMP 054E04E0
.text C:\Program Files\internet explorer\iexplore.exe[4004] WS2_32.dll!socket 771836D1 5 Bytes JMP 054E0788
.text C:\Program Files\internet explorer\iexplore.exe[4004] WS2_32.dll!connect 771840D9 5 Bytes JMP 054E0830
.text C:\Program Files\internet explorer\iexplore.exe[4004] WS2_32.dll!getaddrinfo 7718418A 4 Bytes JMP 6336E71D C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4004] WS2_32.dll!__WSAFDIsSet + 3F 7718652A 7 Bytes JMP 054E058A
.text C:\Program Files\internet explorer\iexplore.exe[4004] WS2_32.dll!send 7718659B 4 Bytes JMP 6336E9ED C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4004] WS2_32.dll!WahCreateNotificationHandle + 27F 77188CD2 7 Bytes JMP 054E0982
.text C:\Program Files\internet explorer\iexplore.exe[4004] WS2_32.dll!recvfrom + 18F 77188FA4 7 Bytes JMP 054E0436
.text C:\Program Files\internet explorer\iexplore.exe[4004] WS2_32.dll!WSASetEvent + B1 7718D7AB 7 Bytes JMP 054E0A2C
.text C:\Program Files\internet explorer\iexplore.exe[4004] WS2_32.dll!getpeername + 958 7719B1BB 7 Bytes JMP 054E06DE
.text C:\Program Files\internet explorer\iexplore.exe[4004] WS2_32.dll!WSAConnectByList + 543 7719B703 7 Bytes JMP 054E038C
.text C:\Program Files\internet explorer\iexplore.exe[4004] WS2_32.dll!WSAConnectByNameW + 369 7719BA71 7 Bytes JMP 054E02E2
.text C:\Program Files\internet explorer\iexplore.exe[4004] WS2_32.dll!WSAConnectByNameA + DB 7719BB51 7 Bytes JMP 054E08D8
.text C:\Program Files\internet explorer\iexplore.exe[4004] WS2_32.dll!WSAJoinLeaf + DE 7719BDF1 7 Bytes JMP 054E0634
.text C:\Program Files\internet explorer\iexplore.exe[4004] WININET.dll!HttpOpenRequestA + AD3 75CD3445 7 Bytes JMP 04FC0B9C
.text C:\Program Files\internet explorer\iexplore.exe[4004] WININET.dll!InternetReadFile + 1143 75CDB3DC 7 Bytes JMP 054E018E
.text C:\Program Files\internet explorer\iexplore.exe[4004] WININET.dll!ReadUrlCacheEntryStream + DC7 75CDF1A3 7 Bytes JMP 04FC0E44
.text C:\Program Files\internet explorer\iexplore.exe[4004] WININET.dll!HttpSendRequestA + D8 75CDF280 7 Bytes JMP 04FC0CF0
.text C:\Program Files\internet explorer\iexplore.exe[4004] WININET.dll!InternetOpenA + 358 75CDF5DD 7 Bytes JMP 054E00E4
.text C:\Program Files\internet explorer\iexplore.exe[4004] WININET.dll!InternetOpenW + 266C 75CE1C4E 7 Bytes JMP 04FC0C46
.text C:\Program Files\internet explorer\iexplore.exe[4004] WININET.dll!DetectAutoProxyUrl + 517 75CED638 7 Bytes JMP 04FC0EEE
.text C:\Program Files\internet explorer\iexplore.exe[4004] WININET.dll!FindNextUrlCacheContainerA + 95B 75CEEB1F 7 Bytes JMP 054E003A
.text C:\Program Files\internet explorer\iexplore.exe[4004] WININET.dll!CreateMD5SSOHash + 286 75D2BDC4 7 Bytes JMP 054E0238
.text C:\Program Files\internet explorer\iexplore.exe[4004] WININET.dll!HttpCheckDavCompliance + 3E9 75D3E8DD 7 Bytes JMP 04FC0D9A

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[280] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [740C7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[280] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7411A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[280] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [740CBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[280] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [740BF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[280] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [740C75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[280] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [740BE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[280] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [740F8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[280] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [740CDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[280] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [740BFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[280] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [740BFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[280] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [740B71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[280] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7414CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[280] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [740EC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[280] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [740BD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[280] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [740B6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[280] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [740B687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[280] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [740C2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [63D4D537] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [63D4D09C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CopyFileW] [63D4B6A1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [63D4D221] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CreateFileW] [63D4BD1B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SearchPathW] [63D4F233] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!DeleteFileW] [63D4C301] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SearchPathW] [63D4F233] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [63D4D537] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CopyFileW] [63D4B6A1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!MoveFileW] [63D4DE50] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!DeleteFileW] [63D4C301] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetCurrentDirectoryW] [63D4F49D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindClose] [63D50D4C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindNextFileW] [63D4FC09] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindFirstFileW] [63D502A5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [63D4D09C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateFileW] [63D4BD1B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!WritePrivateProfileStringW] [63D4B114] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [63D4D221] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetPrivateProfileStringW] [63D4A970] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegQueryInfoKeyW] [63D5DB0F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegEnumValueW] [63D5E479] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegOpenKeyExW] [63D5CB9D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegQueryValueExW] [63D5D773] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegDeleteKeyW] [63D5CEA5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegCreateKeyExW] [63D5C625] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegCloseKey] [63D5CD09] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindClose] [63D50D4C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindFirstFileA] [63D4FF42] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindNextFileA] [63D4FB96] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindFirstFileW] [63D502A5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindNextFileW] [63D4FC09] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetFileAttributesA] [63D489D0] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetCurrentDirectoryA] [63D4EBFB] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetFileAttributesA] [63D48C26] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateDirectoryA] [63D4E3CB] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!RemoveDirectoryA] [63D4E9A5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!DeleteFileA] [63D4C1D6] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetFileAttributesW] [63D48AFB] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetCurrentDirectoryW] [63D4F49D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\ie

xplore.exe[4004] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetFileAttributesW] [63D48D54] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateDirectoryW] [63D4E4F9] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!DeleteFileW] [63D4C301] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!MoveFileW] [63D4DE50] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!RemoveDirectoryW] [63D4EAD0] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!MoveFileA] [63D4DDDD] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [63D4D09C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateFileA] [63D4BBD2] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateFileW] [63D4BD1B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryW] [63D4D221] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [63D4D221] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!ReplaceFileW] [63D4E151] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!WritePrivateProfileStringW] [63D4B114] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringW] [63D4A970] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringA] [63D4A819] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!DeleteFileW] [63D4C301] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [63D4D537] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesW] [63D48D54] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [63D4BD1B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileW] [63D502A5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileW] [63D4FC09] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathW] [63D4F233] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesW] [63D48AFB] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesA] [63D48C26] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] [63D4BBD2] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileA] [63D4FF42] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileA] [63D4FB96] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindClose] [63D50D4C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathA] [63D4EFA8] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesA] [63D489D0] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [63D4D09C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!WinHelpW] [63D4CF65] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!WinHelpA] [63D4CE2E] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCloseKey] [63D5CD09] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExA] [63D5C49D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteKeyA] [63D5CD5C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryInfoKeyA] [63D5D913] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExA] [63D5CA25] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExW] [63D5C625] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExW] [63D5CB9D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyExW] [63D5E169] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueW] [63D5D437] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteKeyW] [63D5CEA5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryInfoKeyW] [63D5DB0F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExW] [63D5D773] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumValueW] [63D5E479] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyW] [63D5DE75] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyExA] [63D5DFE1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumValueA] [63D5E2F1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyA] [63D5DD0B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExA] [63D5D5D3] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionW] [63D4A460] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindNextFileW] [63D4FC09] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!ReplaceFileW] [63D4E151] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionNamesW] [63D4A6E2] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileSectionW] [63D4AE92] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileStringW] [63D4B114] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateHardLinkW] [63D4C023] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetCurrentDirectoryW] [63D4F49D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CopyFileW] [63D4B6A1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetBinaryTypeW] [63D49700] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [63D4D537] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileW] [63D4DE50] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindFirstFileW] [63D502A5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindClose] [63D50D4C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetShortPathNameA] [63D49362] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesA] [63D489D0] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SearchPathW] [63D4F233] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileIntW] [63D4A1D8] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileStringW] [63D4A970] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!RemoveDirectoryW] [63D4EAD0] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateDirectoryW] [63D4E4F9] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!DeleteFileW] [63D4C301] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetFileAttributesW] [63D48D54] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesW] [63D48AFB] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW] [63D4DE75] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetShortPathNameW] [63D494A1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [63D4D221] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] [63D4BD1B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesExW] [63D48FC1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [63D4D09C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetLongPathNameW] [63D49231] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHELL32.dll [USER32.dll!LoadImageW] [63D4C58B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHELL32.dll [USER32.dll!WinHelpW] [63D4CF65] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHELL32.dll [USER32.dll!PrivateExtractIconsW] [63D4CA80] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyExW] [63D5CB9D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegCreateKeyExW] [63D5C625] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegEnumKeyW] [63D5DE75] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegEnumValueW] [63D5E479] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegDeleteKeyW] [63D5CEA5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryInfoKeyW] [63D5DB0F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryInfoKeyA] [63D5D913] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegEnumKeyExW] [63D5E169] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegSetValueW] [63D5D13F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryValueExW] [63D5D773] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryValueW] [63D5D437] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyW] [63D5C8E9] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegCreateKeyW] [63D5C35D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryValueExA] [63D5D5D3] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyExA] [63D5CA25] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegCloseKey] [63D5CD09] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtQueryDirectoryFile] [63D591AC] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FindClose] [63D50D4C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FindFirstFileW] [63D502A5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [63D4D537] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!SearchPathW] [63D4F233] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!DeleteFileW] [63D4C301] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetShortPathNameW] [63D494A1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileAttributesExW] [63D48FC1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateFileW] [63D4BD1B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [63D4D221] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileAttributesW] [63D48AFB] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [63D4D09C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegSetValueW] [63D5D13F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueA] [63D5D28F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegEnumKeyExW] [63D5E169] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegEnumValueW] [63D5E479] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegEnumKeyA] [63D5DD0B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegDeleteKeyA] [63D5CD5C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryInfoKeyW] [63D5DB0F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryInfoKeyA] [63D5D913] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueW] [63D5D437] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegEnumKeyW] [63D5DE75] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegCloseKey] [63D5CD09] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueExW] [63D5D773] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyExW] [63D5CB9D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegDeleteKeyW] [63D5CEA5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegCreateKeyExW] [63D5C625] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueExA] [63D5D5D3] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyExA] [63D5CA25] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueW] [63D55CFD] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueA] [63D55C9F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathUnExpandEnvStringsA] [63D54D95] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteKeyA] [63D550AF] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteValueW] [63D5519F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathCreateFromUrlW] [63D540A2] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueA] [63D55357] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueA] [63D5619F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueW] [63D553B2] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueW] [63D561FA] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4004] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathCombineW] [63D53FFB] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Udp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\RawIp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Services - GMER 1.0.15 ----

Service C:\Windows\system32\drivers\gasfkykfpqcmtv.sys (*** hidden *** ) [DISABLED] gasfkyxsimdtwc <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\gasfkyxsimdtwc@start 4
Reg HKLM\SYSTEM\CurrentControlSet\Services\gasfkyxsimdtwc@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\gasfkyxsimdtwc@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\gasfkyxsimdtwc@imagepath \systemroot\system32\drivers\gasfkykfpqcmtv.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\gasfkyxsimdtwc\main
Reg HKLM\SYSTEM\CurrentControlSet\Services\gasfkyxsimdtwc\main@aid 20025
Reg HKLM\SYSTEM\CurrentControlSet\Services\gasfkyxsimdtwc\main@sid 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\gasfkyxsimdtwc\main@cmddelay 14400
Reg HKLM\SYSTEM\CurrentControlSet\Services\gasfkyxsimdtwc\main\delete
Reg HKLM\SYSTEM\CurrentControlSet\Services\gasfkyxsimdtwc\main\injector
Reg HKLM\SYSTEM\CurrentControlSet\Services\gasfkyxsimdtwc\main\injector@* gasfkywsp8.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\gasfkyxsimdtwc\main\tasks
Reg HKLM\SYSTEM\CurrentControlSet\Services\gasfkyxsimdtwc\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\gasfkyxsimdtwc\modules@gasfkyrk.sys \systemroot\system32\drivers\gasfkykfpqcmtv.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\gasfkyxsimdtwc\modules@gasfkycmd.dll \systemroot\system32\gasfkyvqjorpsn.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\gasfkyxsimdtwc\modules@gasfkylog.dat \systemroot\system32\gasfkyhmtcunje.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\gasfkyxsimdtwc\modules@gasfkywsp.dll \systemroot\system32\gasfkydyuxepiu.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\gasfkyxsimdtwc\modules@gasfky.dat \systemroot\system32\gasfkybnhkqtpo.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\gasfkyxsimdtwc\modules@gasfkywsp8.dll \systemroot\system32\gasfkyooftmiea.dll
Reg HKLM\SYSTEM\ControlSet003\Services\gasfkyxsimdtwc@start 4
Reg HKLM\SYSTEM\ControlSet003\Services\gasfkyxsimdtwc@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\gasfkyxsimdtwc@group file system
Reg HKLM\SYSTEM\ControlSet003\Services\gasfkyxsimdtwc@imagepath \systemroot\system32\drivers\gasfkykfpqcmtv.sys
Reg HKLM\SYSTEM\ControlSet003\Services\gasfkyxsimdtwc\main (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\gasfkyxsimdtwc\main@aid 20025
Reg HKLM\SYSTEM\ControlSet003\Services\gasfkyxsimdtwc\main@sid 0
Reg HKLM\SYSTEM\ControlSet003\Services\gasfkyxsimdtwc\main@cmddelay 14400
Reg HKLM\SYSTEM\ControlSet003\Services\gasfkyxsimdtwc\main\delete (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\gasfkyxsimdtwc\main\injector (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\gasfkyxsimdtwc\main\injector@* gasfkywsp8.dll
Reg HKLM\SYSTEM\ControlSet003\Services\gasfkyxsimdtwc\main\tasks (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\gasfkyxsimdtwc\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\gasfkyxsimdtwc\modules@gasfkyrk.sys \systemroot\system32\drivers\gasfkykfpqcmtv.sys
Reg HKLM\SYSTEM\ControlSet003\Services\gasfkyxsimdtwc\modules@gasfkycmd.dll \systemroot\system32\gasfkyvqjorpsn.dll
Reg HKLM\SYSTEM\ControlSet003\Services\gasfkyxsimdtwc\modules@gasfkylog.dat \systemroot\system32\gasfkyhmtcunje.dat
Reg HKLM\SYSTEM\ControlSet003\Services\gasfkyxsimdtwc\modules@gasfkywsp.dll \systemroot\system32\gasfkydyuxepiu.dll
Reg HKLM\SYSTEM\ControlSet003\Services\gasfkyxsimdtwc\modules@gasfky.dat \systemroot\system32\gasfkybnhkqtpo.dat
Reg HKLM\SYSTEM\ControlSet003\Services\gasfkyxsimdtwc\modules@gasfkywsp8.dll \systemroot\system32\gasfkyooftmiea.dll

---- EOF - GMER 1.0.15 ----

This is everything that you asked me for i hope it is right!!!


Kind Regards

Hello.

• Download combofix from here
  Link 1
  Link 2
  
  1. If you are using Firefox, make sure that your download settings are as follows:
  
  * Tools->Options->Main tab
  * Set to "Always ask me where to Save the files".
  
  2. During the download, rename Combofix to Combo-Fix as follows:
  
  
  
  
  
  3. It is important you rename Combofix during the download, but not after.
  4. Please do not rename Combofix to other names, but only to the one indicated.
  5. Close any open browsers.
  6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  
  
• We need to disable your local AV (Anti-virus) before running Combofix.
  
• See HERE for how to disable your AV.
  
• Double click on ComboFix.exe.
  
• Follow the prompts. NOTE:
  
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
  ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
  
  **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
  
  
  
• The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
  
  
  
  
• Allow ComboFix to download the Recovery Console.
  
• Accept the End-User License Agreement.
  
• The Recovery Console will be installed.
  
• You will then get this next prompt that asks if you want to continue the malware scan, select yes
  
  
  
  
• Allow combofix to run
  
• Post C:\combofix.txt back here.
  
  Note:
  Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  

I did everything that was asked and now i closed the page by mistake with the results on and when i have located it it won't let me open it and comes up with a sign saying illegal operation attempted on a registry key that has been marked for deletion!!!! so what do i do now?

Re-run GMER, and when the new log opens, check if this is still there at the bottom of the log:

"Service C:\Windows\system32\drivers\gasfkykfpqcmtv.sys (*** hȋdden *** ) [DISABLED] gasfkyxsimdtwc <-- ROOTKIT !!!"

Hi, I have checked to see if it is at the bottom and it isn't there!!

Just taken another look at it and it is there but not right at the bottom of the page maybe three quarters of the way down.

ComboFix 09-09-25.01 - Robert Hornshaw 26/09/2009 8:33.1.4 - NTFSx86
Microsoft Windows Vista Home Premium 6.0.6002.2.1252.44.1033.18.3292.2139 [GMT 1:00]
Running from: c:\users\Robert Hornshaw\Downloads\combo-fix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2587230002-3812537154-1661091937-500
c:\$recycle.bin\S-1-5-21-2773397201-2855733099-4214572315-500
c:\program files\FunWebProducts
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
c:\program files\MyWebSearch\bar\1.bin\F3CJpeg.dll
c:\program files\MyWebSearch\bar\1.bin\F3DTactl.dll
c:\program files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HKSTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HTmlmu.dll
c:\program files\MyWebSearch\bar\1.bin\F3HTtpct.dll
c:\program files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
c:\program files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
c:\program files\MyWebSearch\bar\1.bin\F3REGHK.DLL
c:\program files\MyWebSearch\bar\1.bin\F3REPROX.DLL
c:\program files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
c:\program files\MyWebSearch\bar\1.bin\F3SCrctr.dll
c:\program files\MyWebSearch\bar\1.bin\F3SPACER.WMV
c:\program files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
c:\program files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
c:\program files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE
c:\program files\MyWebSearch\bar\1.bin\M3HTml.dll
c:\program files\MyWebSearch\bar\1.bin\M3IDLE.DLL
c:\program files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
c:\program files\MyWebSearch\bar\1.bin\M3MEDINT.EXE
c:\program files\MyWebSearch\bar\1.bin\M3MSG.DLL
c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\M3OUtlcn.dll
c:\program files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
c:\program files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
c:\program files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSBAR.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSSrcas.dll
c:\program files\MyWebSearch\bar\1.bin\MWSSVC.EXE
c:\program files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S
c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files\MyWebSearch\bar\Game\CHESS.F3S
c:\program files\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files\MyWebSearch\bar\icons\CM.ICO
c:\program files\MyWebSearch\bar\icons\MFC.ICO
c:\program files\MyWebSearch\bar\icons\PSS.ICO
c:\program files\MyWebSearch\bar\icons\SMILEY.ICO
c:\program files\MyWebSearch\bar\icons\WB.ICO
c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO
c:\program files\MyWebSearch\bar\Message\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\DOG.F3S
c:\program files\MyWebSearch\bar\Notifier\FISH.F3S
c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\program files\MyWebSearch\bar\Notifier\MAID.F3S
c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S
c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\windows\system32\drivers\gasfkykfpqcmtv.sys
c:\windows\system32\f3PSSavr.scr
c:\windows\system32\gasfkybnhkqtpo.dat
c:\windows\system32\gasfkydyuxepiu.dll
c:\windows\system32\gasfkyhmtcunje.dat
c:\windows\system32\gasfkyvqjorpsn.dll
c:\windows\System32\ieHElpmod.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_gasfkyxsimdtwc
-------\Service_gasfkyxsimdtwc
-------\Service_MyWebSearchService


((((((((((((((((((((((((( Files Created from 2009-08-26 to 2009-09-26 )))))))))))))))))))))))))))))))
.

2009-09-24 18:10 . 2009-09-24 18:10 -------- d-----w- c:\users\Robert Hornshaw\AppData\Roaming\Malwarebytes
2009-09-24 18:10 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-24 18:09 . 2009-09-24 18:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-24 18:09 . 2009-09-24 18:09 -------- d-----w- c:\programdata\Malwarebytes
2009-09-24 18:09 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-24 07:04 . 2009-09-24 07:04 -------- d-----w- c:\program files\Trend Micro
2009-09-23 15:51 . 2009-09-24 16:35 -------- d-----w- c:\users\Robert Hornshaw\AppData\Local\CrashDumps
2009-09-23 14:22 . 2009-09-23 14:29 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-09-23 14:22 . 2009-09-23 14:22 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-09-23 14:21 . 2009-09-23 14:21 -------- d-----w- c:\windows\system32\drivers\NAV
2009-09-23 14:21 . 2009-09-23 14:21 -------- d-----w- c:\program files\Norton AntiVirus
2009-09-23 14:21 . 2009-09-23 14:21 -------- d-----w- c:\program files\NortonInstaller
2009-09-20 19:32 . 2009-09-20 19:32 -------- d-----w- c:\programdata\Messenger Plus!
2009-09-20 16:55 . 2009-09-20 16:55 -------- d-----w- c:\program files\Common Files\TSUninstall
2009-09-20 16:53 . 2009-09-25 12:30 -------- d-----w- c:\program files\TS
2009-09-10 08:00 . 2009-08-14 16:27 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-09-10 08:00 . 2009-08-14 13:49 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-09-10 08:00 . 2009-08-14 13:49 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-09-10 08:00 . 2009-08-14 13:49 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-09-10 08:00 . 2009-08-14 13:49 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-09-10 08:00 . 2009-08-14 13:49 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-09-10 08:00 . 2009-08-14 13:49 10240 ----a-w- c:\windows\system32\finger.exe
2009-09-10 08:00 . 2009-08-14 13:48 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-09-10 08:00 . 2009-08-14 13:48 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-09-10 08:00 . 2009-08-14 15:53 17920 ----a-w- c:\windows\system32\netevent.dll
2009-09-10 08:00 . 2009-08-14 13:49 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-09-10 07:59 . 2009-07-11 19:01 513536 ----a-w- c:\windows\system32\wlansvc.dll
2009-09-10 07:59 . 2009-07-11 19:01 302592 ----a-w- c:\windows\system32\wlansec.dll
2009-09-10 07:59 . 2009-07-11 19:01 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2009-09-10 07:59 . 2009-07-11 19:01 65024 ----a-w- c:\windows\system32\wlanapi.dll
2009-09-10 07:59 . 2009-07-11 17:03 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2009-09-10 07:59 . 2009-06-10 11:41 2868224 ----a-w- c:\windows\system32\mf.dll
2009-08-28 15:15 . 2009-08-28 15:16 -------- d-----w- c:\windows\system32\ca-ES
2009-08-28 15:15 . 2009-08-28 15:16 -------- d-----w- c:\windows\system32\eu-ES
2009-08-28 15:15 . 2009-08-28 15:16 -------- d-----w- c:\windows\system32\vi-VN
2009-08-28 14:29 . 2009-08-28 14:29 -------- d-----w- c:\windows\system32\EventProviders
2009-08-27 09:30 . 2009-06-22 10:09 2048 ----a-w- c:\windows\system32\tzres.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-25 20:21 . 2009-05-07 03:42 -------- d-----w- c:\programdata\Microsoft Help
2009-09-23 14:22 . 2009-09-23 14:22 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-09-23 14:22 . 2009-09-23 14:22 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-09-23 14:22 . 2009-06-21 13:16 -------- d-----w- c:\program files\Symantec
2009-09-23 14:21 . 2009-06-21 13:15 -------- d-----w- c:\programdata\Norton
2009-09-23 14:21 . 2009-06-21 13:09 -------- d-----w- c:\programdata\NortonInstaller
2009-09-20 20:26 . 2009-06-21 13:29 -------- d-----w- c:\programdata\Lx_cats
2009-09-20 16:39 . 2009-08-01 14:56 -------- d-----w- c:\program files\Messenger Plus! Live
2009-09-10 12:11 . 2009-05-07 03:40 -------- d-----w- c:\program files\Microsoft Silverlight
2009-08-28 15:16 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-08-28 15:16 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-08-28 15:16 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-08-28 15:16 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-08-28 15:16 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-08-28 15:16 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-08-28 15:16 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-08-21 11:54 . 2009-05-07 03:28 -------- d-----w- c:\program files\Microsoft Works
2009-08-21 11:10 . 2009-08-15 12:32 -------- d-----w- c:\program files\Google
2009-08-20 15:52 . 2009-06-21 13:17 -------- d-----w- c:\programdata\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
2009-08-20 15:51 . 2009-06-21 13:17 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-08-20 15:51 . 2009-06-21 13:17 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2009-08-18 13:57 . 2009-08-18 13:57 127832 ----a-w- c:\programdata\SPL2FF6.tmp
2009-08-15 12:32 . 2009-08-15 12:32 -------- d-----w- c:\program files\Common Files\xing shared
2009-08-15 12:32 . 2009-08-15 12:32 -------- d-----w- c:\program files\Common Files\Real
2009-08-15 12:32 . 2009-08-15 12:32 -------- d-----w- c:\program files\Real
2009-08-15 09:14 . 2009-06-22 10:58 40 ----a-w- c:\users\Robert Hornshaw\AppData\Roaming\wklnhst.dat
2009-08-14 12:52 . 2009-08-14 12:52 -------- d-----w- c:\users\Robert Hornshaw\AppData\Roaming\Template
2009-08-06 15:13 . 2009-08-06 15:12 -------- d-----w- c:\programdata\PopCap Games
2009-07-18 16:01 . 2009-07-29 16:09 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-07-18 11:35 . 2009-07-29 16:09 828416 ----a-w- c:\windows\system32\wininet.dll
2009-07-17 13:54 . 2009-08-13 14:33 71680 ----a-w- c:\windows\system32\atl.dll
2009-07-15 12:40 . 2009-08-13 14:32 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-07-15 12:39 . 2009-08-13 14:32 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-15 12:39 . 2009-08-13 14:32 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-07-15 12:39 . 2009-08-13 14:32 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-05-07 11:44 . 2009-05-07 11:41 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-20 39408]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-02 3882312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-23 150552]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-01-29 206064]
"diagnostics"="c:\program files\Thomson\ST330\diagnostics\diagnostics.exe" [2009-06-21 557149]
"lxdnmon.exe"="c:\program files\Lexmark 2600 Series\lxdnmon.exe" [2008-03-27 660136]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2008-05-21 451896]
"Malwarebytes Anti-Malware (rootkit-scan)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-07-18 6246400]

c:\users\Robert Hornshaw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-27 1316192]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-05-07 03:31 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"="
"
"FirewallOverride"="
"
"UpdatesDisableNotify"="
"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):f2,a4,65,52,f3,27,ca,01

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{5A1FA1EA-F1B3-4F58-825A-9EF2803C50A4}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{C5FAFAD4-C758-4EA6-908E-527BED9310DD}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{6A30DA07-2A55-432B-8F8E-FE84A1F3290C}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{84ED107A-6E5C-431A-829D-969D3ACF964F}"= UDP:c:\temp\Thomson\Installer.exe:SpeedTouch Home Install Wizard
"{A47B9268-E9E5-4940-8C02-078E80032B3C}"= TCP:c:\temp\Thomson\Installer.exe:SpeedTouch Home Install Wizard
"{3DF131A0-5AF2-426F-AE1A-331A27735D67}"= UDP:c:\program files\Thomson\ST330\service\st330service.exe:ST330 service
"{35456785-B615-4850-A193-58D33A10DF3A}"= TCP:c:\program files\Thomson\ST330\service\st330service.exe:ST330 service
"{43CB9605-B552-4483-9723-93F748DE14C4}"= UDP:c:\windows\System32\lxdncoms.exe:Lexmark Communications System
"{27E39C45-709C-46DE-8987-6650ACE0208F}"= TCP:c:\windows\System32\lxdncoms.exe:Lexmark Communications System
"{19D83132-FB43-4313-9931-3D24A132E52A}"= UDP:c:\program files\Lexmark 2600 Series\lxdnamon.exe:Lexmark Device Monitor
"{42A88315-B474-44DE-990F-AE4F2B509E5C}"= TCP:c:\program files\Lexmark 2600 Series\lxdnamon.exe:Lexmark Device Monitor
"{9B284FE5-381C-42DB-9CDA-30DACA0869A7}"= UDP:c:\program files\Lexmark 2600 Series\frun.exe:Lexmark Productivity Studio
"{D566A54C-A5E2-40F0-8EF4-544BAA2D2E1C}"= TCP:c:\program files\Lexmark 2600 Series\frun.exe:Lexmark Productivity Studio
"{BE7CEF1B-2C04-42FA-9DA8-660A35BF6BC2}"= UDP:c:\program files\Lexmark 2600 Series\lxdnmon.exe:Printer Device Monitor
"{D0B5792A-8358-4BBD-B45F-58ACF6F00101}"= TCP:c:\program files\Lexmark 2600 Series\lxdnmon.exe:Printer Device Monitor
"{A0394046-1A7D-435E-9118-38B81838F99A}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxdnpswx.exe:Printer Status Window Interface
"{A1A415A1-E5F8-41E9-A153-B2D017884C78}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxdnpswx.exe:Printer Status Window Interface
"{44C239BD-DB61-443B-A617-8503C9211135}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxdntime.exe:Lexmark Connect Time Executable
"{2CC80878-552E-4CC2-8054-6CE167EA4792}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxdntime.exe:Lexmark Connect Time Executable
"{C3DB1580-1139-424D-A3C4-6A08B9576D24}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxdnjswx.exe:Job Status Window Interface
"{CCD07AD0-BA84-4124-8D94-E5FA23612659}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxdnjswx.exe:Job Status Window Interface
"{A95A1F38-8624-4B66-874F-1D2F6C927D1B}"= TCP:67:DHCP Discovery Service
"{3085A600-4BA7-4923-89F5-2AB2D732A81A}"= UDP:c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:Pure Networks Platform Service
"{3803BFC0-5A8B-4C67-922A-1EB8DD9D720B}"= TCP:c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:Pure Networks Platform Service

R0 SymDS;Symantec Data Store;c:\windows\System32\drivers\NAV\1100000.088\SymDS.sys [23/09/2009 15:21 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\System32\drivers\NAV\1100000.088\SymEFA.sys [23/09/2009 15:21 169008]
R1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20090911.001\BHDrvx86.sys [11/09/2009 23:45 507440]
R1 ccHP;Symantec Hash Provider;c:\windows\System32\drivers\NAV\1100000.088\ccHPx86.sys [23/09/2009 15:21 501888]
R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20090911.001\IDSvix86.sys [23/09/2009 16:39 342576]
R1 jswpslwf;JumpStart reƖ Filter Driver;c:\windows\System32\drivers\jswpslwf.sys [01/10/2008 16:44 20384]
R1 SymIRON;Symantec Iron Driver;c:\windows\System32\drivers\NAV\1100000.088\Ironx86.sys [23/09/2009 15:21 114736]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\drivers\NAV\1100000.088\symtdiv.sys [23/09/2009 15:21 338480]
R2 AERTFilters;Andrea RT Filters Service;c:\windows\System32\AERTSrv.exe [07/05/2009 13:04 73728]
R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [18/12/2008 13:05 155648]
R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]
R2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\System32\spool\drivers\w32x86\3\lxdnserv.exe [28/02/2008 00:07 98984]
R2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\17.0.0.136\ccSvcHst.exe [23/09/2009 15:21 126392]
R2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\System32\drivers\RtNdPt60.sys [07/05/2009 04:24 27648]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [24/09/2009 16:13 102448]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\System32\drivers\IntcHdmi.sys [07/05/2009 13:04 112128]
S2 EraserSvc10922;Symantec Eraser Service;c:\program files\Norton AntiVirus\Engine\17.0.0.136\ccSvcHst.exe [23/09/2009 15:21 126392]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\NETGEAR\WN111v2\jswpsapi.exe --> c:\program files\NETGEAR\WN111v2\jswpsapi.exe [?]
S3 PCD5SRVC{3F6A8B78-EC003E00-05040104};PCD5SRVC{3F6A8B78-EC003E00-05040104} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms [05/11/2008 00:16 22904]
.
Contents of the 'Scheduled Tasks' folder

2009-09-26 c:\windows\Tasks\RtlNICDiagVistaStart.job
- c:\program files\Realtek\RTNICDiag\RTNICDiag.exe [2009-05-07 11:18]

2009-09-25 c:\windows\Tasks\User_Feed_Synchronization-{3029CC5B-A8AC-4EB4-BEDF-4B0C09E576F6}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.karoo.co.uk/
IE: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJxdm405YYGB
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-MyWebSearch Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL
AddRemove-TS - c:\program files\TS\tsc.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-26 08:42
Windows 6.0.6002 Service Pack 2 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NAV]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\17.0.0.136\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\17.0.0.136\diMaster.dll\" /prefetch:1"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCD5SRVC{3F6A8B78-EC003E00-05040104}]
"ImagePath"="\??\c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\st330service]
"ImagePath"="C:\Program Files/Thomson/ST330/service/st330service.exe -service"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(5244)
c:\program files\Common Files\Pure Networks Shared\Platform\10.2.8216.0.nmcorePS.dll
c:\program files\Pure Networks\Network Magic\nmrsrc.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Thomson\ST330\service\st330service.exe
c:\windows\System32\lxdncoms.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\windows\System32\WUDFHost.exe
c:\windows\System32\dllhost.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\System32\igfxsrvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Dell Support Center\gs_agent\dsc.exe
c:\windows\System32\wbem\WMIADAP.exe
.
**************************************************************************
.
Completion time: 2009-09-26 8:44 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-26 07:44

Pre-Run: 447,814,729,728 bytes free
Post-Run: 448,219,844,608 bytes free

308 --- E O F --- 2009-09-10 12:13

here are the results of the combo fix results as required and the virus has completely gone!!! Does that mean that is it? If so i will be recommending your site to other people if they have problems as you have been so so helpful, will also be making a donation to say thankyou for everthing.

Kind regards
Debbie

One more thing to do.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

Malwarebytes' Anti-Malware 1.41
Database version: 2865
Windows 6.0.6002 Service Pack 2

27/09/2009 18:27:37
mbam-log-2009-09-27 (18-27-37).txt

Scan type: Quick Scan
Objects scanned: 86166
Time elapsed: 3 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 59
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 9

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1e0de227-5ce4-4ea3-ab0c-8b03e1aa76bc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\(default) (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\Common Files\TSUninstall (Rogue.TotalSecurity) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\Common Files\TSUninstall\Uninstall.lnk (Rogue.TotalSecurity) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\TS\Computer Scan.lnk (Rogue.TotalSecurity) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\TS\Help.lnk (Rogue.TotalSecurity) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\TS\Registration.lnk (Rogue.TotalSecurity) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\TS\Security Center.lnk (Rogue.TotalSecurity) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\TS\Settings.lnk (Rogue.TotalSecurity) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\TS\Total Security.lnk (Rogue.TotalSecurity) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\TS\Update.lnk (Rogue.TotalSecurity) -> Quarantined and deleted successfully.
C:\Users\Robert Hornshaw\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\TS.lnk (Rogue.TotalSecurity) -> Quarantined and deleted successfully.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

How is the machine running now?

How do i get that last window up that you have told me to run please?

I see you are running Vista, in vista the run command is hȋdden so you will have to use the keyboard shortcut, to open up run please do the following:

Click and hold on the windows key (it should be on the bottom left of your keyboard between Ctrl and ALT) once you have located the windows key click and hold it and then press the "R" key.

So in general: Windows key + R, then the run window should pop up. Once it appears you can then input the following:

ComboFix /u

it's saying it can't be found

Hello.
Doesn't matter then, sometimes the uninstall command works, sometimes it doesn't.

Just delete Qoobox folder from the C: drive, then this should be fine.

thankyou so much for all of your help and patience, it has been much appreciated.

Kind regards
Mrs Debbie Hornshaw x