1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Active No access to anti-virus sites

Discussion in 'Malware and Virus Removal Archive' started by nickgp1, 2009/05/25.

  1. 2009/05/25
    nickgp1

    nickgp1 Inactive Thread Starter

    Joined:
    2009/05/25
    Messages:
    5
    Likes Received:
    0
    [Active] No access to anti-virus sites

    Hello, I am a first time poster in this forum, I hope that I have followed the posting rules correctly. I have an acer computer that runs Windows Vista. For the past month, my computer has been showing three concurrent symptoms that I have noticed. The first is that Norton anti-virus (which is my default anti-virus program that came with the computer) has been constantly giving me this error message: Error: "Internal program error" (3038,104) after installing a Norton 2008 product." When I try to run a virus scan using Norton, it says that an "unknown error occured during the scan." The second symptom is that Windows system restore will not work. When I run system restore, the computer restarts and gives me this message: "System Restore did not complete successfully. Your computer's system files and settings were not changed. Details: An unspecified error occurred during system restore." At this point, the restore dates do not go back to a date before my computer started showing these symptoms. The third symptom is that I cannot open the program the regedit. I tried downloading the Avast anti-virus program and ran it on a thorough search, but it failed to find one single infection.

    I researched the problem and read that I might be able to run system restore in safe mode. So I restarted the computer in safemode and ran system restore, which worked, and restored the computer to May 17th and then restarted again. However, I still noticed all the same symptoms I described above. I then tried to address the Norton issue. Following directions from their website, I went back into safemode, clicked run under the start menu and entered the command: "navw32/ L ". This opened up Norton and tried to scan but I got a new error message: "(3038,100)" It said that Norton's virus defintions were invalid and that I had to update them, but I when I followed the link it gave me to do this, it brought me to a part of the Norton website that scanned my Norton package for any problems and said that it could not find anything. I described my situation on Yahoo! Answers, and someone told me that they had the same situation and that it turned out to be a virus. Any help would be greatly appreciated, thank you very much for your time. Here are my DDS and Attach logs:


    DDS (Ver_09-05-14.01) - NTFSx86
    Run by Mary Jane at 19:22:34.43 on Mon 05/25/2009
    Internet Explorer: 7.0.6001.18000
    Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6001.1.1252.1.1033.18.2038.874 [GMT -4:00]

    AV: Norton Internet Security *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    SP: Norton Internet Security *enabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
    FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\WLANExt.exe
    C:\Windows\System32\spoolsv.exe
    c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\agrsmsvc.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
    C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
    C:\Acer\Empowering Technology\eNet\eNet Service.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Acer\Mobility Center\MobilityService.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    C:\Windows\RtHDVCpl.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    C:\Windows\System32\igfxtray.exe
    c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    C:\Windows\System32\igfxpers.exe
    C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
    C:\Windows\BR040286.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
    C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Users\MARYJA~1\AppData\Local\Temp\RtkBtMnt.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Internet Explorer\ieuser.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Launch Manager\LManager.exe
    C:\Windows\WindowsMobile\wmdSync.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\system32\svchost.exe -k WindowsMobile
    C:\Windows\system32\igfxext.exe
    C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
    C:\Windows\system32\igfxsrvc.exe
    C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
    C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
    C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\Mary Jane\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://en.us.acer.yahoo.com
    mStart Page = hxxp://en.us.acer.yahoo.com
    mDefault_Page_URL = hxxp://en.us.acer.yahoo.com
    uInternet Settings,ProxyOverride = *.local
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\common files\symantec shared\coshared\browser\2.0\coIEPlg.dll
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll
    BHO: ShowBarObj Class: {83a2f9b1-01a2-4aa5-87d1-45b6b8505e96} - c:\acer\empowering technology\edatasecurity\x86\ActiveToolBand.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\common files\symantec shared\coshared\browser\2.0\CoIEPlg.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\acer\empowering technology\edatasecurity\x86\eDStoolbar.dll
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
    mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe "
    mRun: [RtHDVCpl] RtHDVCpl.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [BisonInst0402] c:\windows\BR040286.exe
    mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe "
    mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe "
    mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\x86\eDSloader.exe
    mRun: [LManager] c:\progra~1\launch~1\LManager.exe
    mRun: [Acer Assist Launcher] c:\program files\acer\acer assist\launcher.exe
    mRun: [Acer Product Registration] "c:\program files\acer\acer registration\ACE1.exe" /startup
    mRun: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe "
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe "
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\empowe~1.lnk - c:\acer\empowering technology\eAPLauncher.exe
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
    DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlcm.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: igfxcui - igfxdev.dll

    ============= SERVICES / DRIVERS ===============

    R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\ipsdefs\20080718.003\IDSvix86.sys [2008-7-19 261680]
    R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;c:\program files\microsoft small business\business contact manager\BcmSqlStartupSvc.exe [2008-1-11 30312]
    R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\CCSVCHST.EXE [2007-8-25 149352]
    R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2007-7-22 180736]
    R3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\symndisv.sys [2009-2-19 41008]
    S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2007-5-30 23888]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-4-15 101936]
    S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2008-11-24 29263712]

    =============== Created Last 30 ================

    2009-05-25 18:48 243,056 a------- c:\users\mary jane\CheckCfgWizCompleted.exe
    2009-05-25 18:48 357,768 a------- c:\users\mary jane\SymXPep2.dll
    2009-05-22 15:41 <DIR> --d----- c:\program files\VideoLAN
    2009-05-22 12:09 <DIR> --d----- c:\programdata\Lavasoft
    2009-05-22 12:09 <DIR> --d----- c:\program files\Lavasoft
    2009-05-22 11:49 <DIR> a-d----- c:\programdata\TEMP
    2009-05-15 15:10 <DIR> --d----- c:\programdata\NtiDvdCopy
    2009-05-15 15:10 <DIR> --d----- c:\progra~2\NtiDvdCopy
    2009-05-10 17:18 107,368 a------- c:\windows\system32\GEARAspi.dll
    2009-05-10 17:18 23,400 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
    2009-05-10 17:18 <DIR> --d----- c:\program files\iPod
    2009-05-10 17:17 <DIR> --d----- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    2009-05-10 17:17 <DIR> --d----- c:\program files\iTunes
    2009-05-10 17:17 <DIR> --d----- c:\progra~2\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    2009-05-10 17:16 <DIR> --d----- c:\program files\Bonjour
    2009-05-10 17:15 <DIR> --d----- c:\programdata\Apple Computer
    2009-05-10 17:13 <DIR> --d----- c:\programdata\Apple

    ==================== Find3M ====================

    2009-05-10 17:14 51,200 a------- c:\windows\inf\infpub.dat
    2009-05-10 17:14 86,016 a------- c:\windows\inf\infstrng.dat
    2009-05-10 17:14 86,016 a------- c:\windows\inf\infstor.dat
    2009-03-16 23:38 40,960 a------- c:\windows\apppatch\apihex86.dll
    2009-03-16 23:38 13,824 a------- c:\windows\system32\apilogen.dll
    2009-03-16 23:38 24,064 a------- c:\windows\system32\amxread.dll
    2009-03-09 05:19 410,984 a------- c:\windows\system32\deploytk.dll
    2009-03-05 19:37 56 a---h--- c:\programdata\ezsidmv.dat
    2009-03-05 19:37 56 a---h--- c:\progra~2\ezsidmv.dat
    2009-03-03 00:46 3,599,328 a------- c:\windows\system32\ntkrnlpa.exe
    2009-03-03 00:46 3,547,632 a------- c:\windows\system32\ntoskrnl.exe
    2009-03-03 00:40 827,392 a------- c:\windows\system32\wininet.dll
    2009-03-03 00:39 183,296 a------- c:\windows\system32\sdohlp.dll
    2009-03-03 00:39 551,424 a------- c:\windows\system32\rpcss.dll
    2009-03-03 00:39 26,112 a------- c:\windows\system32\printfilterpipelineprxy.dll
    2009-03-03 00:37 78,336 a------- c:\windows\system32\ieencode.dll
    2009-03-03 00:37 98,304 a------- c:\windows\system32\iasrecst.dll
    2009-03-03 00:37 54,784 a------- c:\windows\system32\iasads.dll
    2009-03-03 00:37 44,032 a------- c:\windows\system32\iasdatastore.dll
    2009-03-02 23:04 666,624 a------- c:\windows\system32\printfilterpipelinesvc.exe
    2009-03-02 22:38 17,408 a------- c:\windows\system32\iashost.exe
    2009-03-02 22:28 26,624 a------- c:\windows\system32\ieUnatt.exe
    2008-06-17 03:11 665,600 a------- c:\windows\inf\drvindex.dat
    2008-01-20 22:43 174 a--sh--- c:\program files\desktop.ini
    2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
    2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
    2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
    2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
    2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
    2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
    2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
    2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
    2009-02-04 09:31 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
    2009-02-04 09:31 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
    2009-02-04 09:31 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat

    ============= FINISH: 19:23:03.43 ===============


    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_09-05-14.01)

    Microsoft® Windows Vistaâ„¢ Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 3/12/2008 11:33:50 PM
    System Uptime: 5/25/2009 6:23:38 PM (1 hours ago)

    Motherboard: Acer | | Biwa
    Processor: Intel(R) Pentium(R) Dual CPU T2370 @ 1.73GHz | U2E1 | 1733/133mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 70 GiB total, 35.511 GiB free.
    D: is FIXED (NTFS) - 70 GiB total, 69.547 GiB free.
    E: is CDROM ()

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP169: 5/15/2009 5:11:50 PM - Restore Operation
    RP170: 5/15/2009 5:26:18 PM - Restore Operation
    RP171: 5/17/2009 12:00:02 AM - Scheduled Checkpoint
    RP172: 5/18/2009 12:00:01 AM - Scheduled Checkpoint
    RP173: 5/19/2009 12:00:04 AM - Scheduled Checkpoint
    RP174: 5/19/2009 1:50:38 AM - Windows Update
    RP175: 5/20/2009 12:00:03 AM - Scheduled Checkpoint
    RP176: 5/21/2009 12:00:12 AM - Scheduled Checkpoint
    RP177: 5/21/2009 12:14:14 PM - Windows Update
    RP178: 5/22/2009 1:05:02 PM - Scheduled Checkpoint
    RP179: 5/22/2009 5:33:56 PM - Restore Operation
    RP180: 5/25/2009 3:17:20 PM - Windows Update
    RP181: 5/25/2009 5:22:06 PM - Restore Operation

    ==== Installed Programs ======================

    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office system
    Acer Assist
    Acer Crystal Eye
    Acer Crystal Eye Webcam
    Acer eDataSecurity Management
    Acer eLock Management
    Acer Empowering Technology
    Acer eNet Management
    Acer ePower Management
    Acer ePresentation Management
    Acer eSettings Management
    Acer GridVista
    Acer Mobility Center Plug-In
    Acer Registration
    Acer ScreenSaver
    Activation Assistant for the 2007 Microsoft Office suites
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 8.1.3
    Agere Systems HDA Modem
    AppCore
    Apple Mobile Device Support
    Apple Software Update
    Bonjour
    Broadcom Driver v4.170.25.19_Foxconn Installation Program
    Broadcom Gigabit Integrated Controller
    Business Contact Manager for Outlook 2007 SP1
    ccCommon
    Component Framework
    Intel(R) Graphics Media Accelerator Driver
    iTunes
    Java(TM) 6 Update 13
    Launch Manager
    LightScribe 1.4.142.1
    LiveUpdate (Symantec Corporation)
    Microsoft Office 2003 Web Components
    Microsoft Office 2007 Primary Interop Assemblies
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Home and Student 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Professional Hybrid 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Small Business Connectivity Components
    Microsoft Office Word MUI (English) 2007
    Microsoft SQL Server 2005
    Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
    Microsoft SQL Server Native Client
    Microsoft SQL Server Setup Support Files (English)
    Microsoft SQL Server VSS Writer
    Microsoft Visual C++ 2005 Redistributable
    MP3 Player Recovery Tool
    Norton AntiVirus
    Norton AntiVirus Help
    Norton Confidential Core
    Norton Internet Security
    Norton Internet Security (Symantec Corporation)
    Norton Protection Center
    NTI Backup NOW! 4.7
    NTI CD & DVD-Maker
    NTI Shadow
    PowerDVD
    QuickTime
    Realtek High Definition Audio Driver
    Security Update for 2007 Microsoft Office System (KB951550)
    Security Update for 2007 Microsoft Office System (KB951944)
    Security Update for 2007 Microsoft Office System (KB960003)
    Security Update for Microsoft Office Excel 2007 (KB959997)
    Security Update for Microsoft Office OneNote 2007 (KB950130)
    Security Update for Microsoft Office PowerPoint 2007 (KB957789)
    Security Update for Microsoft Office Publisher 2007 (KB950114)
    Security Update for Microsoft Office system 2007 (KB954326)
    Security Update for Microsoft Office system 2007 (KB956828)
    Security Update for Microsoft Office Word 2007 (KB956358)
    Skypeâ„¢ 4.0
    SPBBC 32bit
    Spelling Dictionaries Support For Adobe Reader 8
    Symantec Real Time Storage Protection Component
    SymNet
    Synaptics Pointing Device Driver
    Texas Instruments PCIxx21/x515/xx12 drivers.
    TIPCI
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 (KB952142)
    Update for Microsoft Office Outlook 2007 Help (KB957246)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Outlook 2007 Junk Email Filter (kb968503)
    Windows Live OneCare safety scanner
    Yahoo! Toolbar

    ==== End Of File ===========================
     
    nickgp1,
    #1
  2. 2009/05/25
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Print these instructions out.

    NOTE. If any of the programs listed below refuse to run, try renaming executive file to something else; for instance, rename hijackthis.exe to scanner.exe

    ***VERY IMPORTANT! Make sure, you update Superantispyware, and Malwarebytes before running the scans.***

    STEP 1. Download SUPERAntiSpyware Free for Home Users:
    http://www.superantispyware.com/

    * Double-click SUPERAntiSpyware.exe and use the default settings for installation.
    * An icon will be created on your desktop. Double-click that icon to launch the program.
    * If asked to update the program definitions, click "Yes ". If not, update the definitions before scanning by selecting "Check for Updates ". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
    * Close SUPERAntiSpyware.

    PHYSICALLY DISCONNECT FROM THE INTERNET

    Restart computer in Safe Mode.
    To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; select Safe Mode; you'll see "Safe Mode" in all four corners of your screen

    * Open SUPERAntiSpyware.
    * Under Configuration and Preferences, click the Preferences button.
    * Under General and Startup tab, make sure, Start SUPERAntiSpyware when Windows starts option is UN-checked.
    * Click the Scanning Control tab.
    * Under Scanner Options make sure the following are checked (leave all others unchecked):
    - Close browsers before scanning.
    - Scan for tracking cookies.
    - Terminate memory threats before quarantining.
    * Click the Close button to leave the control center screen.
    * Back on the main screen, under Scan for Harmful Software click Scan your computer.
    * On the left, make sure you check C:\Fixed Drive.
    * On the right, under Complete Scan, choose Perform Complete Scan.
    * Click Next to start the scan. Please be patient while it scans your computer.
    * After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click OK.
    * Make sure everything has a checkmark next to it and click Next.
    * A notification will appear that Quarantine and Removal is Complete. Click OK and then click the Finish button to return to the main menu.
    * If asked if you want to reboot, click Yes.
    * To retrieve the removal information after reboot, launch SUPERAntispyware again.
    - Click Preferences, then click the Statistics/Logs tab.
    - Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    - If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    - Please copy and paste the Scan Log results in your next reply.
    * Click Close to exit the program.
    Post SUPERAntiSpyware log.
    NOTE: Tracking cookies may be omitted from the log.

    RECONNECT TO THE INTERNET

    RESTART COMPUTER!

    STEP 2. Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam.php to your desktop.
    (Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform full scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    RESTART COMPUTER!

    STEP 3. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
    Alternative downloads:
    - http://majorgeeks.com/GMER_d5198.html
    - http://www.softpedia.com/get/Interne...ers/GMER.shtml
    Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
    When scan is completed, click Save button, and save the results as gmer.log
    Warning ! Please, do not select the "Show all" checkbox during the scan.
    Post the log to your next reply.

    RESTART COMPUTER

    STEP 4. Download HijackThis:
    http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
    by clicking on Download HijackThis Installer
    Install, and run it.
    Post HijackThis log.
    Do NOT attempt to "fix" anything!


    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
    broni,
    #2


  3. to hide this advert.

  4. 2009/05/26
    Michael York

    Michael York Inactive

    Joined:
    2007/11/02
    Messages:
    72
    Likes Received:
    3
    Fix for Norton Error

    Hi nickgp1,

    This is Mike from the Norton Authorized Support Team.

    The error message you are receiving from Norton AntiVirus can be due to a problem with the definition file cache on your system, and may also be caused by one of the settings in Norton AntiVirus. Please carefully follow the instructions in the following document to resolve the error message.

    Fix for nternal program error" (3038,104) after installing a Norton 2008 product

    Secondly, I would like to let you know that as long as your subscription to Norton AntiVirus is valid, you are entitled to a free update to the 2009 version of Norton AntiVirus, which I highly encourage you to do. The 2009 version of Norton AntiVirus consumes very few system resources, installs in about 1 minute and contains many new and improved features. Please NOTE, while this process will update you to the latest version of Norton AntiVirus, it will not extend your subscription.

    To update to Norton AntiVirus 2009, please visit the Norton Update Center at the link below.

    Norton Update Center

    Once the updated version of Norton AntiVirus has been installed, launch Norton AntiVirus and manually run LiveUpdate to ensure that you get the latest program and definition files applied. When the updates are complete, restart your computer, launch Norton AntiVirus and perform a "Full System Scan" to check for infections.

    Let me know if you have any other questions.

    Thank you,
    Mike
     
    Michael York,
    #3
  5. 2009/05/26
    nickgp1

    nickgp1 Inactive Thread Starter

    Joined:
    2009/05/25
    Messages:
    5
    Likes Received:
    0
    Ok so I followed the directions provided by the first poster. Regedit opens now, but the problem with Norton remains. Here are the first 2 logs, I will give the next 2 in my next reply:

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 05/26/2009 at 11:29 AM

    Application Version : 4.26.1002

    Core Rules Database Version : 3909
    Trace Rules Database Version: 1853

    Scan type : Complete Scan
    Total Scan Time : 00:38:11

    Memory items scanned : 271
    Memory threats detected : 0
    Registry items scanned : 7388
    Registry threats detected : 0
    File items scanned : 81209
    File threats detected : 55

    Adware.Tracking Cookie
    C:\Users\Mary Jane\AppData\Roaming\Microsoft\Windows\Cookies\mary_jane@www.mynortonaccount[1].txt
    C:\Users\Mary Jane\AppData\Roaming\Microsoft\Windows\Cookies\Low\mary_jane@247realmedia[2].txt
    C:\Users\Mary Jane\AppData\Roaming\Microsoft\Windows\Cookies\Low\mary_jane@2o7[2].txt
    C:\Users\Mary Jane\AppData\Roaming\Microsoft\Windows\Cookies\Low\mary_jane@a1.interclick[1].txt
    C:\Users\Mary Jane\AppData\Roaming\Microsoft\Windows\Cookies\Low\mary_jane@ad.yieldmanager[1].txt
    C:\Users\Mary Jane\AppData\Roaming\Microsoft\Windows\Cookies\Low\mary_jane@adlegend[2].txt
    C:\Users\Mary Jane\AppData\Roaming\Microsoft\Windows\Cookies\Low\mary_jane@adrevolver[2].txt
    C:\Users\Mary Jane\AppData\Roaming\Microsoft\Windows\Cookies\Low\mary_jane@ads.infinisource[2].txt
    C:\Users\Mary Jane\AppData\Roaming\Microsoft\Windows\Cookies\Low\mary_jane@ads.lucidmedia[1].txt
    C:\Users\Mary Jane\AppData\Roaming\Microsoft\Windows\Cookies\Low\mary_jane@ads.mediamayhemcorp[1].txt
    C:\Users\Mary Jane\AppData\Roaming\Microsoft\Windows\Cookies\Low\mary_jane@ads.pointroll[2].txt
    C:\Users\Mary Jane\AppData\Roaming\Microsoft\Windows\Cookies\Low\mary_jane@adserver.adtechus[2].txt
    C:\Users\Mary Jane\AppData\Roaming\Microsoft\Windows\Cookies\Low\mary_jane@advertising[2].txt
    C:\Users\Mary Jane\AppData\Roaming\Microsoft\Windows\Cookies\Low\mary_jane@apmebf[2].txt
    C:\Users\Mary Jane\AppData\Roaming\Microsoft\Windows\Cookies\Low\mary_jane@ar.atwola[1].txt
    C:\Users\Mary Jane\AppData\Roaming\Microsoft\Windows\Cookies\Low\mary_jane@ar.atwola[3].txt
    C:\Users\Mary Jane\AppData\Roaming\Microsoft\Windows\Cookies\Low\mary_jane@at.atwola[1].txt
    C:\Users\Mary Jane\AppData\Roaming\Microsoft\Windows\Cookies\Low\mary_jane@atdmt[1].txt
    C:\Users\Mary Jane\AppData\Roaming\Microsoft\Windows\Cookies\Low\mary_jane@atwola[1].txt
    C:\Users\Mary Jane\AppData\Roaming\Microsoft\Windows\Cookies\Low\mary_jane@bs.serving-sys[1].txt
    C:\Users\Mary Jane\AppData\Roaming\Microsoft\Windows\Cookies\Low\mary_jane@burstnet[1].txt
    C:\Users\Mary Jane\AppData\Roaming\Microsoft\Windows\Cookies\Low\mary_jane@c7.zedo[1].txt
    C:\Users\Mary Jane\AppData\Roaming\Microsoft\Windows\Cookies\Low\mary_jane@cdn.at.atwola[1].txt
    C:\Users\Mary Jane\AppData\Roaming\Microsoft\Windows\Cookies\Low\mary_jane@cdn4.specificclick[2].txt
    C:\Users\Mary Jane\AppData\Roaming\Microsoft\Windows\Cookies\Low\mary_jane@collective-media[1].txt
    C:\Users\Mary Jane\AppData\Roaming\Microsoft\Windows\Cookies\Low\mary_jane@doubleclick[1].txt
    C:\Users\Mary Jane\AppData\Roaming\Microsoft\Windows\Cookies\Low\mary_jane@eas.apm.emediate[2].txt
    C:\Users\Mary Jane\AppData\Roaming\Microsoft\Windows\Cookies\Low\mary_jane@edge.ru4[1].txt
    C:\Users\Mary Jane\AppData\Roaming\Microsoft\Windows\Cookies\Low\mary_jane@fastclick[2].txt
    C:\Users\Mary Jane\AppData\Roaming\Microsoft\Windows\Cookies\Low\mary_jane@imrworldwide[2].txt
    C:\Users\Mary Jane\AppData\Roaming\Microsoft\Windows\Cookies\Low\mary_jane@insightexpressai[1].txt
    C:\Users\Mary Jane\AppData\Roaming\Microsoft\Windows\Cookies\Low\mary_jane@interclick[2].txt
    C:\Users\Mary Jane\AppData\Roaming\Microsoft\Windows\Cookies\Low\mary_jane@kontera[1].txt
    C:\Users\Mary Jane\AppData\Roaming\Microsoft\Windows\Cookies\Low\mary_jane@media.adrevolver[1].txt
    C:\Users\Mary Jane\AppData\Roaming\Microsoft\Windows\Cookies\Low\mary_jane@media6degrees[1].txt
    C:\Users\Mary Jane\AppData\Roaming\Microsoft\Windows\Cookies\Low\mary_jane@mediamatters[1].txt
    C:\Users\Mary Jane\AppData\Roaming\Microsoft\Windows\Cookies\Low\mary_jane@mediaplex[1].txt
    C:\Users\Mary Jane\AppData\Roaming\Microsoft\Windows\Cookies\Low\mary_jane@msnbc.112.2o7[1].txt
    C:\Users\Mary Jane\AppData\Roaming\Microsoft\Windows\Cookies\Low\mary_jane@oasn04.247realmedia[1].txt
    C:\Users\Mary Jane\AppData\Roaming\Microsoft\Windows\Cookies\Low\mary_jane@overture[2].txt
    C:\Users\Mary Jane\AppData\Roaming\Microsoft\Windows\Cookies\Low\mary_jane@questionmarket[1].txt
    C:\Users\Mary Jane\AppData\Roaming\Microsoft\Windows\Cookies\Low\mary_jane@realmedia[2].txt
    C:\Users\Mary Jane\AppData\Roaming\Microsoft\Windows\Cookies\Low\mary_jane@revsci[1].txt
    C:\Users\Mary Jane\AppData\Roaming\Microsoft\Windows\Cookies\Low\mary_jane@richmedia.yahoo[1].txt
    C:\Users\Mary Jane\AppData\Roaming\Microsoft\Windows\Cookies\Low\mary_jane@rotator.adjuggler[1].txt
    C:\Users\Mary Jane\AppData\Roaming\Microsoft\Windows\Cookies\Low\mary_jane@serving-sys[1].txt
    C:\Users\Mary Jane\AppData\Roaming\Microsoft\Windows\Cookies\Low\mary_jane@specificclick[2].txt
    C:\Users\Mary Jane\AppData\Roaming\Microsoft\Windows\Cookies\Low\mary_jane@specificmedia[1].txt
    C:\Users\Mary Jane\AppData\Roaming\Microsoft\Windows\Cookies\Low\mary_jane@statse.webtrendslive[2].txt
    C:\Users\Mary Jane\AppData\Roaming\Microsoft\Windows\Cookies\Low\mary_jane@tacoda[1].txt
    C:\Users\Mary Jane\AppData\Roaming\Microsoft\Windows\Cookies\Low\mary_jane@trafficmp[1].txt
    C:\Users\Mary Jane\AppData\Roaming\Microsoft\Windows\Cookies\Low\mary_jane@tribalfusion[1].txt
    C:\Users\Mary Jane\AppData\Roaming\Microsoft\Windows\Cookies\Low\mary_jane@www.mynortonaccount[1].txt
    C:\Users\Mary Jane\AppData\Roaming\Microsoft\Windows\Cookies\Low\mary_jane@yieldmanager[1].txt
    C:\Users\Mary Jane\AppData\Roaming\Microsoft\Windows\Cookies\Low\mary_jane@zedo[1].txt



    Malwarebytes' Anti-Malware 1.37
    Database version: 2182
    Windows 6.0.6001 Service Pack 1

    5/26/2009 5:46:58 PM
    mbam-log-2009-05-26 (17-46-58).txt

    Scan type: Full Scan (C:\|D:\|)
    Objects scanned: 139075
    Time elapsed: 36 minute(s), 21 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
    nickgp1,
    #4
  6. 2009/05/26
    nickgp1

    nickgp1 Inactive Thread Starter

    Joined:
    2009/05/25
    Messages:
    5
    Likes Received:
    0
    Here is the 3rd log:

    GMER 1.0.15.14972 - http://www.gmer.net
    Rootkit scan 2009-05-26 18:13:18
    Windows 6.0.6001 Service Pack 1


    ---- System - GMER 1.0.15 ----

    SSDT 865A4CE8 ZwAlertResumeThread
    SSDT 865A4DC8 ZwAlertThread
    SSDT 863284C0 ZwAllocateVirtualMemory
    SSDT 863F6060 ZwAlpcConnectPort
    SSDT 865A4A38 ZwCreateMutant
    SSDT 8658AE70 ZwCreateThread
    SSDT 865A46B8 ZwDebugActiveProcess
    SSDT 8658C490 ZwFreeVirtualMemory
    SSDT 865A4B28 ZwImpersonateAnonymousToken
    SSDT 865A4C08 ZwImpersonateThread
    SSDT 8658C3B0 ZwMapViewOfSection
    SSDT 865A4958 ZwOpenEvent
    SSDT 865A6D68 ZwOpenProcessToken
    SSDT 865A4798 ZwOpenSection
    SSDT 8658C7E8 ZwOpenThreadToken
    SSDT 865AEE18 ZwResumeThread
    SSDT 8658C708 ZwSetContextThread
    SSDT 8658C8B8 ZwSetInformationProcess
    SSDT 8658C618 ZwSetInformationThread
    SSDT 865A4878 ZwSuspendProcess
    SSDT 865A4F10 ZwSuspendThread
    SSDT 8658C978 ZwTerminateProcess
    SSDT 865A4FD0 ZwTerminateThread
    SSDT 8658C2D0 ZwUnmapViewOfSection
    SSDT 863283F0 ZwWriteVirtualMemory

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!KeSetTimerEx + 350 820CE914 8 Bytes CALL 4A934365
    .text ntkrnlpa.exe!KeSetTimerEx + 364 820CE928 4 Bytes [C0, 84, 32, 86]
    .text ntkrnlpa.exe!KeSetTimerEx + 370 820CE934 4 Bytes [60, 60, 3F, 86]
    .text ntkrnlpa.exe!KeSetTimerEx + 428 820CE9EC 4 Bytes [38, 4A, 5A, 86]
    .text ntkrnlpa.exe!KeSetTimerEx + 454 820CEA18 4 Bytes [70, AE, 58, 86]
    .text ...

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Windows\Explorer.EXE[2132] SHELL32.dll!InitNetworkAddressControl + 2939 76BC0064 4 Bytes [F0, 1F, 00, 10]
    .text C:\Program Files\Internet Explorer\ieuser.exe[6088] SHELL32.dll!InitNetworkAddressControl + 2939 76BC0064 4 Bytes [F0, 1F, AF, 02]
    .text C:\Program Files\Internet Explorer\iexplore.exe[6108] USER32.dll!DialogBoxIndirectParamW 7647BD25 5 Bytes JMP 6EED5B3B C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[6108] USER32.dll!DialogBoxParamW 76491FD5 5 Bytes JMP 6EED5AC5 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[6108] USER32.dll!DialogBoxParamA 764B80B2 5 Bytes JMP 6EED5B00 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[6108] USER32.dll!DialogBoxIndirectParamA 764B83DD 5 Bytes JMP 6EED5B76 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[6108] USER32.dll!MessageBoxIndirectA 764CD471 5 Bytes JMP 6EED5A81 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[6108] USER32.dll!MessageBoxIndirectW 764CD56B 5 Bytes JMP 6EED5A3D C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[6108] USER32.dll!MessageBoxExA 764CD5D1 5 Bytes JMP 6EED5A03 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[6108] USER32.dll!MessageBoxExW 764CD5F5 5 Bytes JMP 6EED59C9 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[6108] SHELL32.dll!SHRestricted + DFD 76C08390 4 Bytes [99, 0B, 22, 6E] {CDQ ; OR ESP, [EDX]; OUTSB }
    .text C:\Program Files\Internet Explorer\iexplore.exe[6108] SHELL32.dll!SHRestricted + E05 76C08398 8 Bytes [A7, 0A, 22, 6E, A4, 32, 21, ...] {CMPSD ; OR AH, [EDX]; OUTSB ; MOVSB ; XOR AH, [ECX]; OUTSB }
    .text C:\Program Files\Internet Explorer\iexplore.exe[6108] SHELL32.dll!SHBindToObject + 693 76C0A9B8 4 Bytes [99, 0B, 22, 6E] {CDQ ; OR ESP, [EDX]; OUTSB }
    .text C:\Program Files\Internet Explorer\iexplore.exe[6108] SHELL32.dll!SHBindToObject + 69B 76C0A9C0 4 Bytes [A7, 0A, 22, 6E] {CMPSD ; OR AH, [EDX]; OUTSB }

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\Windows\Explorer.EXE[2132] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [10002300] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
    IAT C:\Windows\Explorer.EXE[2132] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibraryAndExitThread] [10001B30] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
    IAT C:\Windows\Explorer.EXE[2132] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [10002690] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
    IAT C:\Windows\Explorer.EXE[2132] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [10001290] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
    IAT C:\Program Files\Internet Explorer\ieuser.exe[6088] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [02AF2690] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
    IAT C:\Program Files\Internet Explorer\ieuser.exe[6088] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [02AF1290] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
    IAT C:\Program Files\Internet Explorer\ieuser.exe[6088] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [02AF2300] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
    IAT C:\Program Files\Internet Explorer\ieuser.exe[6088] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibraryAndExitThread] [02AF1B30] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6E20D537] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6E20D09C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CopyFileW] [6E20B6A1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6E20D221] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CreateFileW] [6E20BD1B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SearchPathW] [6E20F233] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!DeleteFileW] [6E20C301] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SearchPathW] [6E20F233] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6E20D537] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CopyFileW] [6E20B6A1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!MoveFileW] [6E20DE50] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!DeleteFileW] [6E20C301] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetCurrentDirectoryW] [6E20F49D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindClose] [6E210D4C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindNextFileW] [6E20FC09] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindFirstFileW] [6E2102A5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6E20D09C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateFileW] [6E20BD1B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!WritePrivateProfileStringW] [6E20B114] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6E20D221] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetPrivateProfileStringW] [6E20A970] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegQueryInfoKeyW] [6E21DB0F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegEnumValueW] [6E21E479] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegOpenKeyExW] [6E21CB9D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegQueryValueExW] [6E21D773] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegDeleteKeyW] [6E21CEA5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegCreateKeyExW] [6E21C625] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegCloseKey] [6E21CD09] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindClose] [6E210D4C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindFirstFileA] [6E20FF42] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindNextFileA] [6E20FB96] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindFirstFileW] [6E2102A5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindNextFileW] [6E20FC09] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetFileAttributesA] [6E2089D0] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetCurrentDirectoryA] [6E20EBFB] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetFileAttributesA] [6E208C26] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateDirectoryA] [6E20E3CB] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!RemoveDirectoryA] [6E20E9A5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!DeleteFileA] [6E20C1D6] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetFileAttributesW] [6E208AFB] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetCurrentDirectoryW] [6E20F49D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetFileAttributesW] [6E208D54] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateDirectoryW] [6E20E4F9] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!DeleteFileW] [6E20C301] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!MoveFileW] [6E20DE50] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!RemoveDirectoryW] [6E20EAD0] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!MoveFileA] [6E20DDDD] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [6E20D09C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateFileA] [6E20BBD2] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateFileW] [6E20BD1B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryW] [6E20D221] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6E20D221] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!ReplaceFileW] [6E20E151] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!WritePrivateProfileStringW] [6E20B114] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringW] [6E20A970] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringA] [6E20A819] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!DeleteFileW] [6E20C301] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [10002300] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibraryAndExitThread] [10001B30] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6E20D537] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesW] [6E208D54] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [6E20BD1B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileW] [6E2102A5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileW] [6E20FC09] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathW] [6E20F233] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesW] [6E208AFB] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesA] [6E208C26] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] [6E20BBD2] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileA] [6E20FF42] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileA] [6E20FB96] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindClose] [6E210D4C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathA] [6E20EFA8] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesA] [6E2089D0] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6E20D09C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!WinHelpW] [6E20CF65] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!WinHelpA] [6E20CE2E] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCloseKey] [6E21CD09] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExA] [6E21C49D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteKeyA] [6E21CD5C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryInfoKeyA] [6E21D913] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExA] [6E21CA25] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExW] [6E21C625] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExW] [6E21CB9D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyExW] [6E21E169] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueW] [6E21D437] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteKeyW] [6E21CEA5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryInfoKeyW] [6E21DB0F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExW] [6E21D773] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumValueW] [6E21E479] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyW] [6E21DE75] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyExA] [6E21DFE1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumValueA] [6E21E2F1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyA] [6E21DD0B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExA] [6E21D5D3] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionW] [6E20A460] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindNextFileW] [6E20FC09] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!ReplaceFileW] [6E20E151] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionNamesW] [6E20A6E2] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileSectionW] [6E20AE92] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileStringW] [6E20B114] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateHardLinkW] [6E20C023] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CopyFileW] [6E20B6A1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetBinaryTypeW] [6E209700] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6E20D537] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileW] [6E20DE50] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindFirstFileW] [6E2102A5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindClose] [6E210D4C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetShortPathNameA] [6E209362] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesA] [6E2089D0] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SearchPathW] [6E20F233] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileIntW] [6E20A1D8] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileStringW] [6E20A970] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!RemoveDirectoryW] [6E20EAD0] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateDirectoryW] [6E20E4F9] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!DeleteFileW] [6E20C301] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetFileAttributesW] [6E208D54] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesW] [6E208AFB] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW] [6E20DE75] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [10002690] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetShortPathNameW] [6E2094A1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6E20D221] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] [6E20BD1B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesExW] [6E208FC1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [10001290] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetLongPathNameW] [6E209231] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetCurrentDirectoryW] [6E20F49D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\SHELL32.dll [USER32.dll!LoadImageW] [6E20C58B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\SHELL32.dll [USER32.dll!WinHelpW] [6E20CF65] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\SHELL32.dll [USER32.dll!PrivateExtractIconsW] [6E20CA80] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyExW] [6E21CB9D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegCreateKeyExW] [6E21C625] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegEnumKeyW] [6E21DE75] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegEnumValueW] [6E21E479] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegDeleteKeyW] [6E21CEA5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryInfoKeyW] [6E21DB0F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryInfoKeyA] [6E21D913] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegEnumKeyExW] [6E21E169] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegSetValueW] [6E21D13F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryValueExW] [6E21D773] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryValueW] [6E21D437] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyW] [6E21C8E9] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegCreateKeyW] [6E21C35D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryValueExA] [6E21D5D3] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyExA] [6E21CA25] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegCloseKey] [6E21CD09] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtQueryDirectoryFile] [6E2191AC] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FindClose] [6E210D4C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FindFirstFileW] [6E2102A5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6E20D537] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!SearchPathW] [6E20F233] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!DeleteFileW] [6E20C301] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetShortPathNameW] [6E2094A1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileAttributesExW] [6E208FC1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateFileW] [6E20BD1B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6E20D221] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileAttributesW] [6E208AFB] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6E20D09C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegSetValueW] [6E21D13F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueA] [6E21D28F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegEnumKeyExW] [6E21E169] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegEnumValueW] [6E21E479] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegEnumKeyA] [6E21DD0B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegDeleteKeyA] [6E21CD5C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryInfoKeyW] [6E21DB0F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryInfoKeyA] [6E21D913] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueW] [6E21D437] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegEnumKeyW] [6E21DE75] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegCloseKey] [6E21CD09] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueExW] [6E21D773]
     
    nickgp1,
    #5
  7. 2009/05/26
    nickgp1

    nickgp1 Inactive Thread Starter

    Joined:
    2009/05/25
    Messages:
    5
    Likes Received:
    0
    Here is the last part of the 3rd log (it was too big to fit all in the last reply) and the 4th log:

    C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyExW] [6E21CB9D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegDeleteKeyW] [6E21CEA5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegCreateKeyExW] [6E21C625] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueExA] [6E21D5D3] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyExA] [6E21CA25] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueW] [6E215CFD] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueA] [6E215C9F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathUnExpandEnvStringsA] [6E214D95] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteKeyA] [6E2150AF] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteValueW] [6E21519F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathCreateFromUrlW] [6E2140A2] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueA] [6E215357] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueA] [6E21619F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueW] [6E2153B2] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueW] [6E2161FA] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[6108] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathCombineW] [6E213FFB] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
    AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    ---- Files - GMER 1.0.15 ----

    File C:\Users\Mary Jane\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\76LO5L8A\getAds[1].htm 0 bytes
    File C:\Users\Mary Jane\AppData\Roaming\Microsoft\Windows\Cookies\Low\mary_jane@advertising[2].txt 1066 bytes
    File C:\Users\Mary Jane\AppData\Roaming\Microsoft\Windows\Cookies\Low\mary_jane@fastclick[1].txt 0 bytes
    File C:\Users\Mary Jane\AppData\Roaming\Microsoft\Windows\Cookies\Low\mary_jane@specificclick[1].txt 0 bytes
    File C:\Users\Mary Jane\AppData\Roaming\Microsoft\Windows\Cookies\Low\mary_jane@tacoda[2].txt 637 bytes
    File C:\Users\Mary Jane\AppData\Roaming\Microsoft\Windows\Cookies\Low\mary_jane@burstbeacon[1].txt 0 bytes
    File C:\Users\Mary Jane\AppData\Roaming\Microsoft\Windows\Cookies\Low\mary_jane@burstnet[1].txt 234 bytes
    File C:\Users\Mary Jane\AppData\Roaming\Microsoft\Windows\Cookies\Low\mary_jane@politico[2].txt 0 bytes
    File C:\Users\Mary Jane\AppData\Roaming\Microsoft\Windows\Cookies\Low\mary_jane@www.burstbeacon[2].txt 0 bytes
    File C:\Users\Mary Jane\AppData\Roaming\Microsoft\Windows\Cookies\Low\mary_jane@cdn4.specificclick[2].txt 0 bytes

    ---- EOF - GMER 1.0.15 ----

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 6:25:04 PM, on 5/26/2009
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18226)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    C:\Windows\RtHDVCpl.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Windows\System32\igfxpers.exe
    C:\Windows\BR040286.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Users\MARYJA~1\AppData\Local\Temp\RtkBtMnt.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Launch Manager\LManager.exe
    C:\Windows\WindowsMobile\wmdSync.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\system32\igfxext.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
    C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
    C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
    C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
    C:\Program Files\Internet Explorer\ieuser.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
    O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe "
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [BisonInst0402] C:\Windows\BR040286.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe "
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe "
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
    O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
    O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer\Acer Assist\launcher.exe
    O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer\Acer Registration\ACE1.exe" /startup
    O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Global Startup: Empowering Technology Launcher.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
    O16 - DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} (Symantec Configuration Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlcm.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
    O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
    O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
    O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
    O23 - Service: LiveUpdate Notice - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
    O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe

    --
    End of file - 9558 bytes
     
    nickgp1,
    #6
  8. 2009/05/26
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    HJT log looks clean, but just in case, let's run Combofix.
    If everything checks out, you can proceed with Norton's guy advice, but please don't do it yet. Let's finish what we started, first.

    Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.
     
    broni,
    #7
  9. 2009/05/26
    nickgp1

    nickgp1 Inactive Thread Starter

    Joined:
    2009/05/25
    Messages:
    5
    Likes Received:
    0
    OK here is the combofix log and the second hijack this log:

    ComboFix 09-05-26.02 - Mary Jane 05/26/2009 20:45.1 - NTFSx86
    Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6001.1.1252.1.1033.18.2038.1063 [GMT -4:00]
    Running from: c:\users\Mary Jane\Desktop\ComboFix.exe
    AV: Norton Internet Security *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
    FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
    SP: Norton Internet Security *enabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
    SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\Temp\log.txt

    .
    ((((((((((((((((((((((((( Files Created from 2009-04-27 to 2009-05-27 )))))))))))))))))))))))))))))))
    .

    2009-05-27 00:49 . 2009-05-27 00:49 -------- d-----w c:\users\Mary Jane\AppData\Local\temp
    2009-05-26 22:18 . 2009-05-26 22:18 -------- d-----w c:\program files\Trend Micro
    2009-05-26 21:58 . 2009-05-26 06:00 1181040 ----a-w c:\programdata\Symantec\Definitions\VirusDefs\20090526.004\NAVEX32A.DLL
    2009-05-26 21:58 . 2009-05-26 06:00 89104 ----a-w c:\programdata\Symantec\Definitions\VirusDefs\20090526.004\NAVENG.SYS
    2009-05-26 21:58 . 2009-05-26 06:00 876144 ----a-w c:\programdata\Symantec\Definitions\VirusDefs\20090526.004\NAVEX15.SYS
    2009-05-26 21:58 . 2009-05-26 06:00 177520 ----a-w c:\programdata\Symantec\Definitions\VirusDefs\20090526.004\NAVENG32.DLL
    2009-05-26 21:58 . 2009-05-26 06:00 371248 ----a-w c:\programdata\Symantec\Definitions\VirusDefs\20090526.004\EECTRL.SYS
    2009-05-26 21:58 . 2009-05-26 06:00 259368 ----a-w c:\programdata\Symantec\Definitions\VirusDefs\20090526.004\ECMSVR32.DLL
    2009-05-26 21:58 . 2009-05-26 06:00 101936 ----a-w c:\programdata\Symantec\Definitions\VirusDefs\20090526.004\ERASER.SYS
    2009-05-26 21:58 . 2009-05-26 06:00 2414128 ----a-w c:\programdata\Symantec\Definitions\VirusDefs\20090526.004\CCERASER.DLL
    2009-05-26 21:05 . 2009-05-26 21:05 -------- d-----w c:\users\Mary Jane\AppData\Roaming\Malwarebytes
    2009-05-26 21:04 . 2009-05-26 17:20 40160 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
    2009-05-26 21:04 . 2009-05-26 21:05 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
    2009-05-26 21:04 . 2009-05-26 21:04 -------- d-----w c:\programdata\Malwarebytes
    2009-05-26 21:04 . 2009-05-26 17:19 19096 ----a-w c:\windows\system32\drivers\mbam.sys
    2009-05-26 15:03 . 2009-05-26 15:27 680 ----a-w c:\users\Mary Jane\AppData\Local\d3d9caps.dat
    2009-05-26 14:41 . 2009-05-26 23:27 117760 ----a-w c:\users\Mary Jane\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
    2009-05-26 14:41 . 2009-05-26 14:41 -------- d-----w c:\programdata\SUPERAntiSpyware.com
    2009-05-26 14:40 . 2009-05-26 14:40 -------- d-----w c:\program files\SUPERAntiSpyware
    2009-05-26 14:40 . 2009-05-26 14:40 -------- d-----w c:\users\Mary Jane\AppData\Roaming\SUPERAntiSpyware.com
    2009-05-26 14:39 . 2009-05-26 14:39 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
    2009-05-25 22:48 . 2009-05-25 22:48 243056 ----a-w c:\users\Mary Jane\CheckCfgWizCompleted.exe
    2009-05-25 22:48 . 2009-05-25 22:48 357768 ----a-w c:\users\Mary Jane\SymXPep2.dll
    2009-05-25 21:18 . 2009-04-13 21:39 4656976 ----a-w c:\programdata\Microsoft\Windows Defender\Definition Updates\{21A00E11-3B47-4834-B571-350AF5B4B0C4}\mpengine.dll
    2009-05-25 19:33 . 2009-05-25 19:33 -------- d-----w c:\program files\Alwil Software
    2009-05-22 19:41 . 2009-05-22 21:31 -------- d-----w c:\program files\VideoLAN
    2009-05-22 16:09 . 2009-05-22 16:19 -------- d-----w c:\programdata\Lavasoft
    2009-05-22 16:09 . 2009-05-22 16:19 -------- d-----w c:\program files\Lavasoft
    2009-05-15 19:10 . 2009-05-15 19:10 -------- d-----w c:\programdata\NtiDvdCopy
    2009-05-10 21:19 . 2009-05-10 21:19 -------- d-----w c:\users\Mary Jane\AppData\Roaming\Apple Computer
    2009-05-10 21:19 . 2009-05-10 21:19 -------- d-----w c:\users\Mary Jane\AppData\Local\Apple Computer
    2009-05-10 21:18 . 2009-05-22 16:19 -------- dc----w c:\windows\system32\DRVSTORE
    2009-05-10 21:18 . 2009-03-19 20:32 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
    2009-05-10 21:18 . 2008-04-17 16:12 107368 ----a-w c:\windows\system32\GEARAspi.dll
    2009-05-10 21:18 . 2009-05-10 21:18 -------- d-----w c:\program files\iPod
    2009-05-10 21:17 . 2009-05-10 21:18 -------- d-----w c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    2009-05-10 21:17 . 2009-05-10 21:18 -------- d-----w c:\program files\iTunes
    2009-05-10 21:16 . 2009-05-10 21:16 -------- d-----w c:\program files\Bonjour
    2009-05-10 21:15 . 2009-05-10 21:16 -------- d-----w c:\program files\QuickTime
    2009-05-10 21:15 . 2009-05-10 21:17 -------- d-----w c:\programdata\Apple Computer
    2009-05-10 21:15 . 2009-05-10 21:15 -------- d-----w c:\users\Mary Jane\AppData\Local\Apple
    2009-05-10 21:15 . 2009-05-10 21:15 -------- d-----w c:\program files\Apple Software Update
    2009-05-10 21:13 . 2009-05-10 21:18 -------- d-----w c:\program files\Common Files\Apple
    2009-05-10 21:13 . 2009-05-10 21:13 -------- d-----w c:\programdata\Apple

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-05-27 00:31 . 2009-03-05 23:35 -------- d-----w c:\users\Mary Jane\AppData\Roaming\Skype
    2009-05-26 22:52 . 2008-10-29 02:04 -------- d-----w c:\programdata\Yahoo! Companion
    2009-05-26 20:07 . 2009-03-05 23:37 -------- d-----w c:\users\Mary Jane\AppData\Roaming\skypePM
    2009-05-25 21:25 . 2009-03-05 23:35 -------- d-----w c:\program files\Common Files\Skype
    2009-05-25 21:25 . 2009-03-05 23:35 -------- d-----r c:\program files\Skype
    2009-05-22 21:30 . 2008-12-13 16:41 -------- d-----w c:\users\Mary Jane\AppData\Roaming\LimeWire
    2009-05-14 07:03 . 2008-02-09 06:05 -------- d-----w c:\programdata\Microsoft Help
    2009-05-14 07:00 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
    2009-04-15 20:40 . 2009-02-11 19:55 -------- d-----w c:\program files\Java
    2009-04-02 20:29 . 2009-04-02 20:29 75048 ----a-w c:\programdata\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
    2009-04-01 18:52 . 2009-04-01 02:05 -------- d-----w c:\program files\Windows Live Safety Center
    2009-03-19 20:32 . 2009-03-19 20:32 23400 ----a-w c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
    2009-03-17 03:38 . 2009-04-17 21:27 13824 ----a-w c:\windows\system32\apilogen.dll
    2009-03-17 03:38 . 2009-04-17 21:27 24064 ----a-w c:\windows\system32\amxread.dll
    2009-03-09 09:19 . 2008-12-13 16:41 410984 ----a-w c:\windows\system32\deploytk.dll
    2009-03-05 23:37 . 2009-03-05 23:37 56 ---ha-w c:\programdata\ezsidmv.dat
    2009-03-03 04:46 . 2009-04-17 21:27 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe
    2009-03-03 04:46 . 2009-04-17 21:27 3547632 ----a-w c:\windows\system32\ntoskrnl.exe
    2009-03-03 04:40 . 2009-04-17 21:27 827392 ----a-w c:\windows\system32\wininet.dll
    2009-03-03 04:39 . 2009-04-17 21:27 183296 ----a-w c:\windows\system32\sdohlp.dll
    2009-03-03 04:39 . 2009-04-17 21:27 551424 ----a-w c:\windows\system32\rpcss.dll
    2009-03-03 04:39 . 2009-04-17 21:27 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
    2009-03-03 04:37 . 2009-04-17 21:27 78336 ----a-w c:\windows\system32\ieencode.dll
    2009-03-03 04:37 . 2009-04-17 21:27 98304 ----a-w c:\windows\system32\iasrecst.dll
    2009-03-03 04:37 . 2009-04-17 21:27 54784 ----a-w c:\windows\system32\iasads.dll
    2009-03-03 04:37 . 2009-04-17 21:27 44032 ----a-w c:\windows\system32\iasdatastore.dll
    2009-03-03 03:04 . 2009-04-17 21:27 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
    2009-03-03 02:38 . 2009-04-17 21:27 17408 ----a-w c:\windows\system32\iashost.exe
    2009-03-03 02:28 . 2009-04-17 21:27 26624 ----a-w c:\windows\system32\ieUnatt.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
    @= "{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} "
    [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
    2008-01-03 09:00 39472 ----a-w c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar "= "c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
    "Skype "= "c:\program files\Skype\\Phone\Skype.exe" [2009-04-16 24264488]
    "WMPNSCFG "= "c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
    "AdobeUpdater "= "c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-09-26 2356088]
    "WindowsWelcomeCenter "= "oobefldr.dll" - c:\windows\System32\oobefldr.dll [2008-01-21 2153472]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPStart "= "c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-07 102400]
    "IgfxTray "= "c:\windows\system32\igfxtray.exe" [2007-08-28 141848]
    "HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2007-08-28 154136]
    "Persistence "= "c:\windows\system32\igfxpers.exe" [2007-08-28 137752]
    "BisonInst0402 "= "c:\windows\BR040286.exe" [2007-05-09 53248]
    "RemoteControl "= "c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2008-01-22 81920]
    "LanguageShortcut "= "c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-10-11 62760]
    "eDataSecurity Loader "= "c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-01-03 521776]
    "LManager "= "c:\progra~1\LAUNCH~1\LManager.exe" [2008-01-07 858632]
    "Acer Assist Launcher "= "c:\program files\Acer\Acer Assist\launcher.exe" [2007-11-19 1261568]
    "Acer Product Registration "= "c:\program files\Acer\Acer Registration\ACE1.exe" [2007-11-26 3387392]
    "Windows Mobile-based device management "= "c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
    "Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
    "SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
    "QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
    "iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
    "RtHDVCpl "= "RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-01-08 4853760]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2008-2-9 535336]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle "= 0 (0x0)

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2008-12-22 16:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @= "Service "

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UacDisableNotify "=dword:00000001
    "InternetSettingsDisableNotify "=dword:00000001
    "AutoUpdateDisableNotify "=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring "=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring "=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring "=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
    "EnableFirewall "= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{23083DA5-C3AA-4E00-B34A-71A5BCB1D9D0} "= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
    "{CC416734-E026-46A6-8D79-5CC787BA8538} "= c:\program files\CyberLink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
    "{C9DFD1A7-BDE9-4042-A185-829260200CAE} "= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{8E900951-6696-448E-BD0A-04ADC2CFB6A6} "= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{8402607D-3052-40B1-8BAD-94CB31B290C4} "= c:\program files\Skype\Phone\Skype.exe:Skype
    "{E64AA6DC-B007-464F-AAF2-5F4A2116F1AE} "= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
    "{398E8943-78A2-4F8F-BCCF-2E9726862CD1} "= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
    "{CE262F71-300C-47AD-9940-3915C6E8E962} "= UDP:c:\program files\iTunes\iTunes.exe:iTunes
    "{F085C9D0-0D99-401E-9B55-A9DD8F7C3860} "= TCP:c:\program files\iTunes\iTunes.exe:iTunes

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
    "EnableFirewall "= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
    "EnableFirewall "= 0 (0x0)

    R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20080718.003\IDSvix86.sys [7/19/2008 12:09 PM 261680]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5/14/2009 2:22 PM 9968]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/14/2009 2:22 PM 72944]
    R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [1/11/2008 8:50 PM 30312]
    R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [7/22/2007 7:00 PM 180736]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [4/15/2009 4:38 PM 101936]
    R3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\symndisv.sys [2/19/2009 11:31 AM 41008]
    S3 COH_Mon;COH_Mon;c:\windows\System32\drivers\COH_Mon.sys [5/30/2007 1:55 AM 23888]
    S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [11/24/2008 10:31 PM 29263712]
    S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/14/2009 2:22 PM 7408]
    S4 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [8/25/2007 10:07 AM 149352]

    --- Other Services/Drivers In Memory ---

    *NewlyCreated* - COMHOST

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    WindowsMobile REG_MULTI_SZ wcescomm rapimgr
    LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
    .
    Contents of the 'Scheduled Tasks' folder

    2009-05-26 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Mary Jane.job
    - c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-08-27 10:19]
    .
    - - - - ORPHANS REMOVED - - - -

    SafeBoot-procexp90.Sys


    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://en.us.acer.yahoo.com
    mStart Page = hxxp://en.us.acer.yahoo.com
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-05-26 20:49
    Windows 6.0.6001 Service Pack 1 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...


    c:\windows\TEMP\TMP00000061F700E0FC9EA1571C 524288 bytes executable

    scan completed successfully
    hidden files: 1

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial "=dword:00000000
    "MSCurrentCountry "=dword:000000b5
    .
    Completion time: 2009-05-27 20:50
    ComboFix-quarantined-files.txt 2009-05-27 00:50

    Pre-Run: 38,800,674,816 bytes free
    Post-Run: 38,941,876,224 bytes free

    216 --- E O F --- 2009-05-15 05:34

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 8:57:27 PM, on 5/26/2009
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18226)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    C:\Windows\RtHDVCpl.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Windows\BR040286.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Users\MARYJA~1\AppData\Local\Temp\RtkBtMnt.exe
    C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Launch Manager\LManager.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\WindowsMobile\wmdSync.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\system32\igfxext.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
    C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
    C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
    C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
    C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
    C:\Program Files\Internet Explorer\ieuser.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
    O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
    O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [BisonInst0402] C:\Windows\BR040286.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe "
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe "
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
    O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
    O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer\Acer Assist\launcher.exe
    O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer\Acer Registration\ACE1.exe" /startup
    O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe "
    O4 - Global Startup: Empowering Technology Launcher.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
    O16 - DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} (Symantec Configuration Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlcm.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
    O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
    O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
    O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
    O23 - Service: LiveUpdate Notice - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
    O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe

    --
    End of file - 9046 bytes
     
    nickgp1,
    #8

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...