Solved Need help in removing a Bloodhound.SONAR1 virus

Hi Andrea
OK those files that change names are OK.

Please do this.

Highlight and copy the contents of the code box below and paste it into a blank Notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)

Now physically unplug your computer from the Internet, Then do this.

Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button.
Click here to see how to use CFScript.txt
Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

Code:

KillAll::

File::
c:\users\andrea\appdata\local\temp\low\csrssc.exe
c:\users\andrea\appdata\local\temp\csrssc.exe
c:\users\andrea\appdata\local\temp\winlogin.exe

DirLook::
c:\users\andrea\appdata\local\temp\low 

Now plug your internet connection back in.
Please post the combofix log that it gave you.

Thanks
Geri

 

Hi Geri,

sorry just to be sure I got it right: I have a wireless connection, can I just disconnect my laptop from the wireless net or do I have to phisically shut down/unplug the hub?

Thanks,

Andrea

 

Hi Andrea
Just so your laptop does not have a connection to the Internet, so what ever is easiest for you to do

Geri

 

Hi Geri,

my laptop re-connected automatically to the Internet when Combofix rebooted the system, hope that's not a problem.

Here's the log:

ComboFix 08-12-04.04 - Andrea 2008-12-07 0.57.18.4 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1040.18.1828 [GMT 0:00]
Eseguito da: c:\users\Andrea\Desktop\ComboFix.exe
Interruttori di comando utilizzati :: c:\users\Andrea\Desktop\CFScript.txt
* Creato nuovo punto di ripristino

FILE ::
c:\users\andrea\appdata\local\temp\csrssc.exe
c:\users\andrea\appdata\local\temp\low\csrssc.exe
c:\users\andrea\appdata\local\temp\winlogin.exe
.

((((((((((((((((((((((((( Files Creati Da 2008-11-07 al 2008-12-07 )))))))))))))))))))))))))))))))))))
.

2008-12-05 23:03 . 2008-12-05 23:04 <DIR> d-------- c:\program files\iTunes
2008-12-05 23:03 . 2008-12-05 23:03 <DIR> d-------- c:\program files\iPod
2008-12-05 23:02 . 2008-12-05 23:02 <DIR> d-------- c:\program files\QuickTime
2008-12-05 10:25 . 2008-12-05 10:25 410,984 --a------ c:\windows\System32\deploytk.dll
2008-12-01 10:29 . 2008-12-01 10:29 <DIR> d-------- c:\windows\Sun
2008-11-26 13:21 . 2008-11-26 13:21 <DIR> d-------- c:\program files\trend micro
2008-11-26 09:30 . 2008-10-21 05:25 1,645,568 --a------ c:\windows\System32\connect.dll
2008-11-26 09:30 . 2008-08-28 03:40 712,704 --a------ c:\windows\System32\WindowsCodecs.dll
2008-11-26 09:30 . 2008-08-28 03:40 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
2008-11-26 09:30 . 2008-08-28 03:40 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll
2008-11-26 09:30 . 2008-10-22 03:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
2008-11-22 13:02 . 2008-11-22 13:02 <DIR> d-------- c:\users\All Users\Sports Interactive
2008-11-22 13:02 . 2008-11-22 13:02 <DIR> d-------- c:\programdata\Sports Interactive
2008-11-22 12:12 . 2008-11-22 12:15 <DIR> d--h----- c:\program files\Zero G Registry
2008-11-22 12:12 . 2008-11-22 12:12 <DIR> d-------- c:\program files\Sports Interactive
2008-11-22 12:10 . 2008-11-22 12:10 <DIR> d--h----- c:\users\Andrea\InstallAnywhere
2008-11-22 12:09 . 2008-11-22 13:02 <DIR> d-------- c:\users\Andrea\AppData\Roaming\Sports Interactive
2008-11-22 11:34 . 2008-11-22 11:34 <DIR> d-------- c:\users\Public\CyberLink
2008-11-20 11:03 . 2008-10-16 21:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
2008-11-20 11:03 . 2008-10-16 20:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
2008-11-20 11:03 . 2008-10-16 21:12 561,688 --a------ c:\windows\System32\wuapi.dll
2008-11-20 11:03 . 2008-10-16 20:55 83,456 --a------ c:\windows\System32\wudriver.dll
2008-11-20 11:03 . 2008-10-16 21:09 51,224 --a------ c:\windows\System32\wuauclt.exe
2008-11-20 11:03 . 2008-10-16 21:09 43,544 --a------ c:\windows\System32\wups2.dll
2008-11-20 11:03 . 2008-10-16 21:08 34,328 --a------ c:\windows\System32\wups.dll
2008-11-20 11:02 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
2008-11-20 11:02 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe
2008-11-16 12:55 . 2008-11-16 12:55 <DIR> d-------- c:\users\All Users\WindowsSearch
2008-11-16 12:55 . 2008-11-16 12:55 <DIR> d-------- c:\programdata\WindowsSearch
2008-11-12 21:24 . 2008-09-05 05:14 1,191,936 --a------ c:\windows\System32\msxml3.dll
2008-11-12 10:27 . 2008-08-27 01:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-11-12 10:09 . 2008-09-10 03:40 1,334,272 --a------ c:\windows\System32\msxml6.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-06 22:55 --------- d-----w c:\users\Andrea\AppData\Roaming\Skype
2008-12-06 20:21 --------- d-----w c:\users\Andrea\AppData\Roaming\skypePM
2008-12-05 23:03 --------- d-----w c:\programdata\Apple Computer
2008-12-05 23:03 --------- d-----w c:\program files\Common Files\Apple
2008-12-05 22:52 --------- d-----w c:\program files\Safari
2008-12-05 10:24 --------- d-----w c:\program files\Java
2008-11-30 13:44 --------- d-----w c:\programdata\Symantec
2008-11-24 23:01 --------- d-----w c:\users\Andrea\AppData\Roaming\Apple Computer
2008-11-22 14:05 --------- d-----w c:\users\Andrea\AppData\Roaming\uTorrent
2008-11-22 11:34 --------- d-----w c:\users\Andrea\AppData\Roaming\CyberLink
2008-11-21 01:35 --------- d-----w c:\programdata\Microsoft Help
2008-11-08 19:00 27,934 ----a-w c:\users\All Users\nvModes.dat
2008-11-08 19:00 27,934 ----a-w c:\programdata\nvModes.dat
2008-11-04 19:10 --------- d-----w c:\program files\Norton 360
2008-11-01 02:36 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-11-01 01:40 --------- d-----w c:\program files\Bonjour
2008-10-26 14:20 --------- d-----w c:\program files\SopCast
2008-10-23 09:36 --------- d-----w c:\users\Andrea\AppData\Roaming\Winamp
2008-10-21 19:52 --------- d-----w c:\program files\Windows Mail
2008-10-21 19:52 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-07 21:45 --------- d-----w c:\program files\Winamp
2008-10-07 21:30 --------- d-----w c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-02 03:49 827,392 ----a-w c:\windows\System32\wininet.dll
2008-09-30 16:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
2008-09-23 17:46 245,408 ----a-w c:\windows\System32\unicows.dll
2008-09-19 20:56 56 ---ha-w c:\users\All Users\ezsidmv.dat
2008-09-19 20:56 56 ---ha-w c:\programdata\ezsidmv.dat
2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe
2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe
2008-09-18 04:56 147,456 ----a-w c:\windows\System32\Faultrep.dll
2008-09-18 04:56 125,952 ----a-w c:\windows\System32\wersvc.dll
2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys
2008-09-12 14:26 27,430 ----a-w c:\users\Andrea\AppData\Roaming\nvModes.dat
2008-08-21 09:32 174 --sha-w c:\program files\desktop.ini
2008-07-18 14:30 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-07-18 14:30 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-07-18 14:30 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of c:\users\andrea\appdata\local\temp\low ----



((((((((((((((((((((((((((((( snapshot@2008-12-05_ 1.50.31.27 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-12-05 23:04:11 102,400 ----a-r c:\windows\Installer\{318AB667-3230-41B5-A617-CB3BF748D371}\iTunesIco.exe
+ 2008-12-05 22:52:50 307,200 ----a-r c:\windows\Installer\{582D2A53-F426-4C5E-A2E6-43C1AB36B907}\SafariIco.exe
- 2008-12-05 01:43:12 495,768 ----a-w c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2008-12-07 01:00:42 495,768 ----a-w c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2008-12-05 01:44:00 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-12-07 01:01:39 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-12-05 01:44:00 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-12-07 01:01:39 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-12-05 01:45:04 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-12-07 01:02:29 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-12-07 01:02:29 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-12-05 01:45:14 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-12-07 01:02:32 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-12-07 01:02:32 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-12-05 01:15:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-12-07 01:02:25 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-12-05 01:15:39 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-12-07 01:02:25 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-12-05 01:15:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-12-07 01:02:25 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-12-05 01:39:47 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
+ 2008-12-07 00:56:56 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
- 2008-06-09 23:21:01 135,168 ----a-w c:\windows\System32\java.exe
+ 2008-12-05 10:25:02 144,792 ----a-w c:\windows\System32\java.exe
- 2008-06-09 23:21:04 135,168 ----a-w c:\windows\System32\javaw.exe
+ 2008-12-05 10:25:02 144,792 ----a-w c:\windows\System32\javaw.exe
- 2008-06-10 00:32:34 139,264 ----a-w c:\windows\System32\javaws.exe
+ 2008-12-05 10:25:02 148,888 ----a-w c:\windows\System32\javaws.exe
- 2008-12-04 19:36:17 102,094 ----a-w c:\windows\System32\perfc009.dat
+ 2008-12-06 20:41:53 102,094 ----a-w c:\windows\System32\perfc009.dat
- 2008-12-04 19:36:17 121,302 ----a-w c:\windows\System32\perfc010.dat
+ 2008-12-06 20:41:53 121,302 ----a-w c:\windows\System32\perfc010.dat
- 2008-12-04 19:36:17 590,082 ----a-w c:\windows\System32\perfh009.dat
+ 2008-12-06 20:41:53 590,082 ----a-w c:\windows\System32\perfh009.dat
- 2008-12-04 19:36:17 665,702 ----a-w c:\windows\System32\perfh010.dat
+ 2008-12-06 20:41:53 665,702 ----a-w c:\windows\System32\perfh010.dat
- 2008-12-04 19:32:25 9,226 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3847688692-4152713363-3580029657-1000_UserData.bin
+ 2008-12-06 20:37:37 9,226 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3847688692-4152713363-3580029657-1000_UserData.bin
- 2008-12-04 19:32:24 69,208 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-12-06 20:37:37 69,208 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-12-04 19:32:20 55,572 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-12-06 20:37:36 55,768 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2008-12-01 08:52:40 265,102 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2008-12-06 09:05:47 265,102 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
.
-- Snapshot per reimpostare la data corrente --
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayExcluded]
@= "{4433A54A-1AC8-432F-90FC-85F045CF383C} "
[HKEY_CLASSES_ROOT\CLSID\{4433A54A-1AC8-432F-90FC-85F045CF383C}]
2008-10-31 12:24 576352 --a------ c:\program files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayPending]
@= "{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} "
[HKEY_CLASSES_ROOT\CLSID\{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}]
2008-10-31 12:24 576352 --a------ c:\program files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayProtected]
@= "{476D0EA3-80F9-48B5-B70B-05E677C9C148} "
[HKEY_CLASSES_ROOT\CLSID\{476D0EA3-80F9-48B5-B70B-05E677C9C148}]
2008-10-31 12:24 576352 --a------ c:\program files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar "= "c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"HPAdvisor "= "c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-10-01 1783136]
"msnmsgr "= "c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"Skype "= "c:\program files\Skype\Phone\Skype.exe" [2008-08-11 21741864]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-09-19 171448]
"WMPNSCFG "= "c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart "= "c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"SMSERIAL "= "c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-17 634880]
"IAAnotif "= "c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-07-25 174616]
"QPService "= "c:\program files\HP\QuickPlay\QPService.exe" [2007-09-30 181544]
"QlbCtrl "= "c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 202032]
"OnScreenDisplay "= "c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320]
"UCam_Menu "= "c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-16 218408]
"DpAgent "= "c:\program files\DigitalPersona\Bin\dpagent.exe" [2007-09-20 671744]
"HP Health Check Scheduler "= "c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-16 75008]
"hpWirelessAssistant "= "c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
"WAWifiMessage "= "c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
"SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2008-12-05 136600]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"HP Software Update "= "c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"ccApp "= "c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck "= "c:\program files\Norton 360\osCheck.exe" [2008-02-26 988512]
"GrooveMonitor "= "c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2008-02-27 13515296]
"NvMediaCenter "= "c:\windows\system32\NvMcTray.dll" [2008-02-27 92704]
"WinampAgent "= "c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"AppleSyncNotifier "= "c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"RtHDVCpl "= "RtHDVCpl.exe" [2007-08-17 c:\windows\RtHDVCpl.exe]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-09-05 727592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle "= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codecp "= l3codecp.acm
"msacm.ac3filter "= ac3filter.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli DPPWDFLT

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify "=dword:00000001
"InternetSettingsDisableNotify "=dword:00000001
"AutoUpdateDisableNotify "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{BE5CB95E-15FE-4DB5-8055-3157AE0E9E62} "= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{05CE7D63-7495-4A61-B40C-6DC4B9416462} "= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{F6002459-7A3D-4987-9BE4-78B32F094782} "= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{ED1C852A-BADE-4FEE-BAEA-B01950884028} "= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{3756E150-427E-4359-BB6B-A8EAD5D8F96B} "= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{CD8B517D-9315-4364-B1EC-D98DDD90DAD8} "= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{C3654786-6B00-49E4-A6D4-C21D9BD1252F} "= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{409F11E6-68B4-4BAE-8FD7-A16C75E98266} "= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{5FDC5AD2-5A92-4CFE-A77E-2D22307FA3C7} "= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{73C67D72-0648-4FB2-A668-4970CE8AAC85} "= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{177B0AA7-EF6E-429B-8AD1-42C5F6A9D14A} "= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{07C1E7E8-6318-460B-AF52-8442EEB226A7} "= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{5C337674-7D53-4B51-BE5B-5613F691E132} "= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{3DB470D3-1BDF-4E80-A31F-0D924F3A7B1D} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{50EAE21D-E782-41FB-B702-E8953CD7E974} "= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{8AF2D1B7-8893-4049-A1E1-D61D1880C793} "= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{2773BC92-04A7-447D-8C40-6690064304F5} "= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{83CCB2A4-73BE-44ED-B94C-0D7F4D8FA089} "= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{CA792990-0BCE-4ABD-A3A6-BA53A6E2D056} "= UDP:c:\program files\Sports Interactive\Football Manager 2009\fm.exe:Football Manager 2009
"{36DB4C67-F1A9-482D-9AB1-31114F882BA3} "= TCP:c:\program files\Sports Interactive\Football Manager 2009\fm.exe:Football Manager 2009
"{FC7789F9-0E7D-4F82-93FC-48DFB8AFE36E} "= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{CBEA9BE5-2308-49D0-AA51-91E5E8F0C922} "= TCP:c:\program files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall "= 0 (0x0)

R1 IDSvix86;Symantec Intrusion Prevention Driver;\??\c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20081204.003\IDSvix86.sys [2008-12-06 270384]
R2 {22D78859-9CE9-4B77-BF18-AC83E81A9263};{22D78859-9CE9-4B77-BF18-AC83E81A9263};\??\c:\program files\HP\QuickPlay\000.fcl [2008-04-27 09:54:12 39408]
R2 LiveUpdate Notice;LiveUpdate Notice; "c:\program files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [2008-02-18 149352]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-09-09 99376]
R3 SYMNDISV;SYMNDISV;c:\windows\system32\Drivers\SYMNDISV.SYS [2008-06-13 41008]
S3 COH_Mon;COH_Mon;\??\c:\windows\system32\Drivers\COH_Mon.sys [2008-01-12 23888]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

*Newly Created Service* - COMHOST
.
Contenuto della cartella 'Scheduled Tasks'

2008-10-13 c:\windows\Tasks\Norton Internet Security - Scansione completa sistema - Andrea.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe []

2008-12-06 c:\windows\Tasks\User_Feed_Synchronization-{1CE36BC5-6E03-48BE-971A-513F13BF5A34}.job
- c:\windows\system32\msfeedssync.exe [2008-01-19 07:33]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-07 01:02:35
Windows 6.0.6001 Service Pack 1 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'lsass.exe'(736)
c:\windows\system32\DPPWDFLT.dll

- - - - - - - > 'Explorer.exe'(4332)
c:\program files\DigitalPersona\Bin\DpoFeedb.dll
c:\windows\system32\btmmhook.dll
c:\program files\Hewlett-Packard\HP Advisor\Pillars\Market\MLDeskBand.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\program files\DigitalPersona\Bin\DpHostW.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Hp\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files\Hp\QuickPlay\Kernel\TV\QPSched.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\conime.exe
c:\windows\System32\rundll32.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Synaptics\SynTP\SynTPEnh.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
c:\program files\WIDCOMM\Bluetooth Software\BTStackServer.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\windows\System32\wbem\WMIADAP.exe
c:\program files\MSN Messenger\usnsvc.exe
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\System32\dllhost.exe
.
**************************************************************************
.
Ora fine scansione: 2008-12-07 1:08:29 - macchina è stato riavviato
ComboFix-quarantined-files.txt 2008-12-07 01:08:21
ComboFix2.txt 2008-12-05 01:51:11

Pre-Run: 167.315.865.600 byte disponibili
Post-Run: 167,544,266,752 byte disponibili

304 --- E O F --- 2008-11-26 15:31:24

Thank you,

Andrea

 

Hi Andrea
OK please tell me if you are still getting the virus warnings from Norton.

Thanks

 

Hi Geri,

as usual:

1) Norton's fast scan detects a threat and tells me it's been removed. It says it is a tracking cookie.

2) Those three viruses (Downloader and 2 Trojan.Fakeavalert) are still in the Norton quarantine folder.

Andrea

 

Hi Andrea
OK Tracking cookies are really no big deal but lets make sure your 3rd party cookies are set to block.

1. Open IE7.
2. Click on Tools.
3. Click on Internet Options.
4. Click on the Privacy tab.
5. Click on the Advanced button.
6. You can choose to either Allow, Block ,or Prompt you when a cookie tries to install, from both a 1st party and 3rd party (Make sure 1st party cookies are set to Allow, 3rd party cookies this one set to block). You can also choose to Override IE7's automatic cookie handling. (I Recommend to). make sure a check mark is in the box.
7. Click OK.
OK your way out.

Now do this.


Please follow the instructions below to download and run the Norton Scanner, Make sure that no other applications are open after you download the file.

1. Create a new folder on your desktop and name it "Norton Scanner. "

2. Using Internet Explorer, click on the link below to access the Norton Scanner. Choose "Save File" and save it to the Norton scanner folder on your Desktop.

Norton Scanner

3. Double-click on the "Norton Security Scan" file and save the extracted files to the folder you created on your desktop.

4. When all of the files have be decompressed, double-click on the file "NSS" to launch the Norton Security Scanner.

5. Read and accept the License agreement.

6. Choose "Full System Scan" and then select "Start Scan." The scanner will then download the updated definition files and will scan all of the files on your computer. Please NOTE, depending on how many files are on your system, the scan may take a while. When the scan is complete, click on the "Action Required" tab and follow the instructions.

Check your Norton quarantine folder and see if it's empty. Let me know.


Once that is done, please run this scanner.

• Download GMER by GMER from here
• Unzip it to a folder on your desktop
• Double click on gmer.exe to launch GMER
• If asked, allow the gmer.sys driver to load
• If it warns you about rootkit activity and asks if you want to run scan, click OK
• If you don't get a warning then
  • Click the rootkit tab
  • Click Scan
• Once the scan has finished, click copy
• Paste the log into notepad using Ctrl+V
• Save it to your desktop as gmerrk.txt
• Click on the >>> tab
• This will open up the rest of the tabs for you
• Click on the Autostart tab
• Click on Scan
• Once the scan has finished, click copy
• Paste the log into notepad using Ctrl+V
• Save it to your desktop as gmerautos.txt
• Copy and paste the contents of gmerautos.txt and gmerrk.txt as a reply to this topic

Thanks
Geri

 

Hi Geri,

I still haven't run gmer, but here are the results of the Norton Scan. Norton Scan hasn't detected any threats; therefore, there were no files in the "Attention required" folder and I wasn't asked to eliminate anything.
Norton's quarantine folder still has the same files as before. I'll tell you how I access Norton's quarantine folder, just to be sure it is actually what you are referring to. I double-click on the Norton icon in the low-right corner; then bring the mouse over "PC security" and click "show details "; then under "Antivirus and antispyware scan" I click on "further information" and then on "Show files removed by the antivirus and antispyware scan ". Then a section named "Quarantine" appears.
I was wondering whether these files in the quarantine folder are actually on my computer or Norton is just telling me that they have been detected previously.

I'll post the gmer log asap.

Thanks,

Andrea

 

Hi Geri,

here's the first Gmer log:

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-12-08 16:46:17
Windows 6.0.6001 Service Pack 1


---- System - GMER 1.0.14 ----

SSDT 8A0A0A40 ZwAlertResumeThread
SSDT 8A08D778 ZwAlertThread
SSDT 8A0A1860 ZwAllocateVirtualMemory
SSDT 89FD5100 ZwAlpcConnectPort
SSDT 8A0AA6C0 ZwCreateMutant
SSDT 8A08B5E8 ZwCreateThread
SSDT 8A0ADF28 ZwDebugActiveProcess
SSDT 8A0A07C0 ZwFreeVirtualMemory
SSDT 8A0AA790 ZwImpersonateAnonymousToken
SSDT 8A0A13B0 ZwImpersonateThread
SSDT 8A0AA590 ZwMapViewOfSection
SSDT 8A0AD1F0 ZwOpenEvent
SSDT 8A0A3F20 ZwOpenProcessToken
SSDT 8A0AD030 ZwOpenSection
SSDT 8A0AA3E0 ZwOpenThreadToken
SSDT 8A09FBE0 ZwResumeThread
SSDT 8A0AA300 ZwSetContextThread
SSDT 8A0AD310 ZwSetInformationProcess
SSDT 8A0A3BC0 ZwSetInformationThread
SSDT 8A0AD110 ZwSuspendProcess
SSDT 8A0A3A20 ZwSuspendThread
SSDT 89FC48C0 ZwTerminateProcess
SSDT 8A0A3B00 ZwTerminateThread
SSDT 8A0AD3E0 ZwUnmapViewOfSection
SSDT 8A0A0890 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.14 ----

.text ntkrnlpa.exe!KeSetTimerEx + 350 81CFA914 8 Bytes [ 40, 0A, 0A, 8A, 78, D7, 08, ... ]
.text ntkrnlpa.exe!KeSetTimerEx + 364 81CFA928 4 Bytes [ 60, 18, 0A, 8A ]
.text ntkrnlpa.exe!KeSetTimerEx + 370 81CFA934 4 Bytes [ 00, 51, FD, 89 ]
.text ntkrnlpa.exe!KeSetTimerEx + 428 81CFA9EC 4 Bytes [ C0, A6, 0A, 8A ]
.text ntkrnlpa.exe!KeSetTimerEx + 454 81CFAA18 4 Bytes CALL 9759B2D2 \SystemRoot\System32\win32k.sys (Driver Win32 multiutente/Microsoft Corporation)
.text ...

---- User code sections - GMER 1.0.14 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[1224] USER32.dll!DialogBoxIndirectParamW 777CBD25 5 Bytes JMP 6E075BF3 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1224] USER32.dll!DialogBoxParamW 777E1FD5 5 Bytes JMP 6E075B7D C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1224] USER32.dll!DialogBoxParamA 778080B2 5 Bytes JMP 6E075BB8 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1224] USER32.dll!DialogBoxIndirectParamA 778083DD 5 Bytes JMP 6E075C2E C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1224] USER32.dll!MessageBoxIndirectA 7781D471 5 Bytes JMP 6E075B39 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1224] USER32.dll!MessageBoxIndirectW 7781D56B 5 Bytes JMP 6E075AF5 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1224] USER32.dll!MessageBoxExA 7781D5D1 5 Bytes JMP 6E075ABB C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1224] USER32.dll!MessageBoxExW 7781D5F5 5 Bytes JMP 6E075A81 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1224] SHELL32.dll!SHRestricted + DFD 766F8390 4 Bytes [ 99, 0B, 3B, 70 ]
.text C:\Program Files\Internet Explorer\iexplore.exe[1224] SHELL32.dll!SHRestricted + E05 766F8398 8 Bytes [ A7, 0A, 3B, 70, A4, 32, 3A, ... ]
.text C:\Program Files\Internet Explorer\iexplore.exe[1224] SHELL32.dll!SHRestricted + FB1 766F8544 4 Bytes [ 99, 0B, 3B, 70 ]
.text C:\Program Files\Internet Explorer\iexplore.exe[1224] SHELL32.dll!SHRestricted + FB9 766F854C 4 Bytes [ A7, 0A, 3B, 70 ]
.text C:\Program Files\Internet Explorer\iexplore.exe[1224] SHELL32.dll!ILFree + 5F3 766F9AFC 4 Bytes [ 99, 0B, 3B, 70 ]
.text C:\Program Files\Internet Explorer\iexplore.exe[1224] SHELL32.dll!ILFree + 5FB 766F9B04 4 Bytes [ A7, 0A, 3B, 70 ]
.text C:\Program Files\MSN Messenger\msnmsgr.exe[3596] kernel32.dll!SetUnhandledExceptionFilter 765B6E2D 5 Bytes JMP 004DE392 C:\Program Files\MSN Messenger\msnmsgr.exe (Messenger/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.14 ----

IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [7039D537] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [7039D09C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CopyFileW] [7039B6A1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [7039D221] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CreateFileW] [7039BD1B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SearchPathW] [7039F233] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!DeleteFileW] [7039C301] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SearchPathW] [7039F233] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [7039D537] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CopyFileW] [7039B6A1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!MoveFileW] [7039DE50] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!DeleteFileW] [7039C301] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetCurrentDirectoryW] [7039F49D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindClose] [703A0D4C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindNextFileW] [7039FC09] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindFirstFileW] [703A02A5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [7039D09C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateFileW] [7039BD1B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!WritePrivateProfileStringW] [7039B114] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [7039D221] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetPrivateProfileStringW] [7039A970] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegQueryInfoKeyW] [703ADB0F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegEnumValueW] [703AE479] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegOpenKeyExW] [703ACB9D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegQueryValueExW] [703AD773] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegDeleteKeyW] [703ACEA5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegCreateKeyExW] [703AC625] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegCloseKey] [703ACD09] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [7039D221] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!ReplaceFileW] [7039E151] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!WritePrivateProfileStringW] [7039B114] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringW] [7039A970] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringA] [7039A819] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!DeleteFileW] [7039C301] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [7039D537] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesW] [70398D54] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [7039BD1B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileW] [703A02A5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileW] [7039FC09] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathW] [7039F233] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesW] [70398AFB] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesA] [70398C26] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] [7039BBD2] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileA] [7039FF42] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileA] [7039FB96] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindClose] [703A0D4C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathA] [7039EFA8] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesA] [703989D0] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [7039D09C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!WinHelpW] [7039CF65] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!WinHelpA] [7039CE2E] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCloseKey] [703ACD09] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExA] [703AC49D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteKeyA] [703ACD5C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryInfoKeyA] [703AD913] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExA] [703ACA25] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExW] [703AC625] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExW] [703ACB9D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyExW] [703AE169] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueW] [703AD437] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteKeyW] [703ACEA5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryInfoKeyW] [703ADB0F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExW] [703AD773] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumValueW] [703AE479] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyW] [703ADE75] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyExA] [703ADFE1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumValueA] [703AE2F1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyA] [703ADD0B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExA] [703AD5D3] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionW] [7039A460] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindNextFileW] [7039FC09] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!ReplaceFileW] [7039E151] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionNamesW] [7039A6E2] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileSectionW] [7039AE92] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileStringW] [7039B114] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateHardLinkW] [7039C023] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CopyFileW] [7039B6A1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetBinaryTypeW] [70399700] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [7039D537] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileW] [7039DE50] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindFirstFileW] [703A02A5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindClose] [703A0D4C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetShortPathNameA] [70399362] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesA] [703989D0] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SearchPathW] [7039F233] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileIntW] [7039A1D8] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileStringW] [7039A970] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!RemoveDirectoryW] [7039EAD0] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateDirectoryW] [7039E4F9] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!DeleteFileW] [7039C301] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetFileAttributesW] [70398D54] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesW] [70398AFB] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW] [7039DE75] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetShortPathNameW] [703994A1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [7039D221] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] [7039BD1B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesExW] [70398FC1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [7039D09C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetLongPathNameW] [70399231] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetCurrentDirectoryW] [7039F49D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\SHELL32.dll [USER32.dll!LoadImageW] [7039C58B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\SHELL32.dll [USER32.dll!WinHelpW] [7039CF65] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\SHELL32.dll [USER32.dll!PrivateExtractIconsW] [7039CA80] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyExW] [703ACB9D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegCreateKeyExW] [703AC625] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegEnumKeyW] [703ADE75] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegEnumValueW] [703AE479] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegDeleteKeyW] [703ACEA5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryInfoKeyW] [703ADB0F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryInfoKeyA] [703AD913] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegEnumKeyExW] [703AE169] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegSetValueW] [703AD13F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryValueExW] [703AD773] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryValueW] [703AD437] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyW] [703AC8E9] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegCreateKeyW] [703AC35D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryValueExA] [703AD5D3] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyExA] [703ACA25] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegCloseKey] [703ACD09] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtQueryDirectoryFile] [703A91AC] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FindClose] [703A0D4C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FindFirstFileW] [703A02A5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [7039D537] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!SearchPathW] [7039F233] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!DeleteFileW] [7039C301] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetShortPathNameW] [703994A1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileAttributesExW] [70398FC1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateFileW] [7039BD1B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [7039D221] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileAttributesW] [70398AFB] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [7039D09C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegSetValueW] [703AD13F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueA] [703AD28F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegEnumKeyExW] [703AE169] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegEnumValueW] [703AE479] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegEnumKeyA] [703ADD0B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegDeleteKeyA] [703ACD5C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryInfoKeyW] [703ADB0F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryInfoKeyA] [703AD913] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueW] [703AD437] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegEnumKeyW] [703ADE75] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegCloseKey] [703ACD09] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueExW] [703AD773] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyExW] [703ACB9D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegDeleteKeyW] [703ACEA5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegCreateKeyExW] [703AC625] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueExA] [703AD5D3] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyExA] [703ACA25] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueW] [703A5CFD] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueA] [703A5C9F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathUnExpandEnvStringsA] [703A4D95] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteKeyA] [703A50AF] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteValueW] [703A519F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathCreateFromUrlW] [703A40A2] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueA] [703A5357] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueA] [703A619F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueW] [703A53B2] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueW] [703A61FA] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1224] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathCombineW] [703A3FFB] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

---- Devices - GMER 1.0.14 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF dinamico/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\NAVENG \Device\NAVENG NAVEX15.SYS
Device \Driver\BTHUSB \Device\00000081 bthport.sys (Driver bus Bluetooth/Microsoft Corporation)
Device \Driver\BTHUSB \Device\00000083 bthport.sys (Driver bus Bluetooth/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e37e8ece0
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001e37e8ece0

---- EOF - GMER 1.0.14 ----

 

And here is the other one:

GMER 1.0.14.14536 - http://www.gmer.net
Autostart scan 2008-12-08 16:50:16
Windows 6.0.6001 Service Pack 1


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\Windows\system32\userinit.exe,

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
Apple Mobile Device@ = "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe "
Automatic LiveUpdate Scheduler@ = "C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe "
Bonjour Service@ = "C:\Program Files\Bonjour\mDNSResponder.exe "
ccEvtMgr@ = "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
ccSetMgr@ = "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
CLTNetCnService@ = "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
DpHost@ = C:\Program Files\DigitalPersona\Bin\DpHostW.exe
HP Health Check Service@ = "c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe "
hpqwmiex@ = C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
IAANTMON@ = C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
LiveUpdate Notice@ = "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
nvsvc@ = %SystemRoot%\system32\nvvsvc.exe
QPCapSvc@ = "C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe" C:\Program Files\HP\QuickPlay\Kernel\TV\CapSetup HLP
QPSched@ = "C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe" a y \ K e r n e l \ T V \ Q P C a p S v c . e x e
RichVideo@ = "C:\Program Files\CyberLink\Shared Files\RichVideo.exe" ??????????????????????????????????????????????????????
slsvc@ = %SystemRoot%\system32\SLsvc.exe
WSearch@ = %systemroot%\system32\SearchIndexer.exe /Embedding

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@SynTPStartC:\Program Files\Synaptics\SynTP\SynTPStart.exe = C:\Program Files\Synaptics\SynTP\SynTPStart.exe
@SMSERIALC:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe = C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
@RtHDVCplRtHDVCpl.exe = RtHDVCpl.exe
@IAAnotifC:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe = C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
@QPService "C:\Program Files\HP\QuickPlay\QPService.exe" = "C:\Program Files\HP\QuickPlay\QPService.exe "
@QlbCtrl%ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start /*file not found*/ = %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start /*file not found*/
@OnScreenDisplayC:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe = C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
@UCam_Menu "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0" = "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0 "
@DpAgentC:\Program Files\DigitalPersona\Bin\dpagent.exe = C:\Program Files\DigitalPersona\Bin\dpagent.exe
@HP Health Check Schedulerc:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe = c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
@hpWirelessAssistantC:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe = C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
@WAWifiMessageC:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe = C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
@SunJavaUpdateSched "C:\Program Files\Java\jre6\bin\jusched.exe" = "C:\Program Files\Java\jre6\bin\jusched.exe "
@Adobe Reader Speed Launcher "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" = "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
@HP Software UpdateC:\Program Files\Hp\HP Software Update\HPWuSchd2.exe = C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
@ccApp "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
@osCheck "C:\Program Files\Norton 360\osCheck.exe" = "C:\Program Files\Norton 360\osCheck.exe "
@GrooveMonitor "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" = "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe "
@NvCplDaemonRUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup = RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
@NvMediaCenterRUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit = RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
@WinampAgent "C:\Program Files\Winamp\winampa.exe" = "C:\Program Files\Winamp\winampa.exe "
@AppleSyncNotifierC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe = C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
@QuickTime Task "C:\Program Files\QuickTime\QTTask.exe" -atboottime = "C:\Program Files\QuickTime\QTTask.exe" -atboottime
@iTunesHelper "C:\Program Files\iTunes\iTunesHelper.exe" = "C:\Program Files\iTunes\iTunesHelper.exe "

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@SidebarC:\Program Files\Windows Sidebar\sidebar.exe /autoRun /*file not found*/ = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun /*file not found*/
@HPAdvisorC:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun /*file not found*/ = C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun /*file not found*/
@msnmsgr "C:\Program Files\MSN Messenger\msnmsgr.exe" /background = "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
@Skype "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized = "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
@swgC:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe = C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
@WMPNSCFGC:\Program Files\Windows Media Player\WMPNSCFG.exe = C:\Program Files\Windows Media Player\WMPNSCFG.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks@{B5A7F190-DDA6-4420-B3BA-52453494E6CD} = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{F02C1A0D-BE21-4350-88B0-7367FC96EF3C} /*Computers and Devices*/%systemroot%\system32\NetworkExplorer.dll = %systemroot%\system32\NetworkExplorer.dll
@{4A1E5ACD-A108-4100-9E26-D2FAFA1BA486} /*IGD Property Sheet Handler*/%SystemRoot%\System32\icsigd.dll = %SystemRoot%\System32\icsigd.dll
@{92dbad9f-5025-49b0-9078-2d78f935e341} /*Microsoft Windows Mail Html Preview Handler*/%SystemRoot%\system32\inetcomm.dll = %SystemRoot%\system32\inetcomm.dll
@{b9815375-5d7f-4ce2-9245-c9d4da436930} /*Microsoft Windows Mail Html Preview Handler*/%SystemRoot%\system32\inetcomm.dll = %SystemRoot%\system32\inetcomm.dll
@{f8b8412b-dea3-4130-b36c-5e8be73106ac} /*Microsoft Windows Mail Html Preview Handler*/%SystemRoot%\system32\inetcomm.dll = %SystemRoot%\system32\inetcomm.dll
@{5FA29220-36A1-40f9-89C6-F4B384B7642E} /*Shell Message Handler*/%SystemRoot%\system32\inetcomm.dll = %SystemRoot%\system32\inetcomm.dll
@{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} /*Shell DocObject Viewer*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{BC476F4C-D9D7-4100-8D4E-E043F6DEC409} /*Microsoft Browser Architecture*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{FBF23B40-E3F0-101B-8488-00AA003E56F8} /*InternetShortcut*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{3C374A40-BAE4-11CF-BF7D-00AA006946EE} /*Microsoft Url History Service*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{FF393560-C2A7-11CF-BFF4-444553540000} /*History*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{7BD29E00-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{7BD29E01-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{CFBFAE00-17A6-11D0-99CB-00C04FD64497} /*Microsoft Url Search Hook*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} /*The Internet*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{73CFD649-CD48-4fd8-A272-2070EA56526B} /*IE BandProxy*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{07C45BB1-4A8C-4642-A1F5-237E7215FF66} /*IE Microsoft BrowserBand*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{43886CD5-6529-41c4-A707-7B3C92C05E68} /*IE Navigation Bar*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{30D02401-6A81-11d0-8274-00C04FD5AE38} /*IE Search Band*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E} /*IE Registry Tree Options Utility*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{3028902F-6374-48b2-8DC6-9725E775B926} /*IE AutoComplete*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8} /*IE MRU AutoComplete List*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{FDE7673D-2E19-4145-8376-BBD58C4BC7BA} /*IE Custom MRU AutoCompleted List*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{6038EF75-ABFC-4e59-AB6F-12D397F6568D} /*IE Microsoft History AutoComplete List*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{9D958C62-3954-4b44-8FAB-C4670C1DB4C2} /*IE Microsoft Shell Folder AutoComplete List*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{B31C5FAE-961F-415b-BAF0-E697A5178B94} /*IE Microsoft Multiple AutoComplete List Container*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{E6EE9AAC-F76B-4947-8260-A9F136138E11} /*IE Shell Band Site Menu*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A} /*IE Shell Rebar BandSite*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} /*IE User Assist*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{4B78D326-D922-44f9-AF2A-07805C2A3560} /*IE Menu Band*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{6CF48EF8-44CD-45d2-8832-A16EA016311B} /*IE IShellFolderBand*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{F2CF5485-4E02-4f68-819C-B92DE9277049} /*&Links*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{1C1EDB47-CE22-4bbb-B608-77B48F83C823} /*IE Fade Task*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE} /*IE Tracking Shell Menu*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{44C76ECD-F7FA-411c-9929-1B77BA77F524} /*IE Menu Site*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{205D7A97-F16D-4691-86EF-F3075DCCA57D} /*IE Menu Desk Bar*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{871C5380-42A0-1069-A2EA-08002B30309D} /*Internet Name Space*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E} /*IE RSS Feeder Folder*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{8856f961-340a-11d0-a96b-00c04fd705a2} /*Microsoft Web Browser*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{00020d75-0000-0000-c000-000000000046} /*Microsoft Office Outlook Desktop Icon Handler*/C:\PROGRA~1\MICROS~3\Office12\MLSHEXT.DLL = C:\PROGRA~1\MICROS~3\Office12\MLSHEXT.DLL
@{CC6EEFFB-43F6-46c5-9619-51D571967F7D} /*Web Publishing Wizard*/%SystemRoot%\System32\shwebsvc.dll = %SystemRoot%\System32\shwebsvc.dll
@{add36aa8-751a-4579-a266-d66f5202ccbb} /*Print Ordering via the Web*/%SystemRoot%\System32\shwebsvc.dll = %SystemRoot%\System32\shwebsvc.dll
@{6b33163c-76a5-4b6c-bf21-45de9cd503a1} /*Shell Publishing Wizard Object*/%SystemRoot%\System32\shwebsvc.dll = %SystemRoot%\System32\shwebsvc.dll
@{176d6597-26d3-11d1-b350-080036a75b03} /*ICM Scanner Management*/%SystemRoot%\System32\colorui.dll = %SystemRoot%\System32\colorui.dll
@{5DB2625A-54DF-11D0-B6C4-0800091AA605} /*ICM Monitor Management*/%SystemRoot%\System32\colorui.dll = %SystemRoot%\System32\colorui.dll
@{675F097E-4C4D-11D0-B6C1-0800091AA605} /*ICM Printer Management*/%SystemRoot%\system32\colorui.dll = %SystemRoot%\system32\colorui.dll
@{DBCE2480-C732-101B-BE72-BA78E9AD5B27} /*ICC Profile*/%SystemRoot%\system32\colorui.dll = %SystemRoot%\system32\colorui.dll
@{b2c761c6-29bc-4f19-9251-e6195265baf1} /*Color Control Panel Applet*/(null) =
@{74246bfc-4c96-11d0-abef-0020af6b0b7a} /*Device Manager*/%SystemRoot%\System32\devmgr.dll = %SystemRoot%\System32\devmgr.dll
@{7A979262-40CE-46ff-AEEE-7884AC3B6136} /*Add New Hardware*/(null) =
@{3e7efb4c-faf1-453d-89eb-56026875ef90} /*Get Programs Online*/(null) =
@{1b24a030-9b20-49bc-97ac-1be4426f9e59} /*ActiveDirectory Folder*/(null) =
@{34449847-FD14-4fc8-A75A-7432F5181EFB} /*ActiveDirectory Folder*/(null) =
@{C8494E42-ACDD-4739-B0FB-217361E4894F} /*Sam Account Folder*/(null) =
@{E29F9716-5C08-4FCD-955A-119FDB5A522D} /*Sam Account Folder*/(null) =
@{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0} /*Control Panel command object for Start menu*/(null) =
@{E44E5D18-0652-4508-A4E2-8A090067BCB0} /*Default Programs command object for Start menu*/(null) =
@{6dfd7c5c-2451-11d3-a299-00c04f8ef6af} /*Folder Options*/(null) =
@{97e467b4-98c6-4f19-9588-161b7773d6f6} /*Office Document Property Handler*/%SystemRoot%\system32\propsys.dll = %SystemRoot%\system32\propsys.dll
@{2C2577C2-63A7-40e3-9B7F-586602617ECB} /*Explorer Query Band*/(null) =
@{DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7} /*File Open Dialog*/%SystemRoot%\System32\comdlg32.dll = %SystemRoot%\System32\comdlg32.dll
@{C0B4E2F3-BA21-4773-8DBA-335EC946EB8B} /*File Save Dialog*/%SystemRoot%\System32\comdlg32.dll = %SystemRoot%\System32\comdlg32.dll
@{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} /*Shell Icon Handler for Application References*/C:\Windows\system32\dfshim.dll = C:\Windows\system32\dfshim.dll
@{e82a2d71-5b2f-43a0-97b8-81be15854de8} /*ShellLink for Application References*/C:\Windows\system32\dfshim.dll = C:\Windows\system32\dfshim.dll
@{92337A8C-E11D-11D0-BE48-00C04FC30DF6} /*OlePrn.PrinterURL*/%SystemRoot%\system32\oleprn.dll = %SystemRoot%\system32\oleprn.dll
@{45670FA8-ED97-4F44-BC93-305082590BFB} /*Microsoft XPS Properties*/%SystemRoot%\system32\XPSSHHDR.DLL = %SystemRoot%\system32\XPSSHHDR.DLL
@{44121072-A222-48f2-A58A-6D9AD51EBBE9} /*Microsoft XPS Thumbnail*/%SystemRoot%\system32\XPSSHHDR.DLL = %SystemRoot%\system32\XPSSHHDR.DLL
@{38a98528-6cbf-4ca9-8dc0-b1e1d10f7b1b} /*View Available Networks*/(null) =
@{13D3C4B8-B179-4ebb-BF62-F704173E7448} /*Windows Contact Preview Handler*/%CommonProgramFiles%\System\wab32.dll = %CommonProgramFiles%\System\wab32.dll
@{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} /*Contacts folder*/(null) =
@{4F58F63F-244B-4c07-B29F-210BE59BE9B4} /*.group shell extension handler*/%CommonProgramFiles%\System\wab32.dll = %CommonProgramFiles%\System\wab32.dll
@{8082C5E6-4C27-48ec-A809-B8E1122E8F97} /*.contact shell extension handler*/%CommonProgramFiles%\System\wab32.dll = %CommonProgramFiles%\System\wab32.dll
@{16C2C29D-0E5F-45f3-A445-03E03F587B7D} /*group_wab_auto_file*/%CommonProgramFiles%\System\wab32.dll = %CommonProgramFiles%\System\wab32.dll
@{CF67796C-F57F-45F8-92FB-AD698826C602} /*contact_wab_auto_file*/%CommonProgramFiles%\System\wab32.dll = %CommonProgramFiles%\System\wab32.dll
@{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8} /*Compatibility Property Page*/%windir%\system32\acppage.dll = %windir%\system32\acppage.dll
@{4026492f-2f69-46b8-b9bf-5654fc07e423} /*Windows Firewall*/(null) =
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/C:\Windows\system32\extmgr.dll = C:\Windows\system32\extmgr.dll
@{fcfeecae-ee1b-4849-ae50-685dcf7717ec} /*Problem Reports and Solutions*/(null) =
@{a304259d-52b8-4526-8b1a-a1d6cecc8243} /*iSCSI Initiator*/(null) =
@{11dbb47c-a525-400b-9e80-a54615a090c0} /*Execute Folder*/ExplorerFrame.dll = ExplorerFrame.dll
@{90b9bce2-b6db-4fd3-8451-35917ea1081b} /*Search Execute Command*/ExplorerFrame.dll = ExplorerFrame.dll
@{911051fa-c21c-4246-b470-070cd8df6dc4} /*.cab or .zip files*/(null) =
@{da67b8ad-e81b-4c70-9b91b417b5e33527} /*Windows Search Shell Service*/(null) =
@{a38b883c-1682-497e-97b0-0a3a9e801682} /*IPropertyStore Handler for Images*/C:\Windows\system32\PhotoMetadataHandler.dll = C:\Windows\system32\PhotoMetadataHandler.dll
@{C7657C4A-9F68-40fa-A4DF-96BC08EB3551} /*Photo Thumbnail Provider*/C:\Windows\system32\PhotoMetadataHandler.dll = C:\Windows\system32\PhotoMetadataHandler.dll
@{3F30C968-480A-4C6C-862D-EFC0897BB84B} /*Photo Thumbnail Extractor*/C:\Windows\system32\PhotoMetadataHandler.dll = C:\Windows\system32\PhotoMetadataHandler.dll
@{BC65FB43-1958-4349-971A-210290480130} /*Network Explorer Property Sheet Handler*/%SystemRoot%\System32\NcdProp.dll = %SystemRoot%\System32\NcdProp.dll
@{d3e34b21-9d75-101a-8c3d-00aa001a1652} /*Bitmap Image*/(null) =
@{40C3D757-D6E4-4b49-BB41-0E5BBEA28817} /*Video Media Properties Handler*/%SystemRoot%\System32\mediametadatahandler.dll = %SystemRoot%\System32\mediametadatahandler.dll
@{E598560B-28D5-46aa-A14A-8A3BEA34B576} /*Windows Photo Gallery Viewer Video Verbs*/%ProgramFiles%\Windows Photo Gallery\PhotoViewer.dll /*file not found*/ = %ProgramFiles%\Windows Photo Gallery\PhotoViewer.dll /*file not found*/
@{00f2886f-cd64-4fc9-8ec5-30ef6cdbe8c3} /*Microsoft.ScannersAndCameras*/(null) =
@{0a4286ea-e355-44fb-8086-af3df7645bd9} /*Windows Media Player*/C:\PROGRA~1\WI4EB4~1\wmpband.dll = C:\PROGRA~1\WI4EB4~1\wmpband.dll
@{BB6B2374-3D79-41DB-87F4-896C91846510} /*EMDFileProperties*/emdmgmt.dll = emdmgmt.dll
@{875CB1A1-0F29-45de-A1AE-CFB4950D0B78} /*Audio Media Properties Handler*/%SystemRoot%\System32\mediametadatahandler.dll = %SystemRoot%\System32\mediametadatahandler.dll
@{89D83576-6BD1-4c86-9454-BEB04E94C819} /*MAPI Search Namespace Extension*/%systemroot%\system32\mssvp.dll = %systemroot%\system32\mssvp.dll
@{7A0F6AB7-ED84-46B6-B47E-02AA159A152B} /*Sync Center Simple Conflict Presenter*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{9D687A4C-1404-41ef-A089-883B6FBECDE6} /*Windows Photo Gallery Viewer Autoplay Handler*/(null) =
@{37efd44d-ef8d-41b1-940d-96973a50e9e0} /*Windows Sidebar Properties*/(null) =
@{00f20eb5-8fd6-4d9d-b75e-36801766c8f1} /*PhotoAcqDropTarget*/%ProgramFiles%\Windows Photo Gallery\PhotoAcq.dll /*file not found*/ = %ProgramFiles%\Windows Photo Gallery\PhotoAcq.dll /*file not found*/
@{BC48B32F-5910-47F5-8570-5074A8A5636A} /*Sync Results Delegate Folder*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{ED228FDF-9EA8-4870-83B1-96B02CFE0D52} /*Games Folder*/C:\Windows\System32\gameux.dll = C:\Windows\System32\gameux.dll
@{E413D040-6788-4C22-957E-175D1C513A34} /*Sync Center Conflict Delegate Folder*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{67718415-c450-4f3c-bf8a-b487642dc39b} /*Windows Features*/(null) =
@{91ADC906-6722-4B05-A12B-471ADDCCE132} /*Touch Band*/%SystemRoot%\System32\TouchX.dll = %SystemRoot%\System32\TouchX.dll
@{2781761E-28E0-4109-99FE-B9D127C57AFE} /*Windows Defender IOfficeAntiVirus implementation*/%ProgramFiles%\Windows Defender\MpOav.dll /*file not found*/ = %ProgramFiles%\Windows Defender\MpOav.dll /*file not found*/
@{FFE2A43C-56B9-4bf5-9A79-CC6D4285608A} /*Windows Photo Gallery Viewer Image Verbs*/%ProgramFiles%\Windows Photo Gallery\PhotoViewer.dll /*file not found*/ = %ProgramFiles%\Windows Photo Gallery\PhotoViewer.dll /*file not found*/
@{4B534112-3AF6-4697-A77C-D62CE9B9E7CF} /*Sync Center Event Properties Extension*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{F1390A9A-A3F4-4E5D-9C5F-98F3BD8D935C} /*Sync Setup Delegate Folder*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{4E5BFBF8-F59A-4e87-9805-1F9B42CC254A} /*GameUX.RichGameMediaThumbnail*/C:\Windows\System32\gameux.dll = C:\Windows\System32\gameux.dll
@{d8559eb9-20c0-410e-beda-7ed416aecc2a} /*Windows Defender*/(null) =
@{576C9E85-1300-4EF5-BF6B-D00509F4EDCD} /*Sync Center Handler Properties Extension*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{5ea4f148-308c-46d7-98a9-49041b1dd468} /*Mobility Center Control Panel*/(null) =
@{289978AC-A101-4341-A817-21EBA7FD046D} /*Sync Center Conflict Folder*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{877ca5ac-cb41-4842-9c69-9136e42d47e2} /*File Backup Index*/%systemroot%\system32\sdshext.dll = %systemroot%\system32\sdshext.dll
@{71D99464-3B6B-475C-B241-E15883207529} /*Sync Results Folder*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{B32D3949-ED98-4DBB-B347-17A144969BBA} /*Sync Center Item Properties Extension*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} /*Portable Devices Menu*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{2E9E59C0-B437-4981-A647-9C34B9B90891} /*Sync Setup Folder*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{9C73F5E5-7AE7-4E32-A8E8-8D23B85255BF} /*Sync Center Folder*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{CB1B7F8C-C50A-4176-B604-9E24DEE8D4D1} /*Welcome Center*/oobefldr.dll = oobefldr.dll
@{15D633E2-AD00-465b-9EC7-F56B7CDF8E27} /*Tablet PC Input Panel*/%CommonProgramFiles%\microsoft shared\ink\TipBand.dll /*file not found*/ = %CommonProgramFiles%\microsoft shared\ink\TipBand.dll /*file not found*/
@{F04CC277-03A2-4277-96A9-77967471BDFF} /*Sync Center Conflict Properties Extension*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{53BEDF0B-4E5B-4183-8DC9-B844344FA104} /*Microsoft Windows MAPI Preview Handler*/%SystemRoot%\system32\mssvp.dll = %SystemRoot%\system32\mssvp.dll
@{6b9228da-9c15-419e-856c-19e768a13bdc} /*Windows gadget DropTarget*/%ProgramFiles%\Windows Sidebar\sbdrop.dll /*file not found*/ = %ProgramFiles%\Windows Sidebar\sbdrop.dll /*file not found*/
@{8E25992B-373E-486E-80E5-BD23AE417E66} /*Sync Center Device Notification Sink*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{35786D3C-B075-49b9-88DD-029876E11C01} /*Portable Devices*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{031EE060-67BC-460d-8847-E4A7C5E45A27} /*Windows Media Player Rich Preview Handler*/(null) =
@{1FA9085F-25A2-489B-85D4-86326EEDCD87} /*Manage Wireless Networks*/%SystemRoot%\system32\wlanpref.dll = %SystemRoot%\system32\wlanpref.dll
@{7dda204b-2097-47c9-8323-c40bb840ae44} /*XPS document*/(null) =
@{ECDD6472-2B9B-4b4b-AE36-F316DF3C8D60} /*RichGameMediaPropertyStore Class*/C:\Windows\System32\gameux.dll = C:\Windows\System32\gameux.dll
@{BD7A2E7B-21CB-41b2-A086-B309680C6B7E} /*Client Side Cache Namespace Extension*/%systemroot%\system32\mssvp.dll = %systemroot%\system32\mssvp.dll
@{c5a40261-cd64-4ccf-84cb-c394da41d590} /*Video Thumbnail Extractor*/%SystemRoot%\System32\mediametadatahandler.dll = %SystemRoot%\System32\mediametadatahandler.dll
@{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} /*Microsoft Office Metadata Handler*/C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
@{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} /*Microsoft Office Thumbnail Handler*/C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
@{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} /*Microsoft Office OneNote Namespace Extension for Windows Desktop Search*/C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL = C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Program Files\Microsoft Office\Office12\msohevi.dll = C:\Program Files\Microsoft Office\Office12\msohevi.dll
@{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} /*Messenger Sharing Folders*/C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll = C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll
@{7F67036B-66F1-411A-AD85-759FB9C5B0DB} /*ShellViewRTF*/C:\Windows\System32\ShellvRTF.dll = C:\Windows\System32\ShellvRTF.dll
@{A70C977A-BF00-412C-90B7-034C51DA2439} /*NvCpl DesktopContext Class*/C:\Windows\system32\nvcpl.dll = C:\Windows\system32\nvcpl.dll
@{2F603045-309F-11CF-9774-0020AFD0CFF6} /*Synaptics Control Panel*/C:\Program Files\Synaptics\SynTP\SynTPCpl.dll = C:\Program Files\Synaptics\SynTP\SynTPCpl.dll
@{7842554E-6BED-11D2-8CDB-B05550C10000} /*Monitor*/C:\Windows\system32\btncopy.dll = C:\Windows\system32\btncopy.dll
@{A40526DD-F152-4C1D-844C-CE668D29B77E} /*Shell extension for NTP*/C:\PROGRA~1\NORTON~1\tpShell.dll = C:\PROGRA~1\NORTON~1\tpShell.dll
@{F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} /*Shell extension for Norton backup*/C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll = C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll
@{72853161-30C5-4D22-B7F9-0BBC1D38A37E} /*Groove GFS Browser Helper*/C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
@{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} /*Groove GFS Explorer Bar*/C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
@{A449600E-1DC6-4232-B948-9BD794D62056} /*Groove GFS Stub Icon Handler*/C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
@{B5A7F190-DDA6-4420-B3BA-52453494E6CD} /*Groove GFS Stub Execution Hook*/C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
@{6C467336-8281-4E60-8204-430CED96822D} /*Groove GFS Context Menu Handler*/C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
@{387E725D-DC16-4D76-B310-2C93ED4752A0} /*Groove XML Icon Handler*/C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
@{16F3DD56-1AF5-4347-846D-7C10C4192619} /*Groove Explorer Icon Overlay 3 (GFS Folder)*/C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
@{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} /*Groove Explorer Icon Overlay 2 (GFS Stub)*/C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
@{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} /*Groove Explorer Icon Overlay 4 (GFS Unread Mark)*/C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
@{99FD978C-D287-4F50-827F-B2C658EDA8E7} /*Groove Explorer Icon Overlay 1 (GFS Unread Stub)*/C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
@{920E6DB1-9907-4370-B3A0-BAFC03D81399} /*Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)*/C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Office Outlook Custom Icon Handler*/C:\PROGRA~1\MICROS~3\Office12\OLKFSTUB.DLL = C:\PROGRA~1\MICROS~3\Office12\OLKFSTUB.DLL
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Program Files\WinRAR\rarext.dll = C:\Program Files\WinRAR\rarext.dll
@{FFB699E0-306A-11d3-8BD1-00104B6F7516} /*Play on my TV helper*/C:\Windows\system32\nvcpl.dll = C:\Windows\system32\nvcpl.dll
@{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} /*iTunes*/C:\Program Files\iTunes\iTunesMiniPlayer.dll = C:\Program Files\iTunes\iTunesMiniPlayer.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
BUContextMenu@{F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} = C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll
TPContextMenu@{A40526DD-F152-4C1D-844C-CE668D29B77E} = C:\PROGRA~1\NORTON~1\tpShell.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
XXX Groove GFS Context Menu Handler XXX@{6C467336-8281-4E60-8204-430CED96822D} = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
XXX Groove GFS Context Menu Handler XXX@{6C467336-8281-4E60-8204-430CED96822D} = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
BUContextMenu@{F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} = C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll
TPContextMenu@{A40526DD-F152-4C1D-844C-CE668D29B77E} = C:\PROGRA~1\NORTON~1\tpShell.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
XXX Groove GFS Context Menu Handler XXX@{6C467336-8281-4E60-8204-430CED96822D} = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll = C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
@{6D53EC84-6AAE-4787-AEEE-F4628F01010C}C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll = C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
@{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}C:\Program Files\Java\jre6\bin\ssv.dll = C:\Program Files\Java\jre6\bin\ssv.dll
@{DBC80044-A445-435b-BC74-9C25C1C588A9}C:\Program Files\Java\jre6\bin\jp2ssv.dll = C:\Program Files\Java\jre6\bin\jp2ssv.dll

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://go.microsoft.com/fwlink/?LinkId=69157 = http://go.microsoft.com/fwlink/?LinkId=69157
@Start Pagehttp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=it_it&c=81&bd=Pavilion&pf=laptop = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=it_it&c=81&bd=Pavilion&pf=laptop
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.google.it/ = http://www.google.it/
@Local PageC:\Windows\system32\blank.htm = C:\Windows\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Filter\text/xml@CLSID = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = C:\Windows\System32\msvidctl.dll
grooveLocalGWS@CLSID = C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
its@CLSID = %SystemRoot%\System32\itss.dll
livecall@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
ms-help@CLSID = C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
ms-its@CLSID = %SystemRoot%\System32\itss.dll
ms-itss@CLSID = C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
msnim@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
skype4com@CLSID = C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
tv@CLSID = C:\Windows\System32\msvidctl.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ >>>
000000000001@LibraryPath = %SystemRoot%\system32\NLAapi.dll
000000000002@LibraryPath = %SystemRoot%\system32\napinsp.dll
000000000003@LibraryPath = %SystemRoot%\system32\pnrpnsp.dll
000000000004@LibraryPath = %SystemRoot%\system32\pnrpnsp.dll
000000000005@LibraryPath = %SystemRoot%\system32\wshbth.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000008@LibraryPath = C:\Program Files\Bonjour\mdnsNSP.dll

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup = BTTray.lnk

---- EOF - GMER 1.0.14 ----

Thanks,

Andrea

 

Hi Andrea
OK those files in Nortons quarantine folder are no threat.

The GMER log is clean.

Delete the CFScript you have on your Desktop.

Highlight and copy the contents of the code box below and paste it into a blank Notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)

Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button.
Click here to see how to use CFScript.txt
Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

Code:

KillAll::

Folder::
c:\users\andrea\appdata\local\temp\low 

Please post the Combofix log and run another scan with Norton to see if it gives you the Virus warning.

Thanks

 

Here is the Combofix log:

ComboFix 08-12-07.04 - Andrea 2008-12-09 13.02.51.5 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1040.18.1816 [GMT 0:00]
Eseguito da: c:\users\Andrea\Desktop\ComboFix.exe
Interruttori di comando utilizzati :: c:\users\Andrea\Desktop\CFScript.txt
* Creato nuovo punto di ripristino
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\andrea\appdata\local\temp\low

.
((((((((((((((((((((((((( Files Creati Da 2008-11-09 al 2008-12-09 )))))))))))))))))))))))))))))))))))
.

2008-12-08 16:28 . 2008-12-08 16:28 250 --a------ c:\windows\gmer.ini
2008-12-05 23:03 . 2008-12-05 23:04 <DIR> d-------- c:\program files\iTunes
2008-12-05 23:03 . 2008-12-05 23:03 <DIR> d-------- c:\program files\iPod
2008-12-05 23:02 . 2008-12-05 23:02 <DIR> d-------- c:\program files\QuickTime
2008-12-05 10:25 . 2008-12-05 10:25 410,984 --a------ c:\windows\System32\deploytk.dll
2008-12-01 10:29 . 2008-12-01 10:29 <DIR> d-------- c:\windows\Sun
2008-11-26 13:21 . 2008-11-26 13:21 <DIR> d-------- c:\program files\trend micro
2008-11-26 09:30 . 2008-10-21 05:25 1,645,568 --a------ c:\windows\System32\connect.dll
2008-11-26 09:30 . 2008-08-28 03:40 712,704 --a------ c:\windows\System32\WindowsCodecs.dll
2008-11-26 09:30 . 2008-08-28 03:40 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
2008-11-26 09:30 . 2008-08-28 03:40 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll
2008-11-26 09:30 . 2008-10-22 03:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
2008-11-22 13:02 . 2008-11-22 13:02 <DIR> d-------- c:\users\All Users\Sports Interactive
2008-11-22 13:02 . 2008-11-22 13:02 <DIR> d-------- c:\programdata\Sports Interactive
2008-11-22 12:12 . 2008-11-22 12:15 <DIR> d--h----- c:\program files\Zero G Registry
2008-11-22 12:12 . 2008-11-22 12:12 <DIR> d-------- c:\program files\Sports Interactive
2008-11-22 12:10 . 2008-11-22 12:10 <DIR> d--h----- c:\users\Andrea\InstallAnywhere
2008-11-22 12:09 . 2008-11-22 13:02 <DIR> d-------- c:\users\Andrea\AppData\Roaming\Sports Interactive
2008-11-22 11:34 . 2008-11-22 11:34 <DIR> d-------- c:\users\Public\CyberLink
2008-11-20 11:03 . 2008-10-16 21:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
2008-11-20 11:03 . 2008-10-16 20:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
2008-11-20 11:03 . 2008-10-16 21:12 561,688 --a------ c:\windows\System32\wuapi.dll
2008-11-20 11:03 . 2008-10-16 20:55 83,456 --a------ c:\windows\System32\wudriver.dll
2008-11-20 11:03 . 2008-10-16 21:09 51,224 --a------ c:\windows\System32\wuauclt.exe
2008-11-20 11:03 . 2008-10-16 21:09 43,544 --a------ c:\windows\System32\wups2.dll
2008-11-20 11:03 . 2008-10-16 21:08 34,328 --a------ c:\windows\System32\wups.dll
2008-11-20 11:02 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
2008-11-20 11:02 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe
2008-11-16 12:55 . 2008-11-16 12:55 <DIR> d-------- c:\users\All Users\WindowsSearch
2008-11-16 12:55 . 2008-11-16 12:55 <DIR> d-------- c:\programdata\WindowsSearch
2008-11-12 21:24 . 2008-09-05 05:14 1,191,936 --a------ c:\windows\System32\msxml3.dll
2008-11-12 10:27 . 2008-08-27 01:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-11-12 10:09 . 2008-09-10 03:40 1,334,272 --a------ c:\windows\System32\msxml6.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-09 12:59 --------- d-----w c:\users\Andrea\AppData\Roaming\Skype
2008-12-09 12:49 --------- d-----w c:\users\Andrea\AppData\Roaming\skypePM
2008-12-05 23:03 --------- d-----w c:\programdata\Apple Computer
2008-12-05 23:03 --------- d-----w c:\program files\Common Files\Apple
2008-12-05 22:52 --------- d-----w c:\program files\Safari
2008-12-05 10:24 --------- d-----w c:\program files\Java
2008-11-30 13:44 --------- d-----w c:\programdata\Symantec
2008-11-24 23:01 --------- d-----w c:\users\Andrea\AppData\Roaming\Apple Computer
2008-11-22 14:05 --------- d-----w c:\users\Andrea\AppData\Roaming\uTorrent
2008-11-22 11:34 --------- d-----w c:\users\Andrea\AppData\Roaming\CyberLink
2008-11-21 01:35 --------- d-----w c:\programdata\Microsoft Help
2008-11-08 19:00 27,934 ----a-w c:\users\All Users\nvModes.dat
2008-11-08 19:00 27,934 ----a-w c:\programdata\nvModes.dat
2008-11-04 19:10 --------- d-----w c:\program files\Norton 360
2008-11-01 02:36 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-11-01 01:40 --------- d-----w c:\program files\Bonjour
2008-10-26 14:20 --------- d-----w c:\program files\SopCast
2008-10-23 09:36 --------- d-----w c:\users\Andrea\AppData\Roaming\Winamp
2008-10-21 19:52 --------- d-----w c:\program files\Windows Mail
2008-10-21 19:52 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-02 03:49 827,392 ----a-w c:\windows\System32\wininet.dll
2008-09-30 16:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
2008-09-23 17:46 245,408 ----a-w c:\windows\System32\unicows.dll
2008-09-19 20:56 56 ---ha-w c:\users\All Users\ezsidmv.dat
2008-09-19 20:56 56 ---ha-w c:\programdata\ezsidmv.dat
2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe
2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe
2008-09-18 04:56 147,456 ----a-w c:\windows\System32\Faultrep.dll
2008-09-18 04:56 125,952 ----a-w c:\windows\System32\wersvc.dll
2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys
2008-09-12 14:26 27,430 ----a-w c:\users\Andrea\AppData\Roaming\nvModes.dat
2008-08-21 09:32 174 --sha-w c:\program files\desktop.ini
2008-07-18 14:30 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-07-18 14:30 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-07-18 14:30 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((( snapshot_2008-12-07_ 1.07.48.07 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-12-08 16:28:03 884,736 ----a-w c:\windows\gmer.dll
+ 2008-04-17 21:13:02 811,008 ----a-w c:\windows\gmer.exe
- 2008-12-07 01:00:42 495,768 ----a-w c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2008-12-09 13:05:50 495,768 ----a-w c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2008-12-07 01:01:39 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-12-09 13:06:43 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-12-07 01:01:39 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-12-09 13:06:43 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-12-07 01:02:29 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-12-09 13:08:15 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-12-09 13:08:15 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-12-07 01:02:32 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-12-09 13:08:15 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-12-09 13:08:15 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-12-07 01:02:25 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-12-09 13:08:02 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-12-07 01:02:25 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-12-09 13:08:02 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-12-07 01:02:25 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-12-09 13:08:02 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-12-07 00:56:56 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
+ 2008-12-09 13:02:17 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
+ 2008-12-09 13:02:17 262,144 ---ha-w c:\windows\System32\config\systemprofile\ntuser.dat.LOG1
+ 2008-12-08 16:28:03 85,969 ----a-w c:\windows\System32\drivers\gmer.sys
- 2008-12-06 20:41:53 102,094 ----a-w c:\windows\System32\perfc009.dat
+ 2008-12-09 12:43:55 102,094 ----a-w c:\windows\System32\perfc009.dat
- 2008-12-06 20:41:53 121,302 ----a-w c:\windows\System32\perfc010.dat
+ 2008-12-09 12:43:55 121,302 ----a-w c:\windows\System32\perfc010.dat
- 2008-12-06 20:41:53 590,082 ----a-w c:\windows\System32\perfh009.dat
+ 2008-12-09 12:43:55 590,082 ----a-w c:\windows\System32\perfh009.dat
- 2008-12-06 20:41:53 665,702 ----a-w c:\windows\System32\perfh010.dat
+ 2008-12-09 12:43:55 665,702 ----a-w c:\windows\System32\perfh010.dat
- 2008-12-06 20:37:37 9,226 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3847688692-4152713363-3580029657-1000_UserData.bin
+ 2008-12-09 12:49:58 9,528 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3847688692-4152713363-3580029657-1000_UserData.bin
- 2008-12-06 20:37:37 69,208 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-12-09 12:49:57 69,288 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-12-06 20:37:36 55,768 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-12-09 12:49:56 55,824 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
-- Snapshot per reimpostare la data corrente --
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayExcluded]
@= "{4433A54A-1AC8-432F-90FC-85F045CF383C} "
[HKEY_CLASSES_ROOT\CLSID\{4433A54A-1AC8-432F-90FC-85F045CF383C}]
2008-10-31 12:24 576352 --a------ c:\program files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayPending]
@= "{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} "
[HKEY_CLASSES_ROOT\CLSID\{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}]
2008-10-31 12:24 576352 --a------ c:\program files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayProtected]
@= "{476D0EA3-80F9-48B5-B70B-05E677C9C148} "
[HKEY_CLASSES_ROOT\CLSID\{476D0EA3-80F9-48B5-B70B-05E677C9C148}]
2008-10-31 12:24 576352 --a------ c:\program files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar "= "c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"HPAdvisor "= "c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-10-01 1783136]
"msnmsgr "= "c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"Skype "= "c:\program files\Skype\Phone\Skype.exe" [2008-08-11 21741864]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-09-19 171448]
"WMPNSCFG "= "c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart "= "c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"SMSERIAL "= "c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-17 634880]
"IAAnotif "= "c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-07-25 174616]
"QPService "= "c:\program files\HP\QuickPlay\QPService.exe" [2007-09-30 181544]
"QlbCtrl "= "c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 202032]
"OnScreenDisplay "= "c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320]
"UCam_Menu "= "c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-16 218408]
"DpAgent "= "c:\program files\DigitalPersona\Bin\dpagent.exe" [2007-09-20 671744]
"HP Health Check Scheduler "= "c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-16 75008]
"hpWirelessAssistant "= "c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
"WAWifiMessage "= "c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
"SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2008-12-05 136600]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"HP Software Update "= "c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"ccApp "= "c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck "= "c:\program files\Norton 360\osCheck.exe" [2008-02-26 988512]
"GrooveMonitor "= "c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2008-02-27 13515296]
"NvMediaCenter "= "c:\windows\system32\NvMcTray.dll" [2008-02-27 92704]
"WinampAgent "= "c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"AppleSyncNotifier "= "c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"RtHDVCpl "= "RtHDVCpl.exe" [2007-08-17 c:\windows\RtHDVCpl.exe]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-09-05 727592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle "= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codecp "= l3codecp.acm
"msacm.ac3filter "= ac3filter.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli DPPWDFLT

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify "=dword:00000001
"InternetSettingsDisableNotify "=dword:00000001
"AutoUpdateDisableNotify "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{BE5CB95E-15FE-4DB5-8055-3157AE0E9E62} "= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{05CE7D63-7495-4A61-B40C-6DC4B9416462} "= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{F6002459-7A3D-4987-9BE4-78B32F094782} "= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{ED1C852A-BADE-4FEE-BAEA-B01950884028} "= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{3756E150-427E-4359-BB6B-A8EAD5D8F96B} "= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{CD8B517D-9315-4364-B1EC-D98DDD90DAD8} "= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{C3654786-6B00-49E4-A6D4-C21D9BD1252F} "= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{409F11E6-68B4-4BAE-8FD7-A16C75E98266} "= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{5FDC5AD2-5A92-4CFE-A77E-2D22307FA3C7} "= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{73C67D72-0648-4FB2-A668-4970CE8AAC85} "= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{177B0AA7-EF6E-429B-8AD1-42C5F6A9D14A} "= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{07C1E7E8-6318-460B-AF52-8442EEB226A7} "= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{5C337674-7D53-4B51-BE5B-5613F691E132} "= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{3DB470D3-1BDF-4E80-A31F-0D924F3A7B1D} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{50EAE21D-E782-41FB-B702-E8953CD7E974} "= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{8AF2D1B7-8893-4049-A1E1-D61D1880C793} "= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{2773BC92-04A7-447D-8C40-6690064304F5} "= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{83CCB2A4-73BE-44ED-B94C-0D7F4D8FA089} "= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{CA792990-0BCE-4ABD-A3A6-BA53A6E2D056} "= UDP:c:\program files\Sports Interactive\Football Manager 2009\fm.exe:Football Manager 2009
"{36DB4C67-F1A9-482D-9AB1-31114F882BA3} "= TCP:c:\program files\Sports Interactive\Football Manager 2009\fm.exe:Football Manager 2009
"{FC7789F9-0E7D-4F82-93FC-48DFB8AFE36E} "= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{CBEA9BE5-2308-49D0-AA51-91E5E8F0C922} "= TCP:c:\program files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall "= 0 (0x0)

R1 IDSvix86;Symantec Intrusion Prevention Driver;\??\c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20081204.003\IDSvix86.sys [2008-12-06 270384]
R2 {22D78859-9CE9-4B77-BF18-AC83E81A9263};{22D78859-9CE9-4B77-BF18-AC83E81A9263};\??\c:\program files\HP\QuickPlay\000.fcl [2008-04-27 09:54:12 39408]
R2 LiveUpdate Notice;LiveUpdate Notice; "c:\program files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [2008-02-18 149352]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-09-09 99376]
R3 SYMNDISV;SYMNDISV;c:\windows\system32\Drivers\SYMNDISV.SYS [2008-06-13 41008]
S3 COH_Mon;COH_Mon;\??\c:\windows\system32\Drivers\COH_Mon.sys [2008-01-12 23888]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

*Newly Created Service* - COMHOST
.
Contenuto della cartella 'Scheduled Tasks'

2008-10-13 c:\windows\Tasks\Norton Internet Security - Scansione completa sistema - Andrea.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe []

2008-12-09 c:\windows\Tasks\User_Feed_Synchronization-{1CE36BC5-6E03-48BE-971A-513F13BF5A34}.job
- c:\windows\system32\msfeedssync.exe [2008-01-19 07:33]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-09 13:08:17
Windows 6.0.6001 Service Pack 1 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...


c:\users\Andrea\AppData\Local\Temp\MUI
c:\users\Andrea\AppData\Local\Temp\MUI\CyberLink YouCam

Scansione completata con successo
Files nascosti: 2

**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'lsass.exe'(736)
c:\windows\system32\DPPWDFLT.dll

- - - - - - - > 'Explorer.exe'(5132)
c:\program files\DigitalPersona\Bin\DpoFeedb.dll
c:\windows\system32\btmmhook.dll
c:\program files\Hewlett-Packard\HP Advisor\Pillars\Market\MLDeskBand.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\program files\DigitalPersona\Bin\DpHostW.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Hp\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files\Hp\QuickPlay\Kernel\TV\QPSched.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\conime.exe
c:\windows\System32\rundll32.exe
c:\program files\Synaptics\SynTP\SynTPEnh.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\program files\WIDCOMM\Bluetooth Software\BTStackServer.exe
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\MSN Messenger\usnsvc.exe
c:\windows\System32\dllhost.exe
.
**************************************************************************
.
Ora fine scansione: 2008-12-09 13:14:06 - macchina è stato riavviato
ComboFix-quarantined-files.txt 2008-12-09 13:14:00
ComboFix2.txt 2008-12-07 01:08:30
ComboFix3.txt 2008-12-05 01:51:11

Pre-Run: 167.622.750.208 byte disponibili
Post-Run: 167,919,120,384 byte disponibili

296 --- E O F --- 2008-11-26 15:31:24

I have run several fast scans with Norton (like 7 or 8) and only one (the 2nd) has detected a threat. ALL THE OTHER SCANS HAVEN'T DETECTED ANYTHING, whereas before deleting that folder with Combofix Norton used to tell me that a threat had been detected and eliminated. Maybe that 2nd scan was just an error or something like that; anyway, I will try to run some other fast scans just to double-check. I have also run a more accurate scan and it hasn't detected anything.

Thank you,

Andrea

 

Hi Andrea
OK that's good.

Lets delete Combofix and GMER.

Click Start > Run in the run box copy and paste or type ComboFix /u then hit Enter to uninstall ComboFix and remove the files/folders it created. This action will also reset the System Restore points, removing any infected files there as well.
Please check and verify that C:\Qoobox and C:\ComboFix folders were removed, as well as the C:\ComboFix.txt file. If they weren't please delete them manually.

Delete GMER and these files from your Desktop gmerautos.txt and gmerrk.txt.

Let me know if you have any other warnings, then we can finish up.

Thanks
Geri

 

Hi Geri,

ok I've deleted everything. I had to remove manually C:\ComboFix and C:\ComboFix.txt. When I search for them with Windows Search they still appear; however, when I click on them I get a message telling me that it's impossible to find the file.
I have run several other fast scans: only one has detected a threat, all the other 9-10 scans have told me no virus/spyware had been detected.

Thanks,

Andrea

 

Hi Andrea
OK That's good to hear.

Please look at this link for some preventive recommendations, It could keep you from ending up back here to the Malware and Virus Removal Forums.
http://www.windowsbbs.com/showthread.php?t=67958

I'll mark this one resolved.

Surf Safely
Geri

 

Thank you very much for all your help!

Andrea