PDA

View Full Version : Rootkits..


jackles
20-06-09, 11:11
I picked up on of these babies yesterday. I realised straight away as it knocked my avast! gui out so I scanned with avast! anti-rootkit which picked it up and then scanned with avast (which showed nothing) and then scanned with Advanced System care 3 which showed up a trojan which it killed for me. Now the system is showing up clean as I have run scans through it today. How can I be sure that the system has nothing nasty lurking?

dox online
20-06-09, 11:47
Run a scan with gmer anti-rootkit (http://www.gmer.net/), then run a scan with avira anti rootkit (http://www.free-av.com/en/products/4/avira_antirootkit_tool.html), then post the results of both, do NOT delete anything at this point. Just post the results.

jackles
20-06-09, 14:06
I am going to sound difficult now...ran the GMER one and it is a pretty big thing to post...however there was nothing that came up as 'red' or 'hidden'. I can still post it, just worried it is going to be very big!

The second one I had real problems trying to get running. :o

TRfan23
20-06-09, 14:46
I am going to sound difficult now...ran the GMER one and it is a pretty big thing to post...however there was nothing that came up as 'red' or 'hidden'. I can still post it, just worried it is going to be very big!

The second one I had real problems trying to get running. :o

Post it in the ['code] [/code] tags :) Should have a scroll bar within it when you post it :)

Also with the second one I can only assume you need to install Avira itself to run that setup?

jackles
20-06-09, 14:53
this is going to feel like you guys looking in my underwear drawer!!




GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-06-20 14:34:01
Windows 6.0.6001 Service Pack 1


---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[5012] USER32.dll!DialogBoxIndirectParamW 76AABD25 5 Bytes JMP 6EF05BD3 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5012] USER32.dll!DialogBoxParamW 76AC1FD5 5 Bytes JMP 6EF05B5D C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5012] USER32.dll!DialogBoxParamA 76AE80B2 5 Bytes JMP 6EF05B98 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5012] USER32.dll!DialogBoxIndirectParamA 76AE83DD 5 Bytes JMP 6EF05C0E C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5012] USER32.dll!MessageBoxIndirectA 76AFD471 5 Bytes JMP 6EF05B19 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5012] USER32.dll!MessageBoxIndirectW 76AFD56B 5 Bytes JMP 6EF05AD5 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5012] USER32.dll!MessageBoxExA 76AFD5D1 5 Bytes JMP 6EF05A9B C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5012] USER32.dll!MessageBoxExW 76AFD5F5 5 Bytes JMP 6EF05A61 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5012] SHELL32.dll!SHCloneSpecialIDList + 2BD 75EC6044 4 Bytes [99, 0B, EC, 70]
.text C:\Program Files\Internet Explorer\iexplore.exe[5012] SHELL32.dll!SHCloneSpecialIDList + 2C5 75EC604C 2 Bytes [A7, 0A]
.text C:\Program Files\Internet Explorer\iexplore.exe[5012] SHELL32.dll!SHCloneSpecialIDList + 2C8 75EC604F 1 Byte [70]
.text C:\Program Files\Internet Explorer\iexplore.exe[5012] SHELL32.dll!SHCloneSpecialIDList + 1695 75EC741C 4 Bytes [99, 0B, EC, 70]
.text C:\Program Files\Internet Explorer\iexplore.exe[5012] SHELL32.dll!SHCloneSpecialIDList + 169D 75EC7424 4 Bytes [A7, 0A, EC, 70]
.text C:\Program Files\Internet Explorer\iexplore.exe[5012] SHELL32.dll!SHRestricted + DFD 75EF8390 4 Bytes [99, 0B, EC, 70]
.text C:\Program Files\Internet Explorer\iexplore.exe[5012] SHELL32.dll!SHRestricted + E05 75EF8398 8 Bytes [A7, 0A, EC, 70, A4, 32, EB, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[5012] SHELL32.dll!SHRestricted + FB1 75EF8544 4 Bytes [99, 0B, EC, 70]
.text C:\Program Files\Internet Explorer\iexplore.exe[5012] SHELL32.dll!SHRestricted + FB9 75EF854C 4 Bytes [A7, 0A, EC, 70]
.text C:\Program Files\Internet Explorer\iexplore.exe[5012] SHELL32.dll!ILFree + 5F3 75EF9AFC 4 Bytes [99, 0B, EC, 70]
.text C:\Program Files\Internet Explorer\iexplore.exe[5012] SHELL32.dll!ILFree + 5FB 75EF9B04 4 Bytes [A7, 0A, EC, 70]
.text C:\Program Files\Internet Explorer\iexplore.exe[5012] SHELL32.dll!SHBindToObject + 693 75EFA9B8 4 Bytes [99, 0B, EC, 70]
.text C:\Program Files\Internet Explorer\iexplore.exe[5012] SHELL32.dll!SHBindToObject + 69B 75EFA9C0 4 Bytes [A7, 0A, EC, 70]
.text C:\Program Files\Internet Explorer\iexplore.exe[5012] SHELL32.dll!SHCoCreateInstance + 1B7 75EFBD08 4 Bytes [99, 0B, EC, 70]
.text C:\Program Files\Internet Explorer\iexplore.exe[5012] SHELL32.dll!SHCoCreateInstance + 1BF 75EFBD10 2 Bytes [A7, 0A]
.text C:\Program Files\Internet Explorer\iexplore.exe[5012] SHELL32.dll!SHCoCreateInstance + 1C2 75EFBD13 1 Byte [70]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\system32\services.exe[652] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00130002
IAT C:\Windows\system32\services.exe[652] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 00130000
IAT C:\Windows\Explorer.EXE[1940] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74537BA4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c1322 2\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1940] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [745798C5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c1322 2\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1940] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7453D3C8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c1322 2\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1940] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7452F527] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c1322 2\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1940] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74537599] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c1322 2\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1940] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7452E43D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c1322 2\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1940] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [7456B33D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c1322 2\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1940] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7453D68A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c1322 2\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1940] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7453012E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c1322 2\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1940] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [74530095] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c1322 2\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1940] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [745271F3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c1322 2\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1940] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [745BD802] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c1322 2\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1940] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [745575E1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c1322 2\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1940] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7452DAE1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c1322 2\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1940] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [7452668F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c1322 2\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1940] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [745266BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c1322 2\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1940] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74531E45] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c1322 2\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [70EAD537] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [70EAD09C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CopyFileW] [70EAB6A1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [70EAD221] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CreateFileW] [70EABD1B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SearchPathW] [70EAF233] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!DeleteFileW] [70EAC301] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SearchPathW] [70EAF233] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [70EAD537] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CopyFileW] [70EAB6A1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!MoveFileW] [70EADE50] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!DeleteFileW] [70EAC301] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetCurrentDirectoryW] [70EAF49D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindClose] [70EB0D4C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindNextFileW] [70EAFC09] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindFirstFileW] [70EB02A5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [70EAD09C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateFileW] [70EABD1B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!WritePrivateProfileStringW] [70EAB114] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [70EAD221] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetPrivateProfileStringW] [70EAA970] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegQueryInfoKeyW] [70EBDB0F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegEnumValueW] [70EBE479] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegOpenKeyExW] [70EBCB9D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegQueryValueExW] [70EBD773] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegDeleteKeyW] [70EBCEA5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegCreateKeyExW] [70EBC625] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegCloseKey] [70EBCD09] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindClose] [70EB0D4C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindFirstFileA] [70EAFF42] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindNextFileA] [70EAFB96] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindFirstFileW] [70EB02A5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindNextFileW] [70EAFC09] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetFileAttributesA] [70EA89D0] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetCurrentDirectoryA] [70EAEBFB] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetFileAttributesA] [70EA8C26] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateDirectoryA] [70EAE3CB] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!RemoveDirectoryA] [70EAE9A5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!DeleteFileA] [70EAC1D6] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetFileAttributesW] [70EA8AFB] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetCurrentDirectoryW] [70EAF49D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetFileAttributesW] [70EA8D54] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateDirectoryW] [70EAE4F9] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!DeleteFileW] [70EAC301] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!MoveFileW] [70EADE50] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!RemoveDirectoryW] [70EAEAD0] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!MoveFileA] [70EADDDD] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [70EAD09C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateFileA] [70EABBD2] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateFileW] [70EABD1B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryW] [70EAD221] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [70EAD221] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!ReplaceFileW] [70EAE151] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!WritePrivateProfileStringW] [70EAB114] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringW] [70EAA970] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringA] [70EAA819] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!DeleteFileW] [70EAC301] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [70EAD537] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesW] [70EA8D54] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [70EABD1B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileW] [70EB02A5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileW] [70EAFC09] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathW] [70EAF233] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesW] [70EA8AFB] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesA] [70EA8C26] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] [70EABBD2] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileA] [70EAFF42] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileA] [70EAFB96] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindClose] [70EB0D4C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathA] [70EAEFA8] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesA] [70EA89D0] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [70EAD09C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!WinHelpW] [70EACF65] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!WinHelpA] [70EACE2E] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCloseKey] [70EBCD09] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExA] [70EBC49D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteKeyA] [70EBCD5C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryInfoKeyA] [70EBD913] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExA] [70EBCA25] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExW] [70EBC625] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExW] [70EBCB9D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyExW] [70EBE169] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueW] [70EBD437] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteKeyW] [70EBCEA5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryInfoKeyW] [70EBDB0F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExW] [70EBD773] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumValueW] [70EBE479] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyW] [70EBDE75] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyExA] [70EBDFE1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumValueA] [70EBE2F1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyA] [70EBDD0B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExA] [70EBD5D3] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionW] [70EAA460] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindNextFileW] [70EAFC09] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!ReplaceFileW] [70EAE151] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionNamesW] [70EAA6E2] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileSectionW] [70EAAE92] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileStringW] [70EAB114] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateHardLinkW] [70EAC023] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CopyFileW] [70EAB6A1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetBinaryTypeW] [70EA9700] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [70EAD537] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileW] [70EADE50] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindFirstFileW] [70EB02A5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindClose] [70EB0D4C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetShortPathNameA] [70EA9362] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesA] [70EA89D0] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SearchPathW] [70EAF233] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileIntW] [70EAA1D8] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileStringW] [70EAA970] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!RemoveDirectoryW] [70EAEAD0] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateDirectoryW] [70EAE4F9] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!DeleteFileW] [70EAC301] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetFileAttributesW] [70EA8D54] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesW] [70EA8AFB] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW] [70EADE75] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetShortPathNameW] [70EA94A1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [70EAD221] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] [70EABD1B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesExW] [70EA8FC1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [70EAD09C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetLongPathNameW] [70EA9231] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetCurrentDirectoryW] [70EAF49D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\SHELL32.dll [USER32.dll!LoadImageW] [70EAC58B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\SHELL32.dll [USER32.dll!WinHelpW] [70EACF65] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\SHELL32.dll [USER32.dll!PrivateExtractIconsW] [70EACA80] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyExW] [70EBCB9D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegCreateKeyExW] [70EBC625] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegEnumKeyW] [70EBDE75] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegEnumValueW] [70EBE479] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegDeleteKeyW] [70EBCEA5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryInfoKeyW] [70EBDB0F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryInfoKeyA] [70EBD913] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegEnumKeyExW] [70EBE169] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegSetValueW] [70EBD13F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryValueExW] [70EBD773] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryValueW] [70EBD437] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyW] [70EBC8E9] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegCreateKeyW] [70EBC35D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryValueExA] [70EBD5D3] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyExA] [70EBCA25] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegCloseKey] [70EBCD09] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtQueryDirectoryFile] [70EB91AC] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FindClose] [70EB0D4C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FindFirstFileW] [70EB02A5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [70EAD537] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!SearchPathW] [70EAF233] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!DeleteFileW] [70EAC301] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetShortPathNameW] [70EA94A1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileAttributesExW] [70EA8FC1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateFileW] [70EABD1B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [70EAD221] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileAttributesW] [70EA8AFB] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [70EAD09C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegSetValueW] [70EBD13F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueA] [6FD37C75] C:\Windows\AppPatch\AcSpecfc.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegEnumKeyExW] [70EBE169] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegEnumValueW] [70EBE479] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegEnumKeyA] [70EBDD0B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegDeleteKeyA] [70EBCD5C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryInfoKeyW] [70EBDB0F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryInfoKeyA] [70EBD913] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueW] [70EBD437] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegEnumKeyW] [70EBDE75] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegCloseKey] [70EBCD09] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueExW] [70EBD773] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyExW] [70EBCB9D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegDeleteKeyW] [70EBCEA5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegCreateKeyExW] [70EBC625] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueExA] [70EBD5D3] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyExA] [70EBCA25] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueW] [70EB5CFD] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueA] [70EB5C9F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathUnExpandEnvStringsA] [70EB4D95] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteKeyA] [70EB50AF] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteValueW] [70EB519F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathCreateFromUrlW] [70EB40A2] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueA] [70EB5357] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueA] [70EB619F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueW] [70EB53B2] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueW] [70EB61FA] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5012] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathCombineW] [70EB3FFB] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- Files - GMER 1.0.15 ----

File C:\Windows\SoftwareDistribution\DataStore\Logs\tmp .edb 0 bytes

---- EOF - GMER 1.0.15 ----



oh dear still looks enormous!



Hmmm might have to look at the second one again. Won't it interfere with my avast?

EscondeR
20-06-09, 22:55
It seems clean, Jackie :) But run ARDiag.exe (http://www.tombraiderhub.com/download/ardiag.exe) and post the report also.

BTW, are you limited to a free antivirus solution? If not, then I recommend you to upgrade to Kaspersky Antivirus 2009 or Kaspersky Antivirus for Windows File Servers (depend on budget you're ready to spend on it).

You can use a free AVZ (http://www.softpedia.com/get/Antivirus/AVZ-Antiviral-Toolkit.shtml) antivirus also - powerful enough :tmb:

jackles
21-06-09, 13:05
*crosses fingers that she has uprooted the bad thing*

Copy the following text and paste it to your report AS IS!!!

---------------------------------------------------------------
AutoRuns Diagnostics for TRF v 0.5 Developed by EscondeR
---------------------------------------------------------------



Program:
"Provides automatic updating for the avast! antivirus."
Publisher:
"(Verified) ALWIL Software"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
aswUpdSv
Program path & name:
"c:\program files\alwil software\avast4\aswupdsv.exe"
Enabled: [V]


Program:
"Manages and implements avast! antivirus services for this computer. This includes the resident protection
Publisher:
the virus chest and the scheduler."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
avast! Antivirus
Program path & name:
"(Verified) ALWIL Software""c:\program files\alwil software\avast4\ashserv.exe"
Enabled: [V]


Program:
"This service detects and monitors CUE devices on the system."
Publisher:
"(Not verified) Hewlett-Packard Co."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
hpqddsvc
Program path & name:
"c:\program files\hp\digital imaging\bin\hpqddsvc.dll"
Enabled: [V]


Program:
"Delivery Manager Service"
Publisher:
"(Verified) Kontiki Inc"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
KService
Program path & name:
"c:\program files\kontiki\kservice.exe"
Enabled: [V]


Program:
"Dot4Net Module"
Publisher:
"(Not verified) Hewlett-Packard"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
Net Driver HPZ12
Program path & name:
"c:\windows\system32\hpzinw12.dll"
Enabled: [V]


Program:
"PmlDrv Module"
Publisher:
"(Not verified) Hewlett-Packard"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
Pml Driver HPZ12
Program path & name:
"c:\windows\system32\hpzipm12.dll"
Enabled: [V]


Program:
"Spybot-S&D Security Center integration"
Publisher:
"(Verified) Safer Networking Ltd."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
SBSDWSCService
Program path & name:
"c:\program files\spybot - search & destroy\sdwinsec.exe"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
aswArKrn
Program path & name:
File not found: C:\Users\user\AppData\Local\Temp\aswArKrn.sys"
Enabled: [V]


Program:
"IP in IP Tunnel Driver"
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
IpInIp
Program path & name:
File not found: system32\DRIVERS\ipinip.sys"
Enabled: [V]


Program:
"IPX Traffic Filter Driver"
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
NwlnkFlt
Program path & name:
File not found: system32\DRIVERS\nwlnkflt.sys"
Enabled: [V]


Program:
"IPX Traffic Forwarder Driver"
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
NwlnkFwd
Program path & name:
File not found: system32\DRIVERS\nwlnkfwd.sys"
Enabled: [V]


Program:
"LanguageMonitor"
Publisher:
"(Not verified) Hewlett-Packard Company"
Entry path:
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monito rs
Entry name:
LIDIL hpzll4v2
Program path & name:
"c:\windows\system32\hpzll4v2.dll"
Enabled: [V]


Program:
"LaunchAp MFC Application"
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
LaunchAp
Program path & name:
c:\program files\launch manager\launchap.exe"
Enabled: [V]


Program:
"HotkeyApp"
Publisher:
"(Not verified) Wistron"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
HotkeyApp
Program path & name:
"c:\program files\launch manager\hotkeyapp.exe"
Enabled: [V]


Program:
"OSD MFC Application"
Publisher:
"(Not verified) Wistron Corp."
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
LMgrVolOSD
Program path & name:
"c:\program files\launch manager\osd.exe"
Enabled: [V]


Program:
"OSD MFC Application"
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
LMgrOSD
Program path & name:
c:\program files\launch manager\osdctrl.exe"
Enabled: [V]


Program:
"WButton MFC Application"
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
Wbutton
Program path & name:
c:\program files\launch manager\wbutton.exe"
Enabled: [V]


Program:
"Hewlett-Packard Product Assistant"
Publisher:
"(Not verified) Hewlett-Packard Co."
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
HP Software Update
Program path & name:
"c:\program files\hp\hp software update\hpwuschd2.exe"
Enabled: [V]


Program:
"QuickTime Task"
Publisher:
"(Not verified) Apple Inc."
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
QuickTime Task
Program path & name:
"c:\program files\quicktime\qttask.exe"
Enabled: [V]


Program:
"Delivery Manager"
Publisher:
"(Verified) Kontiki Inc"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
kdx
Program path & name:
"c:\program files\kontiki\khost.exe"
Enabled: [V]


Program:
"avast! service GUI component"
Publisher:
"(Verified) ALWIL Software"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
avast!
Program path & name:
"c:\program files\alwil software\avast4\ashdisp.exe"
Enabled: [V]


Program:
"RealNetworks Scheduler"
Publisher:
"(Verified) RealNetworks Inc."
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
TkBellExe
Program path & name:
"c:\program files\common files\real\update_ob\realsched.exe"
Enabled: [V]


Program:
"Adobe Acrobat SpeedLauncher"
Publisher:
"(Verified) Adobe Systems Incorporated"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
Adobe Reader Speed Launcher
Program path & name:
"c:\program files\adobe\reader 9.0\reader\reader_sl.exe"
Enabled: [V]


Program:
"Java(TM) Platform SE binary"
Publisher:
"(Verified) Sun Microsystems Inc."
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
SunJavaUpdateSched
Program path & name:
"c:\program files\java\jre6\bin\jusched.exe"
Enabled: [V]


Program:
"Microsoft® InfoTech Storage System Library"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
ms-itss
Program path & name:
"c:\program files\common files\microsoft shared\information retrieval\msitss.dll"
Enabled: [V]


Program:
"Exif Launcher 2"
Publisher:
"(Not verified) FUJIFILM Corporation"
Entry path:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Entry name:
Exif Launcher S.lnk
Program path & name:
"c:\program files\finepixviewers\quickdcf2.exe"
Enabled: [V]


Program:
"HP Digital Imaging Monitor"
Publisher:
"(Verified) Hewlett Packard"
Entry path:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Entry name:
HP Digital Imaging Monitor.lnk
Program path & name:
"c:\program files\hp\digital imaging\bin\hpqtra08.exe"
Enabled: [V]


Program:
"Catalyst Control Centre: Host application"
Publisher:
"(Not verified) ATI Technologies Inc."
Entry path:
C:\Users\user\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Startup
Entry name:
CCC.lnk
Program path & name:
"c:\program files\ati technologies\ati.ace\core-static\ccc.exe"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
C:\Users\user\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Startup
Entry name:
desktop_minion4260671805.lnk
Program path & name:
c:\program files\codemasters overlord desktop minion\desktop_minion.exe"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Entry name:
StartCCC
Program path & name:
c:\program files\ati technologies\ati.ace\core-static\clistart.exe"
Enabled: [V]


Program:
"Delivery Manager"
Publisher:
"(Verified) Kontiki Inc"
Entry path:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Entry name:
kdx
Program path & name:
"c:\program files\kontiki\khost.exe"
Enabled: [V]


Program:
"Skype "
Publisher:
"(Verified) Skype Technologies SA"
Entry path:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Entry name:
Skype
Program path & name:
"c:\program files\skype\phone\skype.exe"
Enabled: [V]


Program:
"Advanced SystemCare 3"
Publisher:
"(Verified) IObit Information Technology"
Entry path:
Task Scheduler
Entry name:
AWC Startup.job
Program path & name:
"c:\program files\iobit\advanced systemcare 3\awc.exe"
Enabled: [V]


Program:
"Adobe PDF Helper for Internet Explorer"
Publisher:
"(Verified) Adobe Systems Incorporated"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
Adobe PDF Link Helper
Program path & name:
"c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll"
Enabled: [V]


Program:
"SBSD IE Protection"
Publisher:
"(Verified) Safer Networking Ltd."
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
Spybot-S&D IE Protection
Program path & name:
"c:\program files\spybot - search & destroy\sdhelper.dll"
Enabled: [V]


Program:
"Java(TM) Platform SE binary"
Publisher:
"(Not verified) Sun Microsystems Inc."
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
Java(tm) Plug-In 2 SSV Helper
Program path & name:
"c:\program files\java\jre6\bin\jp2ssv.dll"
Enabled: [V]


Program:
"ACE Context Menu"
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Catalyst Context Menu extension
Program path & name:
c:\program files\ati technologies\ati.ace\core-static\atiacmxx.dll"
Enabled: [V]


Program:
"avast! Shell Extension"
Publisher:
"(Verified) ALWIL Software"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
avast
Program path & name:
"c:\program files\alwil software\avast4\ashshell.dll"
Enabled: [V]


Program:
"RealPlayer Shell Extensions"
Publisher:
"(Verified) RealNetworks Inc."
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Shell Extensions for RealOne Player
Program path & name:
"c:\program files\real\realplayer\rpshell.dll"
Enabled: [V]


Program:
"PDF Shell Extension"
Publisher:
"(Verified) Adobe Systems Incorporated"
Entry path:
HKLM\Software\Classes\Folder\Shellex\ColumnHandler s
Entry name:
PDF Shell Extension
Program path & name:
"c:\program files\common files\adobe\acrobat\activex\pdfshell.dll"
Enabled: [V]




I am restricted to freebies Alex sadly. :o

TRfan23
21-06-09, 13:11
Program:
N/A
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
aswArKrn
Program path & name:
File not found: C:\Users\user\AppData\Local\Temp\aswArKrn.sys"
Enabled: [V]


Program:
"IP in IP Tunnel Driver"
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
IpInIp
Program path & name:
File not found: system32\DRIVERS\ipinip.sys"
Enabled: [V]


Program:
"IPX Traffic Filter Driver"
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
NwlnkFlt
Program path & name:
File not found: system32\DRIVERS\nwlnkflt.sys"
Enabled: [V]


Program:
"IPX Traffic Forwarder Driver"
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
NwlnkFwd
Program path & name:
File not found: system32\DRIVERS\nwlnkfwd.sys"
Enabled: [V]



You can kill/delete those, I'm pretty sure. Alex will have to help you with anything else if there is.

jackles
21-06-09, 13:13
*looks blank*


You guys will need to explain how I do that.

*goes pink with bimboness*

TRfan23
21-06-09, 13:47
*looks blank*


You guys will need to explain how I do that.

*goes pink with bimboness*

Oh sorry forgot the Autoruns download link (http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx). The downloads located on the right hand side.

http://i40.************/2ia4qbd.jpg

Once downloaded, I recommend you save the files inside the zip folder somewhere on your computer. Open up the 'autoruns.exe' file. You see all the files listed.

An example of mine.
http://i42.************/svmfsy.jpg

Now I recommend staying on the 'Everything' tab, as I don't know which tab is for each of those files I listed for you to kill. Find the 4 files, which you should easily find, as you can see on mine for GroupManager it says file not found, which should say the same to the files you find on there. So I must press the delete button and it'll ask if I want to delete it, press yes.

Edit- Don't forget to reboot/restart your computer after you've killed the entries, I hope you understand this :)

jackles
21-06-09, 14:15
Well I will give it my best shot!!

I am learning stuff today!! wooohooo!!


:)



Arrrgh!! It won't let me run as administrator so I can't delete anything!! any ideas how I can do that!


Ah I sussed it I think........

TRfan23
21-06-09, 14:27
Well I will give it my best shot!!

I am learning stuff today!! wooohooo!!


:)



Arrrgh!! It won't let me run as administrator so I can't delete anything!! any ideas how I can do that!


Ah I sussed it I think........

Right click on the autorun program and click run as administrator. If that doesn't work then you might need to do the enable Administrator technique (http://www.tombraiderwiki.com/index.php/Administrator). Which from then on you'll need EscondeR's help :(

When you say you've sussed it, I presume you've figured it out?

jackles
21-06-09, 14:30
Yeah I closed it and then went back to my docs with the Autorun folders in and right clicked on the files and 'run as administrator'. Hopefully it will let me delete as I found the files now. Keep fingers crossed. :D






Yay! Done those. :D

TRfan23
21-06-09, 15:13
Yeah I closed it and then went back to my docs with the Autorun folders in and right clicked on the files and 'run as administrator'. Hopefully it will let me delete as I found the files now. Keep fingers crossed. :D






Yay! Done those. :D

Good, and have you restarted your computer? Now all you need to do is see what Alex has to say next, if there's anything else on that autorun list (http://www.tombraiderforums.com/showpost.php?p=3738088&postcount=7) of yours that can be disabled, but not killed...

dox online
21-06-09, 18:05
Hmmm might have to look at the second one again. Won't it interfere with my avast?

Shouldn't do.
BTW: Are you on vista? If you are then do you have UAC disabled? If you do then enable it, UAC is very good rootkit protection.
PS: For a free antivirus, use Avira Antivir Personal - Free Antivirus (http://www.free-av.com/)

EscondeR
24-06-09, 05:17
Do not forget to download:

You can use a free AVZ (http://www.softpedia.com/get/Antivirus/AVZ-Antiviral-Toolkit.shtml) antivirus also - powerful enough :tmb:(Perfect rootkit killer)

And run full system scan with it.

-- Edit --
Now all you need to do is see what EscondeR has to say next, if there's anything else on that autorun list (http://www.tombraiderforums.com/showpost.php?p=3738088&postcount=7) of yours that can be disabled, but not killed...

About those I can say you may safely kill this one (you can update manually when necessary):

Program:
"QuickTime Task"
Publisher:
"(Not verified) Apple Inc."
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
QuickTime Task
Program path & name:
"c:\program files\quicktime\qttask.exe"
Enabled: [V]

dox online
26-06-09, 12:44
@EscondeR Does Kaspersky AVZ have an on access scanner? (Real time protection)

EscondeR
26-06-09, 16:53
Nope. It's a cleaner, not a "floodgate" :)

BTW, Avira and Avast have very crappy on-the-fly protection, e.g. don't stop the Kido/Confiker/Downadup infection at all.

TRfan23
26-06-09, 23:33
Nope. It's a cleaner, not a "floodgate" :)

BTW, Avira and Avast have very crappy on-the-fly protection, e.g. don't stop the Kido/Confiker/Downadup infection at all.

At least they're better then the resource hog Norton ;) Is that actually the worst Anti-viral software?

EscondeR
27-06-09, 08:15
^ Only McAffee competes ;)

dox online
27-06-09, 14:54
^ Only McAffee competes ;)
Norton is a little better now, Mcafee seems to get worse each time it updates.
BTW avira is not crap! You're thinking of AVG!

EscondeR
27-06-09, 16:17
I'm not telling it's a crap, but on-the-fly protection is weak in both Avira and Avast!
AVG needs improvement of course, latest version is slow.

TRfan23
27-06-09, 16:20
^ Only McAffee competes ;)

That's actually quite funny as most places like my school have McAffee, and my part time job I got, have Norton...

EscondeR
27-06-09, 16:26
Fight with that miserable situation if you care :)

dox online
27-06-09, 16:26
I think McAfee have the market lead in enterprise products. The worst always attracts most as it seems. BTW EscondeR, AVG is very poor, it's linkscanner marks almost every website as safe!

EscondeR
27-06-09, 16:31
I'm estimating only intended functions not the crappy bloat-load ;) So in antiviruses I estimate AV functions, in firewall - filtering ones.

If we take Nero as the whole nowadays - it's a crap. If we have only Nero Burning Rom/Cover Designer/Tools installed, it's almost perfect :tmb:

TRfan23
27-06-09, 19:11
In relation to the topic, what are rootkits?

dox online
27-06-09, 19:20
In relation to the topic, what are rootkits?
Rootkits are a type of malicous software that embeds itself in the PC (Different types attach to different parts of the computer) and hides its presence (From the task manager and related tools) and often loads malicous software and may patch critical system files.
Good defence includes:
GeSWall (http://www.gentlesecurity.com/)
User Account Control
Sandboxie (http://www.sandboxie.com/)

TRfan23
27-06-09, 19:28
Okies thanks. Is that kinda linked to why Vista aready has UAC which asks you permission on opening a program? I've always disabled mine due to how annoying it is, and actually can cause issues on installing some programs.

dox online
27-06-09, 20:04
Okies thanks. Is that kinda linked to why Vista aready has UAC which asks you permission on opening a program? I've always disabled mine due to how annoying it is, and actually can cause issues on installing some programs.
The UAC is good protection as it runs applications with basic user rights and will ask to confirm administrative actions, therfore being able to track the high rights requirment that a rootkit has, and asking you whether you trust the program before the administritave action is done. Basicly it is like running a limited user account under the administrator account, disabling it lets any program do anything to the PC.

EscondeR
27-06-09, 20:12
Not to mention its extreme annoyance :whi: Because it can't hold all processes actually, most viruses/malware are written to foll UAC. IRL it just makes you bang your head agains walls in a couple of hours...
Better have a good AV and firewall... and use your head :)

TRfan23
27-06-09, 20:27
Not to mention its extreme annoyance :whi: Because it can't hold all processes actually, most viruses/malware are written to foll UAC. IRL it just makes you bang your head agains walls in a couple of hours...
Better have a good AV and firewall... and use your head :)

Yeh well oddly enough I seem to be an antiviral software myself lol. I seem to know whether I'm downloading a virus or not from the net, via a dodgy site. Dono how? Just can tell by design and looks and my senses, yet it's not all about looks. You can program software to look all flashy and beautiful, which most silly viral programs look, but not program a virus to attach to it ;)

Which is why I get annoyed when I ask my friends to review the programs I make, their response is "Oh but it could contain a virus, you never know" I reply but I didn't program a virus to it and no other program has conflicted with it at all, and that I've scanned the program. I go show them the results and then they go "but the virus could appear when you send me the program." - WTF!?... They think that viruses appear out of thin air :hea: :hea: :hea:

Another thing that ****es me off is when I tell my friends they should get CCleaner or TuneUp to fix their registry, or erase junk data, so their computers wouldn't be as so slow as they are... Their response is "Oh but I have Norton, AVG, McAfee, (or any other antiviral software...)" See the issue there, they think antiviral software is the same as registry cleaners :hea: :hea: :hea:

EscondeR
27-06-09, 20:36
^ You'll wonder... Some people still think that:

it's enough to put an infected media into a turned off PC to infect it
it's enough to infect one PC in a room where other PC stand NOT CONNECTED via network to infect all of them
etc cowpoo


:D

dox online
28-06-09, 09:48
^ You'll wonder... Some people still think that:

it's enough to put an infected media into a turned off PC to infect it
it's enough to infect one PC in a room where other PC stand NOT CONNECTED via network to infect all of them
etc cowpoo


:D
:vlol: Sounds so stupid.
@TRfan32 that is not enough to protect yourself from drive by downloads and legitimate files with malicious code injected into it. Even if you think malware is always 1.exe and load.coms. I currently use GeSWall with avira premium. Provides complete protection against malware.
PS: Registry cleaners are not recomended as they can prove to stop the PC working at all.

TRfan23
28-06-09, 12:54
@TRfan32 that is not enough to protect yourself from drive by downloads and legitimate files with malicious code injected into it. Even if you think malware is always 1.exe and load.coms. I currently use GeSWall with avira premium. Provides complete protection against malware.
PS: Registry cleaners are not recomended as they can prove to stop the PC working at all.

I have the free Avast home edition, and that tbh is all I want.

Yes but not all registry cleaners, but I know even the good ones can cause issues. Like my CCleaner wreaked my Avast at one point. If you install the skins for Avast, CCleaner scans the registry file for that skin as an invalid key, so if you remove it. It ****s up Avast and the program won't run, so I don't install the skins for Avast.

^ You'll wonder... Some people still think that:

it's enough to put an infected media into a turned off PC to infect it
it's enough to infect one PC in a room where other PC stand NOT CONNECTED via network to infect all of them
etc cowpoo


:D

I personally can't believe some people think that! Even my friends don't think as bad as that!