Flash disinfecter didn't seem to run as you described and I couldn't drag & drop the txt into combofix it remained on the desktop. The computer on the other hand seems to be running perfectly - no redirects, banner ads, icons for favourites are as they're meant to be and it's running a heck of a lot faster than it has for months.
Thanks very much for your help - here are the new logs.
ComboFix 09-01-11.04 - Gemma 2009-01-12 13:40:18.2 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1033.18.1790.1102 [GMT 0:00]
Running from: c:\users\Gemma\Desktop\ComboFix.exe
Command switches used :: c:\users\Gemma\Desktop\CFScript.txt
AV: Norton 360 *On-access scanning enabled* (Updated)
FW: Norton 360 *enabled*
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\LimeWire
c:\program files\LimeWire\aopalliance.pack
c:\program files\LimeWire\clink.pack
c:\program files\LimeWire\commons-codec-1.3.pack
c:\program files\LimeWire\commons-logging.pack
c:\program files\LimeWire\commons-net.pack
c:\program files\LimeWire\daap.pack
c:\program files\LimeWire\dnsjava.pack
c:\program files\LimeWire\forms.pack
c:\program files\LimeWire\foxtrot.pack
c:\program files\LimeWire\gettext-commons.pack
c:\program files\LimeWire\guice-1.0.pack
c:\program files\LimeWire\hsqldb.pack
c:\program files\LimeWire\httpclient-4.0-alpha5-20080522.192134-5.pack
c:\program files\LimeWire\httpcore-4.0-beta2-20080510.140437-10.pack
c:\program files\LimeWire\httpcore-nio-4.0-beta2-20080510.140437-10.pack
c:\program files\LimeWire\icu4j.pack
c:\program files\LimeWire\jaudiotagger.pack
c:\program files\LimeWire\jcraft.pack
c:\program files\LimeWire\jdic.pack
c:\program files\LimeWire\jdic_stub.pack
c:\program files\LimeWire\jflac.pack
c:\program files\LimeWire\jl.pack
c:\program files\LimeWire\jmdns.pack
c:\program files\LimeWire\jogg.pack
c:\program files\LimeWire\jorbis.pack
c:\program files\LimeWire\lib\commons-httpclient.jar
c:\program files\LimeWire\lib\commons-pool.jar
c:\program files\LimeWire\lib\httpcore-nio.jar
c:\program files\LimeWire\lib\httpcore.jar
c:\program files\LimeWire\lib\id3v2.jar
c:\program files\LimeWire\lib\jl011.jar
c:\program files\LimeWire\lib\MessagesBundles.jar
c:\program files\LimeWire\lib\mp3sp14.jar
c:\program files\LimeWire\lib\UnpackedJars.7z
c:\program files\LimeWire\lib\vorbis.jar
c:\program files\LimeWire\LimeWire.jar.tmp
c:\program files\LimeWire\log4j.pack
c:\program files\LimeWire\looks.pack
c:\program files\LimeWire\messages.pack
c:\program files\LimeWire\mp3spi.pack
c:\program files\LimeWire\onion-common.pack
c:\program files\LimeWire\onion-fec.pack
c:\program files\LimeWire\ProgressTabs.pack
c:\program files\LimeWire\swt.pack
c:\program files\LimeWire\themes.pack
c:\program files\LimeWire\tritonus.pack
c:\program files\LimeWire\vorbisspi.pack
c:\users\Gemma\AppData\Roaming\LimeWire
c:\users\Gemma\AppData\Roaming\LimeWire\414splashfree.png
c:\users\Gemma\AppData\Roaming\LimeWire\certificate\limewire.keystore
c:\users\Gemma\AppData\Roaming\LimeWire\createtimes.cache
c:\users\Gemma\AppData\Roaming\LimeWire\downloads.dat
c:\users\Gemma\AppData\Roaming\LimeWire\fileurns.bak
c:\users\Gemma\AppData\Roaming\LimeWire\fileurns.cache
c:\users\Gemma\AppData\Roaming\LimeWire\filters.props
c:\users\Gemma\AppData\Roaming\LimeWire\gnutella.net
c:\users\Gemma\AppData\Roaming\LimeWire\installation.props
c:\users\Gemma\AppData\Roaming\LimeWire\library.dat
c:\users\Gemma\AppData\Roaming\LimeWire\limewire.props
c:\users\Gemma\AppData\Roaming\LimeWire\mojito.props
c:\users\Gemma\AppData\Roaming\LimeWire\promotion\promodb.backup
c:\users\Gemma\AppData\Roaming\LimeWire\promotion\promodb.data
c:\users\Gemma\AppData\Roaming\LimeWire\promotion\promodb.lck
c:\users\Gemma\AppData\Roaming\LimeWire\promotion\promodb.log
c:\users\Gemma\AppData\Roaming\LimeWire\promotion\promodb.properties
c:\users\Gemma\AppData\Roaming\LimeWire\promotion\promodb.script
c:\users\Gemma\AppData\Roaming\LimeWire\questions.props
c:\users\Gemma\AppData\Roaming\LimeWire\responses.cache
c:\users\Gemma\AppData\Roaming\LimeWire\simpp.xml
c:\users\Gemma\AppData\Roaming\LimeWire\spam.dat
c:\users\Gemma\AppData\Roaming\LimeWire\tables.props
c:\users\Gemma\AppData\Roaming\LimeWire\themes\windows_theme.lwtp
c:\users\Gemma\AppData\Roaming\LimeWire\themes\windows_theme\
01_star.gif
c:\users\Gemma\AppData\Roaming\LimeWire\themes\windows_theme\
02_star.gif
c:\users\Gemma\AppData\Roaming\LimeWire\themes\windows_theme\
03_star.gif
c:\users\Gemma\AppData\Roaming\LimeWire\themes\windows_theme\
04_star.gif
c:\users\Gemma\AppData\Roaming\LimeWire\themes\windows_theme\
05_star.gif
c:\users\Gemma\AppData\Roaming\LimeWire\themes\windows_theme\chat.gif
c:\users\Gemma\AppData\Roaming\LimeWire\themes\windows_theme\forward_dn.gif
c:\users\Gemma\AppData\Roaming\LimeWire\themes\windows_theme\forward_up.gif
c:\users\Gemma\AppData\Roaming\LimeWire\themes\windows_theme\kill.gif
c:\users\Gemma\AppData\Roaming\LimeWire\themes\windows_theme\kill_on.gif
c:\users\Gemma\AppData\Roaming\LimeWire\themes\windows_theme\logo.png
c:\users\Gemma\AppData\Roaming\LimeWire\themes\windows_theme\notsearching.png
c:\users\Gemma\AppData\Roaming\LimeWire\themes\windows_theme\pause_dn.gif
c:\users\Gemma\AppData\Roaming\LimeWire\themes\windows_theme\pause_up.gif
c:\users\Gemma\AppData\Roaming\LimeWire\themes\windows_theme\play_dn.gif
c:\users\Gemma\AppData\Roaming\LimeWire\themes\windows_theme\play_up.gif
c:\users\Gemma\AppData\Roaming\LimeWire\themes\windows_theme\question.gif
c:\users\Gemma\AppData\Roaming\LimeWire\themes\windows_theme\rewind_dn.gif
c:\users\Gemma\AppData\Roaming\LimeWire\themes\windows_theme\rewind_up.gif
c:\users\Gemma\AppData\Roaming\LimeWire\themes\windows_theme\searching.gif
c:\users\Gemma\AppData\Roaming\LimeWire\themes\windows_theme\splash.png
c:\users\Gemma\AppData\Roaming\LimeWire\themes\windows_theme\splashpro.png
c:\users\Gemma\AppData\Roaming\LimeWire\themes\windows_theme\stop_dn.gif
c:\users\Gemma\AppData\Roaming\LimeWire\themes\windows_theme\stop_up.gif
c:\users\Gemma\AppData\Roaming\LimeWire\themes\windows_theme\theme.txt
c:\users\Gemma\AppData\Roaming\LimeWire\themes\windows_theme\version.txt
c:\users\Gemma\AppData\Roaming\LimeWire\themes\windows_theme\warning.gif
c:\users\Gemma\AppData\Roaming\LimeWire\ttrees.cache
c:\users\Gemma\AppData\Roaming\LimeWire\ttroot.cache
c:\users\Gemma\AppData\Roaming\LimeWire\version.xml
c:\users\Gemma\AppData\Roaming\LimeWire\versions.props
c:\users\Gemma\AppData\Roaming\LimeWire\xml\data\audio.sxml2
c:\users\Gemma\AppData\Roaming\LimeWire\xml\data\delete_me
c:\users\Gemma\AppData\Roaming\LimeWire\xml\misc\application.gif
c:\users\Gemma\AppData\Roaming\LimeWire\xml\misc\audio.gif
c:\users\Gemma\AppData\Roaming\LimeWire\xml\misc\document.gif
c:\users\Gemma\AppData\Roaming\LimeWire\xml\misc\image.gif
c:\users\Gemma\AppData\Roaming\LimeWire\xml\misc\video.gif
c:\users\Gemma\AppData\Roaming\LimeWire\xml\schemas\application.xsd
c:\users\Gemma\AppData\Roaming\LimeWire\xml\schemas\audio.xsd
c:\users\Gemma\AppData\Roaming\LimeWire\xml\schemas\document.xsd
c:\users\Gemma\AppData\Roaming\LimeWire\xml\schemas\image.xsd
c:\users\Gemma\AppData\Roaming\LimeWire\xml\schemas\video.xsd
.
((((((((((((((((((((((((( Files Created from 2008-12-12 to 2009-01-12 )))))))))))))))))))))))))))))))
.
2009-01-09 14:42 . 2009-01-09 14:42 <DIR> d-------- C:\rsit
2009-01-09 11:25 . 2009-01-09 11:26 <DIR> d-------- c:\program files\iTunes
2009-01-09 11:25 . 2009-01-09 11:25 <DIR> d-------- c:\program files\iPod
2009-01-09 11:24 . 2009-01-09 11:24 <DIR> d-------- c:\program files\Bonjour
2009-01-09 11:23 . 2009-01-09 11:24 <DIR> d-------- c:\program files\QuickTime
2009-01-04 00:36 . 2009-01-04 16:23 <DIR> d-a------ c:\users\All Users\TEMP
2009-01-04 00:36 . 2009-01-04 16:23 <DIR> d-a------ c:\programdata\TEMP
2008-12-19 20:09 . 2008-12-19 20:08 410,984 --a------ c:\windows\System32\deploytk.dll
2008-12-19 17:48 . 2008-12-12 01:53 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2008-12-12 17:29 . 2008-10-21 23:31 2,048 --a------ c:\windows\System32\tzres.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-12 13:41 --------- d-----w c:\programdata\Kontiki
2009-01-09 14:33 --------- d-----w c:\users\Gemma\AppData\Roaming\Apple Computer
2009-01-09 11:25 --------- d-----w c:\program files\Common Files\Apple
2009-01-08 20:29 806 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2009-01-08 20:29 124,464 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
2009-01-08 20:29 10,635 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2009-01-08 20:29 --------- d-----w c:\program files\Symantec
2009-01-03 15:24 --------- d-----w c:\program files\Google
2008-12-19 20:08 --------- d-----w c:\program files\Java
2008-12-12 17:43 174 --sha-w c:\program files\desktop.ini
2008-12-02 10:27 --------- d-----w c:\programdata\Symantec
2008-11-01 03:33 537,600 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-11-01 03:33 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-11-01 03:33 449,536 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2008-11-01 03:33 28,672 ----a-w c:\windows\System32\Apphlpdm.dll
2008-11-01 03:33 2,144,256 ----a-w c:\windows\AppPatch\AcGenral.dll
2008-11-01 03:33 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2008-11-01 03:33 1,687,040 ----a-w c:\windows\System32\gameux.dll
2008-10-31 23:38 4,247,552 ----a-w c:\windows\System32\GameUXLegacyGDFs.dll
2008-10-31 23:23 2,560 ----a-w c:\windows\AppPatch\AcRes.dll
2008-10-29 06:20 2,923,520 ----a-w c:\windows\explorer.exe
2008-10-21 05:16 297,472 ----a-w c:\windows\System32\gdi32.dll
2008-10-16 21:13 1,809,944 ----a-w c:\windows\System32\wuaueng.dll
2008-10-16 21:12 561,688 ----a-w c:\windows\System32\wuapi.dll
2008-10-16 21:09 51,224 ----a-w c:\windows\System32\wuauclt.exe
2008-10-16 21:09 43,544 ----a-w c:\windows\System32\wups2.dll
2008-10-16 21:08 34,328 ----a-w c:\windows\System32\wups.dll
2008-10-16 20:56 1,524,736 ----a-w c:\windows\System32\wucltux.dll
2008-10-16 20:55 83,456 ----a-w c:\windows\System32\wudriver.dll
2008-10-16 14:08 162,064 ----a-w c:\windows\System32\wuwebv.dll
2008-10-16 13:56 31,232 ----a-w c:\windows\System32\wuapp.exe
2008-10-16 04:40 826,368 ----a-w c:\windows\System32\wininet.dll
2008-10-16 04:40 56,320 ----a-w c:\windows\System32\iesetup.dll
2008-10-16 04:40 26,624 ----a-w c:\windows\System32\ieUnatt.exe
2008-07-03 15:52 47,360 ----a-w c:\users\Gemma\AppData\Roaming\pcouffin.sys
2007-12-21 19:46 0 ----a-w c:\users\Steve\AppData\Roaming\wklnhst.dat
2007-11-15 21:20 3,116 ----a-w c:\users\Gemma\AppData\Roaming\wklnhst.dat
.
((((((((((((((((((((((((((((( snapshot@2009-01-11_12.32.12.40 )))))))))))))))))))))))))))))))))))))))))
.
- 2000-08-31 08:00:00 28,672 ----a-w c:\windows\NIRCMD.exe
+ 2000-08-31 08:00:00 29,696 ----a-w c:\windows\NIRCMD.exe
- 2009-01-11 12:27:10 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-01-12 13:10:57 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-01-11 12:27:10 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-01-12 13:10:57 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-01-11 12:29:35 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat
+ 2009-01-12 13:13:11 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat
+ 2009-01-12 13:13:11 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2009-01-11 12:29:29 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2009-01-12 13:13:06 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat
- 2009-01-11 12:28:01 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-01-12 13:26:57 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-01-11 12:28:01 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-12 13:26:57 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-01-11 12:28:01 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-01-12 13:26:57 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-01-11 12:23:06 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
+ 2009-01-12 13:39:45 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
- 2009-01-11 12:05:55 108,526 ----a-w c:\windows\System32\perfc009.dat
+ 2009-01-12 13:16:21 108,526 ----a-w c:\windows\System32\perfc009.dat
- 2009-01-11 12:05:55 623,342 ----a-w c:\windows\System32\perfh009.dat
+ 2009-01-12 13:16:21 623,342 ----a-w c:\windows\System32\perfh009.dat
- 2009-01-11 12:29:39 12,784 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4120336484-3686910672-1461306013-1000_UserData.bin
+ 2009-01-12 13:13:57 12,784 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4120336484-3686910672-1461306013-1000_UserData.bin
- 2009-01-11 12:29:39 60,290 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-01-12 13:13:56 60,306 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2009-01-11 12:05:57 46,078 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-01-12 13:13:54 46,126 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-01-10 23:11:40 213,488 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-01-12 11:44:39 213,520 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayExcluded]
@="{4433A54A-1AC8-432F-90FC-85F045CF383C}"
[HKEY_CLASSES_ROOT\CLSID\{4433A54A-1AC8-432F-90FC-85F045CF383C}]
2008-10-31 12:24 576352 --a------ c:\program files\Common Files\Symantec Shared\Backup\buShell.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayPending]
@="{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}"
[HKEY_CLASSES_ROOT\CLSID\{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}]
2008-10-31 12:24 576352 --a------ c:\program files\Common Files\Symantec Shared\Backup\buShell.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayProtected]
@="{476D0EA3-80F9-48B5-B70B-05E677C9C148}"
[HKEY_CLASSES_ROOT\CLSID\{476D0EA3-80F9-48B5-B70B-05E677C9C148}]
2008-10-31 12:24 576352 --a------ c:\program files\Common Files\Symantec Shared\Backup\buShell.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-09 1232896]
"EPSON Stylus DX7400 Series"="c:\windows\system32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE" [2007-04-12 182272]
"kdx"="c:\program files\Kontiki\KHost.exe" [2007-04-23 1032640]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-03 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files\VIA\VIAudioi\VistaADeck\HDAudioCPL.exe" [2007-01-02 471040]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2006-09-12 155648]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-02-27 153136]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-19 136600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-05-07 185896]
"4oD"="c:\program files\Kontiki\KHost.exe" [2007-04-23 1032640]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="c:\program files\Norton 360\osCheck.exe" [2008-02-26 988512]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"S3Trayp"="S3trayp.exe" [2006-12-15 c:\windows\System32\s3trayp.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{22DEB358-7AA6-43EC-A823-634591754A80}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{7851001A-013A-4918-8C88-6C16E8BB5238}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{213F8850-AD29-41B5-8B35-68C975010BC6}"= UDP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"{1BD9B305-D617-4920-9953-A8CF8E4FF47E}"= TCP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"{73452132-7FE8-4164-AE08-B7EA8F956D4B}"= UDP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"{8AFFF8FA-09DD-4E70-9968-4347E3D1CD66}"= TCP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"{BF0DB965-DFDB-408D-9DF2-41EB4A64197B}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{A1936DE7-0B15-4CCA-A24B-8300CC7D0B1F}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{5A792736-468F-40DD-90E8-79E0CE2B149E}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{DABD62B9-1D2B-4836-8AAA-2EAA717176FF}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20090102.001\IDSvix86.sys [2009-01-10 270384]
R3 COH_Mon;COH_Mon;c:\windows\System32\drivers\COH_Mon.sys [2008-01-13 23888]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-09-27 99376]
R3 S3GIGP;S3GIGP;c:\windows\System32\drivers\VTGKModeDX32.sys [2006-12-31 842752]
R3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\symndisv.sys [2008-06-13 41008]
R4 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [2008-10-31 149352]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - COMHOST
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
Contents of the 'Scheduled Tasks' folder
2009-01-12 c:\windows\Tasks\User_Feed_Synchronization-{FDBC0065-21CE-44FF-AABF-1BA615E6F63C}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.google.co.uk/uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-01-12 13:42:29
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\VistaADeck\HDAudioCPL.exe 1????????????????????????????????????????????????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2009-01-12 13:44:53
ComboFix-quarantined-files.txt 2009-01-12 13:44:49
ComboFix2.txt 2009-01-11 12:33:47
Pre-Run: 8,134,926,336 bytes free
Post-Run: 7,693,918,208 bytes free
321 --- E O F --- 2008-12-19 18:32:45
GMER 1.0.14.14536 -
http://www.gmer.netRootkit scan 2009-01-12 14:09:21
Windows 6.0.6000
---- System - GMER 1.0.14 ----
SSDT 85DB7B58 ZwAlertResumeThread
SSDT 85DB7C38 ZwAlertThread
SSDT 85DB8008 ZwAllocateVirtualMemory
SSDT 85DA7D58 ZwAlpcConnectPort
SSDT 85DB78A8 ZwCreateMutant
SSDT 85DB8D60 ZwCreateThread
SSDT 85DB7528 ZwDebugActiveProcess
SSDT 85DB8268 ZwFreeVirtualMemory
SSDT 85DB7998 ZwImpersonateAnonymousToken
SSDT 85DB7A78 ZwImpersonateThread
SSDT 85DB8168 ZwMapViewOfSection
SSDT 85DB77C8 ZwOpenEvent
SSDT 85DB8CA0 ZwOpenProcessToken
SSDT 85DB7608 ZwOpenSection
SSDT 85DBB6C8 ZwOpenThreadToken
SSDT 85DD5468 ZwResumeThread
SSDT 85DBB5E8 ZwSetContextThread
SSDT 85DBB7B8 ZwSetInformationProcess
SSDT 85DBB350 ZwSetInformationThread
SSDT 85DB76E8 ZwSuspendProcess
SSDT 85DB7D80 ZwSuspendThread
SSDT 85DB8E40 ZwTerminateProcess
SSDT 85DBB090 ZwTerminateThread
SSDT 85DB8088 ZwUnmapViewOfSection
SSDT 85DB8358 ZwWriteVirtualMemory
---- Kernel code sections - GMER 1.0.14 ----
? C:\Windows\system32\Drivers\PROCEXP90.SYS The system cannot find the file specified. !
? C:\ComboFix\catchme.sys The system cannot find the path specified. !
---- User code sections - GMER 1.0.14 ----
.text C:\Program Files\Internet Explorer\iexplore.exe[4588] USER32.dll!DialogBoxIndirectParamW 765E14EA 5 Bytes JMP 6EA5179F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4588] USER32.dll!MessageBoxExA 765F570D 5 Bytes JMP 6EA516E6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4588] USER32.dll!DialogBoxParamA 765F65BF 5 Bytes JMP 6EA51764 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4588] USER32.dll!MessageBoxIndirectW 765FF1B3 5 Bytes JMP 6E8E16B6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4588] USER32.dll!DialogBoxParamW 7660129F 5 Bytes JMP 6E8BF301 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4588] USER32.dll!DialogBoxIndirectParamA 766229C9 5 Bytes JMP 6EA517DA C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4588] USER32.dll!MessageBoxIndirectA 7662FACF 5 Bytes JMP 6EA51720 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4588] USER32.dll!MessageBoxExW 7662FBC9 5 Bytes JMP 6EA516AC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4588] SHELL32.dll!DAD_ShowDragImage + CC 75B8E958 4 Bytes [ 01, 0C, 7C, 6F ]
.text C:\Program Files\Internet Explorer\iexplore.exe[4588] SHELL32.dll!DAD_ShowDragImage + D4 75B8E960 8 Bytes [ 0F, 0B, 7C, 6F, 8F, 32, 7B, ... ]
.text C:\Users\Gemma\Desktop\gmer\gmer.exe[5996] ntdll.dll!NtCreateFile + 3 770DF417 2 Bytes [ F7, FA ]
---- User IAT/EAT - GMER 1.0.14 ----
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6F7AD4D7] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6F7AD03C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CopyFileW] [6F7AB641] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6F7AD1C1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CreateFileW] [6F7ABCBB] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SearchPathW] [6F7AF1D3] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!DeleteFileW] [6F7AC2A1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6F7AD4D7] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CopyFileW] [6F7AB641] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!MoveFileW] [6F7ADDF0] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!DeleteFileW] [6F7AC2A1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetCurrentDirectoryW] [6F7AF43D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindClose] [6F7B0D38] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindNextFileW] [6F7AFBC9] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindFirstFileW] [6F7B0291] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6F7AD03C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SearchPathW] [6F7AF1D3] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateFileW] [6F7ABCBB] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!WritePrivateProfileStringW] [6F7AB0B4] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6F7AD1C1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetPrivateProfileStringW] [6F7AA910] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegQueryInfoKeyW] [6F7BDB43] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegEnumValueW] [6F7BE4AD] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegOpenKeyExW] [6F7BCBD1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegQueryValueExW] [6F7BD7A7] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegDeleteKeyW] [6F7BCED9] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegCreateKeyExW] [6F7BC659] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegCloseKey] [6F7BCD3D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6F7AD1C1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!ReplaceFileW] [6F7AE0F1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!WritePrivateProfileStringW] [6F7AB0B4] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringW] [6F7AA910] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringA] [6F7AA7B9] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!DeleteFileW] [6F7AC2A1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6F7AD4D7] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesW] [6F7A8CF2] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [6F7ABCBB] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileW] [6F7B0291] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileW] [6F7AFBC9] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathW] [6F7AF1D3] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesW] [6F7A8A99] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesA] [6F7A8BC4] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] [6F7ABB72] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileA] [6F7AFF2E] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileA] [6F7AFB56] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindClose] [6F7B0D38] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathA] [6F7AEF48] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesA] [6F7A896E] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6F7AD03C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!WinHelpW] [6F7ACF05] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!WinHelpA] [6F7ACDCE] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCloseKey] [6F7BCD3D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExA] [6F7BC4D1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteKeyA] [6F7BCD90] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryInfoKeyA] [6F7BD947] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExA] [6F7BCA59] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExW] [6F7BC659] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExW] [6F7BCBD1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyExW] [6F7BE19D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueW] [6F7BD46B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExW] [6F7BD7A7] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteKeyW] [6F7BCED9] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryInfoKeyW] [6F7BDB43] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumValueW] [6F7BE4AD] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyW] [6F7BDEA9] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyExA] [6F7BE015] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumValueA] [6F7BE325] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyA] [6F7BDD3F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExA] [6F7BD607] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionW] [6F7AA400] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindNextFileW] [6F7AFBC9] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!ReplaceFileW] [6F7AE0F1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionNamesW] [6F7AA682] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileSectionW] [6F7AAE32] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileStringW] [6F7AB0B4] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateHardLinkW] [6F7ABFC3] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CopyFileW] [6F7AB641] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetBinaryTypeW] [6F7A969E] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6F7AD4D7] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileW] [6F7ADDF0] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindFirstFileW] [6F7B0291] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindClose] [6F7B0D38] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetShortPathNameA] [6F7A9300] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesA] [6F7A896E] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SearchPathW] [6F7AF1D3] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileIntW] [6F7AA178] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileStringW] [6F7AA910] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!RemoveDirectoryW] [6F7AEA70] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateDirectoryW] [6F7AE499] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!DeleteFileW] [6F7AC2A1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetFileAttributesW] [6F7A8CF2] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesW] [6F7A8A99] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW] [6F7ADE15] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetShortPathNameW] [6F7A943F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6F7AD1C1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] [6F7ABCBB] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesExW] [6F7A8F5F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6F7AD03C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetLongPathNameW] [6F7A91CF] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetCurrentDirectoryW] [6F7AF43D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\SHELL32.dll [USER32.dll!LoadImageW] [6F7AC52B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\SHELL32.dll [USER32.dll!WinHelpW] [6F7ACF05] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\SHELL32.dll [USER32.dll!PrivateExtractIconsW] [6F7ACA20] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyExW] [6F7BCBD1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegCreateKeyExW] [6F7BC659] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegEnumKeyW] [6F7BDEA9] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegEnumValueW] [6F7BE4AD] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegDeleteKeyW] [6F7BCED9] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryInfoKeyW] [6F7BDB43] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryInfoKeyA] [6F7BD947] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegEnumKeyExW] [6F7BE19D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegSetValueW] [6F7BD173] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryValueExW] [6F7BD7A7] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryValueW] [6F7BD46B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyW] [6F7BC91D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegCreateKeyW] [6F7BC391] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryValueExA] [6F7BD607] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyExA] [6F7BCA59] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegCloseKey] [6F7BCD3D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtQueryDirectoryFile] [6F7B9194] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FindClose] [6F7B0D38] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FindFirstFileW] [6F7B0291] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6F7AD4D7] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!SearchPathW] [6F7AF1D3] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!DeleteFileW] [6F7AC2A1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetShortPathNameW] [6F7A943F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileAttributesExW] [6F7A8F5F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateFileW] [6F7ABCBB] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6F7AD1C1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileAttributesW] [6F7A8A99] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6F7AD03C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegSetValueW] [6F7BD173] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueA] [6F7BD2C3] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegEnumKeyExW] [6F7BE19D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegEnumValueW] [6F7BE4AD] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegEnumKeyA] [6F7BDD3F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegDeleteKeyA] [6F7BCD90] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryInfoKeyW] [6F7BDB43] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryInfoKeyA] [6F7BD947] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueW] [6F7BD46B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegEnumKeyW] [6F7BDEA9] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegCloseKey] [6F7BCD3D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueExW] [6F7BD7A7] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyExW] [6F7BCBD1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegDeleteKeyW] [6F7BCED9] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegCreateKeyExW] [6F7BC659] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueExA] [6F7BD607] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyExA] [6F7BCA59] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueW] [6F7B5CE6] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueA] [6F7B5C88] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathUnExpandEnvStringsA] [6F7B4D7E] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteKeyA] [6F7B5098] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteValueW] [6F7B5188] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathCreateFromUrlW] [6F7B408B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueA] [6F7B5340] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueA] [6F7B6188] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueW] [6F7B539B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueW] [6F7B61E3] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4588] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathCombineW] [6F7B3FE4] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
---- Devices - GMER 1.0.14 ----
AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
---- EOF - GMER 1.0.14 ----
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:12:46, on 12/01/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16764)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\s3trayp.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\Explorer.exe
C:\Windows\System32\notepad.exe
C:\Users\Gemma\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.co.uk/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.orange.co.ukR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {4FBACD73-F67C-42AE-B46A-03960AFE3DFB} - C:\PROGRA~1\ORANGE~1\TOOLBA~2.DLL (file missing)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VistaADeck\HDAudioCPL.exe 1
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [EPSON Stylus DX7400 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE /FU "C:\Windows\TEMP\E_S51DF.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
--
End of file - 6642 bytes