My Anti Spyware
News, Free Programs, Online Scanners, Tutorials
Post your problems with Spyware, Hijackers, Trojans...
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister     ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

Trojan DNS Changer- Please Help
Goto page 1, 2  Next
 
Post new topic   Reply to topic    My Anti Spyware Forum Index -> Spyware Removal
View previous topic :: View next topic  
Author Message
cait_00



Joined: 11 Nov 2008
Posts: 9
PostPosted: Tue Nov 11, 2008 4:53 am    Post subject: Trojan DNS Changer- Please Help Reply with quote
I have been having trouble with my computer for a while. I am not able to get updates for my computer or reach certain websites. My internet also keeps redirecting me to different sites.

I have used AnitMalware and it has found quite a few trojan dns changer files and has deleted them... yet the problem is not solved and every time is scans they still seem to be there...

any help would be great...


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:49:22 PM, on 10/11/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)
Boot mode: Normal

Running processes:
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\hp\support\hpsysdrv.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\Yahoo!\YOP\yop.exe
C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe
C:\Program Files\Common Files\Symantec Shared\SecurityStatusSDK\SSDK02.exe
C:\Program Files\Hewlett-Packard\HP Advisor\SSDK04.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://rogers.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=71&bd=Pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=71&bd=Pavilion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O13 - Gopher Prefix:
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: CounterSpy Antispyware (SBAMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 6741 bytes
Back to top
View user's profile Send private message
patrik
Site Admin


Joined: 08 Jan 2006
Posts: 1866
PostPosted: Tue Nov 11, 2008 3:09 pm    Post subject: Reply with quote
Hello cait_00, welcome to the Myantispyware forum.

Download Combofix. Follow the prompts.

Quote:
I have used AnitMalware

It is Malwarebytes Anti-malware (MBAM) ? If yes, then run it again, click Logs tab, select last log and click Open button. A last log will be open.

Post back with combofix log and MBAM log.
_________________
Free Antispyware: HijackThis, SmitfraudFix, ComboFix, Super Antispyware, Malwarebytes Anti-malware
Instructions: Show hidden files, Reboot in Safe Mode
Back to top
View user's profile Send private message Send e-mail
cait_00



Joined: 11 Nov 2008
Posts: 9
PostPosted: Wed Nov 12, 2008 2:43 am    Post subject: Reply with quote
Malwarebytes' Anti-Malware 1.30
Database version: 1381
Windows 6.0.6000

11/11/2008 9:39:18 PM
mbam-log-2008-11-11 (21-39-1Cool.txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Objects scanned: 147184
Time elapsed: 48 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 6
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.179 85.255.112.223 1.2.3.4 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f25fd468-491f-4863-b63c-389071a315ab}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.179 85.255.112.223 1.2.3.4 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.179 85.255.112.223 1.2.3.4 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{f25fd468-491f-4863-b63c-389071a315ab}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.179 85.255.112.223 1.2.3.4 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.179 85.255.112.223 1.2.3.4 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{f25fd468-491f-4863-b63c-389071a315ab}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.179 85.255.112.223 1.2.3.4 -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


ComboFix 08-11-10.01 - Cait 2008-11-11 20:35:42.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1294 [GMT -5:00]
Running from: c:\users\Cait\Downloads\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
D:\Autorun.inf

----- BITS: Possible infected sites -----

hxxp://www.rssx.hp.com
.
((((((((((((((((((((((((( Files Created from 2008-10-12 to 2008-11-12 )))))))))))))))))))))))))))))))
.

2008-11-11 20:35 . 2008-11-11 20:35 6,736 --a------ c:\windows\System32\drivers\PROCEXP90.SYS
2008-11-10 23:49 . 2008-11-10 23:49 <DIR> d-------- c:\program files\Trend Micro
2008-11-10 20:21 . 2008-11-10 20:21 <DIR> d-------- c:\users\Cait\AppData\Roaming\AdobeUM
2008-11-09 23:11 . 2008-11-09 23:11 <DIR> d-------- c:\users\Cait\AppData\Roaming\Malwarebytes
2008-11-09 23:11 . 2008-11-09 23:11 <DIR> d-------- c:\users\All Users\Malwarebytes
2008-11-09 23:11 . 2008-11-09 23:11 <DIR> d-------- c:\programdata\Malwarebytes
2008-11-09 23:11 . 2008-11-09 23:11 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-09 23:11 . 2008-10-22 16:10 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2008-11-09 23:11 . 2008-10-22 16:10 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2008-11-09 13:09 . 2008-11-09 14:11 <DIR> d-------- c:\program files\Norton Internet Security
2008-11-09 13:08 . 2008-11-09 13:25 123,952 --a------ c:\windows\System32\drivers\SYMEVENT.SYS
2008-11-09 13:08 . 2008-11-09 13:25 10,671 --a------ c:\windows\System32\drivers\SYMEVENT.CAT
2008-11-09 13:08 . 2008-11-09 13:25 805 --a------ c:\windows\System32\drivers\SYMEVENT.INF
2008-11-09 02:09 . 2008-11-09 02:09 <DIR> d-------- c:\users\All Users\Trend Micro
2008-11-09 02:09 . 2008-11-09 02:09 <DIR> d-------- c:\programdata\Trend Micro
2008-11-09 02:05 . 2008-11-09 02:05 <DIR> d-------- c:\windows\E80F62FF5D3C4A1984099721F2928206.TMP
2008-11-07 21:32 . 2008-11-07 21:32 <DIR> d-------- c:\users\All Users\NVIDIA
2008-11-07 21:32 . 2008-11-07 21:32 <DIR> d-------- c:\programdata\NVIDIA
2008-11-07 21:11 . 2008-01-08 13:10 98,304 --a------ c:\windows\RTKAUDIOSERVICE.EXE
2008-11-07 21:11 . 2007-11-14 15:18 553 --a------ c:\windows\USetup.iss
2008-11-07 21:10 . 2008-01-15 11:26 4,874,240 --a------ c:\windows\RtHDVCpl.exe
2008-11-07 21:10 . 2008-01-07 19:30 2,156,544 --a------ c:\windows\System32\RtkAPO.dll
2008-11-07 21:10 . 2008-01-15 19:19 2,047,576 --a------ c:\windows\System32\drivers\RTKVHDA.sys
2008-11-07 21:10 . 2007-11-07 17:31 1,191,936 --a------ c:\windows\RtlUpd.exe
2008-11-07 21:10 . 2008-01-09 18:52 636,416 --a------ c:\windows\System32\RtkPgExt.dll
2008-11-07 21:10 . 2007-11-13 12:35 532,480 --a------ c:\windows\System32\RTSndMgr.cpl
2008-11-07 21:10 . 2006-12-13 10:30 339,968 --a------ c:\windows\System32\SRSTSXT.dll
2008-11-07 21:10 . 2008-11-07 21:10 315,392 --a------ c:\windows\HideWin.exe
2008-11-07 21:10 . 2007-07-25 09:33 135,168 --a------ c:\windows\System32\SRSWOW.dll
2008-11-07 21:10 . 2008-01-14 16:18 29,696 --a------ c:\windows\System32\RtkCoInst.dll
2008-11-07 21:07 . 2008-11-07 21:07 <DIR> d-------- c:\users\Cait\AppData\Roaming\WinBatch
2008-11-07 21:07 . 2007-07-02 17:17 353,280 --a------ c:\windows\System32\idecoiins.dll
2008-11-07 21:07 . 2007-07-02 17:17 353,280 --a------ c:\windows\System32\idecoi.dll
2008-11-07 21:07 . 2007-07-02 17:37 110,112 --a------ c:\windows\System32\drivers\nvstor32.sys
2008-11-07 20:44 . 2008-11-07 20:44 <DIR> d-------- c:\users\Cait\AppData\Roaming\Corel
2008-11-07 20:44 . 2008-11-08 17:41 2,516 --ahs---- c:\users\All Users\KGyGaAvL.sys
2008-11-07 20:44 . 2008-11-08 17:41 2,516 --ahs---- c:\programdata\KGyGaAvL.sys
2008-11-07 20:44 . 2008-11-08 17:41 88 -r-hs---- c:\users\All Users\199D70996F.sys
2008-11-07 20:44 . 2008-11-08 17:41 88 -r-hs---- c:\programdata\199D70996F.sys
2008-11-07 20:41 . 2008-11-07 20:43 <DIR> d-------- c:\users\All Users\Corel
2008-11-07 20:41 . 2008-11-07 20:43 <DIR> d-------- c:\programdata\Corel
2008-11-07 20:41 . 2008-11-07 20:41 <DIR> d-------- c:\program files\Corel
2008-11-07 20:41 . 2008-11-07 20:41 <DIR> d-------- c:\program files\Common Files\Protexis
2008-11-07 20:41 . 2008-11-07 20:41 <DIR> d-------- c:\program files\Common Files\Corel
2008-11-07 20:38 . 2008-11-07 20:38 <DIR> d-------- c:\users\Cait\AppData\Roaming\InstallShield
2008-11-07 20:38 . 2007-03-15 03:07 2,584,848 --a------ c:\program files\msi31.exe
2008-11-07 20:38 . 2008-03-25 17:16 757,344 -ra------ c:\program files\ycomp_setup_core.exe
2008-11-07 20:38 . 2008-08-19 02:22 279,880 --a------ c:\program files\installer.exe
2008-11-07 20:34 . 2008-11-09 12:58 <DIR> d-------- c:\program files\WinAce
2008-11-06 23:53 . 2008-11-06 23:53 <DIR> d-------- c:\users\Cait\AppData\Roaming\Sunbelt
2008-11-06 23:53 . 2008-11-06 23:53 <DIR> d-------- c:\users\All Users\Sunbelt
2008-11-06 23:53 . 2008-11-06 23:53 <DIR> d-------- c:\programdata\Sunbelt
2008-11-06 23:53 . 2008-11-06 23:53 <DIR> d-------- c:\program files\Sunbelt Software
2008-11-06 22:11 . 2008-11-09 13:07 <DIR> d-------- c:\users\All Users\Yahoo!
2008-11-06 22:11 . 2008-11-09 13:07 <DIR> d-------- c:\programdata\Yahoo!
2008-11-06 22:11 . 2008-11-09 13:25 <DIR> d-------- c:\program files\Symantec
2008-11-06 22:11 . 2008-11-06 22:11 <DIR> d-------- C:\graphics
2008-11-06 22:10 . 2008-11-06 22:40 <DIR> d-------- c:\users\Cait\AppData\Roaming\Yahoo!
2008-11-06 22:10 . 2008-11-06 22:10 <DIR> d-------- c:\program files\Common Files\scanner
2008-11-06 22:10 . 2008-11-06 22:10 <DIR> d-------- c:\program files\CA Yahoo! Anti-Spy
2008-11-06 22:04 . 2008-11-06 22:04 1,821 -rahs---- c:\windows\System32\drivers\103C_HP_CPC_RK574AAR-ABA a1730n_YC_0Pavi_QCN8701_E71NAv3PrA4_49_INODUSM3_SASUSTek Computer INC._V1.05_B5.04_T061215_WUH0_L409_M1919_J320_7AMD_8Athlon 64 X2 Dual Core_92.4_#070831_N10DE0269_Z14F12F20_G10DE0241.MRK
2008-11-06 20:26 . 2008-11-06 20:26 <DIR> d-------- c:\users\Cait\AppData\Roaming\Template
2008-11-06 20:26 . 2008-11-06 21:44 102 --a------ c:\users\Cait\AppData\Roaming\wklnhst.dat
2008-11-06 20:19 . 2008-11-06 20:19 <DIR> dr------- c:\users\Cait\Searches
2008-11-06 20:19 . 2008-11-06 20:19 <DIR> dr------- c:\users\Cait\Contacts
2008-11-06 20:17 . 2008-11-06 20:17 44 --a------ c:\windows\system\hpsysdrv.dat
2008-11-06 20:16 . 2008-11-06 20:20 <DIR> d-------- c:\users\Cait\AppData\Roaming\Hewlett-Packard
2008-11-06 20:13 . 2008-11-06 23:25 <DIR> dr------- c:\users\Cait\Videos
2008-11-06 20:13 . 2008-11-06 20:19 <DIR> dr------- c:\users\Cait\Saved Games
2008-11-06 20:13 . 2008-11-08 11:25 <DIR> dr------- c:\users\Cait\Pictures
2008-11-06 20:13 . 2008-11-06 20:19 <DIR> dr------- c:\users\Cait\Music
2008-11-06 20:13 . 2008-11-06 20:19 <DIR> dr------- c:\users\Cait\Links
2008-11-06 20:13 . 2008-11-11 20:33 <DIR> dr------- c:\users\Cait\Downloads
2008-11-06 20:13 . 2008-11-10 18:59 <DIR> dr------- c:\users\Cait\Documents
2008-11-06 20:13 . 2006-11-02 07:37 <DIR> d-------- c:\users\Cait\AppData\Roaming\Media Center Programs
2008-11-06 20:13 . 2008-11-06 20:18 <DIR> d--h----- c:\users\Cait\AppData
2008-11-06 20:13 . 2008-11-09 13:09 <DIR> d-------- c:\users\Cait
2008-11-06 20:07 . 2008-11-06 20:07 <DIR> dr------- c:\windows\System32\config\systemprofile\Contacts
2008-10-28 16:28 . 2008-10-28 16:28 65,320 --a------ c:\windows\System32\sbbd.exe
2008-10-23 04:09 . 2008-10-23 04:09 92,464 --a------ c:\windows\System32\drivers\SBREDrv.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-09 19:11 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-11-09 18:24 --------- d-----w c:\programdata\Symantec
2008-11-08 02:31 --------- d-----w c:\program files\HP Connections
2008-11-08 02:10 319,456 ----a-w c:\windows\DIFxAPI.dll
2008-11-08 02:10 --------- d-----w c:\program files\Realtek
2008-11-07 03:11 --------- d-----w c:\program files\Yahoo!
2008-11-07 01:20 --------- d-----w c:\programdata\Hewlett-Packard
2008-11-07 01:08 --------- d-sh--w c:\programdata\Templates
2008-11-07 01:08 --------- d-sh--w c:\programdata\Start Menu
2008-11-07 01:08 --------- d-sh--w c:\programdata\Favorites
2008-11-07 01:08 --------- d-sh--w c:\programdata\Documents
2008-11-07 01:08 --------- d-sh--w c:\programdata\Desktop
2008-11-07 01:08 --------- d-sh--w c:\programdata\Application Data
2008-08-19 07:24 114,543,616 ----a-w c:\program files\psppx2.msi
2008-08-19 07:22 62,464 ----a-w c:\program files\1031.mst
2008-08-19 07:22 61,440 ----a-w c:\program files\1040.mst
2008-08-19 07:22 61,440 ----a-w c:\program files\1036.mst
2008-08-19 07:22 60,416 ----a-w c:\program files\1043.mst
2008-08-19 07:22 59,392 ----a-w c:\program files\1034.mst
2008-08-19 07:22 578 ----a-w c:\program files\installer.xml
2008-08-19 07:22 226,661,857 ----a-w c:\program files\Data1.cab
2008-08-19 07:22 2,007 ----a-w c:\program files\Setup.ini
2008-08-19 07:22 12,288 ----a-w c:\program files\1033.mst
2008-08-19 06:00 8,904 ----a-w c:\program files\Installer.lang
2007-03-15 07:58 7,242 ----a-w c:\program files\0x040c.ini
2007-03-15 07:58 7,094 ----a-w c:\program files\0x0407.ini
2007-03-15 07:58 7,022 ----a-w c:\program files\0x040a.ini
2007-03-15 07:58 6,897 ----a-w c:\program files\0x0410.ini
2007-03-15 07:58 6,814 ----a-w c:\program files\0x0413.ini
2007-03-15 07:58 6,129 ----a-w c:\program files\0x0409.ini
2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2006-11-02 1196032]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2006-11-16 1480296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"YOP"="c:\progra~1\Yahoo!\YOP\yop.exe" [2008-06-03 509224]
"SBAMTray"="c:\program files\Sunbelt Software\CounterSpy\SBAMTray.exe" [2008-10-28 681256]
"Corel Photo Downloader"="c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2008-08-18 532808]
"Corel File Shell Monitor"="c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2008-08-18 16712]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-22 13539872]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-22 92704]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 c:\windows\RtHDVCpl.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-24 44136]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{2DDCE1F2-AB8F-4848-B8D7-4530760C76E8}"= c:\program files\HP Connections\6811507\Program\HP Connections:HP Connections
"{DF97678A-7C2E-4712-A626-0D879DF8D72D}"= UDP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{94EDD909-FBBA-4DA7-89AA-1DEC70358C33}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{311C9F4D-0064-4C33-8DD0-40B30E045E32}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{C5464D69-428F-40BF-B02F-CDEF2D8C1411}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{6BCBB7CB-43B8-4FB7-9972-5C85DA5CD419}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{C132447B-1833-4370-8039-34E0DBC882DD}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{317862B5-B30A-4F9F-A44C-DF2C5C7BEA23}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= c:\program files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20081110.002\IDSvix86.sys [2008-10-03 270384]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R2 PSI_SVC_2;Protexis Licensing V2;c:\program files\Common Files\Protexis\License Service\PsiService_2.exe [2007-07-24 185632]
R2 SBAMSvc;CounterSpy Antispyware;c:\program files\Sunbelt Software\CounterSpy\SBAMSvc.exe [2008-10-28 886056]
R3 COH_Mon;COH_Mon;c:\windows\system32\Drivers\COH_Mon.sys [2008-07-30 23888]
R3 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2008-10-23 92464]
R3 SYMNDISV;SYMNDISV;c:\windows\system32\Drivers\SYMNDISV.SYS [2008-06-13 41008]

*Newly Created Service* - CATCHME
*Newly Created Service* - COMHOST
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2008-11-11 c:\windows\Tasks\Norton Security Online - Run Full System Scan - Cait.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-08-28 19:43]
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://rogers.yahoo.com
R0 -: HKLM-Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=71&bd=Pavilion&pf=desktop
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-11 20:37:36
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-11-11 20:38:40
ComboFix-quarantined-files.txt 2008-11-12 01:38:36

Pre-Run: 267,139,407,872 bytes free
Post-Run: 267,823,534,080 bytes free

219
Back to top
View user's profile Send private message
patrik
Site Admin


Joined: 08 Jan 2006
Posts: 1866
PostPosted: Wed Nov 12, 2008 9:37 am    Post subject: Reply with quote
Combofix log looks ok.
Please re-run Malwarebytes Anti-malware and post back with output log.
_________________
Free Antispyware: HijackThis, SmitfraudFix, ComboFix, Super Antispyware, Malwarebytes Anti-malware
Instructions: Show hidden files, Reboot in Safe Mode
Back to top
View user's profile Send private message Send e-mail
cait_00



Joined: 11 Nov 2008
Posts: 9
PostPosted: Wed Nov 12, 2008 12:10 pm    Post subject: Reply with quote
Here is the log... it's still finding the trojan, and I'm still having the same problems.



Malwarebytes' Anti-Malware 1.30
Database version: 1381
Windows 6.0.6000

12/11/2008 6:49:16 AM
mbam-log-2008-11-12 (06-49-16).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Objects scanned: 148653
Time elapsed: 47 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.179 85.255.112.223 1.2.3.4 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f25fd468-491f-4863-b63c-389071a315ab}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.179 85.255.112.223 1.2.3.4 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.179 85.255.112.223 1.2.3.4 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{f25fd468-491f-4863-b63c-389071a315ab}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.179 85.255.112.223 1.2.3.4 -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
Back to top
View user's profile Send private message
patrik
Site Admin


Joined: 08 Jan 2006
Posts: 1866
PostPosted: Wed Nov 12, 2008 1:08 pm    Post subject: Reply with quote
Download GMER from here.
Quote:
* Extract the contents of the zipped file to desktop.
* Disconnect from internet and close all running programs.
* Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
* If it gives you a warning about rootkit activity and asks if you want to run scan...say NO.
* Then click the Scan button & wait for it to finish.
* Once done click the Save button & save the log to your desktop.


Post GMER log in your next reply.
_________________
Free Antispyware: HijackThis, SmitfraudFix, ComboFix, Super Antispyware, Malwarebytes Anti-malware
Instructions: Show hidden files, Reboot in Safe Mode
Back to top
View user's profile Send private message Send e-mail
patrik
Site Admin


Joined: 08 Jan 2006
Posts: 1866
PostPosted: Wed Nov 12, 2008 1:20 pm    Post subject: Reply with quote
Please also make a fresh HijackThis log, BUT rename HijackThis.exe before it. Use any random name.
Post back with the log.
_________________
Free Antispyware: HijackThis, SmitfraudFix, ComboFix, Super Antispyware, Malwarebytes Anti-malware
Instructions: Show hidden files, Reboot in Safe Mode
Back to top
View user's profile Send private message Send e-mail
cait_00



Joined: 11 Nov 2008
Posts: 9
PostPosted: Fri Nov 14, 2008 2:40 am    Post subject: Reply with quote
GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-11-13 21:37:25
Windows 6.0.6000


---- System - GMER 1.0.14 ----

SSDT 86E610E0 ZwAlertResumeThread
SSDT 86E611C0 ZwAlertThread
SSDT 86E1F2B8 ZwAllocateVirtualMemory
SSDT 86E5C650 ZwAlpcConnectPort
SSDT 86E61DE0 ZwCreateMutant
SSDT 86E1F340 ZwCreateThread
SSDT 86E61A60 ZwDebugActiveProcess
SSDT 86E60358 ZwFreeVirtualMemory
SSDT 86E61ED0 ZwImpersonateAnonymousToken
SSDT 86E61F90 ZwImpersonateThread
SSDT 86E60278 ZwMapViewOfSection
SSDT 86E61D00 ZwOpenEvent
SSDT 86E854F0 ZwOpenProcessToken
SSDT 86E61B40 ZwOpenSection
SSDT 86E8ADF8 ZwOpenThreadToken
SSDT 86E80008 ZwResumeThread
SSDT 86E8AD18 ZwSetContextThread
SSDT 86E8AEC8 ZwSetInformationProcess
SSDT 86E8AC28 ZwSetInformationThread
SSDT 86E61C20 ZwSuspendProcess
SSDT 86E61308 ZwSuspendThread
SSDT 86EA17A8 ZwTerminateProcess
SSDT 86E613C8 ZwTerminateThread
SSDT 86E897F0 ZwUnmapViewOfSection
SSDT 86E89828 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.14 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 56E 818808EA 2 Bytes [ E6, 86 ]

---- User code sections - GMER 1.0.14 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[4768] USER32.dll!DialogBoxIndirectParamW 76F014DA 5 Bytes JMP 6EE9FEBF C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4768] USER32.dll!MessageBoxExA 76F1570D 5 Bytes JMP 6EE9FE06 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4768] USER32.dll!DialogBoxParamA 76F165BF 5 Bytes JMP 6EE9FE84 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4768] USER32.dll!MessageBoxIndirectW 76F1F1B3 5 Bytes JMP 6ED315DA C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4768] USER32.dll!DialogBoxParamW 76F2129F 5 Bytes JMP 6ED0F205 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4768] USER32.dll!DialogBoxIndirectParamA 76F429B1 5 Bytes JMP 6EE9FEFA C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4768] USER32.dll!MessageBoxIndirectA 76F4FAB7 5 Bytes JMP 6EE9FE40 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4768] USER32.dll!MessageBoxExW 76F4FBB1 5 Bytes JMP 6EE9FDCC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4768] SHELL32.dll!DAD_ShowDragImage + CC 7628E958 4 Bytes [ 01, 0C, C3, 6E ]
.text C:\Program Files\Internet Explorer\iexplore.exe[4768] SHELL32.dll!DAD_ShowDragImage + D4 7628E960 8 Bytes [ 0F, 0B, C3, 6E, 8F, 32, C2, ... ]
.text C:\Users\Cait\AppData\Local\Temp\Temp1_gmer.zip\gmer.exe[5004] ntdll.dll!NtCreateFile + 3 772BF417 2 Bytes [ D9, FA ]

---- User IAT/EAT - GMER 1.0.14 ----

IAT C:\Windows\system32\SearchProtocolHost.exe[2848] @ C:\Windows\system32\ole32.dll [USER32.dll!DialogBoxParamW] [6D3AD52B] C:\Windows\AppPatch\AcSpecfc.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Windows\system32\SearchProtocolHost.exe[2848] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!DialogBoxParamW] [6D3AD52B] C:\Windows\AppPatch\AcSpecfc.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Windows\system32\SearchProtocolHost.exe[2848] @ C:\Windows\system32\SHELL32.dll [USER32.dll!DialogBoxParamW] [6D3AD52B] C:\Windows\AppPatch\AcSpecfc.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6EC1D4D7] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6EC1D03C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CopyFileW] [6EC1B641] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6EC1D1C1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CreateFileW] [6EC1BCBB] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SearchPathW] [6EC1F1D3] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!DeleteFileW] [6EC1C2A1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6EC1D4D7] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CopyFileW] [6EC1B641] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!MoveFileW] [6EC1DDF0] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!DeleteFileW] [6EC1C2A1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetCurrentDirectoryW] [6EC1F43D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindClose] [6EC20D38] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindNextFileW] [6EC1FBC9] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindFirstFileW] [6EC20291] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6EC1D03C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SearchPathW] [6EC1F1D3] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateFileW] [6EC1BCBB] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!WritePrivateProfileStringW] [6EC1B0B4] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6EC1D1C1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetPrivateProfileStringW] [6EC1A910] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegQueryInfoKeyW] [6EC2DB43] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegEnumValueW] [6EC2E4AD] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegOpenKeyExW] [6EC2CBD1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegQueryValueExW] [6EC2D7A7] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegDeleteKeyW] [6EC2CED9] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegCreateKeyExW] [6EC2C659] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegCloseKey] [6EC2CD3D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6EC1D1C1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!ReplaceFileW] [6EC1E0F1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!WritePrivateProfileStringW] [6EC1B0B4] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringW] [6EC1A910] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringA] [6EC1A7B9] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!DeleteFileW] [6EC1C2A1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6EC1D4D7] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesW] [6EC18CF2] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [6EC1BCBB] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileW] [6EC20291] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileW] [6EC1FBC9] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathW] [6EC1F1D3] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesW] [6EC18A99] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesA] [6EC18BC4] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] [6EC1BB72] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileA] [6EC1FF2E] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileA] [6EC1FB56] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindClose] [6EC20D38] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathA] [6EC1EF48] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesA] [6EC1896E] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6EC1D03C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!WinHelpW] [6EC1CF05] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!WinHelpA] [6EC1CDCE] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCloseKey] [6EC2CD3D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExA] [6EC2C4D1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteKeyA] [6EC2CD90] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryInfoKeyA] [6EC2D947] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExA] [6EC2CA59] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExW] [6EC2C659] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExW] [6EC2CBD1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyExW] [6EC2E19D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueW] [6EC2D46B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExW] [6EC2D7A7] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteKeyW] [6EC2CED9] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryInfoKeyW] [6EC2DB43] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumValueW] [6EC2E4AD] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyW] [6EC2DEA9] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyExA] [6EC2E015] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumValueA] [6EC2E325] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyA] [6EC2DD3F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExA] [6EC2D607] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionW] [6EC1A400] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindNextFileW] [6EC1FBC9] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!ReplaceFileW] [6EC1E0F1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionNamesW] [6EC1A682] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileSectionW] [6EC1AE32] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileStringW] [6EC1B0B4] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateHardLinkW] [6EC1BFC3] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CopyFileW] [6EC1B641] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetBinaryTypeW] [6EC1969E] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6EC1D4D7] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileW] [6EC1DDF0] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindFirstFileW] [6EC20291] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindClose] [6EC20D38] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetShortPathNameA] [6EC19300] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesA] [6EC1896E] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SearchPathW] [6EC1F1D3] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileIntW] [6EC1A178] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileStringW] [6EC1A910] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!RemoveDirectoryW] [6EC1EA70] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateDirectoryW] [6EC1E499] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!DeleteFileW] [6EC1C2A1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetFileAttributesW] [6EC18CF2] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesW] [6EC18A99] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW] [6EC1DE15] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetShortPathNameW] [6EC1943F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6EC1D1C1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] [6EC1BCBB] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesExW] [6EC18F5F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6EC1D03C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetLongPathNameW] [6EC191CF] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetCurrentDirectoryW] [6EC1F43D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\SHELL32.dll [USER32.dll!LoadImageW] [6EC1C52B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\SHELL32.dll [USER32.dll!WinHelpW] [6EC1CF05] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\SHELL32.dll [USER32.dll!PrivateExtractIconsW] [6EC1CA20] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyExW] [6EC2CBD1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegCreateKeyExW] [6EC2C659] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegEnumKeyW] [6EC2DEA9] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegEnumValueW] [6EC2E4AD] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegDeleteKeyW] [6EC2CED9] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryInfoKeyW] [6EC2DB43] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryInfoKeyA] [6EC2D947] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegEnumKeyExW] [6EC2E19D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegSetValueW] [6EC2D173] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryValueExW] [6EC2D7A7] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryValueW] [6EC2D46B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyW] [6EC2C91D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegCreateKeyW] [6EC2C391] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryValueExA] [6EC2D607] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyExA] [6EC2CA59] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegCloseKey] [6EC2CD3D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtQueryDirectoryFile] [6EC29194] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FindClose] [6EC20D38] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FindFirstFileW] [6EC20291] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6EC1D4D7] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!SearchPathW] [6EC1F1D3] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!DeleteFileW] [6EC1C2A1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetShortPathNameW] [6EC1943F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileAttributesExW] [6EC18F5F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateFileW] [6EC1BCBB] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6EC1D1C1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileAttributesW] [6EC18A99] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6EC1D03C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegSetValueW] [6EC2D173] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueA] [6EC2D2C3] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegEnumKeyExW] [6EC2E19D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegEnumValueW] [6EC2E4AD] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegEnumKeyA] [6EC2DD3F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegDeleteKeyA] [6EC2CD90] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryInfoKeyW] [6EC2DB43] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryInfoKeyA] [6EC2D947] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueW] [6EC2D46B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegEnumKeyW] [6EC2DEA9] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegCloseKey] [6EC2CD3D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueExW] [6EC2D7A7] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyExW] [6EC2CBD1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegDeleteKeyW] [6EC2CED9] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegCreateKeyExW] [6EC2C659] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueExA] [6EC2D607] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyExA] [6EC2CA59] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueW] [6EC25CE6] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueA] [6EC25C88] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathUnExpandEnvStringsA] [6EC24D7E] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteKeyA] [6EC25098] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteValueW] [6EC25188] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathCreateFromUrlW] [6EC2408B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueA] [6EC25340] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueA] [6EC26188] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueW] [6EC2539B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueW] [6EC261E3] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4768] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathCombineW] [6EC23FE4] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

---- Devices - GMER 1.0.14 ----

AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Files - GMER 1.0.14 ----

File C:\Users\Cait\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CJWS8AW2\vh[1].htm 304 bytes

---- EOF - GMER 1.0.14 ----






Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:40:03 PM, on 13/11/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)
Boot mode: Normal

Running processes:
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\hp\support\hpsysdrv.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\Yahoo!\YOP\yop.exe
C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\conime.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe
C:\Program Files\Common Files\Symantec Shared\SecurityStatusSDK\SSDK02.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://rogers.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=71&bd=Pavilion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01