Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I am infected with rootkit/trojans


  • This topic is locked This topic is locked
5 replies to this topic

#1 snowboardin58

snowboardin58

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:54 PM

Posted 06 October 2009 - 10:17 PM

I also noticed there was an error notice there as well. Here are my results:

Running from: C:\Users\Andrew\Desktop\Win32kDiag.exe

Log file at : C:\Users\Andrew\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\Windows'...



Cannot access: C:\Windows\bthservsdp.dat

[1] 2009-09-22 17:55:36 2771 C:\Windows\bthservsdp.dat ()



Cannot access: C:\Windows\CSC\v2.0.6\pq



ERROR OCCURRED!

------------------------------

Windows Version: Windows Vista SP1

Exception Code: 0xc0000005

Exception Address: 0x00962415

Attempt to write to address: 0x00000000

BC AdBot (Login to Remove)

 


#2 snowboardin58

snowboardin58
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:54 PM

Posted 07 October 2009 - 07:16 PM

I was told to post this log and run something else, but the utility encountered errors, as my log shows.

#3 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:02:54 AM

Posted 14 October 2009 - 12:37 AM

Hi,

Sorry for delayed response. Forums have been really busy. If you still need help with this, do the following:

Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt
  • Save both reports to your desktop. Post them back to your topic.
Download GMER here by clicking download exe -button and then saving it your desktop:
  • Double-click .exe that you downloaded
  • Click rootkit-tab and then scan.
  • Don't check
    Show All
    box while scanning in progress!
  • When scanning is ready, click Copy.
  • This copies log to clipboard
  • Post log in your reply.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#4 snowboardin58

snowboardin58
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:54 PM

Posted 19 October 2009 - 12:25 AM

Its alright, I'm just glad and greatful that people are willing to help out! Thanks.


DDS (Ver_09-10-13.01) - NTFSx86
Run by Andrew at 1:07:34.13 on Mon 10/19/2009
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1033.18.2046.1257 [GMT -4:00]

AV: Kaspersky Anti-Virus *On-access scanning enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: Kaspersky Anti-Virus *enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\CISVC.EXE
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Software Informer\softinfo.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\UI0Detect.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Andrew\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.altavista.com/
uInternet Settings,ProxyServer = 85.90.84.131:8080
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.2.2.28.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: OToolbarHelper Class: {ead3a971-6a23-4246-8691-c9244e858967} - c:\program files\paypal\paypal plug-in\PayPalHelper.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: PayPal Plug-In: {dc0f2f93-27fa-4f84-acaa-9416f90b9511} - c:\program files\paypal\paypal plug-in\OToolbar.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [ISUSPM] "c:\programdata\macrovision\flexnet connect\6\ISUSPM.exe" -scheduler
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [Software Informer] "c:\program files\software informer\softinfo.exe" -autorun
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~1.EXE -Update -1100458 -Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.0.04506; .NET CLR 3.5.21022; Zune 2.5; InfoPath.2)
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.2.2.28.dll/206
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - hxxps://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://www.astonmartin.com/configurator/dbs_load.html
DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} - hxxp://download.boulder.ibm.com/ibmdl/pub/pc/pccbbs/bp_pc/acpirexe.cab
TCP: NameServer = 85.255.112.62,85.255.112.231
TCP: {2118D478-2867-42F5-8DF0-79AA6A46D9A6} = 85.255.112.62,85.255.112.231
TCP: {4EBB6FDC-1C2D-4C4D-99E5-0E1857D0BB24} = 85.255.112.62,85.255.112.231
TCP: {A362BDF0-4F9E-44FB-9540-BBAD5B6C8807} = 85.255.112.62,85.255.112.231
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
STS: Windows DreamScene: {e31004d1-a431-41b8-826f-e902f9d95c81} - %SystemRoot%\System32\DreamScene.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\andrew\appdata\roaming\mozilla\firefox\profiles\zmjkaqhy.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.altavista.com/
FF - component: c:\program files\paypal\paypal plug-in\components\PayPalPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-8-23 64160]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-9-23 206256]
R1 UserPort;UserPort;c:\windows\system32\drivers\UserPort.sys [2009-5-22 4256]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-7-3 1028432]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-9-5 24652]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-5-11 179712]
R3 BTHprint;Microsoft Bluetooth Printer Class;c:\windows\system32\drivers\BTHPRINT.SYS [2008-6-17 29696]
S2 Par1284;Par1284;c:\program files\cutting master 2 1.60\program\Par1284.sys [2009-4-17 53344]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-9-23 348752]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2008-6-17 16896]

=============== Created Last 30 ================

2009-10-05 23:11 <DIR> --d----- c:\program files\SpywareBlaster
2009-09-23 02:03 318,976 a------- c:\windows\system32\CF19007.exe
2009-09-23 02:03 <DIR> --ds---- C:\ComboFix
2009-09-23 01:08 7,396 a------- c:\windows\system32\drivers\pctcore.cat
2009-09-23 00:56 <DIR> --d----- c:\program files\Software Informer
2009-09-23 00:40 159,600 a------- c:\windows\system32\drivers\pctgntdi.sys
2009-09-23 00:40 206,256 a------- c:\windows\system32\drivers\PCTCore.sys
2009-09-23 00:40 73,840 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-09-23 00:39 64,392 a------- c:\windows\system32\drivers\pctplsg.sys
2009-09-23 00:39 <DIR> --d----- c:\program files\common files\PC Tools
2009-09-23 00:39 <DIR> --d----- c:\programdata\PC Tools
2009-09-23 00:39 <DIR> --d----- c:\progra~2\PC Tools
2009-09-23 00:39 <DIR> --d----- c:\users\andrew\appdata\roaming\PC Tools
2009-09-23 00:39 <DIR> --d----- c:\program files\Spyware Doctor
2009-09-22 21:12 <DIR> --d----- C:\SRN Micro
2009-09-22 18:51 <DIR> --d----- c:\program files\DARKMOON Removal Tool

==================== Find3M ====================

2009-10-18 20:48 156,400 a------- c:\users\andrew\appdata\roaming\nvModes.dat
2009-10-05 15:21 2,828 a--sh--- c:\programdata\KGyGaAvL.sys
2009-10-05 15:21 2,828 a--sh--- c:\progra~2\KGyGaAvL.sys
2009-10-04 23:43 44,544 a------- c:\windows\system32\agremove.exe
2009-09-23 02:01 318,976 a------- c:\windows\system32\CF2968.exe
2009-09-22 17:55 2,771 a------- c:\windows\bthservsdp.dat
2009-09-22 17:42 51,200 a------- c:\windows\inf\infpub.dat
2009-09-22 17:42 86,016 a------- c:\windows\inf\infstor.dat
2009-09-22 17:42 143,360 a------- c:\windows\inf\infstrng.dat
2009-09-14 02:12 229,888 a------- c:\windows\PEV.exe
2008-06-23 10:03 174 a--sh--- c:\program files\desktop.ini
2008-06-23 09:49 665,600 a------- c:\windows\inf\drvindex.dat
2008-06-02 14:30 88 ---shr-- c:\programdata\985AA8CF3A.sys
2008-06-02 14:30 88 ---shr-- c:\progra~2\985AA8CF3A.sys
2006-11-02 08:40 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:40 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:40 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:40 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 1:08:12.18 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-10-13.01)

Microsoft® Windows Vista™ Ultimate
Boot Device: \Device\HarddiskVolume2
Install Date: 5/14/2008 9:08:15 PM
System Uptime: 10/19/2009 1:00:36 AM (0 hours ago)

Motherboard: LENOVO | | IEL10
Processor: Intel® Core™2 Duo CPU T7500 @ 2.20GHz | U2E1 | 2201/mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 144 GiB total, 27.089 GiB free.
D: is CDROM ()
E: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart C7100 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Photosmart C7100 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Officejet J6400 series
Device ID: ROOT\MULTIFUNCTION\0001
Manufacturer: HP
Name: Officejet J6400 series
PNP Device ID: ROOT\MULTIFUNCTION\0001
Service:

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: hp LaserJet 4350
Device ID: ROOT\MULTIFUNCTION\0002
Manufacturer: Hewlett-Packard
Name: hp LaserJet 4350
PNP Device ID: ROOT\MULTIFUNCTION\0002
Service:

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: hp LaserJet 4350
Device ID: ROOT\MULTIFUNCTION\0003
Manufacturer: Hewlett-Packard
Name: hp LaserJet 4350
PNP Device ID: ROOT\MULTIFUNCTION\0003
Service:

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart C4380 series
Device ID: ROOT\MULTIFUNCTION\0004
Manufacturer: HP
Name: Photosmart C4380 series
PNP Device ID: ROOT\MULTIFUNCTION\0004
Service:

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart Plus B209a-m
Device ID: ROOT\MULTIFUNCTION\0005
Manufacturer: HP
Name: Photosmart Plus B209a-m
PNP Device ID: ROOT\MULTIFUNCTION\0005
Service:

Class GUID: {4d36e978-e325-11ce-bfc1-08002be10318}
Description: Printer Port
Device ID: ROOT\UNKNOWN\0000
Manufacturer: (Standard port types)
Name: Printer Port (LPT3)
PNP Device ID: ROOT\UNKNOWN\0000
Service: Parport

==== System Restore Points ===================


==== Installed Programs ======================

µTorrent
2007 Microsoft Office Suite Service Pack 1 (SP1)
32 Bit HP CIO Components Installer
7-Zip 4.57
Active@ ISO Burner v 1.1
Ad-Aware
Adobe Acrobat 8 Professional - English, Français, Deutsch
Adobe Acrobat 8.1.0 Professional
Adobe Anchor Service CS3
Adobe Anchor Service CS4
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge CS4
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS3
Adobe Device Central CS4
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe Illustrator CS4
Adobe Linguistics CS3
Adobe Linguistics CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Shockwave Player
Adobe Stock Photos CS3
Adobe Type Support CS4
Adobe Update Manager CS3
Adobe Update Manager CS4
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Advanced SystemCare 3
AIM 6
AIO_CDA_ProductContext
AIO_CDA_Software
AIO_Scan
Alarm Clock v1.0
Apple Software Update
Autodesk Design Review 2009
BdmToGo 1.xxx
BitComet 1.01
BufferChm
C7100
c7100_Help
CigarBriefcase
Connect
Convecto Tryout
Copy
CorelDRAW Graphics Suite X4
CorelDRAW Graphics Suite X4 - Capture
CorelDRAW Graphics Suite X4 - Content
CorelDRAW Graphics Suite X4 - Draw
CorelDRAW Graphics Suite X4 - Filters
CorelDRAW Graphics Suite X4 - FontNav
CorelDRAW Graphics SUite X4 - ICA
CorelDRAW Graphics Suite X4 - IPM
CorelDRAW Graphics Suite X4 - Lang EN
CorelDRAW Graphics Suite X4 - PP
CorelDRAW Graphics Suite X4 - VBA
CorelDRAW® Graphics Suite X4
CorelDRAW® Graphics Suite X4 - Windows Shell Extension
Counter-Strike: Source
Cutting Master 2 1.50
Cutting Master 2 1.60
dBpoweramp DSP Effects
dBpoweramp Music Converter
Destinations
DeviceManagementQFolder
DivX Web Player
DocProc
DocProcQFolder
Fax
FlexiSIGN-PRO 8.1v1
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Imaging Device Functions 8.0
HP OCR Software 8.0
HP Photosmart.All-In-One Driver Software 8.0 .A
HP USB Disk Storage Format Tool
Inkscape 0.46
Java™ 6 Update 5
JFirewallTest
kuler
Lenovo Fingerprint Software
LimeWire 4.16.7
MediaMonkey 3.0
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Ultimate 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server Compact 3.5 Design Tools ENU
Microsoft SQL Server Compact 3.5 ENU
Microsoft VC9 runtime libraries
Microsoft Visual C# 2008 Express Edition - ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework
Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32
Microsoft XNA Framework Redistributable 3.0 (CTP)
Microsoft XNA Game Studio 3.0 (CTP)
Microsoft XNA Game Studio 3.0 (CTP) (ARP entry)
Microsoft XNA Game Studio 3.0 (CTP) (Redists)
Microsoft XNA Game Studio 3.0 (CTP) (shared components)
Microsoft XNA Game Studio 3.0 (CTP) (vcsexpress)
Microsoft XNA Game Studio 3.0 (CTP) (xnaliveproxy)
Microsoft XNA Game Studio 3.0 (CTP) Documentation
Minitab 15 English
Mozilla Firefox (3.0.14)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
NetDeviceManager
NVIDIA Drivers
Oracle IRM Desktop 5.5.12 10gR3 PR5
PayPal Plug-In
PCLinq2 High-Speed USB Bridge Cable
PDF Settings CS4
Photoshop Camera Raw
Plato DVD Ripper Professional 6.66.9
QuickTime
ReadyDriver Plus 1.1
Scan
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB958439)
Security Update for Microsoft Office Excel 2007 (KB958437)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
SignLab 8.0 Demo (C:\CADlink\SignLab 8.0 Demo)
Software Informer 1.0 BETA
Spybot - Search & Destroy
Spyware Doctor 6.1
SpywareBlaster 4.2
Status
Steam
Suite Shared Configuration CS4
T5Suite
T7Suite
T7Tool
TI Connect 1.6
Toolbox
TrayApp
UnloadSupport
Update for Microsoft Office 2007 Help for Common Features (KB957244)
Update for Microsoft Office Access 2007 Help (KB957241)
Update for Microsoft Office Excel 2007 Help (KB957242)
Update for Microsoft Office InfoPath 2007 Help (KB957243)
Update for Microsoft Office OneNote 2007 Help (KB957245)
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Microsoft Office Outlook 2007 Help (KB957246)
Update for Microsoft Office PowerPoint 2007 Help (KB957247)
Update for Microsoft Office Publisher 2007 Help (KB957249)
Update for Microsoft Office Word 2007 Help (KB957252)
Update for Microsoft Script Editor Help (KB957253)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb959634)
VBA (2627.01)
VC Runtimes MSI
VideoLAN VLC media player 0.8.6h
Viewpoint Media Player
Visual Basic for Applications ® Core
Visual Basic for Applications ® Core - English
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual Production Manager Demo (C:\CADlink\Visual Production Manager Demo)
WebReg
Windows Mobile Device Center
Windows Mobile Device Center Driver Update
Windows Sound Schemes
WinRAR archiver
Xvid 1.1.3 final uninstall
ZControlV2.0 (remove only)
ZEMulator Demo
zSuite
ZTalk (remove only)
Zune Software Customizer 2.5

==== End Of File ===========================

GMER 1.0.15.15163 - http://www.gmer.net
Rootkit scan 2009-10-19 01:18:40
Windows 6.0.6001 Service Pack 1
Running: evr99flm.exe; Driver: C:\Users\Andrew\AppData\Local\Temp\kwryrkob.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0x8A7CD9A6]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0x8A7CDB98]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0x8A7CD656]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateUserProcess [0x8A7CDDA0]

INT 0x61 ? 908E62D0
INT 0x71 ? 908E6550

Code 90A46B08 ZwEnumerateKey
Code 90A46AD0 ZwFlushInstructionCache
Code 90A46A96 ZwSaveKey
Code 909D1476 ZwSaveKeyEx
Code 90AC0F95 IofCallDriver
Code 90A313FE IofCompleteRequest

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!IofCallDriver 84883169 5 Bytes JMP 90AC0F9A
.text ntoskrnl.exe!IofCompleteRequest 848831D6 5 Bytes JMP 90A31403
.text ntoskrnl.exe!KeInsertQueue + 3F9 848AA9F0 8 Bytes [A6, D9, 7C, 8A, 98, DB, 7C, ...]
.text ntoskrnl.exe!KeInsertQueue + 811 848AAE08 4 Bytes [56, D6, 7C, 8A] {PUSH ESI; SALC ; JL 0xffffffffffffff8e}
.text ntoskrnl.exe!KeInsertQueue + 8D5 848AAECC 4 Bytes [A0, DD, 7C, 8A]
PAGE ntoskrnl.exe!ZwFlushInstructionCache 849E51C2 5 Bytes JMP 90A46AD4
PAGE ntoskrnl.exe!ZwEnumerateKey 84A1058C 5 Bytes JMP 90A46B0C
PAGE ntoskrnl.exe!ZwSaveKey 84A8632F 5 Bytes JMP 90A46A9A
PAGE ntoskrnl.exe!ZwSaveKeyEx 84A86436 5 Bytes JMP 909D147A

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\System32\spoolsv.exe[1796] ntdll.dll!NtClose 770B7F48 5 Bytes JMP 028E6E60 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\Windows\System32\spoolsv.exe[1796] ntdll.dll!NtMapViewOfSection 770B8758 5 Bytes JMP 028E8E20 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\Windows\System32\spoolsv.exe[1796] ntdll.dll!NtQueryDirectoryFile 770B89E8 5 Bytes JMP 028E5620 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\Windows\System32\spoolsv.exe[1796] kernel32.dll!MoveFileA 759A24CD 5 Bytes JMP 028E9EC0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\Windows\System32\spoolsv.exe[1796] kernel32.dll!CopyFileW 759A6FAD 5 Bytes JMP 028E9CA0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\Windows\System32\spoolsv.exe[1796] kernel32.dll!FlushFileBuffers 759A8685 5 Bytes JMP 028E7500 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\Windows\System32\spoolsv.exe[1796] kernel32.dll!MoveFileW 759AA672 5 Bytes JMP 028EA130 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\Windows\System32\spoolsv.exe[1796] kernel32.dll!SetEndOfFile 759B7FFC 5 Bytes JMP 028E79B0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\Windows\System32\spoolsv.exe[1796] kernel32.dll!SetFileTime 759B8095 5 Bytes JMP 028E7DC0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\Windows\System32\spoolsv.exe[1796] kernel32.dll!GetFileAttributesExW 759BA64F 5 Bytes JMP 028E7BD0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\Windows\System32\spoolsv.exe[1796] kernel32.dll!GetFileTime 759BA7F8 5 Bytes JMP 028E7CC0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\Windows\System32\spoolsv.exe[1796] kernel32.dll!DeleteFileW 759BC5C8 5 Bytes JMP 028E81A0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\Windows\System32\spoolsv.exe[1796] kernel32.dll!DeleteFileA 759BC6E4 5 Bytes JMP 028E8060 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\Windows\System32\spoolsv.exe[1796] kernel32.dll!SetFilePointerEx 759BF1FE 5 Bytes JMP 028E76D0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\Windows\System32\spoolsv.exe[1796] kernel32.dll!_hread 759BF9D6 5 Bytes JMP 028E82E0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\Windows\System32\spoolsv.exe[1796] kernel32.dll!_llseek 759BFA04 5 Bytes JMP 028E8420 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\Windows\System32\spoolsv.exe[1796] kernel32.dll!MoveFileExW 759C1070 5 Bytes JMP 028EA3A0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\Windows\System32\spoolsv.exe[1796] kernel32.dll!CreateFileMappingW 759C22E8 5 Bytes JMP 028E8A40 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\Windows\System32\spoolsv.exe[1796] kernel32.dll!FindNextFileW 759CA6C1 5 Bytes JMP 028E8880 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\Windows\System32\spoolsv.exe[1796] kernel32.dll!SetFilePointer 759CC959 5 Bytes JMP 028E7580 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\Windows\System32\spoolsv.exe[1796] kernel32.dll!GetFileAttributesA 759CFC52 5 Bytes JMP 028E7AD0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\Windows\System32\spoolsv.exe[1796] kernel32.dll!FindFirstFileA 759D06F2 5 Bytes JMP 028E84B0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\Windows\System32\spoolsv.exe[1796] kernel32.dll!FindNextFileA 759D1329 5 Bytes JMP 028E8810 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\Windows\System32\spoolsv.exe[1796] kernel32.dll!ReadFile 759E03F8 5 Bytes JMP 028E6FD0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\Windows\System32\spoolsv.exe[1796] kernel32.dll!FindFirstFileExW 759E0A33 5 Bytes JMP 028E8690 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\Windows\System32\spoolsv.exe[1796] kernel32.dll!FindFirstFileW 759E0D9D 5 Bytes JMP 028E85A0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\Windows\System32\spoolsv.exe[1796] kernel32.dll!FindClose 759E0E1C 5 Bytes JMP 028E87A0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\Windows\System32\spoolsv.exe[1796] kernel32.dll!DuplicateHandle 759E42F4 5 Bytes JMP 028EA730 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\Windows\System32\spoolsv.exe[1796] kernel32.dll!GetFileAttributesW 759E8A41 5 Bytes JMP 028E7B50 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\Windows\System32\spoolsv.exe[1796] kernel32.dll!GetFileSizeEx 759E8B67 5 Bytes JMP 028E78E0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\Windows\System32\spoolsv.exe[1796] kernel32.dll!GetFileSize 759E8BA6 5 Bytes JMP 028E7810 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\Windows\System32\spoolsv.exe[1796] kernel32.dll!OpenFileMappingW 759EC817 5 Bytes JMP 028E8D00 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\Windows\System32\spoolsv.exe[1796] kernel32.dll!WriteFile 759EC906 5 Bytes JMP 028E7250 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\Windows\System32\spoolsv.exe[1796] kernel32.dll!CreateFileW 759ECC4E 5 Bytes JMP 028E9540 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\Windows\System32\spoolsv.exe[1796] kernel32.dll!CreateFileA 759ECF71 5 Bytes JMP 028E9020 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\Windows\System32\spoolsv.exe[1796] kernel32.dll!GetFileType 759ED305 5 Bytes JMP 028E7EC0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\Windows\System32\spoolsv.exe[1796] kernel32.dll!CopyFileA 759F1F87 5 Bytes JMP 028E9A80 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\Windows\System32\spoolsv.exe[1796] kernel32.dll!LockFile 759F3660 5 Bytes JMP 028E7F40 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\Windows\System32\spoolsv.exe[1796] kernel32.dll!UnlockFile 759F3737 5 Bytes JMP 028E7FD0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\Windows\System32\spoolsv.exe[1796] kernel32.dll!GetShortPathNameA 759F5A87 5 Bytes JMP 028E88F0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\Windows\System32\spoolsv.exe[1796] kernel32.dll!ReplaceFile 75A2FF3F 5 Bytes JMP 028EA630 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\Windows\System32\spoolsv.exe[1796] kernel32.dll!_hwrite 75A317C1 5 Bytes JMP 028E8380 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\Windows\System32\spoolsv.exe[1796] USER32.dll!GetDCEx 75CFCFF1 5 Bytes JMP 028E5BB0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\Windows\System32\spoolsv.exe[1796] USER32.dll!GetDC 75D09562 5 Bytes JMP 028E5B40 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\Windows\System32\spoolsv.exe[1796] USER32.dll!ReleaseDC 75D1079D 5 Bytes JMP 028E6190 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\Windows\System32\spoolsv.exe[1796] USER32.dll!GetWindowDC 75D10B04 5 Bytes JMP 028E5C30 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\Windows\System32\spoolsv.exe[1796] USER32.dll!PrintWindow 75D20929 5 Bytes JMP 028E6320 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\Windows\System32\spoolsv.exe[1796] GDI32.dll!DeleteDC 76036A44 5 Bytes JMP 028E6220 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\Windows\System32\spoolsv.exe[1796] GDI32.dll!BitBlt 76036CE7 5 Bytes JMP 028E5CA0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\Windows\System32\spoolsv.exe[1796] GDI32.dll!StretchBlt 7603866E 5 Bytes JMP 028E6050 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\Windows\System32\spoolsv.exe[1796] GDI32.dll!CreateDCA 7603AC01 5 Bytes JMP 028E5780 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\Windows\System32\spoolsv.exe[1796] GDI32.dll!CreateDCW 7603ADA5 5 Bytes JMP 028E5960 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\Windows\System32\spoolsv.exe[1796] GDI32.dll!GetPixel 7603CC58 5 Bytes JMP 028E5E50 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\Windows\System32\spoolsv.exe[1796] GDI32.dll!GetMetaFileW 7603DE6D 5 Bytes JMP 028E6820 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\Windows\System32\spoolsv.exe[1796] GDI32.dll!GetEnhMetaFileW 7603DEAE 5 Bytes JMP 028E6930 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\Windows\System32\spoolsv.exe[1796] GDI32.dll!CopyMetaFileW 76049C41 5 Bytes JMP 028E6A40 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\Windows\System32\spoolsv.exe[1796] GDI32.dll!GetMetaFileA 76061A2D 5 Bytes JMP 028E63F0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\Windows\System32\spoolsv.exe[1796] GDI32.dll!CopyMetaFileA 760626D0 5 Bytes JMP 028E6610 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\Windows\System32\spoolsv.exe[1796] GDI32.dll!StartDocW 76063A31 5 Bytes JMP 028ECDA0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\Windows\System32\spoolsv.exe[1796] GDI32.dll!StartDocA 76063F69 5 Bytes JMP 028EBDE0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\Windows\System32\spoolsv.exe[1796] GDI32.dll!CopyEnhMetaFileW 7606B4BF 5 Bytes JMP 028E6C50 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\Windows\System32\spoolsv.exe[1796] GDI32.dll!GetEnhMetaFileA 7606B5C6 5 Bytes JMP 028E6500 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\Windows\System32\spoolsv.exe[1796] ole32.dll!DoDragDrop 76E7161A 5 Bytes JMP 028E8F20 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3312] USER32.dll!DialogBoxIndirectParamW 75CFBD25 5 Bytes JMP 6E0F5CBB C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3312] USER32.dll!DialogBoxParamW 75D11FD5 5 Bytes JMP 6E0F5C45 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3312] USER32.dll!DialogBoxParamA 75D380B2 5 Bytes JMP 6E0F5C80 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3312] USER32.dll!DialogBoxIndirectParamA 75D383DD 5 Bytes JMP 6E0F5CF6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3312] USER32.dll!MessageBoxIndirectA 75D4D471 5 Bytes JMP 6E0F5C01 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3312] USER32.dll!MessageBoxIndirectW 75D4D56B 5 Bytes JMP 6E0F5BBD C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3312] USER32.dll!MessageBoxExA 75D4D5D1 5 Bytes JMP 6E0F5B83 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3312] USER32.dll!MessageBoxExW 75D4D5F5 5 Bytes JMP 6E0F5B49 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3312] SHELL32.dll!SHRestricted + DFD 762F8390 4 Bytes [99, 0B, DE, 68]
.text C:\Program Files\Internet Explorer\iexplore.exe[3312] SHELL32.dll!SHRestricted + E05 762F8398 8 Bytes [A7, 0A, DE, 68, A4, 32, DD, ...] {CMPSD ; OR BL, DH; PUSH 0x68dd32a4}
.text C:\Program Files\Internet Explorer\iexplore.exe[3312] SHELL32.dll!SHBindToObject + 693 762FA9B8 4 Bytes [99, 0B, DE, 68]
.text C:\Program Files\Internet Explorer\iexplore.exe[3312] SHELL32.dll!SHBindToObject + 69B 762FA9C0 4 Bytes [A7, 0A, DE, 68]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[3240] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74207BA4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3240] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [742498C5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3240] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7420D3C8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3240] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [741FF527] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3240] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74207599] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3240] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [741FE43D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3240] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [7423B33D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3240] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7420D68A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3240] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7420012E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3240] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [74200095] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3240] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [741F71F3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3240] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7428D802] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3240] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [742275E1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3240] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [741FDAE1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3240] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [741F668F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3240] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [741F66BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3240] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74201E45] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [68DCD537] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [68DCD09C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CopyFileW] [68DCB6A1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [68DCD221] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CreateFileW] [68DCBD1B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SearchPathW] [68DCF233] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!DeleteFileW] [68DCC301] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SearchPathW] [68DCF233] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [68DCD537] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CopyFileW] [68DCB6A1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!MoveFileW] [68DCDE50] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!DeleteFileW] [68DCC301] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetCurrentDirectoryW] [68DCF49D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindClose] [68DD0D4C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindNextFileW] [68DCFC09] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindFirstFileW] [68DD02A5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [68DCD09C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateFileW] [68DCBD1B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!WritePrivateProfileStringW] [68DCB114] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [68DCD221] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetPrivateProfileStringW] [68DCA970] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegQueryInfoKeyW] [68DDDB0F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegEnumValueW] [68DDE479] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegOpenKeyExW] [68DDCB9D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegQueryValueExW] [68DDD773] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegDeleteKeyW] [68DDCEA5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegCreateKeyExW] [68DDC625] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegCloseKey] [68DDCD09] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindClose] [68DD0D4C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindFirstFileA] [68DCFF42] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindNextFileA] [68DCFB96] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindFirstFileW] [68DD02A5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindNextFileW] [68DCFC09] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetFileAttributesA] [68DC89D0] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetCurrentDirectoryA] [68DCEBFB] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetFileAttributesA] [68DC8C26] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateDirectoryA] [68DCE3CB] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!RemoveDirectoryA] [68DCE9A5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!DeleteFileA] [68DCC1D6] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetFileAttributesW] [68DC8AFB] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetCurrentDirectoryW] [68DCF49D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetFileAttributesW] [68DC8D54] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateDirectoryW] [68DCE4F9] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!DeleteFileW] [68DCC301] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!MoveFileW] [68DCDE50] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!RemoveDirectoryW] [68DCEAD0] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!MoveFileA] [68DCDDDD] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [68DCD09C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateFileA] [68DCBBD2] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateFileW] [68DCBD1B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryW] [68DCD221] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [68DCD221] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!ReplaceFileW] [68DCE151] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!WritePrivateProfileStringW] [68DCB114] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringW] [68DCA970] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringA] [68DCA819] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!DeleteFileW] [68DCC301] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [68DCD537] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesW] [68DC8D54] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [68DCBD1B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileW] [68DD02A5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileW] [68DCFC09] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathW] [68DCF233] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesW] [68DC8AFB] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesA] [68DC8C26] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] [68DCBBD2] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileA] [68DCFF42] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileA] [68DCFB96] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindClose] [68DD0D4C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathA] [68DCEFA8] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesA] [68DC89D0] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [68DCD09C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!WinHelpW] [68DCCF65] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!WinHelpA] [68DCCE2E] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCloseKey] [68DDCD09] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExA] [68DDC49D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteKeyA] [68DDCD5C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryInfoKeyA] [68DDD913] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExA] [68DDCA25] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExW] [68DDC625] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExW] [68DDCB9D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyExW] [68DDE169] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueW] [68DDD437] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteKeyW] [68DDCEA5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryInfoKeyW] [68DDDB0F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExW] [68DDD773] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumValueW] [68DDE479] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyW] [68DDDE75] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyExA] [68DDDFE1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumValueA] [68DDE2F1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyA] [68DDDD0B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExA] [68DDD5D3] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionW] [68DCA460] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindNextFileW] [68DCFC09] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!ReplaceFileW] [68DCE151] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionNamesW] [68DCA6E2] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileSectionW] [68DCAE92] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileStringW] [68DCB114] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateHardLinkW] [68DCC023] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CopyFileW] [68DCB6A1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetBinaryTypeW] [68DC9700] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [68DCD537] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileW] [68DCDE50] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindFirstFileW] [68DD02A5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindClose] [68DD0D4C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetShortPathNameA] [68DC9362] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesA] [68DC89D0] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SearchPathW] [68DCF233] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileIntW] [68DCA1D8] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileStringW] [68DCA970] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!RemoveDirectoryW] [68DCEAD0] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateDirectoryW] [68DCE4F9] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!DeleteFileW] [68DCC301] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetFileAttributesW] [68DC8D54] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesW] [68DC8AFB] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW] [68DCDE75] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetShortPathNameW] [68DC94A1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [68DCD221] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] [68DCBD1B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesExW] [68DC8FC1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [68DCD09C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetLongPathNameW] [68DC9231] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetCurrentDirectoryW] [68DCF49D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\SHELL32.dll [USER32.dll!LoadImageW] [68DCC58B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\SHELL32.dll [USER32.dll!WinHelpW] [68DCCF65] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\SHELL32.dll [USER32.dll!PrivateExtractIconsW] [68DCCA80] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyExW] [68DDCB9D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegCreateKeyExW] [68DDC625] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegEnumKeyW] [68DDDE75] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegEnumValueW] [68DDE479] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegDeleteKeyW] [68DDCEA5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryInfoKeyW] [68DDDB0F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryInfoKeyA] [68DDD913] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegEnumKeyExW] [68DDE169] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegSetValueW] [68DDD13F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryValueExW] [68DDD773] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryValueW] [68DDD437] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyW] [68DDC8E9] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegCreateKeyW] [68DDC35D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryValueExA] [68DDD5D3] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyExA] [68DDCA25] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegCloseKey] [68DDCD09] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtQueryDirectoryFile] [68DD91AC] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FindClose] [68DD0D4C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FindFirstFileW] [68DD02A5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [68DCD537] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!SearchPathW] [68DCF233] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!DeleteFileW] [68DCC301] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetShortPathNameW] [68DC94A1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileAttributesExW] [68DC8FC1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateFileW] [68DCBD1B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [68DCD221] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileAttributesW] [68DC8AFB] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [68DCD09C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegSetValueW] [68DDD13F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueA] [68DDD28F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegEnumKeyExW] [68DDE169] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegEnumValueW] [68DDE479] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegEnumKeyA] [68DDDD0B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegDeleteKeyA] [68DDCD5C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryInfoKeyW] [68DDDB0F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryInfoKeyA] [68DDD913] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueW] [68DDD437] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegEnumKeyW] [68DDDE75] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegCloseKey] [68DDCD09] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueExW] [68DDD773] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyExW] [68DDCB9D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegDeleteKeyW] [68DDCEA5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegCreateKeyExW] [68DDC625] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueExA] [68DDD5D3] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyExA] [68DDCA25] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueW] [68DD5CFD] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueA] [68DD5C9F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathUnExpandEnvStringsA] [68DD4D95] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteKeyA] [68DD50AF] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteValueW] [68DD519F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathCreateFromUrlW] [68DD40A2] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueA] [68DD5357] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueA] [68DD619F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueW] [68DD53B2] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueW] [68DD61FA] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3312] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathCombineW] [68DD3FFB] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\AIM6\aolsoftware.exe[3380] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3380] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3380] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3380] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3380] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3380] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3380] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3380] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3380] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3380] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3380] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3380] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3380] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3380] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3380] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3380] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3380] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3380] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3380] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3380] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3380] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3380] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3380] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3380] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3380] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3380] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3380] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3380] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3380] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3380] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3380] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3380] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3380] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3380] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3380] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3492] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3492] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3492] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3492] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3492] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3492] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3492] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3492] @ C:\Windows\system32\MSVCRT.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3492] @ C:\Windows\system32\MSVCRT.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3492] @ C:\Windows\system32\MSVCRT.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3492] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3492] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3492] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3492] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3492] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3492] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3492] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3492] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3492] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3492] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3492] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3492] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3492] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3492] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3492] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3492] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3492] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3492] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3492] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3492] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3492] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3492] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3492] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\BTHUSB \Device\0000006c bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device \Driver\BTHUSB \Device\0000006e bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Services - GMER 1.0.15 ----

Service C:\Windows\system32\drivers\ESQULbqvrnkccrufabxfcukiypgeetuptwisa.sys (*** hidden *** ) [SYSTEM] ESQULserv.sys <-- ROOTKIT !!!

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 01: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 02: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 03: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 04: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 05: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 06: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 07: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 08: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 09: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 10: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 11: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 12: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 13: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 14: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 15: copy of MBR
Disk \Device\Harddisk0\DR0 sector 16: copy of MBR
Disk \Device\Harddisk0\DR0 sector 17: copy of MBR
Disk \Device\Harddisk0\DR0 sector 18: copy of MBR
Disk \Device\Harddisk0\DR0 sector 19: copy of MBR
Disk \Device\Harddisk0\DR0 sector 20: copy of MBR
Disk \Device\Harddisk0\DR0 sector 21: copy of MBR
Disk \Device\Harddisk0\DR0 sector 22: copy of MBR
Disk \Device\Harddisk0\DR0 sector 23: copy of MBR
Disk \Device\Harddisk0\DR0 sector 24: copy of MBR
Disk \Device\Harddisk0\DR0 sector 25: copy of MBR
Disk \Device\Harddisk0\DR0 sector 26: copy of MBR
Disk \Device\Harddisk0\DR0 sector 27: copy of MBR
Disk \Device\Harddisk0\DR0 sector 28: copy of MBR
Disk \Device\Harddisk0\DR0 sector 29: copy of MBR
Disk \Device\Harddisk0\DR0 sector 30: copy of MBR
Disk \Device\Harddisk0\DR0 sector 31: copy of MBR
Disk \Device\Harddisk0\DR0 sector 32: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 33: copy of MBR
Disk \Device\Harddisk0\DR0 sector 34: copy of MBR
Disk \Device\Harddisk0\DR0 sector 35: copy of MBR
Disk \Device\Harddisk0\DR0 sector 36: copy of MBR
Disk \Device\Harddisk0\DR0 sector 37: copy of MBR
Disk \Device\Harddisk0\DR0 sector 38: copy of MBR
Disk \Device\Harddisk0\DR0 sector 39: copy of MBR
Disk \Device\Harddisk0\DR0 sector 40: copy of MBR
Disk \Device\Harddisk0\DR0 sector 41: copy of MBR
Disk \Device\Harddisk0\DR0 sector 42: copy of MBR
Disk \Device\Harddisk0\DR0 sector 43: copy of MBR
Disk \Device\Harddisk0\DR0 sector 44: copy of MBR
Disk \Device\Harddisk0\DR0 sector 45: copy of MBR
Disk \Device\Harddisk0\DR0 sector 46: copy of MBR
Disk \Device\Harddisk0\DR0 sector 47: copy of MBR
Disk \Device\Harddisk0\DR0 sector 48: copy of MBR
Disk \Device\Harddisk0\DR0 sector 49: copy of MBR
Disk \Device\Harddisk0\DR0 sector 50: copy of MBR
Disk \Device\Harddisk0\DR0 sector 51: copy of MBR
Disk \Device\Harddisk0\DR0 sector 52: copy of MBR
Disk \Device\Harddisk0\DR0 sector 53: copy of MBR
Disk \Device\Harddisk0\DR0 sector 54: copy of MBR
Disk \Device\Harddisk0\DR0 sector 55: copy of MBR
Disk \Device\Harddisk0\DR0 sector 56: copy of MBR
Disk \Device\Harddisk0\DR0 sector 57: copy of MBR
Disk \Device\Harddisk0\DR0 sector 58: copy of MBR
Disk \Device\Harddisk0\DR0 sector 59: copy of MBR
Disk \Device\Harddisk0\DR0 sector 60: copy of MBR
Disk \Device\Harddisk0\DR0 sector 61: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 62: copy of MBR
Disk \Device\Harddisk0\DR0 sector 63: copy of MBR

---- EOF - GMER 1.0.15 ----

Attached Files

  • Attached File  logs.zip   13.28KB   5 downloads


#5 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:02:54 AM

Posted 19 October 2009 - 08:47 AM

Hi,

It's recommended you get rid of P2P file sharing software like uTorrent & Limewire installed there. Big part of infections are received from dubious P2P downloads nowadays.


Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.


Please continue as follows:
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.

  • Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds.txt log.


A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#6 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:02:54 AM

Posted 26 October 2009 - 02:21 AM

Due to inactivity, this thread will now be closed. If you need this topic reopened, please contact a Staff member. Include the address of this thread in your request. This applies only to the original topic starter. Should you have a new issue, please start a New Topic.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users