Bagle rootkit

Shaba · Jul 3, 2008

Hi

Great

You can attempt this next:

1. Move combofix.exe to c: root (C:\)
2. Rename it to something.exe
3. Reboot computer and bring up boot menu (F8)
4. Choose safe mode with networking from that menu
5. When you get into command prompt type:
cd\ (enter)
something.exe (enter)
6. If combofix runs properly and it asks to reboot, reboot back to safe mode with networking (important!). After combofix has finished, boot back to normal mode.
7. Post back combofix log if successful.

Shaba · Jul 8, 2008

Due to the lack of feedback this Topic is closed.

If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than five days since your last response and you need the thread re-opened, please send a private message (pm). A valid, working link to the closed topic is required.

Everyone else please begin a New Topic.

Shaba · Jul 9, 2008

Re-opened upon request.

Gingerheid · Jul 9, 2008

Hello

Thanks - I'm back home now!

I've tried to run combo fix, but I don't get any further than before.

I get a small progress bar that goes to 100%, some hard disk activity, and then nothing.

The only thing I can see is that it creates a small file in the root dir "bug.txt" which contained pushd [a few random letters and numbers].

There is also a directory created in c: named with the same letters and numbers that seems to contain the program decompressed - a few sys, dat, bat and cfexe files.

Shaba · Jul 9, 2008

Hi

You tried it in safe mode with command prompt and not in command prompt in normal safe mode?

Also, please post contents of that bug.txt

Gingerheid · Jul 9, 2008

Hello

I wasn't sure what you meant, so I tried normal command prompt in safe mode with networking, and also safe mode with command prompt.

I got the same result both times, the second time the bug.txt was a few minutes newer.

There was nothing in the file except pushd "[about 8 letters and numbers, I think they started with RF2]"

Sadly I can't find out what exactly because the computer now won't boot from the infected hard disk at all :sad::sad::sad: I get the bios screen, the option to boot from the cd (as a I left one in the drive) and then a black screen with a blinking cursor.

As ever, any ideas greatly appreciated. I dont know what info might help here... If they can be of any use I have a spare hard disk that's not infected, and my computer can take two HDDs.

Obviously I'd love to clean the computer if possible, but if recovery of the data is the best I can hope for then I'd be immensely grateful if for any pointers as to how I might best do this. (Before coming here I tried restoring my backup from the USB drive to the spare drive, but it turned out to be corrupt)

Thanks

Shaba · Jul 9, 2008

Hi

If computer doesn't boot from HD, this doesn't look good.

We can however try recovery console if you like to.

But it will require that computer is able to boot from HD.

Gingerheid · Jul 9, 2008

I'd like to try this if possible (I'm not sure what it is!)

Shaba · Jul 9, 2008

Hi

See here and let me know if you were able to install it.

Gingerheid · Jul 12, 2008

I tried the vista equivalent, and tried the repair startup option. It said it had made changes, but it still wouldn't boot. I've a friend coming round tonight to see if they can get the machine booting, but who wouldn't know anything about cleaning it if they can get it to boot - his hope is to copy almost everything - virus and all - onto a fresh vista installation that does boot, so I can carry on thinking about cleaning it.

Shaba · Jul 12, 2008

Hi

OK, keep me informed

Gingerheid · Jul 15, 2008

Hello

Err... it didn't quite work out as planned.

I currently have the computer booting from a different hdd, which has windows installed, along with all the usual anti virus stuff.

It seems to be holding out, and AVG seems to be batting off srosa.sys and etc's attempts to do things... I hope.

What is the best thing to do? Is this a basis from which to start trying to clean the infected HDD that the system now isn't booting from?

Or do I copy data to the hopefully still clean HDD and hope for the best?

Thanks!

Shaba · Jul 15, 2008

Hi

Try to run gmer next and post back its log, please

Gingerheid · Jul 15, 2008

Hello

This is the log of Gmer run from the computer booted up on the clean hdd

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-07-15 19:59:28
Windows 6.0.6000

---- User code sections - GMER 1.0.14 ----

.text C:\Users\Barry\AppData\Local\Temp\Temp1_gmer.zip\gmer.exe[1268] ntdll.dll!NtCreateFile + 3 77A1F417 2 Bytes [ 63, FA ]
.text C:\Program Files\Internet Explorer\iexplore.exe[3316] USER32.dll!DialogBoxIndirectParamW 765414DA 5 Bytes JMP 6FD6FEBF C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3316] USER32.dll!MessageBoxExA 7655570D 5 Bytes JMP 6FD6FE06 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3316] USER32.dll!DialogBoxParamA 765565BF 5 Bytes JMP 6FD6FE84 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3316] USER32.dll!MessageBoxIndirectW 7655F1B3 5 Bytes JMP 6FC015DA C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3316] USER32.dll!DialogBoxParamW 7656129F 5 Bytes JMP 6FBDF205 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3316] USER32.dll!DialogBoxIndirectParamA 765829B1 5 Bytes JMP 6FD6FEFA C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3316] USER32.dll!MessageBoxIndirectA 7658FAB7 5 Bytes JMP 6FD6FE40 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3316] USER32.dll!MessageBoxExW 7658FBB1 5 Bytes JMP 6FD6FDCC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3316] SHELL32.dll!DAD_ShowDragImage + CC 76F7E958 4 Bytes [ 01, 0C, 63, 6D ]
.text C:\Program Files\Internet Explorer\iexplore.exe[3316] SHELL32.dll!DAD_ShowDragImage + D4 76F7E960 8 Bytes [ 0F, 0B, 63, 6D, 8F, 32, 62, ... ]
.text C:\Program Files\Internet Explorer\iexplore.exe[3316] SHELL32.dll!ILFree + 980 76F7F430 4 Bytes [ 01, 0C, 63, 6D ]
.text C:\Program Files\Internet Explorer\iexplore.exe[3316] SHELL32.dll!ILFree + 988 76F7F438 4 Bytes [ 0F, 0B, 63, 6D ]

---- User IAT/EAT - GMER 1.0.14 ----

IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6D61D4D7] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6D61D03C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CopyFileW] [6D61B641] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6D61D1C1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CreateFileW] [6D61BCBB] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SearchPathW] [6D61F1D3] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!DeleteFileW] [6D61C2A1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6D61D4D7] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CopyFileW] [6D61B641] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!MoveFileW] [6D61DDF0] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!DeleteFileW] [6D61C2A1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetCurrentDirectoryW] [6D61F43D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindClose] [6D620D38] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindNextFileW] [6D61FBC9] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindFirstFileW] [6D620291] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6D61D03C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SearchPathW] [6D61F1D3] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateFileW] [6D61BCBB] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!WritePrivateProfileStringW] [6D61B0B4] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6D61D1C1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetPrivateProfileStringW] [6D61A910] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegQueryInfoKeyW] [6D62DB43] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegEnumValueW] [6D62E4AD] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegOpenKeyExW] [6D62CBD1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegQueryValueExW] [6D62D7A7] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegDeleteKeyW] [6D62CED9] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegCreateKeyExW] [6D62C659] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegCloseKey] [6D62CD3D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6D61D1C1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!ReplaceFileW] [6D61E0F1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!WritePrivateProfileStringW] [6D61B0B4] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringW] [6D61A910] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringA] [6D61A7B9] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!DeleteFileW] [6D61C2A1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6D61D4D7] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesW] [6D618CF2] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [6D61BCBB] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileW] [6D620291] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileW] [6D61FBC9] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathW] [6D61F1D3] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesW] [6D618A99] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesA] [6D618BC4] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] [6D61BB72] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileA] [6D61FF2E] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileA] [6D61FB56] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindClose] [6D620D38] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathA] [6D61EF48] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesA] [6D61896E] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6D61D03C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!WinHelpW] [6D61CF05] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!WinHelpA] [6D61CDCE] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCloseKey] [6D62CD3D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExA] [6D62C4D1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteKeyA] [6D62CD90] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryInfoKeyA] [6D62D947] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExA] [6D62CA59] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExW] [6D62C659] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExW] [6D62CBD1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyExW] [6D62E19D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueW] [6D62D46B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExW] [6D62D7A7] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteKeyW] [6D62CED9] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryInfoKeyW] [6D62DB43] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumValueW] [6D62E4AD] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyW] [6D62DEA9] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyExA] [6D62E015] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumValueA] [6D62E325] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyA] [6D62DD3F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExA] [6D62D607] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionW] [6D61A400] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindNextFileW] [6D61FBC9] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!ReplaceFileW] [6D61E0F1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionNamesW] [6D61A682] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileSectionW] [6D61AE32] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileStringW] [6D61B0B4] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateHardLinkW] [6D61BFC3] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CopyFileW] [6D61B641] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetBinaryTypeW] [6D61969E] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6D61D4D7] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileW] [6D61DDF0] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindFirstFileW] [6D620291] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindClose] [6D620D38] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetShortPathNameA] [6D619300] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesA] [6D61896E] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SearchPathW] [6D61F1D3] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileIntW] [6D61A178] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileStringW] [6D61A910] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!RemoveDirectoryW] [6D61EA70] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateDirectoryW] [6D61E499] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!DeleteFileW] [6D61C2A1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetFileAttributesW] [6D618CF2] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesW] [6D618A99] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW] [6D61DE15] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetShortPathNameW] [6D61943F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6D61D1C1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] [6D61BCBB] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesExW] [6D618F5F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6D61D03C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetLongPathNameW] [6D6191CF] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetCurrentDirectoryW] [6D61F43D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\SHELL32.dll [USER32.dll!LoadImageW] [6D61C52B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\SHELL32.dll [USER32.dll!WinHelpW] [6D61CF05] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\SHELL32.dll [USER32.dll!PrivateExtractIconsW] [6D61CA20] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyExW] [6D62CBD1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegCreateKeyExW] [6D62C659] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegEnumKeyW] [6D62DEA9] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegEnumValueW] [6D62E4AD] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegDeleteKeyW] [6D62CED9] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryInfoKeyW] [6D62DB43] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryInfoKeyA] [6D62D947] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegEnumKeyExW] [6D62E19D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegSetValueW] [6D62D173] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryValueExW] [6D62D7A7] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryValueW] [6D62D46B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyW] [6D62C91D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegCreateKeyW] [6D62C391] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryValueExA] [6D62D607] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyExA] [6D62CA59] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegCloseKey] [6D62CD3D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtQueryDirectoryFile] [6D629194] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FindClose] [6D620D38] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FindFirstFileW] [6D620291] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6D61D4D7] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!SearchPathW] [6D61F1D3] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!DeleteFileW] [6D61C2A1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetShortPathNameW] [6D61943F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileAttributesExW] [6D618F5F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateFileW] [6D61BCBB] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6D61D1C1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileAttributesW] [6D618A99] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6D61D03C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegSetValueW] [6D62D173] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueA] [6D62D2C3] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegEnumKeyExW] [6D62E19D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegEnumValueW] [6D62E4AD] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegEnumKeyA] [6D62DD3F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegDeleteKeyA] [6D62CD90] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryInfoKeyW] [6D62DB43] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryInfoKeyA] [6D62D947] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueW] [6D62D46B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegEnumKeyW] [6D62DEA9] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegCloseKey] [6D62CD3D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueExW] [6D62D7A7] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyExW] [6D62CBD1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegDeleteKeyW] [6D62CED9] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegCreateKeyExW] [6D62C659] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueExA] [6D62D607] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyExA] [6D62CA59] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueW] [6D625CE6] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueA] [6D625C88] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathUnExpandEnvStringsA] [6D624D7E] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteKeyA] [6D625098] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteValueW] [6D625188] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathCreateFromUrlW] [6D62408B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueA] [6D625340] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueA] [6D626188] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueW] [6D62539B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueW] [6D6261E3] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3316] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathCombineW] [6D623FE4] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

---- Devices - GMER 1.0.14 ----

Device \Driver\BTHUSB \Device\0000005b bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device \Driver\BTHUSB \Device\0000005d bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000272d00424
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000272d00424

---- EOF - GMER 1.0.14 ----

Gingerheid · Jul 15, 2008

Edit: Booted from the clean HDD... but with the infected hdd connected and selected to be scanned

Shaba · Jul 17, 2008

Hi and sorry for delay

Did you extract gmer.exe before running?

I ask because of this:

---- User code sections - GMER 1.0.14 ----

.text C:\Users\Barry\AppData\Local\Temp\Temp1_gmer.zip\gmer.exe[1268] ntdll.dll!NtCreateFile + 3 77A1F417 2 Bytes [ 63, FA ]

Gingerheid · Jul 18, 2008

Probably not; I'm bad at running things straight from zip files

I did this time though:

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-07-18 00:14:30
Windows 6.0.6000

---- User code sections - GMER 1.0.14 ----

.text C:\Users\Barry\Desktop\gmer.exe[3328] ntdll.dll!NtCreateFile + 3 7791F417 2 Bytes [ 73, FA ]

---- Devices - GMER 1.0.14 ----

Device \Driver\BTHUSB \Device\00000062 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device \Driver\BTHUSB \Device\00000062 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device \Driver\BTHUSB \Device\00000064 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device \Driver\BTHUSB \Device\00000064 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000272d00424
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000272d00424

---- EOF - GMER 1.0.14 ----

Shaba · Jul 18, 2008

Hi

Now it looks much better

Does this another computer have XP or Vista?

If XP, please run Bagle remover next and post back its log.

Gingerheid · Jul 18, 2008

Sorry - it's Vista again

Shaba · Jul 18, 2008

Hi

I see.

Please download Malwarebytes' Anti-Malware to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Please post contents of that file in your next reply.

Bagle rootkit

Security Expert: Emeritus

Security Expert: Emeritus

Security Expert: Emeritus

New member

Security Expert: Emeritus

New member

Security Expert: Emeritus

New member

Security Expert: Emeritus

New member

Security Expert: Emeritus

New member

Security Expert: Emeritus

New member

New member

Security Expert: Emeritus

New member

Security Expert: Emeritus

New member

Security Expert: Emeritus