Solved Need help got the Google redirect virus

Status
Not open for further replies.
J

jpak88

Posts: 54   +0
ive been trying to fix this for like a week i been to several sites trying to look for advice. i couldnt find the tdssserv.sys in system>hardware>device manager>view hidden devices>non-plug and play drivers. i have bought spydoctor and i have mbam and tdsskiller. i did a full scan on all programs it detected a lot of threats and infections and got rid of them but when i go on google it still redirects to other sites. please any help would be appreciated. when i can do a full scan they dont detect any infections or threats but google still redirects and also my dads computer os window 7 is doing the samething. i believe my modem or router might have been hacked. please help thanks!



i recently did a quick scan with tdsskiller and it detect a suspicious object service name is sptd. file: C:\windows\system32\drivers\sptd.sys it says its a locked file and i cant remove or heal it
 
Welcome aboard
yahooo.gif


Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:

  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
i have recently bought spy doctor and after a full scan i cant seem to get a log off notepad it just shows me a summary on the program but nothing i can post. is there a way i can get a log from notepad?
 
I haven't mentioned any Spy Doctor.

Didn't you read my initial reply:
Please refrain from running tools or applying updates other than those I suggest.
Click to expand...
 
i performed a scan with avira. this is my log


Avira AntiVir Personal
Report file date: Friday, November 12, 2010 23:26

Scanning for 3043988 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : ANONYMOUS

Version information:
BUILD.DAT : 10.0.0.592 31823 Bytes 8/9/2010 11:00:00
AVSCAN.EXE : 10.0.3.1 434344 Bytes 8/2/2010 21:09:56
AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 18:57:04
LUKE.DLL : 10.0.2.3 104296 Bytes 8/2/2010 21:10:00
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 05:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 15:05:36
VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 01:27:49
VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 23:37:42
VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 22:37:42
VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 17:29:03
VBASE005.VDF : 7.10.6.82 2494464 Bytes 4/15/2010 21:10:03
VBASE006.VDF : 7.10.7.218 2294784 Bytes 6/2/2010 21:10:04
VBASE007.VDF : 7.10.9.165 4840960 Bytes 7/23/2010 21:10:06
VBASE008.VDF : 7.10.11.133 3454464 Bytes 9/13/2010 04:22:19
VBASE009.VDF : 7.10.13.80 2265600 Bytes 11/2/2010 04:22:24
VBASE010.VDF : 7.10.13.81 2048 Bytes 11/2/2010 04:22:24
VBASE011.VDF : 7.10.13.82 2048 Bytes 11/2/2010 04:22:24
VBASE012.VDF : 7.10.13.83 2048 Bytes 11/2/2010 04:22:24
VBASE013.VDF : 7.10.13.116 147968 Bytes 11/4/2010 04:22:25
VBASE014.VDF : 7.10.13.147 146944 Bytes 11/7/2010 04:22:25
VBASE015.VDF : 7.10.13.180 123904 Bytes 11/9/2010 04:22:26
VBASE016.VDF : 7.10.13.211 122368 Bytes 11/11/2010 04:22:26
VBASE017.VDF : 7.10.13.212 2048 Bytes 11/11/2010 04:22:26
VBASE018.VDF : 7.10.13.213 2048 Bytes 11/11/2010 04:22:26
VBASE019.VDF : 7.10.13.214 2048 Bytes 11/11/2010 04:22:26
VBASE020.VDF : 7.10.13.215 2048 Bytes 11/11/2010 04:22:26
VBASE021.VDF : 7.10.13.216 2048 Bytes 11/11/2010 04:22:27
VBASE022.VDF : 7.10.13.217 2048 Bytes 11/11/2010 04:22:27
VBASE023.VDF : 7.10.13.218 2048 Bytes 11/11/2010 04:22:27
VBASE024.VDF : 7.10.13.219 2048 Bytes 11/11/2010 04:22:27
VBASE025.VDF : 7.10.13.220 2048 Bytes 11/11/2010 04:22:27
VBASE026.VDF : 7.10.13.221 2048 Bytes 11/11/2010 04:22:27
VBASE027.VDF : 7.10.13.222 2048 Bytes 11/11/2010 04:22:27
VBASE028.VDF : 7.10.13.223 2048 Bytes 11/11/2010 04:22:27
VBASE029.VDF : 7.10.13.224 2048 Bytes 11/11/2010 04:22:27
VBASE030.VDF : 7.10.13.225 2048 Bytes 11/11/2010 04:22:28
VBASE031.VDF : 7.10.13.235 75776 Bytes 11/12/2010 04:22:28
Engineversion : 8.2.4.98
AEVDF.DLL : 8.1.2.1 106868 Bytes 8/2/2010 21:09:54
AESCRIPT.DLL : 8.1.3.46 1364347 Bytes 11/13/2010 04:22:38
AESCN.DLL : 8.1.6.1 127347 Bytes 8/2/2010 21:09:53
AESBX.DLL : 8.1.3.1 254324 Bytes 8/2/2010 21:09:53
AERDL.DLL : 8.1.9.2 635252 Bytes 11/13/2010 04:22:37
AEPACK.DLL : 8.2.3.11 471416 Bytes 11/13/2010 04:22:36
AEOFFICE.DLL : 8.1.1.8 201081 Bytes 8/2/2010 21:09:52
AEHEUR.DLL : 8.1.2.41 3043703 Bytes 11/13/2010 04:22:35
AEHELP.DLL : 8.1.14.0 246134 Bytes 11/13/2010 04:22:30
AEGEN.DLL : 8.1.3.24 401781 Bytes 11/13/2010 04:22:29
AEEMU.DLL : 8.1.2.0 393588 Bytes 8/2/2010 21:09:49
AECORE.DLL : 8.1.17.0 196982 Bytes 11/13/2010 04:22:29
AEBB.DLL : 8.1.1.0 53618 Bytes 8/2/2010 21:09:48
AVWINLL.DLL : 10.0.0.0 19304 Bytes 8/2/2010 21:09:56
AVPREF.DLL : 10.0.0.0 44904 Bytes 8/2/2010 21:09:55
AVREP.DLL : 10.0.0.8 62209 Bytes 6/17/2010 20:27:13
AVREG.DLL : 10.0.3.2 53096 Bytes 8/2/2010 21:09:55
AVSCPLR.DLL : 10.0.3.1 83816 Bytes 8/2/2010 21:09:56
AVARKT.DLL : 10.0.0.14 227176 Bytes 8/2/2010 21:09:54
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 8/2/2010 21:09:55
SQLITE3.DLL : 3.6.19.0 355688 Bytes 6/17/2010 20:27:22
AVSMTP.DLL : 10.0.0.17 63848 Bytes 8/2/2010 21:09:56
NETNT.DLL : 10.0.0.0 11624 Bytes 6/17/2010 20:27:21
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 19:10:20
RCTEXT.DLL : 10.0.58.0 97128 Bytes 8/2/2010 21:10:08

Configuration settings for the scan:
Jobname.............................: avguard_async_scan
Configuration file..................: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\AVGUARD_22eee226\guard_slideup.avp
Logging.............................: low
Primary action......................: repair
Secondary action....................: quarantine
Scan master boot sector.............: on
Scan boot sector....................: off
Process scan........................: on
Scan registry.......................: off
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: high

Start of the scan: Friday, November 12, 2010 23:26

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'IEXPLORE.EXE' - '1' Module(s) have been scanned
Scan process 'IEXPLORE.EXE' - '1' Module(s) have been scanned
Scan process 'IEXPLORE.EXE' - '1' Module(s) have been scanned
Scan process 'DLLML.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'DLLML.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'IEXPLORE.EXE' - '1' Module(s) have been scanned
Scan process 'ViewpointService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'pctsAuxs.exe' - '1' Module(s) have been scanned
Scan process 'PnkBstrA.exe' - '1' Module(s) have been scanned
Scan process 'lxctcoms.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'CTsvcCDA.EXE' - '1' Module(s) have been scanned
Scan process 'avshadow.exe' - '1' Module(s) have been scanned
Scan process 'BDTUpdateService.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'MagicDisc.exe' - '1' Module(s) have been scanned
Scan process 'PMB.exe' - '1' Module(s) have been scanned
Scan process 'RcMan.exe' - '1' Module(s) have been scanned
Scan process 'Stickies.exe' - '1' Module(s) have been scanned
Scan process 'RocketDock.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'ezprint.exe' - '1' Module(s) have been scanned
Scan process 'lxctmon.exe' - '1' Module(s) have been scanned
Scan process 'CTHELPER.EXE' - '1' Module(s) have been scanned
Scan process 'CTDVDDET.EXE' - '1' Module(s) have been scanned
Scan process 'smax4pnp.exe' - '1' Module(s) have been scanned
Scan process 'taskswitch.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'savedump.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned

Starting the file scan:

Begin scan in 'C:\WINDOWS\uyebewah.dll'
C:\WINDOWS\uyebewah.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen2 Trojan
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING] The file could not be deleted!
[NOTE] Attempting to perform action using the ARK library.
[NOTE] An ARK library instance is already running.
The repair notes were written to the file 'C:\avrescue\rescue.avp'.
 
whenever i do a scan with avira i get the blue screen now.

always at 98% on scanning master boot sectors it goes to the blue screen error
 
Don't worry about Avira for now. Your computer is infected and that's the reason, you have a problem with Avira.
Proceed with other steps.
 
alright performed a quick scan and this is the log. i performed it after the tfc cleaner.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11/14/2010 9:51:21 PM
mbam-log-2010-11-14 (21-51-21).txt

Scan type: Quick scan
Objects scanned: 109878
Time elapsed: 4 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-11-15 06:46:28
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Scsi\a320raid1Port1Path0Target0Lun0 MAXTOR__ rev.JNZH
Running: lj8dgb34.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\fgrcypog.sys


---- System - GMER 1.0.15 ----

SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwCreateKey [0xF72B3AC2]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xF72CA2D6]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xF72CA4C8]
SSDT F7C09A24 ZwCreateThread
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwDeleteKey [0xF72B3CB6]
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwDeleteValueKey [0xF72B3D5C]
SSDT spym.sys ZwEnumerateKey [0xF7437DA4]
SSDT spym.sys ZwEnumerateValueKey [0xF7438132]
SSDT F7C09A42 ZwLoadKey
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwOpenKey [0xF72B39B2]
SSDT F7C09A10 ZwOpenProcess
SSDT F7C09A15 ZwOpenThread
SSDT spym.sys ZwQueryKey [0xF743820A]
SSDT spym.sys ZwQueryValueKey [0xF743808A]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xF72EC020]
SSDT F7C09A4C ZwReplaceKey
SSDT F7C09A47 ZwRestoreKey
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwSetValueKey [0xF72B3EF8]
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwTerminateProcess [0xF72B5BD6]

INT 0x63 ? 86A9CBF8
INT 0x64 ? 86A9CBF8
INT 0x74 ? 86A9CBF8
INT 0x82 ? 86FD5BF8
INT 0x83 ? 86A9CBF8
INT 0x83 ? 86A9CBF8
INT 0xB4 ? 86FD8BF8

---- Kernel code sections - GMER 1.0.15 ----

? spym.sys The system cannot find the file specified. !
.text C:\windows\system32\DRIVERS\ati2mtag.sys section is writeable [0xF6535000, 0x1C5D38, 0xE8000020]
.text USBPORT.SYS!DllUnload F65148EC 5 Bytes JMP 86A9C1D8
init C:\windows\system32\drivers\senfilt.sys entry point in "init" section [0xF6479F80]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Pando Networks\Media Booster\PMB.exe[1284] kernel32.dll!SetUnhandledExceptionFilter 7C844935 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2696] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215541 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2696] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDBC4 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2696] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E4F87 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2696] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4EB9 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2696] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4F24 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2696] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4D8A C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2696] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4DEC C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2696] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E4FEA C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2696] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4E4E C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215541 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9B69 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD1BD C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDBC4 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E2546BE C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E4F87 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4EB9 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4F24 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4D8A C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4DEC C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E4FEA C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4E4E C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] ole32.dll!CoCreateInstance 774FF1C4 5 Bytes JMP 3E2EDC20 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] ole32.dll!OleLoadFromStream 775297FD 5 Bytes JMP 3E3E52EF C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215541 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9B69 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD1BD C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDBC4 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E2546BE C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E4F87 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4EB9 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4F24 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4D8A C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4DEC C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E4FEA C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4E4E C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] ole32.dll!CoCreateInstance 774FF1C4 5 Bytes JMP 3E2EDC20 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] ole32.dll!OleLoadFromStream 775297FD 5 Bytes JMP 3E3E52EF C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F7420042] spym.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F742013E] spym.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F74200C0] spym.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F7420800] spym.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F74206D6] spym.sys

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!CloseHandle] [025DC3F0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [02602DF0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileA] [025DB950] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [02602D20] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!WriteFile] [025DC5B0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!ReadFile] [025DC4F0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] [025DBB60] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [02602CF0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [02602E30] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\RPCRT4.dll [KERNEL32.dll!CreateFileW] [025DBB60] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [02602CF0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [02602D20] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [02602E30] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\RPCRT4.dll [KERNEL32.dll!CloseHandle] [025DC3F0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\RPCRT4.dll [KERNEL32.dll!WriteFile] [025DC5B0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [02602CF0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\Secur32.dll [KERNEL32.dll!CreateFileW] [025DBB60] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\Secur32.dll [KERNEL32.dll!CloseHandle] [025DC3F0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [02602D20] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [02602E30] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [02602DF0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\USER32.dll [KERNEL32.dll!CloseHandle] [025DC3F0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\USER32.dll [KERNEL32.dll!ReadFile] [025DC4F0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [025DC040] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [02602CF0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [02602E30] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [02602D20] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\USER32.dll [KERNEL32.dll!CreateFileW] [025DBB60] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [02602DF0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [02602CF0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [02602E30] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [02602D20] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!CloseHandle] [025DC3F0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!WriteFile] [025DC5B0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!CreateFileW] [025DBB60] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\msvcrt.dll [KERNEL32.dll!CloseHandle] [025DC3F0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [02602E30] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [02602CF0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [025DBE20] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [025DC040] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\msvcrt.dll [KERNEL32.dll!CreateFileA] [025DB950] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\msvcrt.dll [KERNEL32.dll!ReadFile] [025DC4F0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\msvcrt.dll [KERNEL32.dll!CreateFileW] [025DBB60] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\msvcrt.dll [KERNEL32.dll!WriteFile] [025DC5B0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!WriteFile] [025DC5B0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] [025DB950] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [025DBB60] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [02602DC0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [02602DF0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [02602D20] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [025DBE20] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [025DC040] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!ReadFile] [025DC4F0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [02602CF0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [02602E30] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!CloseHandle] [025DC3F0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\SHLWAPI.dll [USER32.dll!DialogBoxParamW] [025DA1A0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\SHLWAPI.dll [USER32.dll!MessageBoxIndirectA] [025DAA00] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\SHLWAPI.dll [USER32.dll!MessageBoxIndirectW] [025DB1D0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [02602CF0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [025DC040] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [02602D20] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [02602E30] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] [025DBB60] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!ReadFile] [025DC4F0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!CloseHandle] [025DC3F0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!WriteFile] [025DC5B0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [02602DF0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [02602DC0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\SHELL32.dll [USER32.dll!DialogBoxParamW] [025DA1A0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\SHELL32.dll [USER32.dll!MessageBoxIndirectW] [025DB1D0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [02602E30] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [02602CF0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\ole32.dll [KERNEL32.dll!CloseHandle] [025DC3F0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [02602D20] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32
 
\ole32.dll [KERNEL32.dll!CreateFileW] [025DBB60] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\ole32.dll [KERNEL32.dll!ReadFile] [025DC4F0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [02602DC0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [025DC040] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\ole32.dll [KERNEL32.dll!WriteFile] [025DC5B0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\ole32.dll [USER32.dll!DialogBoxParamW] [025DA1A0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [02602D20] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\USERENV.dll [KERNEL32.dll!WriteFile] [025DC5B0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\USERENV.dll [KERNEL32.dll!CreateFileW] [025DBB60] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [02602DC0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [025DC040] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\USERENV.dll [KERNEL32.dll!CloseHandle] [025DC3F0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [02602E30] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [02602CF0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\USERENV.dll [KERNEL32.dll!ReadFile] [025DC4F0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\USERENV.dll [USER32.dll!DialogBoxParamW] [025DA1A0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [02602CF0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [02602E30] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\PSAPI.DLL [KERNEL32.dll!CreateFileA] [025DB950] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\PSAPI.DLL [KERNEL32.dll!CloseHandle] [025DC3F0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\WININET.dll [KERNEL32.dll!WriteFile] [025DC5B0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\WININET.dll [KERNEL32.dll!CreateFileW] [025DBB60] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\WININET.dll [KERNEL32.dll!CreateFileA] [025DB950] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\WININET.dll [KERNEL32.dll!ReadFile] [025DC4F0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [02602D20] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [02602DF0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [02602E30] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [02602CF0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\WININET.dll [KERNEL32.dll!CloseHandle] [025DC3F0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\WININET.dll [USER32.dll!DialogBoxParamW] [025DA1A0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\ws2_32.dll [KERNEL32.dll!GetProcAddress] [02602E30] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\ws2_32.dll [KERNEL32.dll!LoadLibraryA] [02602CF0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\ws2_32.dll [KERNEL32.dll!CloseHandle] [025DC3F0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\WS2HELP.dll [KERNEL32.dll!CloseHandle] [025DC3F0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [02602CF0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [02602E30] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [02602D20] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [02602CF0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [02602E30] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\NETAPI32.dll [KERNEL32.dll!CreateFileW] [025DBB60] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\NETAPI32.dll [KERNEL32.dll!WriteFile] [025DC5B0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\NETAPI32.dll [KERNEL32.dll!CloseHandle] [025DC3F0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\NETAPI32.dll [KERNEL32.dll!ReadFile] [025DC4F0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\iphlpapi.dll [KERNEL32.dll!CreateFileW] [025DBB60] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\iphlpapi.dll [KERNEL32.dll!CreateFileA] [025DB950] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\iphlpapi.dll [KERNEL32.dll!CloseHandle] [025DC3F0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [02602E30] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [02602CF0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\inetmib1.dll [KERNEL32.dll!CloseHandle] [025DC3F0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [02602E30] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [02602CF0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\CRYPT32.dll [KERNEL32.dll!CreateFileA] [025DB950] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\CRYPT32.dll [KERNEL32.dll!CreateFileW] [025DBB60] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [02602DC0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [02602DF0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\CRYPT32.dll [KERNEL32.dll!CloseHandle] [025DC3F0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\CRYPT32.dll [KERNEL32.dll!WriteFile] [025DC5B0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\CRYPT32.dll [KERNEL32.dll!ReadFile] [025DC4F0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!CloseHandle] [01F7C3F0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [01FA2DF0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileA] [01F7B950] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [01FA2D20] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!WriteFile] [01F7C5B0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!ReadFile] [01F7C4F0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] [01F7BB60] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [01FA2CF0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [01FA2E30] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\RPCRT4.dll [KERNEL32.dll!CreateFileW] [01F7BB60] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [01FA2CF0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [01FA2D20] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [01FA2E30] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\RPCRT4.dll [KERNEL32.dll!CloseHandle] [01F7C3F0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\RPCRT4.dll [KERNEL32.dll!WriteFile] [01F7C5B0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [01FA2CF0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\Secur32.dll [KERNEL32.dll!CreateFileW] [01F7BB60] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\Secur32.dll [KERNEL32.dll!CloseHandle] [01F7C3F0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [01FA2D20] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [01FA2E30] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [01FA2DF0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\USER32.dll [KERNEL32.dll!CloseHandle] [01F7C3F0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\USER32.dll [KERNEL32.dll!ReadFile] [01F7C4F0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [01F7C040] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [01FA2CF0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [01FA2E30] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [01FA2D20] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\USER32.dll [KERNEL32.dll!CreateFileW] [01F7BB60] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [01FA2DF0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [01FA2CF0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [01FA2E30] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [01FA2D20] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!CloseHandle] [01F7C3F0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!WriteFile] [01F7C5B0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!CreateFileW] [01F7BB60] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\msvcrt.dll [KERNEL32.dll!CloseHandle] [01F7C3F0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [01FA2E30] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [01FA2CF0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [01F7BE20] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [01F7C040] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\msvcrt.dll [KERNEL32.dll!CreateFileA] [01F7B950] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\msvcrt.dll [KERNEL32.dll!ReadFile] [01F7C4F0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\msvcrt.dll [KERNEL32.dll!CreateFileW] [01F7BB60] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\msvcrt.dll [KERNEL32.dll!WriteFile] [01F7C5B0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!WriteFile] [01F7C5B0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] [01F7B950] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [01F7BB60] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [01FA2DC0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [01FA2DF0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [01FA2D20] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [01F7BE20] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [01F7C040] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!ReadFile] [01F7C4F0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [01FA2CF0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [01FA2E30] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!CloseHandle] [01F7C3F0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\SHLWAPI.dll [USER32.dll!DialogBoxParamW] [01F7A1A0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\SHLWAPI.dll [USER32.dll!MessageBoxIndirectA] [01F7AA00] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\SHLWAPI.dll [USER32.dll!MessageBoxIndirectW] [01F7B1D0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [01FA2CF0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [01F7C040] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [01FA2D20] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [01FA2E30] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] [01F7BB60] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!ReadFile] [01F7C4F0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!CloseHandle] [01F7C3F0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!WriteFile] [01F7C5B0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [01FA2DF0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [01FA2DC0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\SHELL32.dll [USER32.dll!DialogBoxParamW] [01F7A1A0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\SHELL32.dll [USER32.dll!MessageBoxIndirectW] [01F7B1D0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [01FA2E30] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [01FA2CF0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\ole32.dll [KERNEL32.dll!CloseHandle] [01F7C3F0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [01FA2D20] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\ole32.dll [KERNEL32.dll!CreateFileW] [01F7BB60] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\ole32.dll [KERNEL32.dll!ReadFile] [01F7C4F0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [01FA2DC0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [01F7C040] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\ole32.dll [KERNEL32.dll!WriteFile] [01F7C5B0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\ole32.dll [USER32.dll!DialogBoxParamW] [01F7A1A0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [01FA2D20] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\USERENV.dll [KERNEL32.dll!WriteFile] [01F7C5B0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\USERENV.dll [KERNEL32.dll!CreateFileW] [01F7BB60] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [01FA2DC0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [01F7C040] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\USERENV.dll [KERNEL32.dll!CloseHandle] [01F7C3F0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [01FA2E30] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [01FA2CF0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\USERENV.dll [KERNEL32.dll!ReadFile] [01F7C4F0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\USERENV.dll [USER32.dll!DialogBoxParamW] [01F7A1A0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [01FA2CF0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [01FA2E30] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\PSAPI.DLL [KERNEL32.dll!CreateFileA] [01F7B950] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\PSAPI.DLL [KERNEL32.dll!CloseHandle] [01F7C3F0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\WININET.dll [KERNEL32.dll!WriteFile] [01F7C5B0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\WININET.dll [KERNEL32.dll!CreateFileW] [01F7BB60] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\WININET.dll [KERNEL32.dll!CreateFileA] [01F7B950] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\WININET.dll [KERNEL32.dll!ReadFile] [01F7C4F0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [01FA2D20] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [01FA2DF0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [01FA2E30] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [01FA2CF0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\WININET.dll [KERNEL32.dll!CloseHandle] [01F7C3F0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\WININET.dll [USER32.dll!DialogBoxParamW] [01F7A1A0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\ws2_32.dll [KERNEL32.dll!GetProcAddress] [01FA2E30] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\ws2_32.dll [KERNEL32.dll!LoadLibraryA] [01FA2CF0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\ws2_32.dll [KERNEL32.dll!CloseHandle] [01F7C3F0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\WS2HELP.dll [KERNEL32.dll!CloseHandle] [01F7C3F0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [01FA2CF0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [01FA2E30] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\inetmib1.dll [KERNEL32.dll!CloseHandle] [01F7C3F0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\iphlpapi.dll [KERNEL32.dll!CreateFileW] [01F7BB60] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\iphlpapi.dll [KERNEL32.dll!CreateFileA] [01F7B950] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\iphlpapi.dll [KERNEL32.dll!CloseHandle] [01F7C3F0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [01FA2E30] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [01FA2CF0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [01FA2D20] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [01FA2CF0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [01FA2E30] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\NETAPI32.dll [KERNEL32.dll!CreateFileW] [01F7BB60] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\NETAPI32.dll [KERNEL32.dll!WriteFile] [01F7C5B0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\NETAPI32.dll [KERNEL32.dll!CloseHandle] [01F7C3F0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\NETAPI32.dll [KERNEL32.dll!ReadFile] [01F7C4F0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [01FA2E30] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [01FA2CF0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\CRYPT32.dll [KERNEL32.dll!CreateFileA] [01F7B950] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\CRYPT32.dll [KERNEL32.dll!CreateFileW] [01F7BB60] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
 
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [01FA2DC0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [01FA2DF0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\CRYPT32.dll [KERNEL32.dll!CloseHandle] [01F7C3F0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\CRYPT32.dll [KERNEL32.dll!WriteFile] [01F7C5B0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\CRYPT32.dll [KERNEL32.dll!ReadFile] [01F7C4F0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 86F601F8

AttachedDevice \FileSystem\Ntfs \Ntfs TfFsMon.sys (ThreatFire Filesystem Monitor/PC Tools)

Device \FileSystem\Fastfat \FatCdrom 8665A1F8

AttachedDevice \Driver\Tcpip \Device\Ip pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)

Device \Driver\usbuhci \Device\USBPDO-0 86A9B1F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 86F621F8
Device \Driver\dmio \Device\DmControl\DmConfig 86F621F8
Device \Driver\dmio \Device\DmControl\DmPnP 86F621F8
Device \Driver\dmio \Device\DmControl\DmInfo 86F621F8
Device \Driver\usbuhci \Device\USBPDO-1 86A9B1F8
Device \Driver\usbuhci \Device\USBPDO-2 86A9B1F8
Device \Driver\usbuhci \Device\USBPDO-3 86A9B1F8
Device \Driver\usbehci \Device\USBPDO-4 86A721F8

AttachedDevice \Driver\Tcpip \Device\Tcp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)

Device \Driver\Ftdisk \Device\HarddiskVolume1 86FD61F8
Device \Driver\Cdrom \Device\CdRom0 86A451F8
Device \Driver\atapi \Device\Ide\IdePort0 [F7353B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F7353B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\Cdrom \Device\CdRom1 86A451F8
Device \Driver\Cdrom \Device\CdRom2 86A451F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 85086500
Device \Driver\NetBT \Device\NetbiosSmb 85086500

AttachedDevice \Driver\Tcpip \Device\Udp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)
AttachedDevice \Driver\Tcpip \Device\RawIp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)

Device \Driver\usbuhci \Device\USBFDO-0 86A9B1F8
Device \Driver\usbuhci \Device\USBFDO-1 86A9B1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 850731F8
Device \Driver\usbuhci \Device\USBFDO-2 86A9B1F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 850731F8
Device \Driver\usbuhci \Device\USBFDO-3 86A9B1F8
Device \Driver\usbehci \Device\USBFDO-4 86A721F8
Device \Driver\Ftdisk \Device\FtControl 86FD61F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{5C0F22DA-B626-44DA-B078-3EBFB8A5D6E1} 85086500
Device \Driver\a320raid \Device\Scsi\a320raid1 86F611F8
Device \Driver\a320raid \Device\Scsi\a320raid1Port1Path0Target0Lun0 86F611F8
Device \Driver\a320raid \Device\Scsi\a320raid1Port1Path0TargetfLun0 86F611F8
Device \FileSystem\Fastfat \Fat 8665A1F8

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat TfFsMon.sys (ThreatFire Filesystem Monitor/PC Tools)

Device \FileSystem\Cdfs \Cdfs 84F8B500

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xBF 0x42 0xC4 0x74 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xBF 0x42 0xC4 0x74 ...

---- EOF - GMER 1.0.15 ----
 
this is dds.

DDS (Ver_10-11-10.01) - NTFSx86
Run by Owner at 17:41:11.48 on Mon 11/15/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.518 [GMT -5:00]


============== Running Processes ===============

C:\windows\system32\svchost -k DcomLaunch
svchost.exe
C:\windows\System32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\windows\Explorer.EXE
svchost.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE
C:\windows\system32\CTHELPER.EXE
C:\Program Files\Lexmark 5400 Series\ezprint.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Creative\SBAudigy4\Entertainment Center\RcMan.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\windows\system32\CTsvcCDA.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\windows\system32\lxctcoms.exe
C:\windows\system32\PnkBstrA.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\windows\System32\svchost.exe -k HTTPFilter
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = hxxp://google.com/
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyServer = http=127.0.0.1:29775
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mURLSearchHooks: H - No File
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
uRun: [Aim6]
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"
uRun: [Stickies] c:\program files\bret taylor\stickies\Stickies.exe
uRun: [RemoteCenter] "c:\program files\creative\sbaudigy4\entertainment center\RcMan.exe"
uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [CoolSwitch] c:\windows\system32\taskswitch.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [CTDVDDET] "c:\program files\creative\sbaudigy4\dvdaudio\CTDVDDET.EXE"
mRun: [CTHelper] CTHELPER.EXE
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [lxctmon.exe] "c:\program files\lexmark 5400 series\lxctmon.exe"
mRun: [EzPrint] "c:\program files\lexmark 5400 series\ezprint.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
mPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-explorer: MaxRecentDocs = 18 (0x12)
mPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
mPolicies-explorer: NoRecentDocsNetHood = 1 (0x1)
mPolicies-explorer: MemCheckBoxInRunDlg = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} - hxxp://intel-drv-cdn.systemrequirementslab.com/audio/bin/sysreqlab_srlx.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 a320raid;a320raid;c:\windows\system32\drivers\a320raid.sys [2009-7-19 258939]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-11-11 218592]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2010-11-11 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2010-11-11 59664]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-11-12 11608]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2010-11-11 233136]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-11-12 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-11-12 267944]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-11-12 60936]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2010-11-11 112592]
R2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [2010-6-16 20968]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-11-11 366840]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-8-16 24652]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2010-11-11 63360]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-11-11 1142224]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2010-11-11 33552]
S3 ThreatFire;ThreatFire;c:\program files\spyware doctor\tfengine\tfservice.exe service --> c:\program files\spyware doctor\tfengine\TFService.exe service [?]

=============== Created Last 30 ================

2010-11-13 04:25:52 -------- d-----w- c:\docume~1\owner\applic~1\Avira
2010-11-13 04:21:27 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-11-13 04:21:26 -------- d-----w- c:\program files\Avira
2010-11-13 04:21:26 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avira
2010-11-12 21:58:08 -------- d-----w- c:\docume~1\owner\applic~1\Malwarebytes
2010-11-12 21:57:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-12 21:57:37 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-11-12 21:57:35 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-12 12:26:36 -------- d-----w- c:\windows\system32\wbem\snmp
2010-11-12 12:26:35 -------- d-----w- c:\windows\system32\xircom
2010-11-12 12:26:35 -------- d-----w- c:\windows\system32\oobe
2010-11-12 12:26:35 -------- d-----w- c:\windows\system32\inetsrv
2010-11-12 12:26:35 -------- d-----w- c:\program files\msn gaming zone
2010-11-12 00:56:52 59664 --s---w- c:\windows\system32\drivers\TfSysMon.sys
2010-11-12 00:56:52 51984 --s---w- c:\windows\system32\drivers\TfFsMon.sys
2010-11-12 00:56:52 33552 --s---w- c:\windows\system32\drivers\TfNetMon.sys
2010-11-12 00:42:55 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\Threat Expert
2010-11-12 00:33:43 767952 ----a-w- c:\windows\BDTSupport.dll
2010-11-12 00:33:43 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-11-12 00:33:42 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-11-12 00:33:42 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-11-12 00:29:26 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-11-12 00:28:29 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-11-12 00:28:28 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-11-12 00:27:38 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-11-12 00:27:12 -------- d-----w- c:\program files\Spyware Doctor
2010-11-12 00:27:12 -------- d-----w- c:\program files\common files\PC Tools
2010-11-12 00:27:12 -------- d-----w- c:\docume~1\owner\applic~1\PC Tools
2010-11-12 00:27:12 -------- d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2010-11-11 23:34:03 -------- d-----w- c:\docume~1\alluse~1\applic~1\SITEguard
2010-11-11 23:33:07 -------- d-----w- c:\program files\common files\iS3
2010-11-11 23:33:06 -------- d-----w- c:\docume~1\alluse~1\applic~1\STOPzilla!
2010-11-11 12:17:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-19 01:12:22 3132 ----a-w- c:\windows\epufubeqixi.dll
2010-10-17 17:53:20 0 ----a-w- c:\windows\Wyoni.bin
2010-10-17 17:53:18 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\{7C910989-BFE7-49D9-871E-9ECCC4989738}
2010-10-17 15:50:09 3132 ----a-w- c:\windows\ikagizutazet.dll

==================== Find3M ====================


============= FINISH: 17:41:49.90 ===============
 
For some reason, you seem to have some problem with reading ALL instructions and following them...
Include the contents of both logs in your new topic. The scan will instruct you to post Attach.txt as an attachment. No need for that though, just paste it as you would any other log.
Click to expand...
 
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-11-10.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 8/16/2009 7:25:20 PM
System Uptime: 11/15/2010 5:35:16 PM (0 hours ago)

Motherboard: Dell Inc. | | 0XC837
Processor: Intel(R) Xeon(TM) CPU 3.60GHz | Microprocessor | 3591/800mhz
Processor: Intel(R) Xeon(TM) CPU 3.60GHz | Microprocessor | 3591/800mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 279 GiB total, 159.731 GiB free.
D: is CDROM (CDFS)
E: is CDROM ()
T: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 8/16/2009 7:27:07 PM - System Checkpoint
RP2: 8/16/2009 7:29:29 PM - Installed Windows KB954550-v5.
RP3: 8/16/2009 7:29:33 PM - Printer Driver Microsoft XPS Document Writer Installed
RP4: 8/16/2009 7:32:39 PM - Installed Java(TM) 6 Update 14
RP5: 8/16/2009 7:32:55 PM - Installed User Profile Hive Cleanup Service
RP6: 8/16/2009 7:33:04 PM - Installed Alt-Tab Task Switcher Powertoy for Windows XP

==== Installed Programs ======================

µTorrent
7-Zip 4.65
Adobe Flash Player 10 ActiveX
Adobe Photoshop CS4
Adobe Shockwave Player 11.5
AIM 6
Alt-Tab Task Switcher Powertoy for Windows XP
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
Avira AntiVir Personal - Free Antivirus
Battlefield: Bad Company 2
BlackBerry USB Drivers
Browser Defender 2.0.6.15
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center HydraVision Full
Catalyst Control Center Localization All
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CPUID CPU-Z 1.54
Creative MediaSource
Creative System Information
Dell Resource CD
DivX Web Player
EAX(tm) Unified (SHELL)
FL Studio Creative Edition
Foxit Reader
GNU Aspell 0.50-3
GTK+ Runtime 2.14.7 rev a (remove only)
HashCheck Shell Extension (x86-32)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel(R) PRO Network Connections Drivers
iTunes
Java(TM) 6 Update 16
K-Lite Mega Codec Pack 5.0.0
League of Legends
Lexmark 5400 Series
MagicDisc 2.7.106
Malwarebytes' Anti-Malware
MediaLooks QuickTime Source 1.7.0.13 (DirectShow Filter)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 1.1 Service Pack 1
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB973685)
My Drivers 3.31
NVIDIA PhysX
OGA Notifier 2.0.0048.0
Open Command Prompt Shell Extension (x86-32)
OpenAL
Pando Media Booster
Picasa 3
Pidgin
PunkBuster Services
QuickTime
QuickTime Alternative 2.9.0
RocketDock 1.3.5
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Word 2007 (KB2251419)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Skins
Sound Blaster Audigy 4
SoundMAX
Spyware Doctor 7.0
Steam
Stickies
System Requirements Lab
Ultra Defragmenter
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB955759)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
User Profile Hive Cleanup Service
VC80CRTRedist - 8.0.50727.762
Viewpoint Media Player
WebFldrs XP
Winamp
Winamp Detector Plug-in
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Rights Management Client Backwards Compatibility SP2
Windows Rights Management Client with Service Pack 2

==== Event Viewer Messages From Past Week ========

11/14/2010 9:41:57 PM, error: Service Control Manager [7034] - The Viewpoint Manager Service service terminated unexpectedly. It has done this 1 time(s).
11/14/2010 9:41:57 PM, error: Service Control Manager [7034] - The lxct_device service terminated unexpectedly. It has done this 1 time(s).
11/14/2010 9:41:57 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
11/14/2010 9:41:57 PM, error: Service Control Manager [7034] - The Creative Service for CDROM Access service terminated unexpectedly. It has done this 1 time(s).
11/14/2010 9:41:57 PM, error: Service Control Manager [7034] - The Browser Defender Update Service service terminated unexpectedly. It has done this 1 time(s).
11/14/2010 9:41:57 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/14/2010 9:41:55 PM, error: Service Control Manager [7034] - The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s).
11/14/2010 12:04:34 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD avgio avipbb Fips intelppm IPSec MRxSmb NetBIOS NetBT pctgntdi RasAcd Rdbss sptd ssmdrv Tcpip WS2IFSL
11/14/2010 12:04:34 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
11/14/2010 12:04:34 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/14/2010 12:04:34 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/14/2010 12:04:34 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
11/14/2010 12:04:34 AM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/14/2010 12:03:22 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/14/2010 12:03:18 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
11/14/2010 12:03:11 AM, error: sptd [4] - Driver detected an internal error in its data structures for .
11/12/2010 6:34:10 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000035' while processing the file 'GENRE-VOCAL.JPG1' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
11/12/2010 4:52:05 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
11/12/2010 11:25:21 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000035' while processing the file 'ntuser.ini' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
11/12/2010 11:25:18 PM, error: Dhcp [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 001422614E35 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
11/12/2010 11:20:48 PM, error: Service Control Manager [7034] - The PC Tools Auxiliary Service service terminated unexpectedly. It has done this 1 time(s).
11/12/2010 11:19:04 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. .
11/12/2010 11:19:04 PM, error: SideBySide [59] - Generate Activation Context failed for C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX0\redist.dll. Reference error message: The operation completed successfully. .
11/12/2010 11:19:04 PM, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system.
11/11/2010 8:12:42 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the szserver service.
11/11/2010 8:01:37 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the AVG WatchDog service, but this action failed with the following error: The service database is locked.
11/11/2010 7:57:29 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the ThreatFire service to connect.
11/11/2010 7:57:29 PM, error: Service Control Manager [7000] - The ThreatFire service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/11/2010 7:35:31 PM, error: Service Control Manager [7034] - The AVG WatchDog service terminated unexpectedly. It has done this 1 time(s).
11/11/2010 7:21:39 AM, error: Service Control Manager [7031] - The AVG WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
11/11/2010 6:52:50 AM, error: Service Control Manager [7000] - The User Profile Hive Cleanup service failed to start due to the following error: The system cannot find the file specified.
11/11/2010 6:38:52 PM, error: DCOM [10005] - DCOM got error "%1055" attempting to start the service winmgmt with arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
11/11/2010 6:25:42 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
11/11/2010 6:17:44 PM, error: DCOM [10005] - DCOM got error "%1055" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
11/11/2010 6:17:44 PM, error: DCOM [10005] - DCOM got error "%1055" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
11/11/2010 6:17:44 PM, error: DCOM [10005] - DCOM got error "%1055" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
11/11/2010 6:17:44 PM, error: DCOM [10005] - DCOM got error "%1055" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/10/2010 5:52:37 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
11/10/2010 5:52:36 PM, error: Service Control Manager [7034] - The PnkBstrA service terminated unexpectedly. It has done this 1 time(s).

==== End Of File ===========================
 
Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

===================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.pif
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0008001d

Kernel Drivers (total 147):
0x804D7000 \windows\system32\ntkrnlpa.exe
0x806E4000 \windows\system32\hal.dll
0xF7B12000 \windows\system32\KDCOM.DLL
0xF7A22000 \windows\system32\BOOTVID.dll
0xF741E000 spva.sys
0xF7B14000 \windows\System32\Drivers\WMILIB.SYS
0xF7406000 \windows\System32\Drivers\SCSIPORT.SYS
0xF73D8000 ACPI.sys
0xF73C7000 pci.sys
0xF73A7000 fltMgr.sys
0xF7612000 ohci1394.sys
0xF7622000 \windows\system32\DRIVERS\1394BUS.SYS
0xF7632000 isapnp.sys
0xF7BDA000 pciide.sys
0xF7892000 \windows\system32\DRIVERS\PCIIDEX.SYS
0xF7642000 MountMgr.sys
0xF7388000 ftdisk.sys
0xF7B16000 dmload.sys
0xF7362000 dmio.sys
0xF789A000 PartMgr.sys
0xF7652000 VolSnap.sys
0xF734A000 atapi.sys
0xF730A000 a320raid.sys
0xF7662000 disk.sys
0xF7672000 \windows\system32\DRIVERS\CLASSPNP.SYS
0xF72F8000 sr.sys
0xF72BF000 PCTCore.sys
0xF72AE000 TfSysMon.sys
0xF729D000 TfFsMon.sys
0xF7682000 PxHelp20.sys
0xF7286000 KSecDD.sys
0xF7273000 WudfPf.sys
0xF71E6000 Ntfs.sys
0xF71B9000 NDIS.sys
0xF719F000 Mup.sys
0xF6915000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF68BA000 \SystemRoot\system32\drivers\ctaud2k.sys
0xF6896000 \SystemRoot\system32\drivers\portcls.sys
0xF76A2000 \SystemRoot\system32\drivers\drmk.sys
0xF6873000 \SystemRoot\system32\drivers\ks.sys
0xF6847000 \SystemRoot\system32\drivers\ctoss2k.sys
0xF7B52000 \SystemRoot\system32\drivers\ctprxy2k.sys
0xF76B2000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xF681F000 \SystemRoot\system32\DRIVERS\e1000325.sys
0xF6469000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xF6455000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF79B2000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF6431000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF79BA000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF79C2000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF641D000 \SystemRoot\system32\DRIVERS\parport.sys
0xF76C2000 \SystemRoot\system32\DRIVERS\serial.sys
0xF713A000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF76D2000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF76E2000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF76F2000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF79CA000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xF63DD000 \SystemRoot\system32\drivers\smwdm.sys
0xF632A000 \SystemRoot\system32\drivers\senfilt.sys
0xF7CD5000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF7B54000 \SystemRoot\System32\Drivers\RootMdm.sys
0xF79D2000 \SystemRoot\System32\Drivers\Modem.SYS
0xF7702000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7132000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF6313000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF7712000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF7722000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF79DA000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF6302000 \SystemRoot\system32\DRIVERS\psched.sys
0xF7732000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF79E2000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF79EA000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF79F2000 \SystemRoot\system32\DRIVERS\RimSerial.sys
0xF62D2000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF7742000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF79FA000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF7A02000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF62B5000 \SystemRoot\system32\DRIVERS\mcdbus.sys
0xF7B56000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF6257000 \SystemRoot\system32\DRIVERS\update.sys
0xF6A96000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF7752000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF620A000 \SystemRoot\system32\drivers\hap16v2k.sys
0xF612D000 \SystemRoot\system32\drivers\ha10kx2k.sys
0xF610B000 \SystemRoot\system32\drivers\emupia2k.sys
0xF60EB000 \SystemRoot\system32\drivers\ctsfm2k.sys
0xF604D000 \SystemRoot\system32\drivers\ctac32k.sys
0xF7782000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7B68000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF7A12000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xF7B06000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7C6F000 \SystemRoot\System32\Drivers\Null.SYS
0xF7B74000 \SystemRoot\System32\Drivers\Beep.SYS
0xF78BA000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF78C2000 \SystemRoot\System32\drivers\vga.sys
0xF7B76000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF78DA000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF78E2000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7B0E000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xAE7A3000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xAE74A000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xAE713000 \??\C:\WINDOWS\system32\drivers\pctgntdi.sys
0xF77B2000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xAE6C3000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF715B000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xF77C2000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xAE6A1000 \SystemRoot\System32\drivers\afd.sys
0xF77D2000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF78EA000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0xAE676000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xAE606000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF77E2000 \SystemRoot\System32\Drivers\Fips.SYS
0xAE5E3000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xF7B7C000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0xF78F2000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xF6253000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF7802000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF6247000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xF6243000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xF7862000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF623F000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0xAD84B000 \SystemRoot\System32\Drivers\dump_a320raid.sys
0xBF800000 \SystemRoot\System32\win32k.sys
0xAE7D6000 \SystemRoot\System32\drivers\Dxapi.sys
0xF792A000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7CAB000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF065000 \SystemRoot\System32\ati2cqag.dll
0xBF0FE000 \SystemRoot\System32\atikvmag.dll
0xBF182000 \SystemRoot\System32\atiok3x2.dll
0xBF1CD000 \SystemRoot\System32\ati3duag.dll
0xBF572000 \SystemRoot\System32\ativvaxx.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xAB4F6000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xAB4CE000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xAB5B3000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xAB1C1000 \SystemRoot\system32\drivers\wdmaud.sys
0xAB5D3000 \SystemRoot\system32\drivers\sysaudio.sys
0xAB07F000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xF7B4C000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xAAD67000 \??\C:\windows\system32\drivers\cpuz133_x32.sys
0xAAB78000 \SystemRoot\system32\DRIVERS\srv.sys
0xAAB61000 \??\C:\windows\system32\drivers\PfModNT.sys
0xAA949000 \SystemRoot\System32\Drivers\HTTP.sys
0xF7922000 \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\mbr.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 45):
0 System Idle Process
4 System
724 C:\WINDOWS\system32\smss.exe
780 csrss.exe
820 C:\WINDOWS\system32\winlogon.exe
864 C:\WINDOWS\system32\services.exe
876 C:\WINDOWS\system32\lsass.exe
1108 C:\WINDOWS\system32\svchost.exe
1220 svchost.exe
1316 C:\WINDOWS\system32\svchost.exe
1360 C:\WINDOWS\system32\svchost.exe
1564 svchost.exe
1652 svchost.exe
1780 C:\WINDOWS\system32\spoolsv.exe
1824 C:\Program Files\Avira\AntiVir Desktop\sched.exe
288 C:\WINDOWS\explorer.exe
460 svchost.exe
408 C:\WINDOWS\system32\TaskSwitch.exe
712 C:\Program Files\Analog Devices\Core\smax4pnp.exe
744 C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.exe
748 C:\WINDOWS\system32\CTHELPER.EXE
800 C:\Program Files\Lexmark 5400 Series\ezprint.exe
784 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
1004 C:\WINDOWS\system32\ctfmon.exe
880 C:\Program Files\RocketDock\RocketDock.exe
1140 C:\Program Files\Creative\SBAudigy4\Entertainment Center\RcMan.exe
1276 C:\Program Files\Pando Networks\Media Booster\PMB.exe
1852 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
1444 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1832 C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
2188 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
2228 C:\WINDOWS\system32\CTSVCCDA.EXE
2268 C:\Program Files\Java\jre6\bin\jqs.exe
2296 C:\WINDOWS\system32\lxctcoms.exe
2364 C:\WINDOWS\system32\PnkBstrA.exe
2416 C:\Program Files\Spyware Doctor\pctsAuxs.exe
2536 C:\WINDOWS\system32\svchost.exe
2572 C:\Program Files\Viewpoint\Common\ViewpointService.exe
3292 C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
3332 C:\WINDOWS\system32\svchost.exe
3340 C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
3500 C:\Program Files\Internet Explorer\IEXPLORE.EXE
3564 C:\Program Files\Internet Explorer\IEXPLORE.EXE
188 C:\Program Files\Internet Explorer\IEXPLORE.EXE
3272 C:\Documents and Settings\Owner\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: MAXTORATLAS10K5_300SCA, Rev: JNZH

Size Device Name MBR Status
--------------------------------------------
279 GB \\.\PhysicalDrive0 RE: Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!
 
ComboFix 10-11-15.05 - Owner 11/15/2010 20:17:00.1.4 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.811 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\jason.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\Owner\Application Data\inst.exe
c:\documents and settings\Owner\Local Settings\Application Data\{7C910989-BFE7-49D9-871E-9ECCC4989738}
c:\documents and settings\Owner\Local Settings\Application Data\{7C910989-BFE7-49D9-871E-9ECCC4989738}\chrome.manifest
c:\documents and settings\Owner\Local Settings\Application Data\{7C910989-BFE7-49D9-871E-9ECCC4989738}\chrome\content\_cfg.js
c:\documents and settings\Owner\Local Settings\Application Data\{7C910989-BFE7-49D9-871E-9ECCC4989738}\chrome\content\overlay.xul
c:\documents and settings\Owner\Local Settings\Application Data\{7C910989-BFE7-49D9-871E-9ECCC4989738}\install.rdf
c:\windows\epufubeqixi.dll
c:\windows\ikagizutazet.dll

.
((((((((((((((((((((((((( Files Created from 2010-10-16 to 2010-11-16 )))))))))))))))))))))))))))))))
.

2010-11-13 04:25 . 2010-11-13 04:25 -------- d-----w- c:\documents and settings\Owner\Application Data\Avira
2010-11-13 04:21 . 2010-08-02 21:10 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-11-13 04:21 . 2010-08-02 21:10 126856 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-11-13 04:21 . 2010-06-17 20:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-11-13 04:21 . 2010-06-17 20:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-11-13 04:21 . 2010-11-13 04:21 -------- d-----w- c:\program files\Avira
2010-11-13 04:21 . 2010-11-13 04:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-11-12 21:58 . 2010-11-12 21:58 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2010-11-12 21:57 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-12 21:57 . 2010-11-12 21:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-11-12 21:57 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-12 12:26 . 2010-11-12 12:26 -------- d-----w- c:\windows\system32\wbem\snmp
2010-11-12 12:26 . 2010-11-12 12:26 -------- d-----w- c:\windows\system32\xircom
2010-11-12 12:26 . 2010-11-12 12:26 -------- d-----w- c:\windows\system32\oobe
2010-11-12 12:26 . 2010-11-12 12:26 -------- d-----w- c:\program files\microsoft frontpage
2010-11-12 00:56 . 2010-02-02 15:13 59664 --s---w- c:\windows\system32\drivers\TfSysMon.sys
2010-11-12 00:56 . 2010-02-02 15:13 51984 --s---w- c:\windows\system32\drivers\TfFsMon.sys
2010-11-12 00:27 . 2010-11-12 00:34 -------- d-----w- c:\program files\Common Files\PC Tools
2010-11-12 00:27 . 2010-11-12 00:27 -------- d-----w- c:\documents and settings\Owner\Application Data\PC Tools
2010-11-12 00:26 . 2010-11-16 01:13 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-11-11 23:34 . 2010-11-11 23:34 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard
2010-11-11 23:33 . 2010-11-11 23:33 -------- d-----w- c:\program files\Common Files\iS3
2010-11-11 23:33 . 2010-11-12 01:13 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2010-11-11 12:17 . 2010-11-12 21:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-17 17:53 . 2010-11-12 12:28 0 ----a-w- c:\windows\Wyoni.bin

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-12 21:51 . 2009-07-19 16:00 36352 ----a-w- c:\windows\system32\drivers\disk.sys
.

------- Sigcheck -------

[-] 2009-07-19 . BA8C046D98345129723E6BCAA1E8AB99 . 361600 . . [5.1.2600.5649] . . c:\windows\system32\drivers\tcpip.sys


c:\windows\System32\wscntfy.exe ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Stickies"="c:\program files\Bret Taylor\Stickies\Stickies.exe" [2007-03-14 335872]
"RemoteCenter"="c:\program files\Creative\SBAudigy4\Entertainment Center\RcMan.exe" [2004-09-21 172032]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-04-23 2938552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"CoolSwitch"="c:\windows\system32\taskswitch.exe" [2002-03-19 45632]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"CTDVDDET"="c:\program files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"CTHelper"="CTHELPER.EXE" [2004-09-23 24576]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"lxctmon.exe"="c:\program files\Lexmark 5400 Series\lxctmon.exe" [2006-06-20 286720]
"EzPrint"="c:\program files\Lexmark 5400 Series\ezprint.exe" [2006-06-07 98304]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 281768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2009-07-19 128512]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2010-3-16 576000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"MaxRecentDocs"= 18 (0x12)
"NoSMConfigurePrograms"= 1 (0x1)
"NoRecentDocsNetHood"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\lxctcoms.exe"=
"c:\\Riot Games\\League of Legends\\air\\LolClient.exe"=
"c:\\Riot Games\\League of Legends\\game\\League of Legends.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\battlefield bad company 2\\BFBC2Game.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\battlefield bad company 2\\Support\\EA Help\\Electronic_Arts_Technical_Support.htm"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56243:TCP"= 56243:TCP:pando Media Booster
"56243:UDP"= 56243:UDP:pando Media Booster
"8378:TCP"= 8378:TCP:League of Legends Launcher
"8378:UDP"= 8378:UDP:League of Legends Launcher
"8379:TCP"= 8379:TCP:League of Legends Launcher
"8379:UDP"= 8379:UDP:League of Legends Launcher
"6933:TCP"= 6933:TCP:League of Legends Launcher
"6933:UDP"= 6933:UDP:League of Legends Launcher
"8380:TCP"= 8380:TCP:League of Legends Launcher
"8380:UDP"= 8380:UDP:League of Legends Launcher
"6918:TCP"= 6918:TCP:League of Legends Launcher
"6918:UDP"= 6918:UDP:League of Legends Launcher

R0 a320raid;a320raid;c:\windows\system32\drivers\a320raid.sys [7/19/2009 11:48 AM 258939]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [11/11/2010 7:28 PM 218592]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3/16/2010 10:41 AM 691696]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [11/11/2010 7:56 PM 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [11/11/2010 7:56 PM 59664]
S1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [11/11/2010 7:29 PM 233136]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [11/12/2010 11:21 PM 135336]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [11/11/2010 7:33 PM 112592]
S2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [6/16/2010 8:27 PM 20968]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [11/11/2010 7:27 PM 366840]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [8/16/2009 8:55 PM 24652]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [11/11/2010 7:27 PM 63360]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [11/11/2010 7:56 PM 33552]
S3 ThreatFire;ThreatFire;c:\program files\Spyware Doctor\TFEngine\TFService.exe service --> c:\program files\Spyware Doctor\TFEngine\TFService.exe service [?]
.
Contents of the 'Scheduled Tasks' folder

2010-11-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-11-16 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 20:07]

2010-11-16 c:\windows\Tasks\User_Feed_Synchronization-{FBC52E96-BF07-4D08-97BF-27368A1BAA50}.job
- c:\windows\system32\msfeedssync.exe [2009-07-19 16:06]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uInternet Settings,ProxyServer = http=127.0.0.1:29775
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKCU-Run-Aim6 - (no file)
SafeBoot-klmdb.sys



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-15 20:21
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1757981266-1715567821-1177238915-1003\Software\SecuROM\License information*]
"datasecu"=hex:ab,5a,2f,3e,81,b5,44,b9,1e,3c,73,d8,ff,8e,54,2b,04,a2,d3,0c,96,
45,46,6b,db,5f,81,b8,e3,8d,93,11,25,63,34,85,02,47,ba,b6,ab,b1,90,65,88,99,\
"rkeysecu"=hex:a4,9f,d6,ad,e1,87,82,b9,cc,dd,79,26,d1,30,a0,95
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(268)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(776)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2010-11-15 20:23:18
ComboFix-quarantined-files.txt 2010-11-16 01:23

Pre-Run: 172,469,751,808 bytes free
Post-Run: 172,428,574,720 bytes free

- - End Of File - - 55B1CC3A60E3B70685E50831CB33E54A
 
This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as Owner on 11/15/2010 at 20:15:28.


Services Stopped:


Processes terminated by Rkill or while it was running:


C:\Documents and Settings\Owner\Desktop\rkill.com


Rkill completed on 11/15/2010 at 20:15:31.
 
Very good :)

Unless you installed Viewpoint Manager knowledgeably...
Go Start>Control Panel>Add\Remove (Programs and Features in Vista), and...
Uninstall any of the following programs associated with Viewpoint:
* Viewpoint Manager
* Viewpoint Media Player
* Viewpoint Toolbar
This program does not do anything bad such as deliver ads or spy on you, but it is considered foistware ("drive-by-install") as it is installed without your consent through programs like AOL, AIM, Compuserve, etc.

======================================================================

Now, I want you to run the following fix in normal mode (it should run fine) and allow recovery console installation.

1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code: 
File::
c:\windows\Wyoni.bin


Folder::
c:\documents and settings\All Users\Application Data\SITEguard
c:\program files\Common Files\iS3
c:\documents and settings\All Users\Application Data\STOPzilla!

MIA::
c:\windows\System32\wscntfy.exe

DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:29775
uInternet Settings,ProxyOverride = <local>

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdReg"=-


3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif



6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
 
Status
Not open for further replies.

Similar threads

learninmypc
Help with FB messenger, NOT THE APP
Replies
4
Views
108
learninmypc
learninmypc
Daniel Sims
Thousands of websites infected to redirect users in Google Ads view-pumping scam
Replies
5
Views
634
Feng Lengshun
F
midian182
Google accused of being "woke" after Gemini creates inaccurate, racially diverse historical...
2
Replies
40
Views
848
wiyosaya
wiyosaya

Latest posts

Back