Need help got the Google redirect virus

Solved
By jpak88
Nov 12, 2010
Topic Status:
Not open for further replies.
  1. ive been trying to fix this for like a week i been to several sites trying to look for advice. i couldnt find the tdssserv.sys in system>hardware>device manager>view hidden devices>non-plug and play drivers. i have bought spydoctor and i have mbam and tdsskiller. i did a full scan on all programs it detected a lot of threats and infections and got rid of them but when i go on google it still redirects to other sites. please any help would be appreciated. when i can do a full scan they dont detect any infections or threats but google still redirects and also my dads computer os window 7 is doing the samething. i believe my modem or router might have been hacked. please help thanks!



    i recently did a quick scan with tdsskiller and it detect a suspicious object service name is sptd. file: C:\windows\system32\drivers\sptd.sys it says its a locked file and i cant remove or heal it
  2. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:

    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
  3. jpak88

    jpak88 Newcomer, in training Topic Starter Posts: 54

    i have recently bought spy doctor and after a full scan i cant seem to get a log off notepad it just shows me a summary on the program but nothing i can post. is there a way i can get a log from notepad?
  4. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    I haven't mentioned any Spy Doctor.

    Didn't you read my initial reply:
  5. jpak88

    jpak88 Newcomer, in training Topic Starter Posts: 54

    i performed a scan with avira. this is my log


    Avira AntiVir Personal
    Report file date: Friday, November 12, 2010 23:26

    Scanning for 3043988 virus strains and unwanted programs.

    The program is running as an unrestricted full version.
    Online services are available:

    Licensee : Avira AntiVir Personal - FREE Antivirus
    Serial number : 0000149996-ADJIE-0000001
    Platform : Windows XP
    Windows version : (Service Pack 3) [5.1.2600]
    Boot mode : Normally booted
    Username : SYSTEM
    Computer name : ANONYMOUS

    Version information:
    BUILD.DAT : 10.0.0.592 31823 Bytes 8/9/2010 11:00:00
    AVSCAN.EXE : 10.0.3.1 434344 Bytes 8/2/2010 21:09:56
    AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 18:57:04
    LUKE.DLL : 10.0.2.3 104296 Bytes 8/2/2010 21:10:00
    LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 05:40:49
    VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 15:05:36
    VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 01:27:49
    VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 23:37:42
    VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 22:37:42
    VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 17:29:03
    VBASE005.VDF : 7.10.6.82 2494464 Bytes 4/15/2010 21:10:03
    VBASE006.VDF : 7.10.7.218 2294784 Bytes 6/2/2010 21:10:04
    VBASE007.VDF : 7.10.9.165 4840960 Bytes 7/23/2010 21:10:06
    VBASE008.VDF : 7.10.11.133 3454464 Bytes 9/13/2010 04:22:19
    VBASE009.VDF : 7.10.13.80 2265600 Bytes 11/2/2010 04:22:24
    VBASE010.VDF : 7.10.13.81 2048 Bytes 11/2/2010 04:22:24
    VBASE011.VDF : 7.10.13.82 2048 Bytes 11/2/2010 04:22:24
    VBASE012.VDF : 7.10.13.83 2048 Bytes 11/2/2010 04:22:24
    VBASE013.VDF : 7.10.13.116 147968 Bytes 11/4/2010 04:22:25
    VBASE014.VDF : 7.10.13.147 146944 Bytes 11/7/2010 04:22:25
    VBASE015.VDF : 7.10.13.180 123904 Bytes 11/9/2010 04:22:26
    VBASE016.VDF : 7.10.13.211 122368 Bytes 11/11/2010 04:22:26
    VBASE017.VDF : 7.10.13.212 2048 Bytes 11/11/2010 04:22:26
    VBASE018.VDF : 7.10.13.213 2048 Bytes 11/11/2010 04:22:26
    VBASE019.VDF : 7.10.13.214 2048 Bytes 11/11/2010 04:22:26
    VBASE020.VDF : 7.10.13.215 2048 Bytes 11/11/2010 04:22:26
    VBASE021.VDF : 7.10.13.216 2048 Bytes 11/11/2010 04:22:27
    VBASE022.VDF : 7.10.13.217 2048 Bytes 11/11/2010 04:22:27
    VBASE023.VDF : 7.10.13.218 2048 Bytes 11/11/2010 04:22:27
    VBASE024.VDF : 7.10.13.219 2048 Bytes 11/11/2010 04:22:27
    VBASE025.VDF : 7.10.13.220 2048 Bytes 11/11/2010 04:22:27
    VBASE026.VDF : 7.10.13.221 2048 Bytes 11/11/2010 04:22:27
    VBASE027.VDF : 7.10.13.222 2048 Bytes 11/11/2010 04:22:27
    VBASE028.VDF : 7.10.13.223 2048 Bytes 11/11/2010 04:22:27
    VBASE029.VDF : 7.10.13.224 2048 Bytes 11/11/2010 04:22:27
    VBASE030.VDF : 7.10.13.225 2048 Bytes 11/11/2010 04:22:28
    VBASE031.VDF : 7.10.13.235 75776 Bytes 11/12/2010 04:22:28
    Engineversion : 8.2.4.98
    AEVDF.DLL : 8.1.2.1 106868 Bytes 8/2/2010 21:09:54
    AESCRIPT.DLL : 8.1.3.46 1364347 Bytes 11/13/2010 04:22:38
    AESCN.DLL : 8.1.6.1 127347 Bytes 8/2/2010 21:09:53
    AESBX.DLL : 8.1.3.1 254324 Bytes 8/2/2010 21:09:53
    AERDL.DLL : 8.1.9.2 635252 Bytes 11/13/2010 04:22:37
    AEPACK.DLL : 8.2.3.11 471416 Bytes 11/13/2010 04:22:36
    AEOFFICE.DLL : 8.1.1.8 201081 Bytes 8/2/2010 21:09:52
    AEHEUR.DLL : 8.1.2.41 3043703 Bytes 11/13/2010 04:22:35
    AEHELP.DLL : 8.1.14.0 246134 Bytes 11/13/2010 04:22:30
    AEGEN.DLL : 8.1.3.24 401781 Bytes 11/13/2010 04:22:29
    AEEMU.DLL : 8.1.2.0 393588 Bytes 8/2/2010 21:09:49
    AECORE.DLL : 8.1.17.0 196982 Bytes 11/13/2010 04:22:29
    AEBB.DLL : 8.1.1.0 53618 Bytes 8/2/2010 21:09:48
    AVWINLL.DLL : 10.0.0.0 19304 Bytes 8/2/2010 21:09:56
    AVPREF.DLL : 10.0.0.0 44904 Bytes 8/2/2010 21:09:55
    AVREP.DLL : 10.0.0.8 62209 Bytes 6/17/2010 20:27:13
    AVREG.DLL : 10.0.3.2 53096 Bytes 8/2/2010 21:09:55
    AVSCPLR.DLL : 10.0.3.1 83816 Bytes 8/2/2010 21:09:56
    AVARKT.DLL : 10.0.0.14 227176 Bytes 8/2/2010 21:09:54
    AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 8/2/2010 21:09:55
    SQLITE3.DLL : 3.6.19.0 355688 Bytes 6/17/2010 20:27:22
    AVSMTP.DLL : 10.0.0.17 63848 Bytes 8/2/2010 21:09:56
    NETNT.DLL : 10.0.0.0 11624 Bytes 6/17/2010 20:27:21
    RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 19:10:20
    RCTEXT.DLL : 10.0.58.0 97128 Bytes 8/2/2010 21:10:08

    Configuration settings for the scan:
    Jobname.............................: avguard_async_scan
    Configuration file..................: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\AVGUARD_22eee226\guard_slideup.avp
    Logging.............................: low
    Primary action......................: repair
    Secondary action....................: quarantine
    Scan master boot sector.............: on
    Scan boot sector....................: off
    Process scan........................: on
    Scan registry.......................: off
    Search for rootkits.................: off
    Integrity checking of system files..: off
    Scan all files......................: All files
    Scan archives.......................: on
    Recursion depth.....................: 20
    Smart extensions....................: on
    Macro heuristic.....................: on
    File heuristic......................: high

    Start of the scan: Friday, November 12, 2010 23:26

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'IEXPLORE.EXE' - '1' Module(s) have been scanned
    Scan process 'IEXPLORE.EXE' - '1' Module(s) have been scanned
    Scan process 'IEXPLORE.EXE' - '1' Module(s) have been scanned
    Scan process 'DLLML.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'DLLML.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'IEXPLORE.EXE' - '1' Module(s) have been scanned
    Scan process 'ViewpointService.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'pctsAuxs.exe' - '1' Module(s) have been scanned
    Scan process 'PnkBstrA.exe' - '1' Module(s) have been scanned
    Scan process 'lxctcoms.exe' - '1' Module(s) have been scanned
    Scan process 'jqs.exe' - '1' Module(s) have been scanned
    Scan process 'CTsvcCDA.EXE' - '1' Module(s) have been scanned
    Scan process 'avshadow.exe' - '1' Module(s) have been scanned
    Scan process 'BDTUpdateService.exe' - '1' Module(s) have been scanned
    Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'MagicDisc.exe' - '1' Module(s) have been scanned
    Scan process 'PMB.exe' - '1' Module(s) have been scanned
    Scan process 'RcMan.exe' - '1' Module(s) have been scanned
    Scan process 'Stickies.exe' - '1' Module(s) have been scanned
    Scan process 'RocketDock.exe' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'ezprint.exe' - '1' Module(s) have been scanned
    Scan process 'lxctmon.exe' - '1' Module(s) have been scanned
    Scan process 'CTHELPER.EXE' - '1' Module(s) have been scanned
    Scan process 'CTDVDDET.EXE' - '1' Module(s) have been scanned
    Scan process 'smax4pnp.exe' - '1' Module(s) have been scanned
    Scan process 'taskswitch.exe' - '1' Module(s) have been scanned
    Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'Ati2evxx.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'Ati2evxx.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'savedump.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned

    Starting the file scan:

    Begin scan in 'C:\WINDOWS\uyebewah.dll'
    C:\WINDOWS\uyebewah.dll
    [DETECTION] Is the TR/Crypt.XPACK.Gen2 Trojan
    [WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
    [WARNING] The file could not be deleted!
    [NOTE] Attempting to perform action using the ARK library.
    [NOTE] An ARK library instance is already running.
    The repair notes were written to the file 'C:\avrescue\rescue.avp'.
  6. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    Go on.......
  7. jpak88

    jpak88 Newcomer, in training Topic Starter Posts: 54

    whenever i do a scan with avira i get the blue screen now.

    always at 98% on scanning master boot sectors it goes to the blue screen error
  8. jpak88

    jpak88 Newcomer, in training Topic Starter Posts: 54

    should i try to run it in safemode?
  9. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    Don't worry about Avira for now. Your computer is infected and that's the reason, you have a problem with Avira.
    Proceed with other steps.
  10. jpak88

    jpak88 Newcomer, in training Topic Starter Posts: 54

    alright performed a quick scan and this is the log. i performed it after the tfc cleaner.

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4052

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    11/14/2010 9:51:21 PM
    mbam-log-2010-11-14 (21-51-21).txt

    Scan type: Quick scan
    Objects scanned: 109878
    Time elapsed: 4 minute(s), 54 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
  11. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    Next logs please.
  12. jpak88

    jpak88 Newcomer, in training Topic Starter Posts: 54

    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit scan 2010-11-15 06:46:28
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Scsi\a320raid1Port1Path0Target0Lun0 MAXTOR__ rev.JNZH
    Running: lj8dgb34.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\fgrcypog.sys


    ---- System - GMER 1.0.15 ----

    SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwCreateKey [0xF72B3AC2]
    SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xF72CA2D6]
    SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xF72CA4C8]
    SSDT F7C09A24 ZwCreateThread
    SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwDeleteKey [0xF72B3CB6]
    SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwDeleteValueKey [0xF72B3D5C]
    SSDT spym.sys ZwEnumerateKey [0xF7437DA4]
    SSDT spym.sys ZwEnumerateValueKey [0xF7438132]
    SSDT F7C09A42 ZwLoadKey
    SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwOpenKey [0xF72B39B2]
    SSDT F7C09A10 ZwOpenProcess
    SSDT F7C09A15 ZwOpenThread
    SSDT spym.sys ZwQueryKey [0xF743820A]
    SSDT spym.sys ZwQueryValueKey [0xF743808A]
    SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xF72EC020]
    SSDT F7C09A4C ZwReplaceKey
    SSDT F7C09A47 ZwRestoreKey
    SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwSetValueKey [0xF72B3EF8]
    SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwTerminateProcess [0xF72B5BD6]

    INT 0x63 ? 86A9CBF8
    INT 0x64 ? 86A9CBF8
    INT 0x74 ? 86A9CBF8
    INT 0x82 ? 86FD5BF8
    INT 0x83 ? 86A9CBF8
    INT 0x83 ? 86A9CBF8
    INT 0xB4 ? 86FD8BF8

    ---- Kernel code sections - GMER 1.0.15 ----

    ? spym.sys The system cannot find the file specified. !
    .text C:\windows\system32\DRIVERS\ati2mtag.sys section is writeable [0xF6535000, 0x1C5D38, 0xE8000020]
    .text USBPORT.SYS!DllUnload F65148EC 5 Bytes JMP 86A9C1D8
    init C:\windows\system32\drivers\senfilt.sys entry point in "init" section [0xF6479F80]

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\Pando Networks\Media Booster\PMB.exe[1284] kernel32.dll!SetUnhandledExceptionFilter 7C844935 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2696] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215541 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2696] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDBC4 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2696] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E4F87 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2696] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4EB9 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2696] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4F24 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2696] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4D8A C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2696] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4DEC C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2696] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E4FEA C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2696] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4E4E C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215541 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9B69 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD1BD C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDBC4 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E2546BE C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E4F87 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4EB9 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4F24 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4D8A C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4DEC C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E4FEA C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4E4E C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] ole32.dll!CoCreateInstance 774FF1C4 5 Bytes JMP 3E2EDC20 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] ole32.dll!OleLoadFromStream 775297FD 5 Bytes JMP 3E3E52EF C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215541 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9B69 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD1BD C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDBC4 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E2546BE C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E4F87 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4EB9 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4F24 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4D8A C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4DEC C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E4FEA C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4E4E C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] ole32.dll!CoCreateInstance 774FF1C4 5 Bytes JMP 3E2EDC20 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] ole32.dll!OleLoadFromStream 775297FD 5 Bytes JMP 3E3E52EF C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

    ---- Kernel IAT/EAT - GMER 1.0.15 ----

    IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F7420042] spym.sys
    IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F742013E] spym.sys
    IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F74200C0] spym.sys
    IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F7420800] spym.sys
    IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F74206D6] spym.sys

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!CloseHandle] [025DC3F0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [02602DF0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileA] [025DB950] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [02602D20] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!WriteFile] [025DC5B0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!ReadFile] [025DC4F0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] [025DBB60] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [02602CF0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [02602E30] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\RPCRT4.dll [KERNEL32.dll!CreateFileW] [025DBB60] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [02602CF0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [02602D20] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [02602E30] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\RPCRT4.dll [KERNEL32.dll!CloseHandle] [025DC3F0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\RPCRT4.dll [KERNEL32.dll!WriteFile] [025DC5B0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [02602CF0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\Secur32.dll [KERNEL32.dll!CreateFileW] [025DBB60] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\Secur32.dll [KERNEL32.dll!CloseHandle] [025DC3F0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [02602D20] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [02602E30] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [02602DF0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\USER32.dll [KERNEL32.dll!CloseHandle] [025DC3F0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\USER32.dll [KERNEL32.dll!ReadFile] [025DC4F0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [025DC040] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [02602CF0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [02602E30] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [02602D20] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\USER32.dll [KERNEL32.dll!CreateFileW] [025DBB60] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [02602DF0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [02602CF0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [02602E30] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [02602D20] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!CloseHandle] [025DC3F0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!WriteFile] [025DC5B0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!CreateFileW] [025DBB60] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\msvcrt.dll [KERNEL32.dll!CloseHandle] [025DC3F0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [02602E30] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [02602CF0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [025DBE20] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [025DC040] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\msvcrt.dll [KERNEL32.dll!CreateFileA] [025DB950] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\msvcrt.dll [KERNEL32.dll!ReadFile] [025DC4F0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\msvcrt.dll [KERNEL32.dll!CreateFileW] [025DBB60] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\msvcrt.dll [KERNEL32.dll!WriteFile] [025DC5B0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!WriteFile] [025DC5B0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] [025DB950] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [025DBB60] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [02602DC0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [02602DF0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [02602D20] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [025DBE20] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [025DC040] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!ReadFile] [025DC4F0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [02602CF0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [02602E30] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!CloseHandle] [025DC3F0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\SHLWAPI.dll [USER32.dll!DialogBoxParamW] [025DA1A0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\SHLWAPI.dll [USER32.dll!MessageBoxIndirectA] [025DAA00] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\SHLWAPI.dll [USER32.dll!MessageBoxIndirectW] [025DB1D0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [02602CF0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [025DC040] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [02602D20] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [02602E30] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] [025DBB60] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!ReadFile] [025DC4F0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!CloseHandle] [025DC3F0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!WriteFile] [025DC5B0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [02602DF0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [02602DC0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\SHELL32.dll [USER32.dll!DialogBoxParamW] [025DA1A0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\SHELL32.dll [USER32.dll!MessageBoxIndirectW] [025DB1D0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [02602E30] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [02602CF0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\ole32.dll [KERNEL32.dll!CloseHandle] [025DC3F0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [02602D20] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32
  13. jpak88

    jpak88 Newcomer, in training Topic Starter Posts: 54

    \ole32.dll [KERNEL32.dll!CreateFileW] [025DBB60] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\ole32.dll [KERNEL32.dll!ReadFile] [025DC4F0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [02602DC0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [025DC040] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\ole32.dll [KERNEL32.dll!WriteFile] [025DC5B0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\ole32.dll [USER32.dll!DialogBoxParamW] [025DA1A0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [02602D20] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\USERENV.dll [KERNEL32.dll!WriteFile] [025DC5B0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\USERENV.dll [KERNEL32.dll!CreateFileW] [025DBB60] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [02602DC0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [025DC040] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\USERENV.dll [KERNEL32.dll!CloseHandle] [025DC3F0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [02602E30] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [02602CF0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\USERENV.dll [KERNEL32.dll!ReadFile] [025DC4F0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\USERENV.dll [USER32.dll!DialogBoxParamW] [025DA1A0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [02602CF0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [02602E30] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\PSAPI.DLL [KERNEL32.dll!CreateFileA] [025DB950] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\PSAPI.DLL [KERNEL32.dll!CloseHandle] [025DC3F0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\WININET.dll [KERNEL32.dll!WriteFile] [025DC5B0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\WININET.dll [KERNEL32.dll!CreateFileW] [025DBB60] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\WININET.dll [KERNEL32.dll!CreateFileA] [025DB950] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\WININET.dll [KERNEL32.dll!ReadFile] [025DC4F0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [02602D20] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [02602DF0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [02602E30] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [02602CF0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\WININET.dll [KERNEL32.dll!CloseHandle] [025DC3F0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\WININET.dll [USER32.dll!DialogBoxParamW] [025DA1A0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\ws2_32.dll [KERNEL32.dll!GetProcAddress] [02602E30] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\ws2_32.dll [KERNEL32.dll!LoadLibraryA] [02602CF0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\ws2_32.dll [KERNEL32.dll!CloseHandle] [025DC3F0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\WS2HELP.dll [KERNEL32.dll!CloseHandle] [025DC3F0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [02602CF0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [02602E30] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [02602D20] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [02602CF0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [02602E30] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\NETAPI32.dll [KERNEL32.dll!CreateFileW] [025DBB60] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\NETAPI32.dll [KERNEL32.dll!WriteFile] [025DC5B0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\NETAPI32.dll [KERNEL32.dll!CloseHandle] [025DC3F0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\NETAPI32.dll [KERNEL32.dll!ReadFile] [025DC4F0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\iphlpapi.dll [KERNEL32.dll!CreateFileW] [025DBB60] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\iphlpapi.dll [KERNEL32.dll!CreateFileA] [025DB950] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\iphlpapi.dll [KERNEL32.dll!CloseHandle] [025DC3F0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [02602E30] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [02602CF0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\inetmib1.dll [KERNEL32.dll!CloseHandle] [025DC3F0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [02602E30] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [02602CF0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\CRYPT32.dll [KERNEL32.dll!CreateFileA] [025DB950] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\CRYPT32.dll [KERNEL32.dll!CreateFileW] [025DBB60] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [02602DC0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [02602DF0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\CRYPT32.dll [KERNEL32.dll!CloseHandle] [025DC3F0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\CRYPT32.dll [KERNEL32.dll!WriteFile] [025DC5B0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2828] @ C:\windows\system32\CRYPT32.dll [KERNEL32.dll!ReadFile] [025DC4F0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!CloseHandle] [01F7C3F0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [01FA2DF0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileA] [01F7B950] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [01FA2D20] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!WriteFile] [01F7C5B0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!ReadFile] [01F7C4F0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] [01F7BB60] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [01FA2CF0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [01FA2E30] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\RPCRT4.dll [KERNEL32.dll!CreateFileW] [01F7BB60] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [01FA2CF0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [01FA2D20] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [01FA2E30] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\RPCRT4.dll [KERNEL32.dll!CloseHandle] [01F7C3F0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\RPCRT4.dll [KERNEL32.dll!WriteFile] [01F7C5B0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [01FA2CF0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\Secur32.dll [KERNEL32.dll!CreateFileW] [01F7BB60] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\Secur32.dll [KERNEL32.dll!CloseHandle] [01F7C3F0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [01FA2D20] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [01FA2E30] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [01FA2DF0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\USER32.dll [KERNEL32.dll!CloseHandle] [01F7C3F0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\USER32.dll [KERNEL32.dll!ReadFile] [01F7C4F0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [01F7C040] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [01FA2CF0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [01FA2E30] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [01FA2D20] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\USER32.dll [KERNEL32.dll!CreateFileW] [01F7BB60] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [01FA2DF0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [01FA2CF0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [01FA2E30] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [01FA2D20] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!CloseHandle] [01F7C3F0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!WriteFile] [01F7C5B0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!CreateFileW] [01F7BB60] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\msvcrt.dll [KERNEL32.dll!CloseHandle] [01F7C3F0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [01FA2E30] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [01FA2CF0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [01F7BE20] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [01F7C040] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\msvcrt.dll [KERNEL32.dll!CreateFileA] [01F7B950] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\msvcrt.dll [KERNEL32.dll!ReadFile] [01F7C4F0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\msvcrt.dll [KERNEL32.dll!CreateFileW] [01F7BB60] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\msvcrt.dll [KERNEL32.dll!WriteFile] [01F7C5B0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!WriteFile] [01F7C5B0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] [01F7B950] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [01F7BB60] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [01FA2DC0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [01FA2DF0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [01FA2D20] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [01F7BE20] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [01F7C040] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!ReadFile] [01F7C4F0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [01FA2CF0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [01FA2E30] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!CloseHandle] [01F7C3F0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\SHLWAPI.dll [USER32.dll!DialogBoxParamW] [01F7A1A0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\SHLWAPI.dll [USER32.dll!MessageBoxIndirectA] [01F7AA00] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\SHLWAPI.dll [USER32.dll!MessageBoxIndirectW] [01F7B1D0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [01FA2CF0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [01F7C040] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [01FA2D20] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [01FA2E30] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] [01F7BB60] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!ReadFile] [01F7C4F0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!CloseHandle] [01F7C3F0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!WriteFile] [01F7C5B0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [01FA2DF0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [01FA2DC0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\SHELL32.dll [USER32.dll!DialogBoxParamW] [01F7A1A0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\SHELL32.dll [USER32.dll!MessageBoxIndirectW] [01F7B1D0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [01FA2E30] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [01FA2CF0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\ole32.dll [KERNEL32.dll!CloseHandle] [01F7C3F0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [01FA2D20] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\ole32.dll [KERNEL32.dll!CreateFileW] [01F7BB60] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\ole32.dll [KERNEL32.dll!ReadFile] [01F7C4F0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [01FA2DC0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [01F7C040] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\ole32.dll [KERNEL32.dll!WriteFile] [01F7C5B0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\ole32.dll [USER32.dll!DialogBoxParamW] [01F7A1A0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [01FA2D20] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\USERENV.dll [KERNEL32.dll!WriteFile] [01F7C5B0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\USERENV.dll [KERNEL32.dll!CreateFileW] [01F7BB60] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [01FA2DC0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [01F7C040] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\USERENV.dll [KERNEL32.dll!CloseHandle] [01F7C3F0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [01FA2E30] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [01FA2CF0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\USERENV.dll [KERNEL32.dll!ReadFile] [01F7C4F0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\USERENV.dll [USER32.dll!DialogBoxParamW] [01F7A1A0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [01FA2CF0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [01FA2E30] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\PSAPI.DLL [KERNEL32.dll!CreateFileA] [01F7B950] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\PSAPI.DLL [KERNEL32.dll!CloseHandle] [01F7C3F0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\WININET.dll [KERNEL32.dll!WriteFile] [01F7C5B0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\WININET.dll [KERNEL32.dll!CreateFileW] [01F7BB60] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\WININET.dll [KERNEL32.dll!CreateFileA] [01F7B950] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\WININET.dll [KERNEL32.dll!ReadFile] [01F7C4F0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [01FA2D20] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [01FA2DF0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [01FA2E30] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [01FA2CF0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\WININET.dll [KERNEL32.dll!CloseHandle] [01F7C3F0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\WININET.dll [USER32.dll!DialogBoxParamW] [01F7A1A0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\ws2_32.dll [KERNEL32.dll!GetProcAddress] [01FA2E30] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\ws2_32.dll [KERNEL32.dll!LoadLibraryA] [01FA2CF0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\ws2_32.dll [KERNEL32.dll!CloseHandle] [01F7C3F0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\WS2HELP.dll [KERNEL32.dll!CloseHandle] [01F7C3F0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [01FA2CF0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [01FA2E30] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\inetmib1.dll [KERNEL32.dll!CloseHandle] [01F7C3F0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\iphlpapi.dll [KERNEL32.dll!CreateFileW] [01F7BB60] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\iphlpapi.dll [KERNEL32.dll!CreateFileA] [01F7B950] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\iphlpapi.dll [KERNEL32.dll!CloseHandle] [01F7C3F0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [01FA2E30] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [01FA2CF0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [01FA2D20] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [01FA2CF0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [01FA2E30] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\NETAPI32.dll [KERNEL32.dll!CreateFileW] [01F7BB60] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\NETAPI32.dll [KERNEL32.dll!WriteFile] [01F7C5B0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\NETAPI32.dll [KERNEL32.dll!CloseHandle] [01F7C3F0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\NETAPI32.dll [KERNEL32.dll!ReadFile] [01F7C4F0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [01FA2E30] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [01FA2CF0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\CRYPT32.dll [KERNEL32.dll!CreateFileA] [01F7B950] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\CRYPT32.dll [KERNEL32.dll!CreateFileW] [01F7BB60] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
     
  14. jpak88

    jpak88 Newcomer, in training Topic Starter Posts: 54

    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [01FA2DC0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [01FA2DF0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\CRYPT32.dll [KERNEL32.dll!CloseHandle] [01F7C3F0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\CRYPT32.dll [KERNEL32.dll!WriteFile] [01F7C5B0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3588] @ C:\windows\system32\CRYPT32.dll [KERNEL32.dll!ReadFile] [01F7C4F0] C:\windows\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs 86F601F8

    AttachedDevice \FileSystem\Ntfs \Ntfs TfFsMon.sys (ThreatFire Filesystem Monitor/PC Tools)

    Device \FileSystem\Fastfat \FatCdrom 8665A1F8

    AttachedDevice \Driver\Tcpip \Device\Ip pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)

    Device \Driver\usbuhci \Device\USBPDO-0 86A9B1F8
    Device \Driver\dmio \Device\DmControl\DmIoDaemon 86F621F8
    Device \Driver\dmio \Device\DmControl\DmConfig 86F621F8
    Device \Driver\dmio \Device\DmControl\DmPnP 86F621F8
    Device \Driver\dmio \Device\DmControl\DmInfo 86F621F8
    Device \Driver\usbuhci \Device\USBPDO-1 86A9B1F8
    Device \Driver\usbuhci \Device\USBPDO-2 86A9B1F8
    Device \Driver\usbuhci \Device\USBPDO-3 86A9B1F8
    Device \Driver\usbehci \Device\USBPDO-4 86A721F8

    AttachedDevice \Driver\Tcpip \Device\Tcp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)

    Device \Driver\Ftdisk \Device\HarddiskVolume1 86FD61F8
    Device \Driver\Cdrom \Device\CdRom0 86A451F8
    Device \Driver\atapi \Device\Ide\IdePort0 [F7353B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F7353B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\Cdrom \Device\CdRom1 86A451F8
    Device \Driver\Cdrom \Device\CdRom2 86A451F8
    Device \Driver\NetBT \Device\NetBt_Wins_Export 85086500
    Device \Driver\NetBT \Device\NetbiosSmb 85086500

    AttachedDevice \Driver\Tcpip \Device\Udp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)
    AttachedDevice \Driver\Tcpip \Device\RawIp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)

    Device \Driver\usbuhci \Device\USBFDO-0 86A9B1F8
    Device \Driver\usbuhci \Device\USBFDO-1 86A9B1F8
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 850731F8
    Device \Driver\usbuhci \Device\USBFDO-2 86A9B1F8
    Device \FileSystem\MRxSmb \Device\LanmanRedirector 850731F8
    Device \Driver\usbuhci \Device\USBFDO-3 86A9B1F8
    Device \Driver\usbehci \Device\USBFDO-4 86A721F8
    Device \Driver\Ftdisk \Device\FtControl 86FD61F8
    Device \Driver\NetBT \Device\NetBT_Tcpip_{5C0F22DA-B626-44DA-B078-3EBFB8A5D6E1} 85086500
    Device \Driver\a320raid \Device\Scsi\a320raid1 86F611F8
    Device \Driver\a320raid \Device\Scsi\a320raid1Port1Path0Target0Lun0 86F611F8
    Device \Driver\a320raid \Device\Scsi\a320raid1Port1Path0TargetfLun0 86F611F8
    Device \FileSystem\Fastfat \Fat 8665A1F8

    AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\Fastfat \Fat TfFsMon.sys (ThreatFire Filesystem Monitor/PC Tools)

    Device \FileSystem\Cdfs \Cdfs 84F8B500

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xBF 0x42 0xC4 0x74 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xBF 0x42 0xC4 0x74 ...

    ---- EOF - GMER 1.0.15 ----
  15. jpak88

    jpak88 Newcomer, in training Topic Starter Posts: 54

    this is dds.

    DDS (Ver_10-11-10.01) - NTFSx86
    Run by Owner at 17:41:11.48 on Mon 11/15/2010
    Internet Explorer: 8.0.6001.18702
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.518 [GMT -5:00]


    ============== Running Processes ===============

    C:\windows\system32\svchost -k DcomLaunch
    svchost.exe
    C:\windows\System32\svchost.exe -k netsvcs
    C:\windows\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    svchost.exe
    C:\windows\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\windows\Explorer.EXE
    svchost.exe
    C:\WINDOWS\system32\taskswitch.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE
    C:\windows\system32\CTHELPER.EXE
    C:\Program Files\Lexmark 5400 Series\ezprint.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\windows\system32\ctfmon.exe
    C:\Program Files\RocketDock\RocketDock.exe
    C:\Program Files\Creative\SBAudigy4\Entertainment Center\RcMan.exe
    C:\Program Files\Pando Networks\Media Booster\PMB.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\windows\system32\CTsvcCDA.EXE
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\windows\system32\lxctcoms.exe
    C:\windows\system32\PnkBstrA.exe
    C:\Program Files\Spyware Doctor\pctsAuxs.exe
    C:\windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
    C:\windows\System32\svchost.exe -k HTTPFilter
    C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\Owner\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uSearch Page = hxxp://www.google.com
    uStart Page = hxxp://google.com/
    uSearch Bar = hxxp://www.google.com/ie
    uInternet Settings,ProxyServer = http=127.0.0.1:29775
    uInternet Settings,ProxyOverride = <local>
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    mURLSearchHooks: H - No File
    BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
    uRun: [Aim6]
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"
    uRun: [Stickies] c:\program files\bret taylor\stickies\Stickies.exe
    uRun: [RemoteCenter] "c:\program files\creative\sbaudigy4\entertainment center\RcMan.exe"
    uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
    mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    mRun: [CoolSwitch] c:\windows\system32\taskswitch.exe
    mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
    mRun: [CTDVDDET] "c:\program files\creative\sbaudigy4\dvdaudio\CTDVDDET.EXE"
    mRun: [CTHelper] CTHELPER.EXE
    mRun: [UpdReg] c:\windows\UpdReg.EXE
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [lxctmon.exe] "c:\program files\lexmark 5400 series\lxctmon.exe"
    mRun: [EzPrint] "c:\program files\lexmark 5400 series\ezprint.exe"
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
    StartupFolder: c:\docume~1\owner\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
    mPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
    mPolicies-explorer: MaxRecentDocs = 18 (0x12)
    mPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
    mPolicies-explorer: NoRecentDocsNetHood = 1 (0x1)
    mPolicies-explorer: MemCheckBoxInRunDlg = 1 (0x1)
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} - hxxp://intel-drv-cdn.systemrequirementslab.com/audio/bin/sysreqlab_srlx.cab
    DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
    Notify: AtiExtEvent - Ati2evxx.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

    ============= SERVICES / DRIVERS ===============

    R0 a320raid;a320raid;c:\windows\system32\drivers\a320raid.sys [2009-7-19 258939]
    R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-11-11 218592]
    R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2010-11-11 51984]
    R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2010-11-11 59664]
    R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-11-12 11608]
    R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2010-11-11 233136]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-11-12 135336]
    R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-11-12 267944]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-11-12 60936]
    R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2010-11-11 112592]
    R2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [2010-6-16 20968]
    R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-11-11 366840]
    R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-8-16 24652]
    S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2010-11-11 63360]
    S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-11-11 1142224]
    S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2010-11-11 33552]
    S3 ThreatFire;ThreatFire;c:\program files\spyware doctor\tfengine\tfservice.exe service --> c:\program files\spyware doctor\tfengine\TFService.exe service [?]

    =============== Created Last 30 ================

    2010-11-13 04:25:52 -------- d-----w- c:\docume~1\owner\applic~1\Avira
    2010-11-13 04:21:27 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2010-11-13 04:21:26 -------- d-----w- c:\program files\Avira
    2010-11-13 04:21:26 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avira
    2010-11-12 21:58:08 -------- d-----w- c:\docume~1\owner\applic~1\Malwarebytes
    2010-11-12 21:57:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-11-12 21:57:37 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2010-11-12 21:57:35 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-11-12 12:26:36 -------- d-----w- c:\windows\system32\wbem\snmp
    2010-11-12 12:26:35 -------- d-----w- c:\windows\system32\xircom
    2010-11-12 12:26:35 -------- d-----w- c:\windows\system32\oobe
    2010-11-12 12:26:35 -------- d-----w- c:\windows\system32\inetsrv
    2010-11-12 12:26:35 -------- d-----w- c:\program files\msn gaming zone
    2010-11-12 00:56:52 59664 --s---w- c:\windows\system32\drivers\TfSysMon.sys
    2010-11-12 00:56:52 51984 --s---w- c:\windows\system32\drivers\TfFsMon.sys
    2010-11-12 00:56:52 33552 --s---w- c:\windows\system32\drivers\TfNetMon.sys
    2010-11-12 00:42:55 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\Threat Expert
    2010-11-12 00:33:43 767952 ----a-w- c:\windows\BDTSupport.dll
    2010-11-12 00:33:43 149456 ----a-w- c:\windows\SGDetectionTool.dll
    2010-11-12 00:33:42 165840 ----a-w- c:\windows\PCTBDRes.dll
    2010-11-12 00:33:42 1652688 ----a-w- c:\windows\PCTBDCore.dll
    2010-11-12 00:29:26 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
    2010-11-12 00:28:29 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
    2010-11-12 00:28:28 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
    2010-11-12 00:27:38 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
    2010-11-12 00:27:12 -------- d-----w- c:\program files\Spyware Doctor
    2010-11-12 00:27:12 -------- d-----w- c:\program files\common files\PC Tools
    2010-11-12 00:27:12 -------- d-----w- c:\docume~1\owner\applic~1\PC Tools
    2010-11-12 00:27:12 -------- d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
    2010-11-11 23:34:03 -------- d-----w- c:\docume~1\alluse~1\applic~1\SITEguard
    2010-11-11 23:33:07 -------- d-----w- c:\program files\common files\iS3
    2010-11-11 23:33:06 -------- d-----w- c:\docume~1\alluse~1\applic~1\STOPzilla!
    2010-11-11 12:17:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-10-19 01:12:22 3132 ----a-w- c:\windows\epufubeqixi.dll
    2010-10-17 17:53:20 0 ----a-w- c:\windows\Wyoni.bin
    2010-10-17 17:53:18 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\{7C910989-BFE7-49D9-871E-9ECCC4989738}
    2010-10-17 15:50:09 3132 ----a-w- c:\windows\ikagizutazet.dll

    ==================== Find3M ====================


    ============= FINISH: 17:41:49.90 ===============
  16. jpak88

    jpak88 Newcomer, in training Topic Starter Posts: 54

    for the attached.txt u want me to zip or just paste it?
  17. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    For some reason, you seem to have some problem with reading ALL instructions and following them...
  18. jpak88

    jpak88 Newcomer, in training Topic Starter Posts: 54

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-11-10.01)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 8/16/2009 7:25:20 PM
    System Uptime: 11/15/2010 5:35:16 PM (0 hours ago)

    Motherboard: Dell Inc. | | 0XC837
    Processor: Intel(R) Xeon(TM) CPU 3.60GHz | Microprocessor | 3591/800mhz
    Processor: Intel(R) Xeon(TM) CPU 3.60GHz | Microprocessor | 3591/800mhz

    ==== Disk Partitions =========================

    A: is Removable
    C: is FIXED (NTFS) - 279 GiB total, 159.731 GiB free.
    D: is CDROM (CDFS)
    E: is CDROM ()
    T: is CDROM ()

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP1: 8/16/2009 7:27:07 PM - System Checkpoint
    RP2: 8/16/2009 7:29:29 PM - Installed Windows KB954550-v5.
    RP3: 8/16/2009 7:29:33 PM - Printer Driver Microsoft XPS Document Writer Installed
    RP4: 8/16/2009 7:32:39 PM - Installed Java(TM) 6 Update 14
    RP5: 8/16/2009 7:32:55 PM - Installed User Profile Hive Cleanup Service
    RP6: 8/16/2009 7:33:04 PM - Installed Alt-Tab Task Switcher Powertoy for Windows XP

    ==== Installed Programs ======================

    ĀµTorrent
    7-Zip 4.65
    Adobe Flash Player 10 ActiveX
    Adobe Photoshop CS4
    Adobe Shockwave Player 11.5
    AIM 6
    Alt-Tab Task Switcher Powertoy for Windows XP
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ATI - Software Uninstall Utility
    ATI Catalyst Control Center
    ATI Display Driver
    Avira AntiVir Personal - Free Antivirus
    Battlefield: Bad Company 2
    BlackBerry USB Drivers
    Browser Defender 2.0.6.15
    Catalyst Control Center - Branding
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center HydraVision Full
    Catalyst Control Center Localization All
    ccc-core-preinstall
    ccc-core-static
    ccc-utility
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    CPUID CPU-Z 1.54
    Creative MediaSource
    Creative System Information
    Dell Resource CD
    DivX Web Player
    EAX(tm) Unified (SHELL)
    FL Studio Creative Edition
    Foxit Reader
    GNU Aspell 0.50-3
    GTK+ Runtime 2.14.7 rev a (remove only)
    HashCheck Shell Extension (x86-32)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    Intel(R) PRO Network Connections Drivers
    iTunes
    Java(TM) 6 Update 16
    K-Lite Mega Codec Pack 5.0.0
    League of Legends
    Lexmark 5400 Series
    MagicDisc 2.7.106
    Malwarebytes' Anti-Malware
    MediaLooks QuickTime Source 1.7.0.13 (DirectShow Filter)
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 1.1 Service Pack 1
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Games for Windows - LIVE
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft Software Update for Web Folders (English) 12
    Microsoft VC9 runtime libraries
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    MSXML 4.0 SP3 Parser
    MSXML 4.0 SP3 Parser (KB973685)
    My Drivers 3.31
    NVIDIA PhysX
    OGA Notifier 2.0.0048.0
    Open Command Prompt Shell Extension (x86-32)
    OpenAL
    Pando Media Booster
    Picasa 3
    Pidgin
    PunkBuster Services
    QuickTime
    QuickTime Alternative 2.9.0
    RocketDock 1.3.5
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for 2007 Microsoft Office System (KB982312)
    Security Update for 2007 Microsoft Office System (KB982331)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Word 2007 (KB2251419)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Skins
    Sound Blaster Audigy 4
    SoundMAX
    Spyware Doctor 7.0
    Steam
    Stickies
    System Requirements Lab
    Ultra Defragmenter
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB976749)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    User Profile Hive Cleanup Service
    VC80CRTRedist - 8.0.50727.762
    Viewpoint Media Player
    WebFldrs XP
    Winamp
    Winamp Detector Plug-in
    Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
    Windows Rights Management Client Backwards Compatibility SP2
    Windows Rights Management Client with Service Pack 2

    ==== Event Viewer Messages From Past Week ========

    11/14/2010 9:41:57 PM, error: Service Control Manager [7034] - The Viewpoint Manager Service service terminated unexpectedly. It has done this 1 time(s).
    11/14/2010 9:41:57 PM, error: Service Control Manager [7034] - The lxct_device service terminated unexpectedly. It has done this 1 time(s).
    11/14/2010 9:41:57 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
    11/14/2010 9:41:57 PM, error: Service Control Manager [7034] - The Creative Service for CDROM Access service terminated unexpectedly. It has done this 1 time(s).
    11/14/2010 9:41:57 PM, error: Service Control Manager [7034] - The Browser Defender Update Service service terminated unexpectedly. It has done this 1 time(s).
    11/14/2010 9:41:57 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    11/14/2010 9:41:55 PM, error: Service Control Manager [7034] - The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s).
    11/14/2010 12:04:34 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD avgio avipbb Fips intelppm IPSec MRxSmb NetBIOS NetBT pctgntdi RasAcd Rdbss sptd ssmdrv Tcpip WS2IFSL
    11/14/2010 12:04:34 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
    11/14/2010 12:04:34 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
    11/14/2010 12:04:34 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    11/14/2010 12:04:34 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
    11/14/2010 12:04:34 AM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    11/14/2010 12:03:22 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    11/14/2010 12:03:18 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
    11/14/2010 12:03:11 AM, error: sptd [4] - Driver detected an internal error in its data structures for .
    11/12/2010 6:34:10 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000035' while processing the file 'GENRE-VOCAL.JPG1' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
    11/12/2010 4:52:05 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
    11/12/2010 11:25:21 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000035' while processing the file 'ntuser.ini' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
    11/12/2010 11:25:18 PM, error: Dhcp [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 001422614E35 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    11/12/2010 11:20:48 PM, error: Service Control Manager [7034] - The PC Tools Auxiliary Service service terminated unexpectedly. It has done this 1 time(s).
    11/12/2010 11:19:04 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. .
    11/12/2010 11:19:04 PM, error: SideBySide [59] - Generate Activation Context failed for C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX0\redist.dll. Reference error message: The operation completed successfully. .
    11/12/2010 11:19:04 PM, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system.
    11/11/2010 8:12:42 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the szserver service.
    11/11/2010 8:01:37 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the AVG WatchDog service, but this action failed with the following error: The service database is locked.
    11/11/2010 7:57:29 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the ThreatFire service to connect.
    11/11/2010 7:57:29 PM, error: Service Control Manager [7000] - The ThreatFire service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    11/11/2010 7:35:31 PM, error: Service Control Manager [7034] - The AVG WatchDog service terminated unexpectedly. It has done this 1 time(s).
    11/11/2010 7:21:39 AM, error: Service Control Manager [7031] - The AVG WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
    11/11/2010 6:52:50 AM, error: Service Control Manager [7000] - The User Profile Hive Cleanup service failed to start due to the following error: The system cannot find the file specified.
    11/11/2010 6:38:52 PM, error: DCOM [10005] - DCOM got error "%1055" attempting to start the service winmgmt with arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
    11/11/2010 6:25:42 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
    11/11/2010 6:17:44 PM, error: DCOM [10005] - DCOM got error "%1055" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
    11/11/2010 6:17:44 PM, error: DCOM [10005] - DCOM got error "%1055" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
    11/11/2010 6:17:44 PM, error: DCOM [10005] - DCOM got error "%1055" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
    11/11/2010 6:17:44 PM, error: DCOM [10005] - DCOM got error "%1055" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    11/10/2010 5:52:37 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
    11/10/2010 5:52:36 PM, error: Service Control Manager [7034] - The PnkBstrA service terminated unexpectedly. It has done this 1 time(s).

    ==== End Of File ===========================
  19. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.

    ===================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.pif
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
  20. jpak88

    jpak88 Newcomer, in training Topic Starter Posts: 54

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows XP Professional
    Windows Information: Service Pack 3 (build 2600)
    Logical Drives Mask: 0x0008001d

    Kernel Drivers (total 147):
    0x804D7000 \windows\system32\ntkrnlpa.exe
    0x806E4000 \windows\system32\hal.dll
    0xF7B12000 \windows\system32\KDCOM.DLL
    0xF7A22000 \windows\system32\BOOTVID.dll
    0xF741E000 spva.sys
    0xF7B14000 \windows\System32\Drivers\WMILIB.SYS
    0xF7406000 \windows\System32\Drivers\SCSIPORT.SYS
    0xF73D8000 ACPI.sys
    0xF73C7000 pci.sys
    0xF73A7000 fltMgr.sys
    0xF7612000 ohci1394.sys
    0xF7622000 \windows\system32\DRIVERS\1394BUS.SYS
    0xF7632000 isapnp.sys
    0xF7BDA000 pciide.sys
    0xF7892000 \windows\system32\DRIVERS\PCIIDEX.SYS
    0xF7642000 MountMgr.sys
    0xF7388000 ftdisk.sys
    0xF7B16000 dmload.sys
    0xF7362000 dmio.sys
    0xF789A000 PartMgr.sys
    0xF7652000 VolSnap.sys
    0xF734A000 atapi.sys
    0xF730A000 a320raid.sys
    0xF7662000 disk.sys
    0xF7672000 \windows\system32\DRIVERS\CLASSPNP.SYS
    0xF72F8000 sr.sys
    0xF72BF000 PCTCore.sys
    0xF72AE000 TfSysMon.sys
    0xF729D000 TfFsMon.sys
    0xF7682000 PxHelp20.sys
    0xF7286000 KSecDD.sys
    0xF7273000 WudfPf.sys
    0xF71E6000 Ntfs.sys
    0xF71B9000 NDIS.sys
    0xF719F000 Mup.sys
    0xF6915000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0xF68BA000 \SystemRoot\system32\drivers\ctaud2k.sys
    0xF6896000 \SystemRoot\system32\drivers\portcls.sys
    0xF76A2000 \SystemRoot\system32\drivers\drmk.sys
    0xF6873000 \SystemRoot\system32\drivers\ks.sys
    0xF6847000 \SystemRoot\system32\drivers\ctoss2k.sys
    0xF7B52000 \SystemRoot\system32\drivers\ctprxy2k.sys
    0xF76B2000 \SystemRoot\system32\DRIVERS\nic1394.sys
    0xF681F000 \SystemRoot\system32\DRIVERS\e1000325.sys
    0xF6469000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
    0xF6455000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    0xF79B2000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0xF6431000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0xF79BA000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0xF79C2000 \SystemRoot\system32\DRIVERS\fdc.sys
    0xF641D000 \SystemRoot\system32\DRIVERS\parport.sys
    0xF76C2000 \SystemRoot\system32\DRIVERS\serial.sys
    0xF713A000 \SystemRoot\system32\DRIVERS\serenum.sys
    0xF76D2000 \SystemRoot\system32\DRIVERS\imapi.sys
    0xF76E2000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0xF76F2000 \SystemRoot\system32\DRIVERS\redbook.sys
    0xF79CA000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    0xF63DD000 \SystemRoot\system32\drivers\smwdm.sys
    0xF632A000 \SystemRoot\system32\drivers\senfilt.sys
    0xF7CD5000 \SystemRoot\system32\DRIVERS\audstub.sys
    0xF7B54000 \SystemRoot\System32\Drivers\RootMdm.sys
    0xF79D2000 \SystemRoot\System32\Drivers\Modem.SYS
    0xF7702000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0xF7132000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0xF6313000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0xF7712000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0xF7722000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0xF79DA000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0xF6302000 \SystemRoot\system32\DRIVERS\psched.sys
    0xF7732000 \SystemRoot\system32\DRIVERS\msgpc.sys
    0xF79E2000 \SystemRoot\system32\DRIVERS\ptilink.sys
    0xF79EA000 \SystemRoot\system32\DRIVERS\raspti.sys
    0xF79F2000 \SystemRoot\system32\DRIVERS\RimSerial.sys
    0xF62D2000 \SystemRoot\system32\DRIVERS\rdpdr.sys
    0xF7742000 \SystemRoot\system32\DRIVERS\termdd.sys
    0xF79FA000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0xF7A02000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0xF62B5000 \SystemRoot\system32\DRIVERS\mcdbus.sys
    0xF7B56000 \SystemRoot\system32\DRIVERS\swenum.sys
    0xF6257000 \SystemRoot\system32\DRIVERS\update.sys
    0xF6A96000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0xF7752000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0xF620A000 \SystemRoot\system32\drivers\hap16v2k.sys
    0xF612D000 \SystemRoot\system32\drivers\ha10kx2k.sys
    0xF610B000 \SystemRoot\system32\drivers\emupia2k.sys
    0xF60EB000 \SystemRoot\system32\drivers\ctsfm2k.sys
    0xF604D000 \SystemRoot\system32\drivers\ctac32k.sys
    0xF7782000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0xF7B68000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0xF7A12000 \SystemRoot\system32\DRIVERS\flpydisk.sys
    0xF7B06000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0xF7C6F000 \SystemRoot\System32\Drivers\Null.SYS
    0xF7B74000 \SystemRoot\System32\Drivers\Beep.SYS
    0xF78BA000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0xF78C2000 \SystemRoot\System32\drivers\vga.sys
    0xF7B76000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0xF78DA000 \SystemRoot\System32\Drivers\Msfs.SYS
    0xF78E2000 \SystemRoot\System32\Drivers\Npfs.SYS
    0xF7B0E000 \SystemRoot\system32\DRIVERS\rasacd.sys
    0xAE7A3000 \SystemRoot\system32\DRIVERS\ipsec.sys
    0xAE74A000 \SystemRoot\system32\DRIVERS\tcpip.sys
    0xAE713000 \??\C:\WINDOWS\system32\drivers\pctgntdi.sys
    0xF77B2000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0xAE6C3000 \SystemRoot\system32\DRIVERS\netbt.sys
    0xF715B000 \SystemRoot\System32\drivers\ws2ifsl.sys
    0xF77C2000 \SystemRoot\system32\DRIVERS\arp1394.sys
    0xAE6A1000 \SystemRoot\System32\drivers\afd.sys
    0xF77D2000 \SystemRoot\system32\DRIVERS\netbios.sys
    0xF78EA000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
    0xAE676000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0xAE606000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xF77E2000 \SystemRoot\System32\Drivers\Fips.SYS
    0xAE5E3000 \SystemRoot\system32\DRIVERS\avipbb.sys
    0xF7B7C000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
    0xF78F2000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0xF6253000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0xF7802000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0xF6247000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0xF6243000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0xF7862000 \SystemRoot\System32\Drivers\Cdfs.SYS
    0xF623F000 \SystemRoot\System32\Drivers\dump_diskdump.sys
    0xAD84B000 \SystemRoot\System32\Drivers\dump_a320raid.sys
    0xBF800000 \SystemRoot\System32\win32k.sys
    0xAE7D6000 \SystemRoot\System32\drivers\Dxapi.sys
    0xF792A000 \SystemRoot\System32\watchdog.sys
    0xBF000000 \SystemRoot\System32\drivers\dxg.sys
    0xF7CAB000 \SystemRoot\System32\drivers\dxgthk.sys
    0xBF012000 \SystemRoot\System32\ati2dvag.dll
    0xBF065000 \SystemRoot\System32\ati2cqag.dll
    0xBF0FE000 \SystemRoot\System32\atikvmag.dll
    0xBF182000 \SystemRoot\System32\atiok3x2.dll
    0xBF1CD000 \SystemRoot\System32\ati3duag.dll
    0xBF572000 \SystemRoot\System32\ativvaxx.dll
    0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
    0xAB4F6000 \SystemRoot\system32\DRIVERS\avgntflt.sys
    0xAB4CE000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0xAB5B3000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0xAB1C1000 \SystemRoot\system32\drivers\wdmaud.sys
    0xAB5D3000 \SystemRoot\system32\drivers\sysaudio.sys
    0xAB07F000 \SystemRoot\system32\DRIVERS\mrxdav.sys
    0xF7B4C000 \SystemRoot\System32\Drivers\ParVdm.SYS
    0xAAD67000 \??\C:\windows\system32\drivers\cpuz133_x32.sys
    0xAAB78000 \SystemRoot\system32\DRIVERS\srv.sys
    0xAAB61000 \??\C:\windows\system32\drivers\PfModNT.sys
    0xAA949000 \SystemRoot\System32\Drivers\HTTP.sys
    0xF7922000 \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\mbr.sys
    0x7C900000 \WINDOWS\system32\ntdll.dll

    Processes (total 45):
    0 System Idle Process
    4 System
    724 C:\WINDOWS\system32\smss.exe
    780 csrss.exe
    820 C:\WINDOWS\system32\winlogon.exe
    864 C:\WINDOWS\system32\services.exe
    876 C:\WINDOWS\system32\lsass.exe
    1108 C:\WINDOWS\system32\svchost.exe
    1220 svchost.exe
    1316 C:\WINDOWS\system32\svchost.exe
    1360 C:\WINDOWS\system32\svchost.exe
    1564 svchost.exe
    1652 svchost.exe
    1780 C:\WINDOWS\system32\spoolsv.exe
    1824 C:\Program Files\Avira\AntiVir Desktop\sched.exe
    288 C:\WINDOWS\explorer.exe
    460 svchost.exe
    408 C:\WINDOWS\system32\TaskSwitch.exe
    712 C:\Program Files\Analog Devices\Core\smax4pnp.exe
    744 C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.exe
    748 C:\WINDOWS\system32\CTHELPER.EXE
    800 C:\Program Files\Lexmark 5400 Series\ezprint.exe
    784 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    1004 C:\WINDOWS\system32\ctfmon.exe
    880 C:\Program Files\RocketDock\RocketDock.exe
    1140 C:\Program Files\Creative\SBAudigy4\Entertainment Center\RcMan.exe
    1276 C:\Program Files\Pando Networks\Media Booster\PMB.exe
    1852 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    1444 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    1832 C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
    2188 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    2228 C:\WINDOWS\system32\CTSVCCDA.EXE
    2268 C:\Program Files\Java\jre6\bin\jqs.exe
    2296 C:\WINDOWS\system32\lxctcoms.exe
    2364 C:\WINDOWS\system32\PnkBstrA.exe
    2416 C:\Program Files\Spyware Doctor\pctsAuxs.exe
    2536 C:\WINDOWS\system32\svchost.exe
    2572 C:\Program Files\Viewpoint\Common\ViewpointService.exe
    3292 C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
    3332 C:\WINDOWS\system32\svchost.exe
    3340 C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
    3500 C:\Program Files\Internet Explorer\IEXPLORE.EXE
    3564 C:\Program Files\Internet Explorer\IEXPLORE.EXE
    188 C:\Program Files\Internet Explorer\IEXPLORE.EXE
    3272 C:\Documents and Settings\Owner\Desktop\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

    PhysicalDrive0 Model Number: MAXTORATLAS10K5_300SCA, Rev: JNZH

    Size Device Name MBR Status
    --------------------------------------------
    279 GB \\.\PhysicalDrive0 RE: Windows XP MBR code detected
    SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


    Done!
  21. jpak88

    jpak88 Newcomer, in training Topic Starter Posts: 54

    okay when i ran combofix it would scan to a point and then i would get the blue error again
  22. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    Did you try options starting with:
  23. jpak88

    jpak88 Newcomer, in training Topic Starter Posts: 54

    ComboFix 10-11-15.05 - Owner 11/15/2010 20:17:00.1.4 - x86 MINIMAL
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.811 [GMT -5:00]
    Running from: c:\documents and settings\Owner\Desktop\jason.exe

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    ---- Previous Run -------
    .
    c:\documents and settings\Owner\Application Data\inst.exe
    c:\documents and settings\Owner\Local Settings\Application Data\{7C910989-BFE7-49D9-871E-9ECCC4989738}
    c:\documents and settings\Owner\Local Settings\Application Data\{7C910989-BFE7-49D9-871E-9ECCC4989738}\chrome.manifest
    c:\documents and settings\Owner\Local Settings\Application Data\{7C910989-BFE7-49D9-871E-9ECCC4989738}\chrome\content\_cfg.js
    c:\documents and settings\Owner\Local Settings\Application Data\{7C910989-BFE7-49D9-871E-9ECCC4989738}\chrome\content\overlay.xul
    c:\documents and settings\Owner\Local Settings\Application Data\{7C910989-BFE7-49D9-871E-9ECCC4989738}\install.rdf
    c:\windows\epufubeqixi.dll
    c:\windows\ikagizutazet.dll

    .
    ((((((((((((((((((((((((( Files Created from 2010-10-16 to 2010-11-16 )))))))))))))))))))))))))))))))
    .

    2010-11-13 04:25 . 2010-11-13 04:25 -------- d-----w- c:\documents and settings\Owner\Application Data\Avira
    2010-11-13 04:21 . 2010-08-02 21:10 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2010-11-13 04:21 . 2010-08-02 21:10 126856 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2010-11-13 04:21 . 2010-06-17 20:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
    2010-11-13 04:21 . 2010-06-17 20:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
    2010-11-13 04:21 . 2010-11-13 04:21 -------- d-----w- c:\program files\Avira
    2010-11-13 04:21 . 2010-11-13 04:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
    2010-11-12 21:58 . 2010-11-12 21:58 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
    2010-11-12 21:57 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-11-12 21:57 . 2010-11-12 21:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-11-12 21:57 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-11-12 12:26 . 2010-11-12 12:26 -------- d-----w- c:\windows\system32\wbem\snmp
    2010-11-12 12:26 . 2010-11-12 12:26 -------- d-----w- c:\windows\system32\xircom
    2010-11-12 12:26 . 2010-11-12 12:26 -------- d-----w- c:\windows\system32\oobe
    2010-11-12 12:26 . 2010-11-12 12:26 -------- d-----w- c:\program files\microsoft frontpage
    2010-11-12 00:56 . 2010-02-02 15:13 59664 --s---w- c:\windows\system32\drivers\TfSysMon.sys
    2010-11-12 00:56 . 2010-02-02 15:13 51984 --s---w- c:\windows\system32\drivers\TfFsMon.sys
    2010-11-12 00:27 . 2010-11-12 00:34 -------- d-----w- c:\program files\Common Files\PC Tools
    2010-11-12 00:27 . 2010-11-12 00:27 -------- d-----w- c:\documents and settings\Owner\Application Data\PC Tools
    2010-11-12 00:26 . 2010-11-16 01:13 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
    2010-11-11 23:34 . 2010-11-11 23:34 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard
    2010-11-11 23:33 . 2010-11-11 23:33 -------- d-----w- c:\program files\Common Files\iS3
    2010-11-11 23:33 . 2010-11-12 01:13 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
    2010-11-11 12:17 . 2010-11-12 21:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-10-17 17:53 . 2010-11-12 12:28 0 ----a-w- c:\windows\Wyoni.bin

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-11-12 21:51 . 2009-07-19 16:00 36352 ----a-w- c:\windows\system32\drivers\disk.sys
    .

    ------- Sigcheck -------

    [-] 2009-07-19 . BA8C046D98345129723E6BCAA1E8AB99 . 361600 . . [5.1.2600.5649] . . c:\windows\system32\drivers\tcpip.sys


    c:\windows\System32\wscntfy.exe ... is missing !!
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
    "Stickies"="c:\program files\Bret Taylor\Stickies\Stickies.exe" [2007-03-14 335872]
    "RemoteCenter"="c:\program files\Creative\SBAudigy4\Entertainment Center\RcMan.exe" [2004-09-21 172032]
    "Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-04-23 2938552]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
    "CoolSwitch"="c:\windows\system32\taskswitch.exe" [2002-03-19 45632]
    "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
    "CTDVDDET"="c:\program files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
    "CTHelper"="CTHELPER.EXE" [2004-09-23 24576]
    "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
    "lxctmon.exe"="c:\program files\Lexmark 5400 Series\lxctmon.exe" [2006-06-20 286720]
    "EzPrint"="c:\program files\Lexmark 5400 Series\ezprint.exe" [2006-06-07 98304]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 281768]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "_nltide_3"="advpack.dll" [2009-07-19 128512]

    c:\documents and settings\Owner\Start Menu\Programs\Startup\
    MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2010-3-16 576000]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "MaxRecentDocs"= 18 (0x12)
    "NoSMConfigurePrograms"= 1 (0x1)
    "NoRecentDocsNetHood"= 1 (0x1)
    "MemCheckBoxInRunDlg"= 1 (0x1)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
    "c:\\Program Files\\AIM6\\aim6.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
    "c:\\Program Files\\Steam\\Steam.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrA.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrB.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\WINDOWS\\system32\\lxctcoms.exe"=
    "c:\\Riot Games\\League of Legends\\air\\LolClient.exe"=
    "c:\\Riot Games\\League of Legends\\game\\League of Legends.exe"=
    "c:\\Program Files\\Steam\\steamapps\\common\\battlefield bad company 2\\BFBC2Game.exe"=
    "c:\\Program Files\\Steam\\steamapps\\common\\battlefield bad company 2\\Support\\EA Help\\Electronic_Arts_Technical_Support.htm"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "56243:TCP"= 56243:TCP:pando Media Booster
    "56243:UDP"= 56243:UDP:pando Media Booster
    "8378:TCP"= 8378:TCP:League of Legends Launcher
    "8378:UDP"= 8378:UDP:League of Legends Launcher
    "8379:TCP"= 8379:TCP:League of Legends Launcher
    "8379:UDP"= 8379:UDP:League of Legends Launcher
    "6933:TCP"= 6933:TCP:League of Legends Launcher
    "6933:UDP"= 6933:UDP:League of Legends Launcher
    "8380:TCP"= 8380:TCP:League of Legends Launcher
    "8380:UDP"= 8380:UDP:League of Legends Launcher
    "6918:TCP"= 6918:TCP:League of Legends Launcher
    "6918:UDP"= 6918:UDP:League of Legends Launcher

    R0 a320raid;a320raid;c:\windows\system32\drivers\a320raid.sys [7/19/2009 11:48 AM 258939]
    R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [11/11/2010 7:28 PM 218592]
    R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3/16/2010 10:41 AM 691696]
    R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [11/11/2010 7:56 PM 51984]
    R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [11/11/2010 7:56 PM 59664]
    S1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [11/11/2010 7:29 PM 233136]
    S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [11/12/2010 11:21 PM 135336]
    S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [11/11/2010 7:33 PM 112592]
    S2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [6/16/2010 8:27 PM 20968]
    S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [11/11/2010 7:27 PM 366840]
    S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [8/16/2009 8:55 PM 24652]
    S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [11/11/2010 7:27 PM 63360]
    S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [11/11/2010 7:56 PM 33552]
    S3 ThreatFire;ThreatFire;c:\program files\Spyware Doctor\TFEngine\TFService.exe service --> c:\program files\Spyware Doctor\TFEngine\TFService.exe service [?]
    .
    Contents of the 'Scheduled Tasks' folder

    2010-11-12 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

    2010-11-16 c:\windows\Tasks\OGALogon.job
    - c:\windows\system32\OGAEXEC.exe [2009-08-03 20:07]

    2010-11-16 c:\windows\Tasks\User_Feed_Synchronization-{FBC52E96-BF07-4D08-97BF-27368A1BAA50}.job
    - c:\windows\system32\msfeedssync.exe [2009-07-19 16:06]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://google.com/
    uInternet Settings,ProxyServer = http=127.0.0.1:29775
    uInternet Settings,ProxyOverride = <local>
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
    .
    - - - - ORPHANS REMOVED - - - -

    Toolbar-Locked - (no file)
    Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    HKCU-Run-Aim6 - (no file)
    SafeBoot-klmdb.sys



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-11-15 20:21
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-1757981266-1715567821-1177238915-1003\Software\SecuROM\License information*]
    "datasecu"=hex:ab,5a,2f,3e,81,b5,44,b9,1e,3c,73,d8,ff,8e,54,2b,04,a2,d3,0c,96,
    45,46,6b,db,5f,81,b8,e3,8d,93,11,25,63,34,85,02,47,ba,b6,ab,b1,90,65,88,99,\
    "rkeysecu"=hex:a4,9f,d6,ad,e1,87,82,b9,cc,dd,79,26,d1,30,a0,95
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(268)
    c:\windows\system32\Ati2evxx.dll

    - - - - - - - > 'explorer.exe'(776)
    c:\windows\system32\WININET.dll
    c:\windows\system32\msi.dll
    c:\windows\system32\ieframe.dll
    .
    Completion time: 2010-11-15 20:23:18
    ComboFix-quarantined-files.txt 2010-11-16 01:23

    Pre-Run: 172,469,751,808 bytes free
    Post-Run: 172,428,574,720 bytes free

    - - End Of File - - 55B1CC3A60E3B70685E50831CB33E54A
  24. jpak88

    jpak88 Newcomer, in training Topic Starter Posts: 54

    This log file is located at C:\rkill.log.
    Please post this only if requested to by the person helping you.
    Otherwise you can close this log when you wish.
    Ran as Owner on 11/15/2010 at 20:15:28.


    Services Stopped:


    Processes terminated by Rkill or while it was running:


    C:\Documents and Settings\Owner\Desktop\rkill.com


    Rkill completed on 11/15/2010 at 20:15:31.
  25. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    Very good :)

    Unless you installed Viewpoint Manager knowledgeably...
    Go Start>Control Panel>Add\Remove (Programs and Features in Vista), and...
    Uninstall any of the following programs associated with Viewpoint:
    * Viewpoint Manager
    * Viewpoint Media Player
    * Viewpoint Toolbar
    This program does not do anything bad such as deliver ads or spy on you, but it is considered foistware ("drive-by-install") as it is installed without your consent through programs like AOL, AIM, Compuserve, etc.

    ======================================================================

    Now, I want you to run the following fix in normal mode (it should run fine) and allow recovery console installation.

    1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box.

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    File::
    c:\windows\Wyoni.bin
    
    
    Folder::
    c:\documents and settings\All Users\Application Data\SITEguard
    c:\program files\Common Files\iS3
    c:\documents and settings\All Users\Application Data\STOPzilla!
    
    MIA::
    c:\windows\System32\wscntfy.exe
    
    DDS::
    uInternet Settings,ProxyServer = http=127.0.0.1:29775
    uInternet Settings,ProxyOverride = <local>
    
    Registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "UpdReg"=-
    
    
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.