GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-02-07 11:34:37 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_MK5056GSY rev.LH003D 465,76GB Running: 50smlc4r.exe; Driver: C:\Users\user\AppData\Local\Temp\kftcaaob.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.exe[1608] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007682cfca 5 bytes JMP 0000000172c17440 .text C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.exe[1608] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074f21465 2 bytes [F2, 74] .text C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.exe[1608] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074f214bb 2 bytes [F2, 74] .text ... * 2 .text C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe[1644] C:\Windows\syswow64\kernel32.dll!LoadLibraryW 00000000766f48fb 5 bytes JMP 0000000172c243d0 .text C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe[1644] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 00000000766f49a7 5 bytes JMP 0000000172c24200 .text C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe[1644] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007682cfca 5 bytes JMP 0000000172c17440 .text C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe[1644] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074f21465 2 bytes [F2, 74] .text C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe[1644] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074f214bb 2 bytes [F2, 74] .text ... * 2 .text C:\Windows\SysWOW64\schtasks.exe[1752] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007682cfca 5 bytes JMP 0000000172c17440 .text C:\Windows\SysWOW64\schtasks.exe[1752] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074f21465 2 bytes [F2, 74] .text C:\Windows\SysWOW64\schtasks.exe[1752] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074f214bb 2 bytes [F2, 74] .text ... * 2 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1940] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007682cfca 5 bytes JMP 0000000172c17440 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1940] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074f21465 2 bytes [F2, 74] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1940] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074f214bb 2 bytes [F2, 74] .text ... * 2 .text C:\Windows\system32\DRIVERS\o2flash.exe[2200] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007682cfca 5 bytes JMP 0000000172c17440 .text C:\Windows\system32\DRIVERS\o2flash.exe[2200] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074f21465 2 bytes [F2, 74] .text C:\Windows\system32\DRIVERS\o2flash.exe[2200] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074f214bb 2 bytes [F2, 74] .text ... * 2 .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2516] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007682cfca 5 bytes JMP 0000000172c17440 .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2516] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074f21465 2 bytes [F2, 74] .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2516] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074f214bb 2 bytes [F2, 74] .text ... * 2 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2540] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007682cfca 5 bytes JMP 0000000172c17440 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2540] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074f21465 2 bytes [F2, 74] .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2540] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074f214bb 2 bytes [F2, 74] .text ... * 2 .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[2648] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007682cfca 5 bytes JMP 0000000172c17440 .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[2648] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074f21465 2 bytes [F2, 74] .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[2648] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074f214bb 2 bytes [F2, 74] .text ... * 2 .text C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe[2872] C:\Windows\syswow64\kernel32.dll!LoadLibraryW 00000000766f48fb 5 bytes JMP 0000000172c243d0 .text C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe[2872] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 00000000766f49a7 5 bytes JMP 0000000172c24200 .text C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe[2872] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007682cfca 5 bytes JMP 0000000172c17440 .text C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe[2872] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074f21465 2 bytes [F2, 74] .text C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe[2872] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074f214bb 2 bytes [F2, 74] .text ... * 2 .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[2948] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007682cfca 5 bytes JMP 0000000172c17440 .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[2948] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074f21465 2 bytes [F2, 74] .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[2948] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074f214bb 2 bytes [F2, 74] .text ... * 2 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2060] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007682cfca 5 bytes JMP 0000000172c17440 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2060] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074f21465 2 bytes [F2, 74] .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2060] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074f214bb 2 bytes [F2, 74] .text ... * 2 .text C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe[3376] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007682cfca 5 bytes JMP 0000000172c17440 .text C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe[3376] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074f21465 2 bytes [F2, 74] .text C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe[3376] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074f214bb 2 bytes [F2, 74] .text ... * 2 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3992] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007682cfca 5 bytes JMP 0000000172c17440 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3992] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074f21465 2 bytes [F2, 74] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3992] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074f214bb 2 bytes [F2, 74] .text ... * 2 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5984] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007682cfca 5 bytes JMP 0000000172c17440 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5984] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074f21465 2 bytes [F2, 74] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5984] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074f214bb 2 bytes [F2, 74] .text ... * 2 .text C:\Users\user\Desktop\50smlc4r.exe[3064] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007682cfca 5 bytes JMP 0000000172c17440 .text C:\Users\user\Desktop\50smlc4r.exe[3064] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074f21465 2 bytes [F2, 74] .text C:\Users\user\Desktop\50smlc4r.exe[3064] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074f214bb 2 bytes [F2, 74] .text ... * 2 ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Windows\system32\svchost.exe[972] @ C:\Windows\system32\tschannel.dll[RPCRT4.dll!CStdStubBuffer_Disconnect] [11c91ceb8a885d04] IAT C:\Windows\system32\svchost.exe[972] @ C:\Windows\system32\tschannel.dll[RPCRT4.dll!CStdStubBuffer_IsIIDSupported] [6048102b0008e89f] IAT C:\Windows\system32\svchost.exe[972] @ C:\Windows\system32\tschannel.dll[RPCRT4.dll!CStdStubBuffer_Invoke] [2] IAT C:\Windows\system32\svchost.exe[972] @ C:\Windows\system32\tschannel.dll[RPCRT4.dll!CStdStubBuffer_Connect] [0] IAT C:\Windows\system32\svchost.exe[972] @ C:\Windows\system32\tschannel.dll[RPCRT4.dll!NdrDllGetClassObject] [0] IAT C:\Windows\system32\svchost.exe[972] @ C:\Windows\system32\tschannel.dll[RPCRT4.dll!NdrDllUnregisterProxy] [0] IAT C:\Windows\system32\svchost.exe[972] @ C:\Windows\system32\tschannel.dll[RPCRT4.dll!CStdStubBuffer_DebugServerRelease] [0] IAT C:\Windows\system32\svchost.exe[972] @ C:\Windows\system32\tschannel.dll[RPCRT4.dll!CStdStubBuffer_AddRef] [4937beba71710533] IAT C:\Windows\system32\svchost.exe[972] @ C:\Windows\system32\tschannel.dll[RPCRT4.dll!IUnknown_QueryInterface_Proxy] [36cc9cefdbb51983] IAT C:\Windows\system32\svchost.exe[972] @ C:\Windows\system32\tschannel.dll[RPCRT4.dll!NdrOleFree] [1] IAT C:\Windows\system32\svchost.exe[972] @ C:\Windows\system32\tschannel.dll[RPCRT4.dll!NdrOleAllocate] [0] IAT C:\Windows\system32\svchost.exe[972] @ C:\Windows\system32\tschannel.dll[RPCRT4.dll!CStdStubBuffer_CountRefs] [0] IAT C:\Windows\system32\svchost.exe[972] @ C:\Windows\system32\tschannel.dll[RPCRT4.dll!CStdStubBuffer_DebugServerQueryInterface] [0] IAT C:\Windows\system32\svchost.exe[972] @ C:\Windows\system32\tschannel.dll[RPCRT4.dll!CStdStubBuffer_QueryInterface] [0] IAT C:\Windows\system32\svchost.exe[972] @ C:\Windows\system32\tschannel.dll[RPCRT4.dll!IUnknown_AddRef_Proxy] [0] IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\Explorer.EXE[KERNEL32.dll!LoadLibraryExA] [7fefd8cce80] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\Explorer.EXE[KERNEL32.dll!LoadLibraryW] [7fefd8cd280] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\Explorer.EXE[KERNEL32.dll!LoadLibraryExW] [7fefd8cca70] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\Explorer.EXE[KERNEL32.dll!LoadLibraryA] [7fefd8cd670] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\Explorer.EXE[USER32.dll!SendMessageW] [7fefd8ce340] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\Explorer.EXE[USER32.dll!PostMessageW] [7fefd8cdf20] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\Explorer.EXE[ntdll.dll!NtClose] [7fefd8ceb60] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\kernel32.dll[ntdll.dll!NtDeleteValueKey] [7fefd950fc0] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\kernel32.dll[ntdll.dll!NtCreateKey] [7fefd951820] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\kernel32.dll[ntdll.dll!NtSetValueKey] [7fefd8cf3d0] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\kernel32.dll[ntdll.dll!NtClose] [7fefd8ceb60] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\kernel32.dll[ntdll.dll!NtQueryValueKey] [7fefd8cf860] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\kernel32.dll[ntdll.dll!NtOpenKey] [7fefd8ce770] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\kernel32.dll[ntdll.dll!NtQueryKey] [7fefd950ba0] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\kernel32.dll[ntdll.dll!NtDeleteKey] [7fefd8cef60] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\kernel32.dll[ntdll.dll!NtOpenKeyEx] [7fefd9513d0] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\KERNELBASE.dll[ntdll.dll!NtClose] [7fefd8ceb60] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\KERNELBASE.dll[ntdll.dll!NtOpenKey] [7fefd8ce770] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\KERNELBASE.dll[ntdll.dll!NtQueryValueKey] [7fefd8cf860] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\KERNELBASE.dll[ntdll.dll!NtSetValueKey] [7fefd8cf3d0] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\KERNELBASE.dll[ntdll.dll!NtCreateKey] [7fefd951820] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\KERNELBASE.dll[ntdll.dll!NtDeleteKey] [7fefd8cef60] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\KERNELBASE.dll[ntdll.dll!NtDeleteValueKey] [7fefd950fc0] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\ADVAPI32.dll[ntdll.dll!NtQueryValueKey] [7fefd8cf860] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\ADVAPI32.dll[ntdll.dll!NtClose] [7fefd8ceb60] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\ADVAPI32.dll[ntdll.dll!NtOpenKey] [7fefd8ce770] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\ADVAPI32.dll[ntdll.dll!NtQueryKey] [7fefd950ba0] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\ADVAPI32.dll[ntdll.dll!NtCreateKey] [7fefd951820] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\ADVAPI32.dll[ntdll.dll!NtSetValueKey] [7fefd8cf3d0] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\ADVAPI32.dll[ntdll.dll!NtDeleteKey] [7fefd8cef60] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\ADVAPI32.dll[ntdll.dll!NtOpenKeyEx] [7fefd9513d0] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\ADVAPI32.dll[KERNEL32.dll!LoadLibraryExW] [7fefd8cca70] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\ADVAPI32.dll[KERNEL32.dll!LoadLibraryA] [7fefd8cd670] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\ADVAPI32.dll[KERNEL32.dll!LoadLibraryW] [7fefd8cd280] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\ADVAPI32.dll[KERNEL32.dll!LoadLibraryExA] [7fefd8cce80] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\RPCRT4.dll[ntdll.dll!NtClose] [7fefd8ceb60] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\RPCRT4.dll[ntdll.dll!NtQueryValueKey] [7fefd8cf860] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\RPCRT4.dll[ntdll.dll!NtOpenKey] [7fefd8ce770] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\GDI32.dll[ntdll.dll!NtClose] [7fefd8ceb60] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\GDI32.dll[ntdll.dll!NtQueryValueKey] [7fefd8cf860] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\GDI32.dll[ntdll.dll!NtOpenKey] [7fefd8ce770] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\GDI32.dll[KERNEL32.dll!LoadLibraryExW] [7fefd8cca70] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\GDI32.dll[KERNEL32.dll!LoadLibraryA] [7fefd8cd670] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\GDI32.dll[KERNEL32.dll!LoadLibraryW] [7fefd8cd280] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\USER32.dll[ntdll.dll!NtOpenKey] [7fefd8ce770] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\USER32.dll[ntdll.dll!NtClose] [7fefd8ceb60] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\USER32.dll[ntdll.dll!NtQueryValueKey] [7fefd8cf860] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\USER32.dll[ntdll.dll!NtCreateKey] [7fefd951820] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\USER32.dll[ntdll.dll!NtSetValueKey] [7fefd8cf3d0] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\USER32.dll[ntdll.dll!NtDeleteValueKey] [7fefd950fc0] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\USER32.dll[KERNEL32.dll!LoadLibraryExA] [7fefd8cce80] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\USER32.dll[KERNEL32.dll!LoadLibraryExW] [7fefd8cca70] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\USER32.dll[KERNEL32.dll!LoadLibraryW] [7fefd8cd280] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!LoadLibraryW] [7fefd8cd280] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!LoadLibraryA] [7fefd8cd670] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!LoadLibraryExW] [7fefd8cca70] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!LoadLibraryExA] [7fefd8cce80] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\SHLWAPI.dll[USER32.dll!PostMessageW] [7fefd8cdf20] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\SHLWAPI.dll[USER32.dll!SendMessageW] [7fefd8ce340] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\SHELL32.dll[ntdll.dll!NtClose] [7fefd8ceb60] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\SHELL32.dll[USER32.dll!PostMessageW] [7fefd8cdf20] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\SHELL32.dll[USER32.dll!SendMessageW] [7fefd8ce340] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\SHELL32.dll[KERNEL32.dll!LoadLibraryW] [7fefd8cd280] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\SHELL32.dll[KERNEL32.dll!LoadLibraryA] [7fefd8cd670] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\ole32.dll[ntdll.dll!ZwQueryValueKey] [7fefd8cf860] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\ole32.dll[ntdll.dll!ZwOpenKey] [7fefd8ce770] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\ole32.dll[ntdll.dll!ZwCreateKey] [7fefd951820] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\ole32.dll[ntdll.dll!NtClose] [7fefd8ceb60] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\ole32.dll[ntdll.dll!ZwDeleteValueKey] [7fefd950fc0] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\ole32.dll[ntdll.dll!ZwDeleteKey] [7fefd8cef60] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\ole32.dll[ntdll.dll!ZwClose] [7fefd8ceb60] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\ole32.dll[ntdll.dll!NtOpenKey] [7fefd8ce770] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\ole32.dll[ntdll.dll!NtQueryKey] [7fefd950ba0] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\ole32.dll[USER32.dll!PostMessageW] [7fefd8cdf20] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\ole32.dll[USER32.dll!SendMessageW] [7fefd8ce340] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\ole32.dll[KERNEL32.dll!LoadLibraryA] [7fefd8cd670] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\ole32.dll[KERNEL32.dll!LoadLibraryW] [7fefd8cd280] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\OLEAUT32.dll[KERNEL32.dll!LoadLibraryExA] [7fefd8cce80] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\OLEAUT32.dll[KERNEL32.dll!LoadLibraryW] [7fefd8cd280] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\OLEAUT32.dll[KERNEL32.dll!LoadLibraryA] [7fefd8cd670] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\OLEAUT32.dll[USER32.dll!PostMessageW] [7fefd8cdf20] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\OLEAUT32.dll[USER32.dll!SendMessageW] [7fefd8ce340] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\EXPLORERFRAME.dll[KERNEL32.dll!LoadLibraryExA] [7fefd8cce80] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\EXPLORERFRAME.dll[KERNEL32.dll!LoadLibraryA] [7fefd8cd670] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\EXPLORERFRAME.dll[KERNEL32.dll!LoadLibraryW] [7fefd8cd280] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\EXPLORERFRAME.dll[KERNEL32.dll!LoadLibraryExW] [7fefd8cca70] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\EXPLORERFRAME.dll[USER32.dll!SendMessageW] [7fefd8ce340] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\EXPLORERFRAME.dll[USER32.dll!PostMessageW] [7fefd8cdf20] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\DUser.dll[USER32.dll!SendMessageW] [7fefd8ce340] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\DUser.dll[KERNEL32.dll!LoadLibraryA] [7fefd8cd670] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\DUser.dll[KERNEL32.dll!LoadLibraryExA] [7fefd8cce80] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\DUI70.dll[USER32.dll!SendMessageW] [7fefd8ce340] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\DUI70.dll[USER32.dll!PostMessageW] [7fefd8cdf20] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\DUI70.dll[KERNEL32.dll!LoadLibraryW] [7fefd8cd280] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\DUI70.dll[KERNEL32.dll!LoadLibraryExW] [7fefd8cca70] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\DUI70.dll[KERNEL32.dll!LoadLibraryExA] [7fefd8cce80] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\IMM32.dll[USER32.dll!PostMessageW] [7fefd8cdf20] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\IMM32.dll[USER32.dll!SendMessageW] [7fefd8ce340] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\IMM32.dll[KERNEL32.dll!LoadLibraryW] [7fefd8cd280] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\MSCTF.dll[KERNEL32.dll!LoadLibraryExA] [7fefd8cce80] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\MSCTF.dll[KERNEL32.dll!LoadLibraryW] [7fefd8cd280] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\MSCTF.dll[KERNEL32.dll!LoadLibraryExW] [7fefd8cca70] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\MSCTF.dll[ntdll.dll!NtQueryValueKey] [7fefd8cf860] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\MSCTF.dll[ntdll.dll!NtOpenKey] [7fefd8ce770] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\MSCTF.dll[ntdll.dll!NtClose] [7fefd8ceb60] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\MSCTF.dll[USER32.dll!SendMessageW] [7fefd8ce340] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\MSCTF.dll[USER32.dll!PostMessageW] [7fefd8cdf20] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\UxTheme.dll[KERNEL32.dll!LoadLibraryExA] [7fefd8cce80] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\UxTheme.dll[KERNEL32.dll!LoadLibraryW] [7fefd8cd280] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\UxTheme.dll[KERNEL32.dll!LoadLibraryExW] [7fefd8cca70] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\UxTheme.dll[USER32.dll!SendMessageW] [7fefd8ce340] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\UxTheme.dll[USER32.dll!PostMessageW] [7fefd8cdf20] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\POWRPROF.dll[KERNEL32.dll!LoadLibraryExW] [7fefd8cca70] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\POWRPROF.dll[KERNEL32.dll!LoadLibraryExA] [7fefd8cce80] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!LoadLibraryExA] [7fefd8cce80] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!LoadLibraryA] [7fefd8cd670] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!LoadLibraryExW] [7fefd8cca70] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!LoadLibraryW] [7fefd8cd280] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\SETUPAPI.dll[ntdll.dll!NtClose] [7fefd8ceb60] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\SETUPAPI.dll[USER32.dll!SendMessageW] [7fefd8ce340] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\SETUPAPI.dll[USER32.dll!PostMessageW] [7fefd8cdf20] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\CFGMGR32.dll[KERNEL32.dll!LoadLibraryExA] [7fefd8cce80] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\dwmapi.dll[KERNEL32.dll!LoadLibraryExA] [7fefd8cce80] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_2b253c8271ec7765\gdiplus.dll[KERNEL32.dll!LoadLibraryA] [7fefd8cd670] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_2b253c8271ec7765\gdiplus.dll[KERNEL32.dll!LoadLibraryW] [7fefd8cd280] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_2b253c8271ec7765\gdiplus.dll[KERNEL32.dll!LoadLibraryExW] [7fefd8cca70] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\Secur32.dll[ntdll.dll!NtClose] [7fefd8ceb60] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\Secur32.dll[KERNEL32.dll!LoadLibraryExA] [7fefd8cce80] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\SSPICLI.DLL[ntdll.dll!NtClose] [7fefd8ceb60] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\PROPSYS.dll[KERNEL32.dll!LoadLibraryExW] [7fefd8cca70] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\PROPSYS.dll[KERNEL32.dll!LoadLibraryW] [7fefd8cd280] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\PROPSYS.dll[KERNEL32.dll!LoadLibraryExA] [7fefd8cce80] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\PROPSYS.dll[KERNEL32.dll!LoadLibraryA] [7fefd8cd670] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll[KERNEL32.dll!LoadLibraryA] [7fefd8cd670] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll[KERNEL32.dll!LoadLibraryW] [7fefd8cd280] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\VERSION.dll[KERNEL32.dll!LoadLibraryW] [7fefd8cd280] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\VERSION.dll[KERNEL32.dll!LoadLibraryExW] [7fefd8cca70] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\WS2_32.dll[ntdll.dll!NtClose] [7fefd8ceb60] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\imagehlp.dll[KERNEL32.dll!LoadLibraryA] [7fefd8cd670] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\USERENV.dll[ntdll.dll!NtClose] [7fefd8ceb60] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\WINSTA.dll[ntdll.dll!NtClose] [7fefd8ceb60] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\WINSTA.dll[KERNEL32.dll!LoadLibraryExA] [7fefd8cce80] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll[USER32.dll!PostMessageW] [7fefd8cdf20] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll[USER32.dll!SendMessageW] [7fefd8ce340] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll[KERNEL32.dll!LoadLibraryW] [7fefd8cd280] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll[KERNEL32.dll!LoadLibraryExW] [7fefd8cca70] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll[KERNEL32.dll!LoadLibraryExA] [7fefd8cce80] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\WindowsCodecs.dll[KERNEL32.dll!LoadLibraryExA] [7fefd8cce80] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\WindowsCodecs.dll[KERNEL32.dll!LoadLibraryW] [7fefd8cd280] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\EhStorShell.dll[KERNEL32.dll!LoadLibraryExW] [7fefd8cca70] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\EhStorShell.dll[KERNEL32.dll!LoadLibraryW] [7fefd8cd280] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\ntshrui.dll[USER32.dll!PostMessageW] [7fefd8cdf20] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\ntshrui.dll[USER32.dll!SendMessageW] [7fefd8ce340] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\ntshrui.dll[KERNEL32.dll!LoadLibraryExA] [7fefd8cce80] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\ntshrui.dll[KERNEL32.dll!LoadLibraryW] [7fefd8cd280] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\cscapi.dll[ntdll.dll!NtClose] [7fefd8ceb60] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\IconCodecService.dll[KERNEL32.dll!LoadLibraryExA] [7fefd8cce80] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\CRYPTSP.dll[ntdll.dll!NtClose] [7fefd8ceb60] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\SndVolSSO.DLL[USER32.dll!SendMessageW] [7fefd8ce340] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\SndVolSSO.DLL[USER32.dll!PostMessageW] [7fefd8cdf20] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\SndVolSSO.DLL[KERNEL32.dll!LoadLibraryExA] [7fefd8cce80] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\SndVolSSO.DLL[KERNEL32.dll!LoadLibraryExW] [7fefd8cca70] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\ntmarta.dll[ntdll.dll!NtClose] [7fefd8ceb60] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\ntmarta.dll[KERNEL32.dll!LoadLibraryExA] [7fefd8cce80] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\netutils.dll[ntdll.dll!NtClose] [7fefd8ceb60] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\urlmon.dll[USER32.dll!SendMessageW] [7fefd8ce340] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\urlmon.dll[USER32.dll!PostMessageW] [7fefd8cdf20] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\urlmon.dll[KERNEL32.dll!LoadLibraryExW] [7fefd8cca70] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\urlmon.dll[KERNEL32.dll!LoadLibraryExA] [7fefd8cce80] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\urlmon.dll[KERNEL32.dll!LoadLibraryW] [7fefd8cd280] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\urlmon.dll[KERNEL32.dll!LoadLibraryA] [7fefd8cd670] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\WINMM.dll[ntdll.dll!NtClose] [7fefd8ceb60] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\WINMM.dll[USER32.dll!PostMessageW] [7fefd8cdf20] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\WINMM.dll[KERNEL32.dll!LoadLibraryExA] [7fefd8cce80] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\WINMM.dll[KERNEL32.dll!LoadLibraryA] [7fefd8cd670] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\WINMM.dll[KERNEL32.dll!LoadLibraryExW] [7fefd8cca70] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\WINMM.dll[KERNEL32.dll!LoadLibraryW] [7fefd8cd280] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\WINTRUST.dll[KERNEL32.dll!LoadLibraryExA] [7fefd8cce80] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\WINTRUST.dll[KERNEL32.dll!LoadLibraryA] [7fefd8cd670] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\WINTRUST.dll[KERNEL32.dll!LoadLibraryW] [7fefd8cd280] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\msi.dll[KERNEL32.dll!LoadLibraryExW] [7fefd8cca70] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\msi.dll[KERNEL32.dll!LoadLibraryW] [7fefd8cd280] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\msi.dll[USER32.dll!PostMessageW] [7fefd8cdf20] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\msi.dll[USER32.dll!SendMessageW] [7fefd8ce340] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\SXS.DLL[KERNEL32.dll!LoadLibraryW] [7fefd8cd280] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\MsftEdit.dll[KERNEL32.dll!LoadLibraryW] [7fefd8cd280] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\MsftEdit.dll[KERNEL32.dll!LoadLibraryA] [7fefd8cd670] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\MsftEdit.dll[USER32.dll!SendMessageW] [7fefd8ce340] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\MsftEdit.dll[USER32.dll!PostMessageW] [7fefd8cdf20] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\wkscli.dll[ntdll.dll!NtClose] [7fefd8ceb60] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\wkscli.dll[KERNEL32.dll!LoadLibraryExA] [7fefd8cce80] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\wkscli.dll[KERNEL32.dll!LoadLibraryW] [7fefd8cd280] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll ---- Processes - GMER 2.1 ---- Library c:\progra~3\bitguard\271832~1.68\{c16c1~1\bitguard.dll (*** suspicious ***) @ C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.exe [1608](2013-11-22 13:15:40) 0000000072c10000 Library c:\progra~3\bitguard\271832~1.68\{c16c1~1\bitguard.dll (*** suspicious ***) @ C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe [1644](2013-11-22 13:15:40) 0000000072c10000 Library c:\progra~3\bitguard\271832~1.68\{c16c1~1\bitguard.dll (*** suspicious ***) @ C:\Windows\SysWOW64\schtasks.exe [1752](2013-11-22 13:15:40) 0000000072c10000 Library c:\progra~3\bitguard\271832~1.68\{c16c1~1\bitguard.dll (*** suspicious ***) @ C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [1940](2013-11-22 13:15:40) 0000000072c10000 Library c:\progra~3\bitguard\271832~1.68\{c16c1~1\bitguard.dll (*** suspicious ***) @ C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [1976](2013-11-22 13:15:40) 0000000072c10000 Library c:\progra~3\bitguard\271832~1.68\{c16c1~1\bitguard.dll (*** suspicious ***) @ C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2176](2013-11-22 13:15:40) 0000000072c10000 Library c:\progra~3\bitguard\271832~1.68\{c16c1~1\bitguard.dll (*** suspicious ***) @ C:\Windows\system32\DRIVERS\o2flash.exe [2200](2013-11-22 0000000072c10000 Library c:\progra~3\bitguard\271832~1.68\{c16c1~1\bitguard.dll (*** suspicious ***) @ C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [2256](2013-11-22 13:15:40) 0000000072c10000 Library c:\progra~3\bitguard\271832~1.68\{c16c1~1\bitguard.dll (*** suspicious ***) @ C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2516](2013-11-22 13:15:40) 0000000072c10000 Library c:\progra~3\bitguard\271832~1.68\{c16c1~1\bitguard.dll (*** suspicious ***) @ C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2540](2013-11-22 13:15:40) 0000000072c10000 Library c:\progra~3\bitguard\271832~1.68\{c16c1~1\bitguard.dll (*** suspicious ***) @ C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE [2648](2013-11-22 13:15:40) 0000000072c10000 Library C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.dll (*** suspicious ***) @ C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe [2872](2013-11-22 13:15:40) 0000000072c10000 Library c:\progra~3\bitguard\271832~1.68\{c16c1~1\bitguard.dll (*** suspicious ***) @ C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe [2948](2013-11-22 13:15:40) 0000000072c10000 Library c:\progra~3\bitguard\271832~1.68\{c16c1~1\bitguard.dll (*** suspicious ***) @ C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2060](2013-11-22 13:15:40) 0000000072c10000 Library c:\progra~3\bitguard\271832~1.68\{c16c1~1\bitguard.dll (*** suspicious ***) @ C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe [3376](2013-11-22 13:15:40) 0000000072c10000 Library c:\progra~3\bitguard\271832~1.68\{c16c1~1\bitguard.dll (*** suspicious ***) @ C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [3992](2013-11-22 13:15:40) 0000000072c10000 Library c:\progra~3\bitguard\271832~1.68\{c16c1~1\bitguard.dll (*** suspicious ***) @ C:\Program Files (x86)\Skype\Phone\Skype.exe [4048](2 0000000072c10000 Library c:\progra~3\bitguard\271832~1.68\{c16c1~1\bitguard.dll (*** suspicious ***) @ C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [5984](2013-11-22 13:15:40) 0000000072c10000 Library c:\progra~3\bitguard\271832~1.68\{c16c1~1\bitguard.dll (*** suspicious ***) @ C:\Users\user\Desktop\50smlc4r.exe [3064](2013-11-22 13:15:40) 0000000072c10000 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c0f8daeb65e6 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c0f8daeb65e6@04180f9f674a 0x68 0x5D 0xEF 0xA8 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c0f8daeb65e6 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c0f8daeb65e6@04180f9f674a 0x68 0x5D 0xEF 0xA8 ... ---- EOF - GMER 2.1 ----