GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2011-07-19 20:08:41 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD1600BEVT-22ZCT0 rev.11.01A11 Running: 65sm16s7.exe; Driver: C:\DOCUME~1\user\USTAWI~1\Temp\uwroyaog.sys ---- System - GMER 1.0.15 ---- SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xB9EF1112] SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xB9ED02D6] SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xB9ED04C8] SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xB9EF1900] SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xB9EF1BB4] SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xB9EEFE12] SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xB9EF2020] SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xB9EF13D2] SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0xB9ECFF44] ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\System Control Manager\MSIService.exe[156] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00B60001 .text C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe[248] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 003F0001 .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[744] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 010A0001 .text C:\WINDOWS\system32\csrss.exe[776] KERNEL32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 015B0001 .text C:\WINDOWS\system32\winlogon.exe[800] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01910001 .text ... .text C:\Program Files\internet explorer\iexplore.exe[2680] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 405D54C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\internet explorer\iexplore.exe[2680] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 406A9A91 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\internet explorer\iexplore.exe[2680] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 4069D0CD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\internet explorer\iexplore.exe[2680] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 406ADB04 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\internet explorer\iexplore.exe[2680] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 4061466E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\internet explorer\iexplore.exe[2680] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 407A5329 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\internet explorer\iexplore.exe[2680] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 407A525B C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\internet explorer\iexplore.exe[2680] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 407A52C6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\internet explorer\iexplore.exe[2680] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 407A512C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\internet explorer\iexplore.exe[2680] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 407A518E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\internet explorer\iexplore.exe[2680] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 407A538C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\internet explorer\iexplore.exe[2680] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 407A51F0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\internet explorer\iexplore.exe[2680] ole32.dll!CoCreateInstance 774EF1AC 5 Bytes JMP 406ADB60 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\internet explorer\iexplore.exe[2680] ole32.dll!OleLoadFromStream 7751981B 5 Bytes JMP 407A5691 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Gadu-Gadu\gg.exe[2912] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01920001 .text C:\WINDOWS\system32\ctfmon.exe[2932] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00B10001 .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2940] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00AD0001 .text C:\Program Files\Messenger\msmsgs.exe[2956] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C80001 .text C:\Program Files\internet explorer\iexplore.exe[3956] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 405D54C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\internet explorer\iexplore.exe[3956] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 406ADB04 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\internet explorer\iexplore.exe[3956] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 407A5329 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\internet explorer\iexplore.exe[3956] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 407A525B C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\internet explorer\iexplore.exe[3956] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 407A52C6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\internet explorer\iexplore.exe[3956] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 407A512C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\internet explorer\iexplore.exe[3956] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 407A518E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\internet explorer\iexplore.exe[3956] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 407A538C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\internet explorer\iexplore.exe[3956] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 407A51F0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Program Files\internet explorer\iexplore.exe[2680] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CloseHandle] [027FC3F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.) IAT C:\Program Files\internet explorer\iexplore.exe[2680] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [02822DF0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.) IAT C:\Program Files\internet explorer\iexplore.exe[2680] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileA] [027FB950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.) IAT C:\Program Files\internet explorer\iexplore.exe[2680] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [02822D20] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.) IAT C:\Program Files\internet explorer\iexplore.exe[2680] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!WriteFile] [027FC5B0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.) IAT C:\Program Files\internet explorer\iexplore.exe[2680] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!ReadFile] [027FC4F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.) IAT C:\Program Files\internet explorer\iexplore.exe[2680] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] [027FBB60] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.) IAT C:\Program Files\internet explorer\iexplore.exe[2680] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [02822CF0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.) IAT C:\Program Files\internet explorer\iexplore.exe[2680] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [02822E30] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.) IAT C:\Program Files\internet explorer\iexplore.exe[2680] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateFileW] [027FBB60] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.) IAT C:\Program Files\internet explorer\iexplore.exe[2680] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [02822CF0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.) IAT C:\Program Files\internet explorer\iexplore.exe[2680] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [02822D20] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.) IAT C:\Program Files\internet explorer\iexplore.exe[2680] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [02822E30] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.) IAT C:\Program Files\internet explorer\iexplore.exe[2680] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CloseHandle] [027FC3F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.) IAT C:\Program Files\internet explorer\iexplore.exe[2680] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!WriteFile] [027FC5B0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.) IAT C:\Program Files\internet explorer\iexplore.exe[2680] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [02822CF0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.) IAT C:\Program Files\internet explorer\iexplore.exe[2680] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!CreateFileW] [027FBB60] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.) IAT C:\Program Files\internet explorer\iexplore.exe[2680] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!CloseHandle] [027FC3F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.) IAT C:\Program Files\internet explorer\iexplore.exe[2680] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [02822D20] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.) IAT C:\Program Files\internet explorer\iexplore.exe[2680] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [02822E30] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.) IAT C:\Program Files\internet explorer\iexplore.exe[2680] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [02822DF0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.) IAT C:\Program Files\internet explorer\iexplore.exe[2680] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CloseHandle] [027FC3F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.) IAT C:\Program Files\internet explorer\iexplore.exe[2680] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!ReadFile] [027FC4F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.) IAT C:\Program Files\internet explorer\iexplore.exe[2680] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [027FC040] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.) IAT C:\Program Files\internet explorer\iexplore.exe[2680] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [02822CF0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.) IAT C:\Program Files\internet explorer\iexplore.exe[2680] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [02822E30] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.) IAT C:\Program Files\internet explorer\iexplore.exe[2680] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [02822D20] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.) IAT C:\Program Files\internet explorer\iexplore.exe[2680] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateFileW] [027FBB60] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.) IAT C:\Program Files\internet explorer\iexplore.exe[2680] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [02822DF0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.) IAT C:\Program Files\internet explorer\iexplore.exe[2680] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [02822CF0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.) IAT C:\Program Files\internet explorer\iexplore.exe[2680] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [02822E30] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.) IAT C:\Program Files\internet explorer\iexplore.exe[2680] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [02822D20] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.) IAT C:\Program Files\internet explorer\iexplore.exe[2680] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!CloseHandle] [027FC3F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.) IAT C:\Program Files\internet explorer\iexplore.exe[2680] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!WriteFile] [027FC5B0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.) IAT C:\Program Files\internet explorer\iexplore.exe[2680] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!CreateFileW] [027FBB60] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.) IAT C:\Program Files\internet explorer\iexplore.exe[2680] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CloseHandle] [027FC3F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.) IAT C:\Program Files\internet explorer\iexplore.exe[2680] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [02822E30] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.) IAT C:\Program Files\internet explorer\iexplore.exe[2680] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [02822CF0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.) IAT C:\Program Files\internet explorer\iexplore.exe[2680] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [027FBE20] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.) IAT C:\Program Files\internet explorer\iexplore.exe[2680] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [027FC040] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.) IAT C:\Program Files\internet explorer\iexplore.exe[2680] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateFileA] [027FB950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.) IAT C:\Program Files\internet explorer\iexplore.exe[2680] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!ReadFile] [027FC4F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.) IAT C:\Program Files\internet explorer\iexplore.exe[2680] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateFileW] [027FBB60] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.) IAT C:\Program Files\internet explorer\iexplore.exe[2680] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!WriteFile] [027FC5B0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.) IAT C:\Program Files\internet explorer\iexplore.exe[2680] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!WriteFile] [027FC5B0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.) IAT C:\Program Files\internet explorer\iexplore.exe[2680] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] [027FB950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.) IAT C:\Program Files\internet explorer\iexplore.exe[2680] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [027FBB60] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.) IAT C:\Program Files\internet explorer\iexplore.exe[2680] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [02822DC0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.) IAT C:\Program Files\internet explorer\iexplore.exe[2680] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [02822DF0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.) IAT C:\Program Files\internet explorer\iexplore.exe[2680] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [02822D20] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.) IAT C:\Program Files\internet explorer\iexplore.exe[2680] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [027FBE20] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.) IAT C:\Program Files\internet explorer\iexplore.exe[2680] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [027FC040] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.) IAT C:\Program Files\internet explorer\iexplore.exe[2680] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!ReadFile] [027FC4F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.) IAT C:\Program Files\internet explorer\iexplore.exe[2680] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [02822CF0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.) IAT C:\Program Files\internet explorer\iexplore.exe[2680] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [02822E30] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.) IAT C:\Program Files\internet explorer\iexplore.exe[2680] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CloseHandle] [027FC3F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.) IAT C:\Program Files\internet explorer\iexplore.exe[2680] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DialogBoxParamW] [027FA1A0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.) IAT C:\Program Files\internet explorer\iexplore.exe[2680] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!MessageBoxIndirectA] [027FAA00] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.) IAT C:\Program Files\internet explorer\iexplore.exe[2680] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!MessageBoxIndirectW] [027FB1D0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.) IAT C:\Program Files\internet explorer\iexplore.exe[2680] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [02822CF0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.) IAT C:\Program Files\internet explorer\iexplore.exe[2680] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [027FC040] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.) IAT C:\Program Files\internet explorer\iexplore.exe[2680] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [02822D20] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.) IAT C:\Program Files\internet explorer\iexplore.exe[2680] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [02822E30] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.) IAT C:\Program Files\internet explorer\iexplore.exe[2680] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] [027FBB60] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.) IAT C:\Program Files\internet explorer\iexplore.exe[2680] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!ReadFile] [027FC4F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.) IAT C:\Program Files\internet explorer\iexplore.exe[2680] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CloseHandle] [027FC3F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.) IAT C:\Program Files\internet explorer\iexplore.exe[2680] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!WriteFile] [027FC5B0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.) IAT C:\Program Files\internet explorer\iexplore.exe[2680] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [02822DF0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.) IAT C:\Program Files\internet explorer\iexplore.exe[2680] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [02822DC0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.) IAT C:\Program Files\internet explorer\iexplore.exe[2680] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DialogBoxParamW] [027FA1A0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.) IAT C:\Program Files\internet explorer\iexplore.exe[2680] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!MessageBoxIndirectW] [027FB1D0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.) IAT C:\Program Files\internet explorer\iexplore.exe[2680] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [02822E30] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.) IAT C:\Program Files\internet explorer\iexplore.exe[2680] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [02822CF0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.) IAT C:\Program Files\internet explorer\iexplore.exe[2680] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CloseHandle] [027FC3F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.) IAT C:\Program Files\internet explorer\iexplore.exe[2680] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [02822D20] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.) IAT C:\Program Files\internet explorer\iexplore.exe[2680] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] [027FBB60] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.) IAT C:\Program Files\internet explorer\iexplore.exe[2680] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\internet explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation) IAT C:\Program Files\internet explorer\iexplore.exe[2680] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!ReadFile] [027FC4F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.) IAT C:\Program Files\internet explorer\iexplore.exe[2680] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [02822DC0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.) IAT C:\Program Files\internet explorer\iexplore.exe[2680] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [027FC040] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.) IAT C:\Program Files\internet explorer\iexplore.exe[2680] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!WriteFile] [027FC5B0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.) IAT C:\Program Files\internet explorer\iexplore.exe[2680] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DialogBoxParamW] [027FA1A0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.) IAT C:\Program Files\internet explorer\iexplore.exe[2680] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [02822D20] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.) IAT C:\Program Files\internet explorer\iexplore.exe[2680] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!WriteFile] [027FC5B0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.) IAT C:\Program Files\internet explorer\iexplore.exe[2680] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateFileW] [027FBB60] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.) IAT C:\Program Files\internet explorer\iexplore.exe[2680] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateFileA] [027FB950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.) IAT C:\Program Files\internet explorer\iexplore.exe[2680] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!ReadFile] [027FC4F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.) IAT C:\Program Files\internet explorer\iexplore.exe[2680] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [02822DF0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.) IAT C:\Program Files\internet explorer\iexplore.exe[2680] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [02822E30] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.) IAT C:\Program Files\internet explorer\iexplore.exe[2680] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [02822CF0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.) IAT C:\Program Files\internet explorer\iexplore.exe[2680] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CloseHandle] [027FC3F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.) IAT C:\Program Files\internet explorer\iexplore.exe[2680] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!DialogBoxParamW] [027FA1A0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.) IAT C:\Program Files\internet explorer\iexplore.exe[2680] @ C:\WINDOWS\system32\ws2_32.dll [KERNEL32.dll!GetProcAddress] [02822E30] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.) IAT C:\Program Files\internet explorer\iexplore.exe[2680] @ C:\WINDOWS\system32\ws2_32.dll [KERNEL32.dll!LoadLibraryA] [02822CF0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.) IAT C:\Program Files\internet explorer\iexplore.exe[2680] @ C:\WINDOWS\system32\ws2_32.dll [KERNEL32.dll!CloseHandle] [027FC3F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.) IAT C:\Program Files\internet explorer\iexplore.exe[2680] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!CloseHandle] [027FC3F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.) IAT C:\Program Files\internet explorer\iexplore.exe[2680] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [02822CF0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.) IAT C:\Program Files\internet explorer\iexplore.exe[2680] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [02822E30] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.) IAT C:\Program Files\internet explorer\iexplore.exe[2680] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [02822D20] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.) IAT C:\Program Files\internet explorer\iexplore.exe[2680] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [02822CF0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.) IAT C:\Program Files\internet explorer\iexplore.exe[2680] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [02822E30] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.) IAT C:\Program Files\internet explorer\iexplore.exe[2680] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!CreateFileW] [027FBB60] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.) IAT C:\Program Files\internet explorer\iexplore.exe[2680] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!WriteFile] [027FC5B0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.) IAT C:\Program Files\internet explorer\iexplore.exe[2680] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!CloseHandle] [027FC3F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.) IAT C:\Program Files\internet explorer\iexplore.exe[2680] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!ReadFile] [027FC4F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.) IAT C:\Program Files\internet explorer\iexplore.exe[2680] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [02822D20] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.) IAT C:\Program Files\internet explorer\iexplore.exe[2680] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!WriteFile] [027FC5B0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.) IAT C:\Program Files\internet explorer\iexplore.exe[2680] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateFileW] [027FBB60] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.) IAT C:\Program Files\internet explorer\iexplore.exe[2680] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [02822DC0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.) IAT C:\Program Files\internet explorer\iexplore.exe[2680] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [027FC040] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.) IAT C:\Program Files\internet explorer\iexplore.exe[2680] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CloseHandle] [027FC3F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.) IAT C:\Program Files\internet explorer\iexplore.exe[2680] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [02822E30] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.) IAT C:\Program Files\internet explorer\iexplore.exe[2680] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [02822CF0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.) IAT C:\Program Files\internet explorer\iexplore.exe[2680] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!ReadFile] [027FC4F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.) IAT C:\Program Files\internet explorer\iexplore.exe[2680] @ C:\WINDOWS\system32\USERENV.dll [USER32.dll!DialogBoxParamW] [027FA1A0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.) IAT C:\Program Files\internet explorer\iexplore.exe[2680] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!CreateFileW] [027FBB60] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.) IAT C:\Program Files\internet explorer\iexplore.exe[2680] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!CreateFileA] [027FB950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.) IAT C:\Program Files\internet explorer\iexplore.exe[2680] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!CloseHandle] [027FC3F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.) IAT C:\Program Files\internet explorer\iexplore.exe[2680] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [02822E30] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.) IAT C:\Program Files\internet explorer\iexplore.exe[2680] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [02822CF0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.) IAT C:\Program Files\internet explorer\iexplore.exe[2680] @ C:\WINDOWS\system32\inetmib1.dll [KERNEL32.dll!CloseHandle] [027FC3F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.) IAT C:\Program Files\internet explorer\iexplore.exe[2680] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [02822CF0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.) IAT C:\Program Files\internet explorer\iexplore.exe[2680] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [02822E30] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.) IAT C:\Program Files\internet explorer\iexplore.exe[2680] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!CreateFileA] [027FB950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.) IAT C:\Program Files\internet explorer\iexplore.exe[2680] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!CloseHandle] [027FC3F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.) IAT C:\Program Files\internet explorer\iexplore.exe[2680] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [02822E30] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.) IAT C:\Program Files\internet explorer\iexplore.exe[2680] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [02822CF0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.) IAT C:\Program Files\internet explorer\iexplore.exe[2680] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateFileA] [027FB950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.) IAT C:\Program Files\internet explorer\iexplore.exe[2680] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateFileW] [027FBB60] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.) IAT C:\Program Files\internet explorer\iexplore.exe[2680] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [02822DC0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.) IAT C:\Program Files\internet explorer\iexplore.exe[2680] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [02822DF0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.) IAT C:\Program Files\internet explorer\iexplore.exe[2680] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CloseHandle] [027FC3F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.) IAT C:\Program Files\internet explorer\iexplore.exe[2680] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!WriteFile] [027FC5B0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.) IAT C:\Program Files\internet explorer\iexplore.exe[2680] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!ReadFile] [027FC4F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00158315a310 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00158315a310@c038f95709e2 0xEE 0xEF 0x27 0x46 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00158315a310@c038f956f7e2 0x76 0x0A 0x07 0x0B ... Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00158315a310 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00158315a310@c038f95709e2 0xEE 0xEF 0x27 0x46 ... Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00158315a310@c038f956f7e2 0x76 0x0A 0x07 0x0B ... ---- EOF - GMER 1.0.15 ----