Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spyware or Virus - Unable to run any removal software or Hijack this


  • This topic is locked This topic is locked
4 replies to this topic

#1 joe_braman

joe_braman

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:10 PM

Posted 25 October 2009 - 08:53 AM

The issue seems to be with all trojan removers and anti virus software cannot run with this spyware/malware/virus running. Hijack this scan gets killed and program gets disabled. I did see a spurious dll in Hijackthis process info
\\?\globalroot\Device\__max++\****.dll the dll name keeps changing every time. HELP!
JB

BC AdBot (Login to Remove)

 


#2 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:06:10 PM

Posted 25 October 2009 - 09:55 AM

You definitely have a rootkit infection
Just before you run HJT or any scanner, run this app.


Please download to your Desktop

Rkill.scr
http://download.bleepingcomputer.com/grinler/rkill.scr

When you double-click on the Desktop icon, a small DOS window will open and the application will run on it's own
It should only take a few minutes and it will close by itself

Do not reboot the machine
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#3 joe_braman

joe_braman
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:10 PM

Posted 25 October 2009 - 06:28 PM

The script helped some what. HJT still could not complete. I manged to run GMER. Here is the log. Please help. Yes there is a rootkit infection

GMER 1.0.15.15163 - http://www.gmer.net
Rootkit scan 2009-10-25 19:27:01
Windows 5.1.2600 Service Pack 3
Running: Copy (2) of t7y4b8f4.exe; Driver: C:\DOCUME~1\SELVAR~1\LOCALS~1\Temp\kwloapoc.sys


---- System - GMER 1.0.15 ----

SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xF738BE22]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xF736CCDC]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xF736CECE]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xF738C610]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xF738C8C4]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xF738AB14]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xF738CD30]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xF738C0E2]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0xF736C982]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xEC9C54EC]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xEC9C5635]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xEC9C561F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xEC9C552C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xEC9C5661]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xEC9C5470]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xEC9C5484]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xEC9C5500]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xEC9C569D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xEC9C5609]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xEC9C55F3]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xEC9C5689]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xEC9C5675]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xEC9C54D8]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xEC9C54C4]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xEC9C564B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xEC9C5542]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xEC9C5516]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 80504AE8 7 Bytes JMP EC9C551A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtCreateFile 80579084 5 Bytes JMP EC9C54F0 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 805B2004 7 Bytes JMP EC9C5530 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805B2E12 5 Bytes JMP EC9C5546 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 805B83E8 7 Bytes JMP EC9C5504 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenProcess 805CB40A 5 Bytes JMP EC9C5474 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenThread 805CB696 5 Bytes JMP EC9C5488 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtSetInformationProcess 805CDE54 5 Bytes JMP EC9C54C8 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetContextThread 805D1704 5 Bytes JMP EC9C54DC \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryValueKey 806219EA 7 Bytes JMP EC9C55F7 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnloadKey 80622062 7 Bytes JMP EC9C564F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryMultipleValueKey 80622900 7 Bytes JMP EC9C560D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwEnumerateKey 80623FF2 7 Bytes JMP EC9C5639 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwEnumerateValueKey 8062425C 7 Bytes JMP EC9C5623 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryKey 80624EAA 7 Bytes JMP EC9C56A1 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRestoreKey 8062516A 5 Bytes JMP EC9C5679 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwReplaceKey 8062585E 5 Bytes JMP EC9C568D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwNotifyChangeKey 80625978 5 Bytes JMP EC9C5665 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
? win32k.sys:1 The system cannot find the file specified. !
? win32k.sys:2 The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\svchost.exe[192] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00CF0FEF
.text C:\WINDOWS\system32\svchost.exe[192] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00CF0F7C
.text C:\WINDOWS\system32\svchost.exe[192] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00CF0071
.text C:\WINDOWS\system32\svchost.exe[192] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00CF0F97
.text C:\WINDOWS\system32\svchost.exe[192] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00CF0FA8
.text C:\WINDOWS\system32\svchost.exe[192] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00CF004A
.text C:\WINDOWS\system32\svchost.exe[192] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00CF0F55
.text C:\WINDOWS\system32\svchost.exe[192] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00CF009D
.text C:\WINDOWS\system32\svchost.exe[192] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00CF0F29
.text C:\WINDOWS\system32\svchost.exe[192] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00CF00C2
.text C:\WINDOWS\system32\svchost.exe[192] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00CF00DD
.text C:\WINDOWS\system32\svchost.exe[192] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00CF0FB9
.text C:\WINDOWS\system32\svchost.exe[192] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00CF000A
.text C:\WINDOWS\system32\svchost.exe[192] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00CF008C
.text C:\WINDOWS\system32\svchost.exe[192] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00CF0025
.text C:\WINDOWS\system32\svchost.exe[192] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00CF0FDE
.text C:\WINDOWS\system32\svchost.exe[192] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00CF0F3A
.text C:\WINDOWS\system32\svchost.exe[192] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00CE001B
.text C:\WINDOWS\system32\svchost.exe[192] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00CE0073
.text C:\WINDOWS\system32\svchost.exe[192] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00CE0FCA
.text C:\WINDOWS\system32\svchost.exe[192] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00CE0FDB
.text C:\WINDOWS\system32\svchost.exe[192] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00CE0062
.text C:\WINDOWS\system32\svchost.exe[192] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00CE0000
.text C:\WINDOWS\system32\svchost.exe[192] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00CE0047
.text C:\WINDOWS\system32\svchost.exe[192] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00CE0036
.text C:\WINDOWS\system32\svchost.exe[192] USER32.dll!CallNextHookEx + 4A 7E42B410 7 Bytes CALL 35672D96 \\?\globalroot\Device\__max++>\88796E1A.x86.dll
.text C:\WINDOWS\system32\svchost.exe[192] GDI32.dll!GetHFONT + 51 77F17EA7 7 Bytes CALL 35672DC2 \\?\globalroot\Device\__max++>\88796E1A.x86.dll
.text C:\WINDOWS\system32\svchost.exe[192] GDI32.dll!GetTextExtentPoint32W + E4 77F18081 7 Bytes CALL 35672DDE \\?\globalroot\Device\__max++>\88796E1A.x86.dll
.text C:\WINDOWS\system32\svchost.exe[192] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00CD0031
.text C:\WINDOWS\system32\svchost.exe[192] msvcrt.dll!system 77C293C7 5 Bytes JMP 00CD0FA6
.text C:\WINDOWS\system32\svchost.exe[192] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00CD000C
.text C:\WINDOWS\system32\svchost.exe[192] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00CD0FEF
.text C:\WINDOWS\system32\svchost.exe[192] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00CD0FC1
.text C:\WINDOWS\system32\svchost.exe[192] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00CD0FD2
.text C:\WINDOWS\system32\svchost.exe[192] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00CB0FEF
.text C:\WINDOWS\system32\svchost.exe[192] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00CB0FDE
.text C:\WINDOWS\system32\svchost.exe[192] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00CB0014
.text C:\WINDOWS\system32\svchost.exe[192] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00CB0FB9
.text C:\WINDOWS\system32\svchost.exe[192] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00CC0FE5
.text C:\WINDOWS\system32\spoolsv.exe[432] GDI32.dll!GetHFONT + 51 77F17EA7 7 Bytes CALL 35672DC2 \\?\globalroot\Device\__max++>\88796E1A.x86.dll
.text C:\WINDOWS\system32\spoolsv.exe[432] GDI32.dll!GetTextExtentPoint32W + E4 77F18081 7 Bytes CALL 35672DDE \\?\globalroot\Device\__max++>\88796E1A.x86.dll
.text C:\WINDOWS\system32\spoolsv.exe[432] USER32.dll!CallNextHookEx + 4A 7E42B410 7 Bytes CALL 35672D96 \\?\globalroot\Device\__max++>\88796E1A.x86.dll
.text C:\WINDOWS\system32\services.exe[1036] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 013F0FEF
.text C:\WINDOWS\system32\services.exe[1036] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 013F0051
.text C:\WINDOWS\system32\services.exe[1036] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 013F0F5C
.text C:\WINDOWS\system32\services.exe[1036] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 013F0040
.text C:\WINDOWS\system32\services.exe[1036] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 013F0F83
.text C:\WINDOWS\system32\services.exe[1036] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 013F0F9E
.text C:\WINDOWS\system32\services.exe[1036] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 013F0F13
.text C:\WINDOWS\system32\services.exe[1036] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 013F0F30
.text C:\WINDOWS\system32\services.exe[1036] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 013F0ECC
.text C:\WINDOWS\system32\services.exe[1036] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 013F0EE7
.text C:\WINDOWS\system32\services.exe[1036] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 013F008A
.text C:\WINDOWS\system32\services.exe[1036] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 013F0025
.text C:\WINDOWS\system32\services.exe[1036] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 013F0FDE
.text C:\WINDOWS\system32\services.exe[1036] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 013F0F41
.text C:\WINDOWS\system32\services.exe[1036] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 013F000A
.text C:\WINDOWS\system32\services.exe[1036] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 013F0FB9
.text C:\WINDOWS\system32\services.exe[1036] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 013F0EF8
.text C:\WINDOWS\system32\services.exe[1036] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 013E0036
.text C:\WINDOWS\system32\services.exe[1036] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 013E006C
.text C:\WINDOWS\system32\services.exe[1036] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 013E0025
.text C:\WINDOWS\system32\services.exe[1036] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 013E0FE5
.text C:\WINDOWS\system32\services.exe[1036] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 013E0FAF
.text C:\WINDOWS\system32\services.exe[1036] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 013E0000
.text C:\WINDOWS\system32\services.exe[1036] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 013E005B
.text C:\WINDOWS\system32\services.exe[1036] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 013E0FD4
.text C:\WINDOWS\system32\services.exe[1036] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01240055
.text C:\WINDOWS\system32\services.exe[1036] msvcrt.dll!system 77C293C7 5 Bytes JMP 01240FD4
.text C:\WINDOWS\system32\services.exe[1036] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01240FE5
.text C:\WINDOWS\system32\services.exe[1036] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01240000
.text C:\WINDOWS\system32\services.exe[1036] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0124003A
.text C:\WINDOWS\system32\services.exe[1036] msvcrt.dll!_wopen 77C30055 3 Bytes JMP 01240029
.text C:\WINDOWS\system32\services.exe[1036] msvcrt.dll!_wopen + 4 77C30059 1 Byte [89]
.text C:\WINDOWS\system32\services.exe[1036] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 01220000
.text C:\WINDOWS\system32\services.exe[1036] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 01220FEF
.text C:\WINDOWS\system32\services.exe[1036] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 01220FCA
.text C:\WINDOWS\system32\services.exe[1036] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 01220025
.text C:\WINDOWS\system32\services.exe[1036] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01230000
.text C:\WINDOWS\system32\lsass.exe[1048] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01110FEF
.text C:\WINDOWS\system32\lsass.exe[1048] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01110062
.text C:\WINDOWS\system32\lsass.exe[1048] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01110047
.text C:\WINDOWS\system32\lsass.exe[1048] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01110F79
.text C:\WINDOWS\system32\lsass.exe[1048] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01110F8A
.text C:\WINDOWS\system32\lsass.exe[1048] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01110FC0
.text C:\WINDOWS\system32\lsass.exe[1048] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01110084
.text C:\WINDOWS\system32\lsass.exe[1048] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01110073
.text C:\WINDOWS\system32\lsass.exe[1048] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 011100B0
.text C:\WINDOWS\system32\lsass.exe[1048] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01110095
.text C:\WINDOWS\system32\lsass.exe[1048] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 01110EF2
.text C:\WINDOWS\system32\lsass.exe[1048] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01110FA5
.text C:\WINDOWS\system32\lsass.exe[1048] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01110014
.text C:\WINDOWS\system32\lsass.exe[1048] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01110F48
.text C:\WINDOWS\system32\lsass.exe[1048] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01110036
.text C:\WINDOWS\system32\lsass.exe[1048] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 01110025
.text C:\WINDOWS\system32\lsass.exe[1048] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01110F17
.text C:\WINDOWS\system32\lsass.exe[1048] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01100FD4
.text C:\WINDOWS\system32\lsass.exe[1048] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01100FB2
.text C:\WINDOWS\system32\lsass.exe[1048] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 01100025
.text C:\WINDOWS\system32\lsass.exe[1048] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01100014
.text C:\WINDOWS\system32\lsass.exe[1048] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 0110006F
.text C:\WINDOWS\system32\lsass.exe[1048] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01100FEF
.text C:\WINDOWS\system32\lsass.exe[1048] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 01100054
.text C:\WINDOWS\system32\lsass.exe[1048] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 01100FC3
.text C:\WINDOWS\system32\lsass.exe[1048] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01060058
.text C:\WINDOWS\system32\lsass.exe[1048] msvcrt.dll!system 77C293C7 5 Bytes JMP 01060FCD
.text C:\WINDOWS\system32\lsass.exe[1048] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01060018
.text C:\WINDOWS\system32\lsass.exe[1048] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01060FEF
.text C:\WINDOWS\system32\lsass.exe[1048] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0106003D
.text C:\WINDOWS\system32\lsass.exe[1048] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 01060FDE
.text C:\WINDOWS\system32\lsass.exe[1048] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01050000
.text C:\WINDOWS\system32\lsass.exe[1048] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00FF0000
.text C:\WINDOWS\system32\lsass.exe[1048] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00FF0FEF
.text C:\WINDOWS\system32\lsass.exe[1048] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00FF0025
.text C:\WINDOWS\system32\lsass.exe[1048] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00FF0FD4
.text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1108] USER32.dll!CallNextHookEx + 4A 7E42B410 7 Bytes CALL 35672D96 \\?\globalroot\Device\__max++>\88796E1A.x86.dll
.text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1108] GDI32.dll!GetHFONT + 51 77F17EA7 7 Bytes CALL 35672DC2 \\?\globalroot\Device\__max++>\88796E1A.x86.dll
.text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1108] GDI32.dll!GetTextExtentPoint32W + E4 77F18081 7 Bytes CALL 35672DDE \\?\globalroot\Device\__max++>\88796E1A.x86.dll
.text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00EA0FEF
.text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00EA00A9
.text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00EA0098
.text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00EA0087
.text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00EA0FCA
.text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00EA0051
.text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00EA0F74
.text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00EA0F8F
.text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00EA00EB
.text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00EA0F52
.text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00EA0F37
.text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00EA0062
.text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00EA000A
.text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00EA00BA
.text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00EA0036
.text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00EA0025
.text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00EA0F63
.text C:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00D9002C
.text C:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00D90062
.text C:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00D90FDB
.text C:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00D9001B
.text C:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00D90FA5
.text C:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00D90000
.text C:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00D90047
.text C:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00D90FC0
.text C:\WINDOWS\system32\svchost.exe[1272] USER32.dll!CallNextHookEx + 4A 7E42B410 7 Bytes CALL 35672D96 \\?\globalroot\Device\__max++>\88796E1A.x86.dll
.text C:\WINDOWS\system32\svchost.exe[1272] GDI32.dll!GetHFONT + 51 77F17EA7 7 Bytes CALL 35672DC2 \\?\globalroot\Device\__max++>\88796E1A.x86.dll
.text C:\WINDOWS\system32\svchost.exe[1272] GDI32.dll!GetTextExtentPoint32W + E4 77F18081 7 Bytes CALL 35672DDE \\?\globalroot\Device\__max++>\88796E1A.x86.dll
.text C:\WINDOWS\system32\svchost.exe[1272] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00D80055
.text C:\WINDOWS\system32\svchost.exe[1272] msvcrt.dll!system 77C293C7 5 Bytes JMP 00D80FD4
.text C:\WINDOWS\system32\svchost.exe[1272] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00D80FE5
.text C:\WINDOWS\system32\svchost.exe[1272] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00D80000
.text C:\WINDOWS\system32\svchost.exe[1272] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00D80044
.text C:\WINDOWS\system32\svchost.exe[1272] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00D80029
.text C:\WINDOWS\system32\svchost.exe[1272] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00D00FEF
.text C:\WINDOWS\system32\svchost.exe[1272] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00D00014
.text C:\WINDOWS\system32\svchost.exe[1272] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00D00FD4
.text C:\WINDOWS\system32\svchost.exe[1272] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00D00FC3
.text C:\WINDOWS\system32\svchost.exe[1272] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00D70FEF
.text C:\WINDOWS\system32\svchost.exe[1420] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 010B0000
.text C:\WINDOWS\system32\svchost.exe[1420] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 010B0080
.text C:\WINDOWS\system32\svchost.exe[1420] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 010B0F81
.text C:\WINDOWS\system32\svchost.exe[1420] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 010B0F9E
.text C:\WINDOWS\system32\svchost.exe[1420] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 010B0FAF
.text C:\WINDOWS\system32\svchost.exe[1420] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 010B0047
.text C:\WINDOWS\system32\svchost.exe[1420] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 010B0F38
.text C:\WINDOWS\system32\svchost.exe[1420] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 010B0F49
.text C:\WINDOWS\system32\svchost.exe[1420] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 010B0F0C
.text C:\WINDOWS\system32\svchost.exe[1420] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 010B0F1D
.text C:\WINDOWS\system32\svchost.exe[1420] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 010B00CA
.text C:\WINDOWS\system32\svchost.exe[1420] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 010B0FC0
.text C:\WINDOWS\system32\svchost.exe[1420] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 010B001B
.text C:\WINDOWS\system32\svchost.exe[1420] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 010B0F66
.text C:\WINDOWS\system32\svchost.exe[1420] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 010B0FDB
.text C:\WINDOWS\system32\svchost.exe[1420] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 010B002C
.text C:\WINDOWS\system32\svchost.exe[1420] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 010B009B
.text C:\WINDOWS\system32\svchost.exe[1420] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 010A0FCA
.text C:\WINDOWS\system32\svchost.exe[1420] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 010A0F9E
.text C:\WINDOWS\system32\svchost.exe[1420] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 010A001B
.text C:\WINDOWS\system32\svchost.exe[1420] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 010A000A
.text C:\WINDOWS\system32\svchost.exe[1420] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 010A0FAF
.text C:\WINDOWS\system32\svchost.exe[1420] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 010A0FEF
.text C:\WINDOWS\system32\svchost.exe[1420] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 010A0051
.text C:\WINDOWS\system32\svchost.exe[1420] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 010A0040
.text C:\WINDOWS\system32\svchost.exe[1420] USER32.dll!CallNextHookEx + 4A 7E42B410 7 Bytes CALL 35672D96 \\?\globalroot\Device\__max++>\88796E1A.x86.dll
.text C:\WINDOWS\system32\svchost.exe[1420] GDI32.dll!GetHFONT + 51 77F17EA7 7 Bytes CALL 35672DC2 \\?\globalroot\Device\__max++>\88796E1A.x86.dll
.text C:\WINDOWS\system32\svchost.exe[1420] GDI32.dll!GetTextExtentPoint32W + E4 77F18081 7 Bytes CALL 35672DDE \\?\globalroot\Device\__max++>\88796E1A.x86.dll
.text C:\WINDOWS\system32\svchost.exe[1420] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01090F81
.text C:\WINDOWS\system32\svchost.exe[1420] msvcrt.dll!system 77C293C7 5 Bytes JMP 01090F9C
.text C:\WINDOWS\system32\svchost.exe[1420] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01090FC8
.text C:\WINDOWS\system32\svchost.exe[1420] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01090000
.text C:\WINDOWS\system32\svchost.exe[1420] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01090FAD
.text C:\WINDOWS\system32\svchost.exe[1420] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 01090FE3
.text C:\WINDOWS\system32\svchost.exe[1420] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00FE0FE5
.text C:\WINDOWS\system32\svchost.exe[1420] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00FE000A
.text C:\WINDOWS\system32\svchost.exe[1420] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00FE0FD4
.text C:\WINDOWS\system32\svchost.exe[1420] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00FE002F
.text C:\WINDOWS\system32\svchost.exe[1420] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00FF0FEF
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[1512] GDI32.dll!GetHFONT + 51 77F17EA7 7 Bytes CALL 35672DC2 \\?\globalroot\Device\__max++>\88796E1A.x86.dll
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[1512] GDI32.dll!GetTextExtentPoint32W + E4 77F18081 7 Bytes CALL 35672DDE \\?\globalroot\Device\__max++>\88796E1A.x86.dll
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[1512] USER32.dll!CallNextHookEx + 4A 7E42B410 7 Bytes CALL 35672D96 \\?\globalroot\Device\__max++>\88796E1A.x86.dll
.text C:\WINDOWS\System32\svchost.exe[1628] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02710FE5
.text C:\WINDOWS\System32\svchost.exe[1628] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02710F83
.text C:\WINDOWS\System32\svchost.exe[1628] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02710F94
.text C:\WINDOWS\System32\svchost.exe[1628] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0271006E
.text C:\WINDOWS\System32\svchost.exe[1628] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02710FA5
.text C:\WINDOWS\System32\svchost.exe[1628] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0271002C
.text C:\WINDOWS\System32\svchost.exe[1628] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 02710F4D
.text C:\WINDOWS\System32\svchost.exe[1628] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 02710093
.text C:\WINDOWS\System32\svchost.exe[1628] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 027100D5
.text C:\WINDOWS\System32\svchost.exe[1628] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 02710F3C
.text C:\WINDOWS\System32\svchost.exe[1628] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 027100F0
.text C:\WINDOWS\System32\svchost.exe[1628] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0271003D
.text C:\WINDOWS\System32\svchost.exe[1628] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 02710000
.text C:\WINDOWS\System32\svchost.exe[1628] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 02710F68
.text C:\WINDOWS\System32\svchost.exe[1628] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 0271001B
.text C:\WINDOWS\System32\svchost.exe[1628] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 02710FCA
.text C:\WINDOWS\System32\svchost.exe[1628] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 027100B0
.text C:\WINDOWS\System32\svchost.exe[1628] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 022A002C
.text C:\WINDOWS\System32\svchost.exe[1628] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 022A0062
.text C:\WINDOWS\System32\svchost.exe[1628] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 022A0FDB
.text C:\WINDOWS\System32\svchost.exe[1628] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 022A0011
.text C:\WINDOWS\System32\svchost.exe[1628] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 022A0FA5
.text C:\WINDOWS\System32\svchost.exe[1628] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 022A0000
.text C:\WINDOWS\System32\svchost.exe[1628] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 022A0047
.text C:\WINDOWS\System32\svchost.exe[1628] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 022A0FC0
.text C:\WINDOWS\System32\svchost.exe[1628] USER32.dll!CallNextHookEx + 4A 7E42B410 7 Bytes CALL 35672D96 \\?\globalroot\Device\__max++>\88796E1A.x86.dll
.text C:\WINDOWS\System32\svchost.exe[1628] GDI32.dll!GetHFONT + 51 77F17EA7 7 Bytes CALL 35672DC2 \\?\globalroot\Device\__max++>\88796E1A.x86.dll
.text C:\WINDOWS\System32\svchost.exe[1628] GDI32.dll!GetTextExtentPoint32W + E4 77F18081 7 Bytes CALL 35672DDE \\?\globalroot\Device\__max++>\88796E1A.x86.dll
.text C:\WINDOWS\System32\svchost.exe[1628] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 02290049
.text C:\WINDOWS\System32\svchost.exe[1628] msvcrt.dll!system 77C293C7 5 Bytes JMP 02290038
.text C:\WINDOWS\System32\svchost.exe[1628] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0229000C
.text C:\WINDOWS\System32\svchost.exe[1628] msvcrt.dll!_open 77C2F566 5 Bytes JMP 02290FEF
.text C:\WINDOWS\System32\svchost.exe[1628] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0229001D
.text C:\WINDOWS\System32\svchost.exe[1628] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 02290FDE
.text C:\WINDOWS\System32\svchost.exe[1628] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 02260000
.text C:\WINDOWS\System32\svchost.exe[1628] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 02260FE5
.text C:\WINDOWS\System32\svchost.exe[1628] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 02260FCA
.text C:\WINDOWS\System32\svchost.exe[1628] WININET.dll!InternetOpenUrlW 3D9A6DDF 3 Bytes JMP 02260FB9
.text C:\WINDOWS\System32\svchost.exe[1628] WININET.dll!InternetOpenUrlW + 4 3D9A6DE3 1 Byte [C4]
.text C:\WINDOWS\System32\svchost.exe[1628] WS2_32.dll!socket 71AB4211 5 Bytes JMP 0227000A
.text C:\WINDOWS\system32\svchost.exe[1828] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 011F0FE5
.text C:\WINDOWS\system32\svchost.exe[1828] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 011F0F72
.text C:\WINDOWS\system32\svchost.exe[1828] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 011F0F83
.text C:\WINDOWS\system32\svchost.exe[1828] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 011F0051
.text C:\WINDOWS\system32\svchost.exe[1828] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 011F0040
.text C:\WINDOWS\system32\svchost.exe[1828] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 011F0FAF
.text C:\WINDOWS\system32\svchost.exe[1828] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 011F0F3A
.text C:\WINDOWS\system32\svchost.exe[1828] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 011F008C
.text C:\WINDOWS\system32\svchost.exe[1828] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 011F0EF3
.text C:\WINDOWS\system32\svchost.exe[1828] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 011F0F04
.text C:\WINDOWS\system32\svchost.exe[1828] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 011F0ED8
.text C:\WINDOWS\system32\svchost.exe[1828] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 011F0F9E
.text C:\WINDOWS\system32\svchost.exe[1828] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 011F0000
.text C:\WINDOWS\system32\svchost.exe[1828] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 011F0F61
.text C:\WINDOWS\system32\svchost.exe[1828] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 011F0025
.text C:\WINDOWS\system32\svchost.exe[1828] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 011F0FCA
.text C:\WINDOWS\system32\svchost.exe[1828] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 011F0F1F
.text C:\WINDOWS\system32\svchost.exe[1828] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00FC0FD1
.text C:\WINDOWS\system32\svchost.exe[1828] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00FC0FB6
.text C:\WINDOWS\system32\svchost.exe[1828] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00FC0022
.text C:\WINDOWS\system32\svchost.exe[1828] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00FC0011
.text C:\WINDOWS\system32\svchost.exe[1828] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00FC0073
.text C:\WINDOWS\system32\svchost.exe[1828] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00FC0000
.text C:\WINDOWS\system32\svchost.exe[1828] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00FC0062
.text C:\WINDOWS\system32\svchost.exe[1828] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00FC0047
.text C:\WINDOWS\system32\svchost.exe[1828] USER32.dll!CallNextHookEx + 4A 7E42B410 7 Bytes CALL 35672D96 \\?\globalroot\Device\__max++>\88796E1A.x86.dll
.text C:\WINDOWS\system32\svchost.exe[1828] GDI32.dll!GetHFONT + 51 77F17EA7 7 Bytes CALL 35672DC2 \\?\globalroot\Device\__max++>\88796E1A.x86.dll
.text C:\WINDOWS\system32\svchost.exe[1828] GDI32.dll!GetTextExtentPoint32W + E4 77F18081 7 Bytes CALL 35672DDE \\?\globalroot\Device\__max++>\88796E1A.x86.dll
.text C:\WINDOWS\system32\svchost.exe[1828] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00FB0070
.text C:\WINDOWS\system32\svchost.exe[1828] msvcrt.dll!system 77C293C7 5 Bytes JMP 00FB005F
.text C:\WINDOWS\system32\svchost.exe[1828] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00FB0029
.text C:\WINDOWS\system32\svchost.exe[1828] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00FB0FEF
.text C:\WINDOWS\system32\svchost.exe[1828] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00FB0044
.text C:\WINDOWS\system32\svchost.exe[1828] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00FB0018
.text C:\WINDOWS\system32\svchost.exe[1828] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00F9000A
.text C:\WINDOWS\system32\svchost.exe[1828] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00F9001B
.text C:\WINDOWS\system32\svchost.exe[1828] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00F90FE5
.text C:\WINDOWS\system32\svchost.exe[1828] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00F90FD4
.text C:\WINDOWS\system32\svchost.exe[1828] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00FA0000
.text C:\WINDOWS\system32\svchost.exe[1864] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00DA0000
.text C:\WINDOWS\system32\svchost.exe[1864] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00DA0F84
.text C:\WINDOWS\system32\svchost.exe[1864] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00DA0F95
.text C:\WINDOWS\system32\svchost.exe[1864] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00DA006F
.text C:\WINDOWS\system32\svchost.exe[1864] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00DA0054
.text C:\WINDOWS\system32\svchost.exe[1864] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00DA0FBC
.text C:\WINDOWS\system32\svchost.exe[1864] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00DA00AF
.text C:\WINDOWS\system32\svchost.exe[1864] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00DA0F5D
.text C:\WINDOWS\system32\svchost.exe[1864] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00DA0F16
.text C:\WINDOWS\system32\svchost.exe[1864] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00DA0F27
.text C:\WINDOWS\system32\svchost.exe[1864] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00DA00C0
.text C:\WINDOWS\system32\svchost.exe[1864] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00DA0043
.text C:\WINDOWS\system32\svchost.exe[1864] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00DA0FEF
.text C:\WINDOWS\system32\svchost.exe[1864] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00DA0094
.text C:\WINDOWS\system32\svchost.exe[1864] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00DA0FCD
.text C:\WINDOWS\system32\svchost.exe[1864] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00DA0FDE
.text C:\WINDOWS\system32\svchost.exe[1864] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00DA0F4C
.text C:\WINDOWS\system32\svchost.exe[1864] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00D90FC3
.text C:\WINDOWS\system32\svchost.exe[1864] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00D90F8D
.text C:\WINDOWS\system32\svchost.exe[1864] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00D9000A
.text C:\WINDOWS\system32\svchost.exe[1864] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00D90FD4
.text C:\WINDOWS\system32\svchost.exe[1864] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00D9004A
.text C:\WINDOWS\system32\svchost.exe[1864] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00D90FEF
.text C:\WINDOWS\system32\svchost.exe[1864] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00D90FB2
.text C:\WINDOWS\system32\svchost.exe[1864] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [F9, 88]
.text C:\WINDOWS\system32\svchost.exe[1864] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00D90039
.text C:\WINDOWS\system32\svchost.exe[1864] USER32.dll!CallNextHookEx + 4A 7E42B410 7 Bytes CALL 35672D96 \\?\globalroot\Device\__max++>\88796E1A.x86.dll
.text C:\WINDOWS\system32\svchost.exe[1864] GDI32.dll!GetHFONT + 51 77F17EA7 7 Bytes CALL 35672DC2 \\?\globalroot\Device\__max++>\88796E1A.x86.dll
.text C:\WINDOWS\system32\svchost.exe[1864] GDI32.dll!GetTextExtentPoint32W + E4 77F18081 7 Bytes CALL 35672DDE \\?\globalroot\Device\__max++>\88796E1A.x86.dll
.text C:\WINDOWS\system32\svchost.exe[1864] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00D80044
.text C:\WINDOWS\system32\svchost.exe[1864] msvcrt.dll!system 77C293C7 5 Bytes JMP 00D80033
.text C:\WINDOWS\system32\svchost.exe[1864] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00D80FDE
.text C:\WINDOWS\system32\svchost.exe[1864] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00D80FEF
.text C:\WINDOWS\system32\svchost.exe[1864] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00D80FC3
.text C:\WINDOWS\system32\svchost.exe[1864] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00D8000C
.text C:\WINDOWS\system32\svchost.exe[1864] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00A80FEF
.text C:\WINDOWS\system32\svchost.exe[1864] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00A80FD4
.text C:\WINDOWS\system32\svchost.exe[1864] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00A80FC3
.text C:\WINDOWS\system32\svchost.exe[1864] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00A80FB2
.text C:\WINDOWS\system32\svchost.exe[1864] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00A9000A
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2124] USER32.dll!CallNextHookEx + 4A 7E42B410 7 Bytes CALL 35672D96 \\?\globalroot\Device\__max++>\88796E1A.x86.dll
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2124] GDI32.dll!GetHFONT + 51 77F17EA7 7 Bytes CALL 35672DC2 \\?\globalroot\Device\__max++>\88796E1A.x86.dll
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2124] GDI32.dll!GetTextExtentPoint32W + E4 77F18081 7 Bytes CALL 35672DDE \\?\globalroot\Device\__max++>\88796E1A.x86.dll
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2304] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0041C130 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2304] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0041C1B0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2340] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00270FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[2340] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00270F57
.text C:\Program Files\Internet Explorer\iexplore.exe[2340] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00270F68
.text C:\Program Files\Internet Explorer\iexplore.exe[2340] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00270F83
.text C:\Program Files\Internet Explorer\iexplore.exe[2340] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00270036
.text C:\Program Files\Internet Explorer\iexplore.exe[2340] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0027001B
.text C:\Program Files\Internet Explorer\iexplore.exe[2340] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 0027008E
.text C:\Program Files\Internet Explorer\iexplore.exe[2340] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00270F3C
.text C:\Program Files\Internet Explorer\iexplore.exe[2340] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00270F21
.text C:\Program Files\Internet Explorer\iexplore.exe[2340] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 002700BA
.text C:\Program Files\Internet Explorer\iexplore.exe[2340] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00270EFC
.text C:\Program Files\Internet Explorer\iexplore.exe[2340] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00270F94
.text C:\Program Files\Internet Explorer\iexplore.exe[2340] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00270FDE
.text C:\Program Files\Internet Explorer\iexplore.exe[2340] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00270067
.text C:\Program Files\Internet Explorer\iexplore.exe[2340] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00270FB9
.text C:\Program Files\Internet Explorer\iexplore.exe[2340] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0027000A
.text C:\Program Files\Internet Explorer\iexplore.exe[2340] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 002700A9
.text C:\Program Files\Internet Explorer\iexplore.exe[2340] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00360FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[2340] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00360087
.text C:\Program Files\Internet Explorer\iexplore.exe[2340] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00360036
.text C:\Program Files\Internet Explorer\iexplore.exe[2340] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00360011
.text C:\Program Files\Internet Explorer\iexplore.exe[2340] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00360FCA
.text C:\Program Files\Internet Explorer\iexplore.exe[2340] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00360000
.text C:\Program Files\Internet Explorer\iexplore.exe[2340] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 0036006C
.text C:\Program Files\Internet Explorer\iexplore.exe[2340] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00360051
.text C:\Program Files\Internet Explorer\iexplore.exe[2340] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215435 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2340] USER32.dll!CallNextHookEx + 4A 7E42B410 7 Bytes CALL 35672D96 \\?\globalroot\Device\__max++>\88796E1A.x86.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2340] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2ED67C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2340] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E418F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2340] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E40C1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2340] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E412C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2340] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E3F92 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2340] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E3FF4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2340] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E41F2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2340] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4056 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2340] GDI32.dll!GetHFONT + 51 77F17EA7 7 Bytes CALL 35672DC2 \\?\globalroot\Device\__max++>\88796E1A.x86.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2340] GDI32.dll!GetTextExtentPoint32W + E4 77F18081 7 Bytes CALL 35672DDE \\?\globalroot\Device\__max++>\88796E1A.x86.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2340] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00370044
.text C:\Program Files\Internet Explorer\iexplore.exe[2340] msvcrt.dll!system 77C293C7 5 Bytes JMP 00370033
.text C:\Program Files\Internet Explorer\iexplore.exe[2340] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00370FDE
.text C:\Program Files\Internet Explorer\iexplore.exe[2340] msvcrt.dll!_open 77C2F566 5 Bytes JMP 0037000C
.text C:\Program Files\Internet Explorer\iexplore.exe[2340] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00370FC3
.text C:\Program Files\Internet Explorer\iexplore.exe[2340] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00370FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[2340] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 01830FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[2340] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 01830FD4
.text C:\Program Files\Internet Explorer\iexplore.exe[2340] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 01830FC3
.text C:\Program Files\Internet Explorer\iexplore.exe[2340] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 0183000A
.text C:\Program Files\Internet Explorer\iexplore.exe[2340] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01860FE5
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[2996] USER32.dll!CallNextHookEx + 4A 7E42B410 7 Bytes CALL 35672D96 \\?\globalroot\Device\__max++>\88796E1A.x86.dll
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[2996] GDI32.dll!GetHFONT + 51 77F17EA7 7 Bytes CALL 35672DC2 \\?\globalroot\Device\__max++>\88796E1A.x86.dll
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[2996] GDI32.dll!GetTextExtentPoint32W + E4 77F18081 7 Bytes CALL 35672DDE \\?\globalroot\Device\__max++>\88796E1A.x86.dll
.text C:\WINDOWS\system32\svchost.exe[3244] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00930FEF
.text C:\WINDOWS\system32\svchost.exe[3244] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0093009F
.text C:\WINDOWS\system32\svchost.exe[3244] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00930FAA
.text C:\WINDOWS\system32\svchost.exe[3244] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00930084
.text C:\WINDOWS\system32\svchost.exe[3244] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00930073
.text C:\WINDOWS\system32\svchost.exe[3244] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00930047
.text C:\WINDOWS\system32\svchost.exe[3244] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 009300B0
.text C:\WINDOWS\system32\svchost.exe[3244] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00930F74
.text C:\WINDOWS\system32\svchost.exe[3244] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 009300DC
.text C:\WINDOWS\system32\svchost.exe[3244] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00930F4D
.text C:\WINDOWS\system32\svchost.exe[3244] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 009300ED
.text C:\WINDOWS\system32\svchost.exe[3244] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00930058
.text C:\WINDOWS\system32\svchost.exe[3244] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0093000A
.text C:\WINDOWS\system32\svchost.exe[3244] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00930F8F
.text C:\WINDOWS\system32\svchost.exe[3244] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00930036
.text C:\WINDOWS\system32\svchost.exe[3244] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00930025
.text C:\WINDOWS\system32\svchost.exe[3244] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 009300C1
.text C:\WINDOWS\system32\svchost.exe[3244] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00920040
.text C:\WINDOWS\system32\svchost.exe[3244] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00920F94
.text C:\WINDOWS\system32\svchost.exe[3244] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00920025
.text C:\WINDOWS\system32\svchost.exe[3244] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0092000A
.text C:\WINDOWS\system32\svchost.exe[3244] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 0092005B
.text C:\WINDOWS\system32\svchost.exe[3244] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00920FEF
.text C:\WINDOWS\system32\svchost.exe[3244] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00920FB9
.text C:\WINDOWS\system32\svchost.exe[3244] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [B2, 88] {MOV DL, 0x88}
.text C:\WINDOWS\system32\svchost.exe[3244] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00920FCA
.text C:\WINDOWS\system32\svchost.exe[3244] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00910042
.text C:\WINDOWS\system32\svchost.exe[3244] msvcrt.dll!system 77C293C7 5 Bytes JMP 00910FAD
.text C:\WINDOWS\system32\svchost.exe[3244] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0091000C
.text C:\WINDOWS\system32\svchost.exe[3244] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00910FEF
.text C:\WINDOWS\system32\svchost.exe[3244] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00910027
.text C:\WINDOWS\system32\svchost.exe[3244] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00910FDE
.text C:\WINDOWS\system32\svchost.exe[3244] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00900FEF
.text C:\WINDOWS\system32\svchost.exe[3244] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00900FDE
.text C:\WINDOWS\system32\svchost.exe[3244] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00900FCD
.text C:\WINDOWS\system32\svchost.exe[3244] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 0090001E
.text C:\Program Files\Internet Explorer\iexplore.exe[3284] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00270FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[3284] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00270F63
.text C:\Program Files\Internet Explorer\iexplore.exe[3284] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00270F7E
.text C:\Program Files\Internet Explorer\iexplore.exe[3284] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00270062
.text C:\Program Files\Internet Explorer\iexplore.exe[3284] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00270FAF
.text C:\Program Files\Internet Explorer\iexplore.exe[3284] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00270036
.text C:\Program Files\Internet Explorer\iexplore.exe[3284] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00270F48
.text C:\Program Files\Internet Explorer\iexplore.exe[3284] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 0027009A
.text C:\Program Files\Internet Explorer\iexplore.exe[3284] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 002700D0
.text C:\Program Files\Internet Explorer\iexplore.exe[3284] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 002700BF
.text C:\Program Files\Internet Explorer\iexplore.exe[3284] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 002700EB
.text C:\Program Files\Internet Explorer\iexplore.exe[3284] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00270047
.text C:\Program Files\Internet Explorer\iexplore.exe[3284] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0027000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3284] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 0027007D
.text C:\Program Files\Internet Explorer\iexplore.exe[3284] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00270FCA
.text C:\Program Files\Internet Explorer\iexplore.exe[3284] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00270025
.text C:\Program Files\Internet Explorer\iexplore.exe[3284] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00270F37
.text C:\Program Files\Internet Explorer\iexplore.exe[3284] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00360FC3
.text C:\Program Files\Internet Explorer\iexplore.exe[3284] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0036006F
.text C:\Program Files\Internet Explorer\iexplore.exe[3284] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00360FDE
.text C:\Program Files\Internet Explorer\iexplore.exe[3284] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0036000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3284] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 0036005E
.text C:\Program Files\Internet Explorer\iexplore.exe[3284] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00360FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[3284] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00360FB2
.text C:\Program Files\Internet Explorer\iexplore.exe[3284] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [56, 88]
.text C:\Program Files\Internet Explorer\iexplore.exe[3284] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00360039
.text C:\Program Files\Internet Explorer\iexplore.exe[3284] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215435 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3284] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E97F5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3284] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DCE79 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3284] USER32.dll!CallNextHookEx + 4A 7E42B410 7 Bytes CALL 35672D96 \\?\globalroot\Device\__max++>\88796E1A.x86.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3284] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2ED67C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3284] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25466C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3284] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E418F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3284] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E40C1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3284] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E412C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3284] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E3F92 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3284] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E3FF4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3284] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E41F2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3284] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4056 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3284] GDI32.dll!GetHFONT + 51 77F17EA7 7 Bytes CALL 35672DC2 \\?\globalroot\Device\__max++>\88796E1A.x86.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3284] GDI32.dll!GetTextExtentPoint32W + E4 77F18081 7 Bytes CALL 35672DDE \\?\globalroot\Device\__max++>\88796E1A.x86.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3284] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00370F8B
.text C:\Program Files\Internet Explorer\iexplore.exe[3284] msvcrt.dll!system 77C293C7 5 Bytes JMP 00370F9C
.text C:\Program Files\Internet Explorer\iexplore.exe[3284] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00370FD2
.text C:\Program Files\Internet Explorer\iexplore.exe[3284] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00370000
.text C:\Program Files\Internet Explorer\iexplore.exe[3284] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00370FB7
.text C:\Program Files\Internet Explorer\iexplore.exe[3284] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00370FE3
.text C:\Program Files\Internet Explorer\iexplore.exe[3284] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2ED6D8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3284] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E44F7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3284] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 01830000
.text C:\Program Files\Internet Explorer\iexplore.exe[3284] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 01830011
.text C:\Program Files\Internet Explorer\iexplore.exe[3284] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 01830022
.text C:\Program Files\Internet Explorer\iexplore.exe[3284] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 01830FD1
.text C:\Program Files\Internet Explorer\iexplore.exe[3284] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01B60FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00270000
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00270078
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00270F83
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00270F9E
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0027005B
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00270FCA
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 002700A6
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00270F5E
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00270F1E
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00270F2F
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 002700DC
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00270FB9
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00270FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00270089
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00270036
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0027001B
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 002700B7
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00360FA8
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00360039
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00360FB9
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00360FCA
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00360F7C
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00360FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 0036001E
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00360F97
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215435 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E97F5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DCE79 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] USER32.dll!CallNextHookEx + 4A 7E42B410 7 Bytes CALL 35672D96 \\?\globalroot\Device\__max++>\88796E1A.x86.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2ED67C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25466C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E418F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E40C1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E412C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E3F92 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E3FF4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E41F2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4056 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] GDI32.dll!GetHFONT + 51 77F17EA7 7 Bytes CALL 35672DC2 \\?\globalroot\Device\__max++>\88796E1A.x86.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] GDI32.dll!GetTextExtentPoint32W + E4 77F18081 7 Bytes CALL 35672DDE \\?\globalroot\Device\__max++>\88796E1A.x86.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0037006E
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] msvcrt.dll!system 77C293C7 5 Bytes JMP 00370053
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00370FE3
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00370000
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00370038
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0037001D
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2ED6D8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E44F7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 01830000
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 0183001B
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 01830FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 01830036
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01B60FEF
.text C:\WINDOWS\explorer.exe[7944] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001B0FEF
.text C:\WINDOWS\explorer.exe[7944] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001B009D
.text C:\WINDOWS\explorer.exe[7944] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001B008C
.text C:\WINDOWS\explorer.exe[7944] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001B007B
.text C:\WINDOWS\explorer.exe[7944] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001B005E
.text C:\WINDOWS\explorer.exe[7944] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001B0FB2
.text C:\WINDOWS\explorer.exe[7944] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001B0F6D
.text C:\WINDOWS\explorer.exe[7944] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001B00BF
.text C:\WINDOWS\explorer.exe[7944] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001B00E1
.text C:\WINDOWS\explorer.exe[7944] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001B00D0
.text C:\WINDOWS\explorer.exe[7944] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 001B0F2D
.text C:\WINDOWS\explorer.exe[7944] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 001B0043
.text C:\WINDOWS\explorer.exe[7944] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 001B000A
.text C:\WINDOWS\explorer.exe[7944] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 001B00AE
.text C:\WINDOWS\explorer.exe[7944] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 001B0FC3
.text C:\WINDOWS\explorer.exe[7944] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 001B0FDE
.text C:\WINDOWS\explorer.exe[7944] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 001B0F5C
.text C:\WINDOWS\explorer.exe[7944] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 002A000A
.text C:\WINDOWS\explorer.exe[7944] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 002A0040
.text C:\WINDOWS\explorer.exe[7944] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 002A0FB9
.text C:\WINDOWS\explorer.exe[7944] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 002A0FDE
.text C:\WINDOWS\explorer.exe[7944] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 002A002F
.text C:\WINDOWS\explorer.exe[7944] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 002A0FEF
.text C:\WINDOWS\explorer.exe[7944] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 002A0F8D
.text C:\WINDOWS\explorer.exe[7944] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [4A, 88]
.text C:\WINDOWS\explorer.exe[7944] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 002A0F9E
.text C:\WINDOWS\explorer.exe[7944] GDI32.dll!GetHFONT + 51 77F17EA7 7 Bytes CALL 35672DC2 \\?\globalroot\Device\__max++>\88796E1A.x86.dll
.text C:\WINDOWS\explorer.exe[7944] GDI32.dll!GetTextExtentPoint32W + E4 77F18081 7 Bytes CALL 35672DDE \\?\globalroot\Device\__max++>\88796E1A.x86.dll
.text C:\WINDOWS\explorer.exe[7944] USER32.dll!CallNextHookEx + 4A 7E42B410 7 Bytes CALL 35672D96 \\?\globalroot\Device\__max++>\88796E1A.x86.dll
.text C:\WINDOWS\explorer.exe[7944] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 002B0FA6
.text C:\WINDOWS\explorer.exe[7944] msvcrt.dll!system 77C293C7 5 Bytes JMP 002B0031
.text C:\WINDOWS\explorer.exe[7944] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 002B0FC1
.text C:\WINDOWS\explorer.exe[7944] msvcrt.dll!_open 77C2F566 5 Bytes JMP 002B0FEF
.text C:\WINDOWS\explorer.exe[7944] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 002B0016
.text C:\WINDOWS\explorer.exe[7944] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 002B0FD2
.text C:\WINDOWS\explorer.exe[7944] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 002D0000
.text C:\WINDOWS\explorer.exe[7944] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 002D001B
.text C:\WINDOWS\explorer.exe[7944] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 002D0FEF
.text C:\WINDOWS\explorer.exe[7944] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 002D0040
.text C:\WINDOWS\explorer.exe[7944] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00BD0000

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\svchost.exe[192] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtWriteFile] [35672A94] \\?\globalroot\Device\__max++>\88796E1A.x86.dll
IAT C:\WINDOWS\system32\svchost.exe[192] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [35672A1E] \\?\globalroot\Device\__max++>\88796E1A.x86.dll
IAT C:\WINDOWS\system32\spoolsv.exe[432] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtWriteFile] [35672A94] \\?\globalroot\Device\__max++>\88796E1A.x86.dll
IAT C:\WINDOWS\system32\spoolsv.exe[432] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [35672A1E] \\?\globalroot\Device\__max++>\88796E1A.x86.dll
IAT C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1108] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtWriteFile] [35672A94] \\?\globalroot\Device\__max++>\88796E1A.x86.dll
IAT C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1108] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [35672A1E] \\?\globalroot\Device\__max++>\88796E1A.x86.dll
IAT C:\WINDOWS\system32\svchost.exe[1272] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtWriteFile] [35672A94] \\?\globalroot\Device\__max++>\88796E1A.x86.dll
IAT C:\WINDOWS\system32\svchost.exe[1272] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [35672A1E] \\?\globalroot\Device\__max++>\88796E1A.x86.dll
IAT C:\WINDOWS\system32\svchost.exe[1420] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtWriteFile] [35672A94] \\?\globalroot\Device\__max++>\88796E1A.x86.dll
IAT C:\WINDOWS\system32\svchost.exe[1420] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [35672A1E] \\?\globalroot\Device\__max++>\88796E1A.x86.dll
IAT C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[1512] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtWriteFile] [35672A94] \\?\globalroot\Device\__max++>\88796E1A.x86.dll
IAT C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[1512] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [35672A1E] \\?\globalroot\Device\__max++>\88796E1A.x86.dll
IAT C:\WINDOWS\System32\svchost.exe[1628] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtWriteFile] [35672A94] \\?\globalroot\Device\__max++>\88796E1A.x86.dll
IAT C:\WINDOWS\System32\svchost.exe[1628] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [35672A1E] \\?\globalroot\Device\__max++>\88796E1A.x86.dll
IAT C:\WINDOWS\system32\svchost.exe[1828] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtWriteFile] [35672A94] \\?\globalroot\Device\__max++>\88796E1A.x86.dll
IAT C:\WINDOWS\system32\svchost.exe[1828] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [35672A1E] \\?\globalroot\Device\__max++>\88796E1A.x86.dll
IAT C:\WINDOWS\system32\svchost.exe[1864] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtWriteFile] [35672A94] \\?\globalroot\Device\__max++>\88796E1A.x86.dll
IAT C:\WINDOWS\system32\svchost.exe[1864] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [35672A1E] \\?\globalroot\Device\__max++>\88796E1A.x86.dll
IAT c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2124] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtWriteFile] [35672A94] \\?\globalroot\Device\__max++>\88796E1A.x86.dll
IAT c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2124] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [35672A1E] \\?\globalroot\Device\__max++>\88796E1A.x86.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[2340] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtWriteFile] [35672A94] \\?\globalroot\Device\__max++>\88796E1A.x86.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[2340] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [35672A1E] \\?\globalroot\Device\__max++>\88796E1A.x86.dll
IAT C:\Program Files\McAfee\MPF\MPFSrv.exe[2996] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtWriteFile] [35672A94] \\?\globalroot\Device\__max++>\88796E1A.x86.dll
IAT C:\Program Files\McAfee\MPF\MPFSrv.exe[2996] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [35672A1E] \\?\globalroot\Device\__max++>\88796E1A.x86.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtWriteFile] [35672A94] \\?\globalroot\Device\__max++>\88796E1A.x86.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [35672A1E] \\?\globalroot\Device\__max++>\88796E1A.x86.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CloseHandle] [0467B810] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [046A0920] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileA] [0467AD70] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [046A08C0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!WriteFile] [0467B910] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!ReadFile] [0467B8B0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] [0467AF80] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [046A0890] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [046A0950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateFileW] [0467AF80] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [046A0890] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [046A08C0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [046A0950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CloseHandle] [0467B810] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!WriteFile] [0467B910] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [046A0890] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!CreateFileW] [0467AF80] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!CloseHandle] [0467B810] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [046A08C0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [046A0950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [046A0920] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CloseHandle] [0467B810] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!ReadFile] [0467B8B0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [0467B460] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [046A0890] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [046A0950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [046A08C0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateFileW] [0467AF80] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [046A0920] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [046A0890] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [046A0950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [046A08C0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!CloseHandle] [0467B810] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!WriteFile] [0467B910] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!CreateFileW] [0467AF80] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CloseHandle] [0467B810] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [046A0950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [046A0890] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [0467B240] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [0467B460] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateFileA] [0467AD70] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!ReadFile] [0467B8B0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateFileW] [0467AF80] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!WriteFile] [0467B910] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!WriteFile] [0467B910] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] [0467AD70] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [0467AF80] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [046A08F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [046A0920] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [046A08C0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [0467B240] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [0467B460] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!ReadFile] [0467B8B0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [046A0890] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [046A0950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CloseHandle] [0467B810] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DialogBoxParamW] [04679BC0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!MessageBoxIndirectA] [0467A320] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!MessageBoxIndirectW] [0467A7F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [046A0890] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [0467B460] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [046A08C0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [046A0950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] [0467AF80] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!ReadFile] [0467B8B0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CloseHandle] [0467B810] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!WriteFile] [0467B910] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [046A0920] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [046A08F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DialogBoxParamW] [04679BC0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!MessageBoxIndirectW] [0467A7F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [046A0950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [046A0890] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CloseHandle] [0467B810] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [046A08C0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] [0467AF80] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!ReadFile] [0467B8B0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [046A08F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [0467B460] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!WriteFile] [0467B910] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DialogBoxParamW] [04679BC0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [046A08C0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!WriteFile] [0467B910] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateFileW] [0467AF80] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateFileA] [0467AD70] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!ReadFile] [0467B8B0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [046A0920] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [046A0950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [046A0890] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CloseHandle] [0467B810] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!DialogBoxParamW] [04679BC0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [046A0950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [046A0890] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!CloseHandle] [0467B810] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!CloseHandle] [0467B810] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [046A0890] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [046A0950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!CreateFileW] [0467AF80] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!CreateFileA] [0467AD70] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!CloseHandle] [0467B810] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [046A0950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [046A0890] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [046A08C0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [046A0890] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [046A0950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!CreateFileW] [0467AF80] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!WriteFile] [0467B910] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!CloseHandle] [0467B810] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!ReadFile] [0467B8B0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [046A08C0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!WriteFile] [0467B910] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateFileW] [0467AF80] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [046A08F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [0467B460] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CloseHandle] [0467B810] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [046A0950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [046A0890] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!ReadFile] [0467B8B0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\USERENV.dll [USER32.dll!DialogBoxParamW] [04679BC0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [046A0890] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [046A0950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!CreateFileA] [0467AD70] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!CloseHandle] [0467B810] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [046A0950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [046A0890] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateFileA] [0467AD70] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateFileW] [0467AF80] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [046A08F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [046A0920] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CloseHandle] [0467B810] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!WriteFile] [0467B910] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!ReadFile] [0467B8B0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtWriteFile] [35672A94] \\?\globalroot\Device\__max++>\88796E1A.x86.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [35672A1E] \\?\globalroot\Device\__max++>\88796E1A.x86.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CloseHandle] [048BB810] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [048E0920] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileA] [048BAD70] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [048E08C0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!WriteFile] [048BB910] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!ReadFile] [048BB8B0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] [048BAF80] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [048E0890] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [048E0950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateFileW] [048BAF80] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [048E0890] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [048E08C0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [048E0950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CloseHandle] [048BB810] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!WriteFile] [048BB910] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [048E0890] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!CreateFileW] [048BAF80] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!CloseHandle] [048BB810] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [048E08C0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [048E0950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [048E0920] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CloseHandle] [048BB810] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!ReadFile] [048BB8B0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [048BB460] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [048E0890] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [048E0950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [048E08C0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateFileW] [048BAF80] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [048E0920] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [048E0890] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [048E0950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [048E08C0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!CloseHandle] [048BB810] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!WriteFile] [048BB910] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!CreateFileW] [048BAF80] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CloseHandle] [048BB810] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [048E0950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [048E0890] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [048BB240] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [048BB460] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateFileA] [048BAD70] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!ReadFile] [048BB8B0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateFileW] [048BAF80] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!WriteFile] [048BB910] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!WriteFile] [048BB910] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] [048BAD70] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [048BAF80] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [048E08F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [048E0920] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [048E08C0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [048BB240] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [048BB460] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!ReadFile] [048BB8B0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [048E0890] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [048E0950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CloseHandle] [048BB810] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DialogBoxParamW] [048B9BC0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!MessageBoxIndirectA] [048BA320] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!MessageBoxIndirectW] [048BA7F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [048E0890] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [048BB460] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [048E08C0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [048E0950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] [048BAF80] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!ReadFile] [048BB8B0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CloseHandle] [048BB810] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!WriteFile] [048BB910] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [048E0920] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [048E08F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DialogBoxParamW] [048B9BC0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!MessageBoxIndirectW] [048BA7F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [048E0950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [048E0890] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CloseHandle] [048BB810] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [048E08C0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] [048BAF80] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!ReadFile] [048BB8B0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [048E08F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [048BB460] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!WriteFile] [048BB910] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DialogBoxParamW] [048B9BC0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [048E08C0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!WriteFile] [048BB910] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateFileW] [048BAF80] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateFileA] [048BAD70] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!ReadFile] [048BB8B0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [048E0920] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [048E0950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [048E0890] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CloseHandle] [048BB810] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!DialogBoxParamW] [048B9BC0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [048E0950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [048E0890] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!CloseHandle] [048BB810] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!CloseHandle] [048BB810] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [048E0890] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [048E0950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [048E08C0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [048E0890] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [048E0950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!CreateFileW] [048BAF80] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!WriteFile] [048BB910] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!CloseHandle] [048BB810] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!ReadFile] [048BB8B0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [048E08C0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!WriteFile] [048BB910] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateFileW] [048BAF80] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [048E08F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [048BB460] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CloseHandle] [048BB810] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [048E0950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [048E0890] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!ReadFile] [048BB8B0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\USERENV.dll [USER32.dll!DialogBoxParamW] [048B9BC0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!CreateFileW] [048BAF80] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!CreateFileA] [048BAD70] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!CloseHandle] [048BB810] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [048E0950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [048E0890] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [048E0890] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [048E0950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!CreateFileA] [048BAD70] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!CloseHandle] [048BB810] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [048E0950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [048E0890] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateFileA] [048BAD70] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateFileW] [048BAF80] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [048E08F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [048E0920] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CloseHandle] [048BB810] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!WriteFile] [048BB910] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!ReadFile] [048BB8B0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\WINDOWS\explorer.exe[7944] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtWriteFile] [35672A94] \\?\globalroot\Device\__max++>\88796E1A.x86.dll
IAT C:\WINDOWS\explorer.exe[7944] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [35672A1E] \\?\globalroot\Device\__max++>\88796E1A.x86.dll

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)
Device tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\iastor \Device\Ide\iaStor0 [F7414146] iaStor.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xfc]}
Device \Driver\iastor \Device\Ide\IAAStorageDevice-0 [F7414146] iaStor.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xfc]}

AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device Cdfs.SYS (CD-ROM File System Driver/Microsoft Corporation)
---- Processes - GMER 1.0.15 ----

Library \\?\globalroot\Device\__max++>\88796E1A.x86.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [192] 0x35670000
Library \\?\globalroot\Device\__max++>\88796E1A.x86.dll (*** hidden *** ) @ C:\WINDOWS\system32\spoolsv.exe [432] 0x35670000
Library \\?\globalroot\Device\__max++>\88796E1A.x86.dll (*** hidden *** ) @ C:\Program Files\Juniper Networks\Common Files\dsNcService.exe [1108] 0x35670000
Library \\?\globalroot\Device\__max++>\88796E1A.x86.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1272] 0x35670000
Library \\?\globalroot\Device\__max++>\88796E1A.x86.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1420] 0x35670000
Library \\?\globalroot\Device\__max++>\88796E1A.x86.dll (*** hidden *** ) @ C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [1512] 0x35670000
Library \\?\globalroot\Device\__max++>\88796E1A.x86.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1628] 0x35670000
Library \\?\globalroot\Device\__max++>\88796E1A.x86.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1828] 0x35670000
Library \\?\globalroot\Device\__max++>\88796E1A.x86.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1864] 0x35670000
Library \\?\globalroot\Device\__max++>\88796E1A.x86.dll (*** hidden *** ) @ c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2124] 0x35670000
Library \\?\globalroot\Device\__max++>\88796E1A.x86.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\iexplore.exe [2340] 0x35670000
Library \\?\globalroot\Device\__max++>\88796E1A.x86.dll (*** hidden *** ) @ C:\Program Files\McAfee\MPF\MPFSrv.exe [2996] 0x35670000
Library \\?\globalroot\Device\__max++>\88796E1A.x86.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\iexplore.exe [3284] 0x35670000
Library \\?\globalroot\Device\__max++>\88796E1A.x86.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\iexplore.exe [3640] 0x35670000
Library \\?\globalroot\Device\__max++>\88796E1A.x86.dll (*** hidden *** ) @ C:\WINDOWS\explorer.exe [7944] 0x35670000

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv@start 1
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv@type 1
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv@imagepath \systemroot\system32\drivers\TDSSserv.sys

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\drivers\iaStor.sys suspicious modification

---- EOF - GMER 1.0.15 ----

#4 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:06:10 PM

Posted 26 October 2009 - 05:14 PM

Since you were successful in creating a GMER log you need to post it in our HJT forum There they will help you with the removal through some custom scripts and programs that we cannot run here in this forum


Give a brief description and tell them that this log was all you could get to run successfully

Post them here:
http://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/

The HJT team is extremely busy, so be patient and good luck
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#5 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,942 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:06:10 PM

Posted 28 October 2009 - 09:44 PM

Hello,

Now that you have posted a log here: http://www.bleepingcomputer.com/forums/t/267764/rootkit-infection-please-help/ you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the HJT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days, up to two weeks perhaps less, to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users