Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit infection - Please help


  • This topic is locked This topic is locked
4 replies to this topic

#1 joe_braman

joe_braman

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:46 PM

Posted 28 October 2009 - 09:43 PM

I have problem on my desktop. All trojan removers are getting shutdown by this malicious root kit. Nothing has worked. I have managed to run GMER. Please help diagnose and resolve

The script helped some what. HJT still could not complete. I manged to run GMER. Here is the log. Please help. Yes there is a rootkit infection

GMER 1.0.15.15163 - http://www.gmer.net
Rootkit scan 2009-10-25 19:27:01
Windows 5.1.2600 Service Pack 3
Running: Copy (2) of t7y4b8f4.exe; Driver: C:\DOCUME~1\SELVAR~1\LOCALS~1\Temp\kwloapoc.sys


---- System - GMER 1.0.15 ----

SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xF738BE22]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xF736CCDC]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xF736CECE]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xF738C610]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xF738C8C4]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xF738AB14]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xF738CD30]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xF738C0E2]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0xF736C982]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xEC9C54EC]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xEC9C5635]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xEC9C561F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xEC9C552C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xEC9C5661]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xEC9C5470]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xEC9C5484]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xEC9C5500]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xEC9C569D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xEC9C5609]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xEC9C55F3]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xEC9C5689]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xEC9C5675]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xEC9C54D8]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xEC9C54C4]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xEC9C564B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xEC9C5542]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xEC9C5516]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 80504AE8 7 Bytes JMP EC9C551A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtCreateFile 80579084 5 Bytes JMP EC9C54F0 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 805B2004 7 Bytes JMP EC9C5530 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805B2E12 5 Bytes JMP EC9C5546 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 805B83E8 7 Bytes JMP EC9C5504 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenProcess 805CB40A 5 Bytes JMP EC9C5474 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenThread 805CB696 5 Bytes JMP EC9C5488 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtSetInformationProcess 805CDE54 5 Bytes JMP EC9C54C8 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetContextThread 805D1704 5 Bytes JMP EC9C54DC \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryValueKey 806219EA 7 Bytes JMP EC9C55F7 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnloadKey 80622062 7 Bytes JMP EC9C564F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryMultipleValueKey 80622900 7 Bytes JMP EC9C560D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwEnumerateKey 80623FF2 7 Bytes JMP EC9C5639 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwEnumerateValueKey 8062425C 7 Bytes JMP EC9C5623 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryKey 80624EAA 7 Bytes JMP EC9C56A1 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRestoreKey 8062516A 5 Bytes JMP EC9C5679 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwReplaceKey 8062585E 5 Bytes JMP EC9C568D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwNotifyChangeKey 80625978 5 Bytes JMP EC9C5665 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
? win32k.sys:1 The system cannot find the file specified. !
? win32k.sys:2 The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\svchost.exe[192] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00CF0FEF
.text C:\WINDOWS\system32\svchost.exe[192] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00CF0F7C
.text C:\WINDOWS\system32\svchost.exe[192] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00CF0071
.text C:\WINDOWS\system32\svchost.exe[192] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00CF0F97
.text C:\WINDOWS\system32\svchost.exe[192] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00CF0FA8
.text C:\WINDOWS\system32\svchost.exe[192] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00CF004A
.text C:\WINDOWS\system32\svchost.exe[192] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00CF0F55
.text C:\WINDOWS\system32\svchost.exe[192] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00CF009D
.text C:\WINDOWS\system32\svchost.exe[192] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00CF0F29
.text C:\WINDOWS\system32\svchost.exe[192] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00CF00C2
.text C:\WINDOWS\system32\svchost.exe[192] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00CF00DD
.text C:\WINDOWS\system32\svchost.exe[192] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00CF0FB9
.text C:\WINDOWS\system32\svchost.exe[192] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00CF000A
.text C:\WINDOWS\system32\svchost.exe[192] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00CF008C
.text C:\WINDOWS\system32\svchost.exe[192] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00CF0025
.text C:\WINDOWS\system32\svchost.exe[192] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00CF0FDE
.text C:\WINDOWS\system32\svchost.exe[192] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00CF0F3A
.text C:\WINDOWS\system32\svchost.exe[192] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00CE001B
.text C:\WINDOWS\system32\svchost.exe[192] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00CE0073
.text C:\WINDOWS\system32\svchost.exe[192] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00CE0FCA
.text C:\WINDOWS\system32\svchost.exe[192] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00CE0FDB
.text C:\WINDOWS\system32\svchost.exe[192] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00CE0062
.text C:\WINDOWS\system32\svchost.exe[192] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00CE0000
.text C:\WINDOWS\system32\svchost.exe[192] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00CE0047
.text C:\WINDOWS\system32\svchost.exe[192] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00CE0036
.text C:\WINDOWS\system32\svchost.exe[192] USER32.dll!CallNextHookEx + 4A 7E42B410 7 Bytes CALL 35672D96 \\?\globalroot\Device\__max++>\88796E1A.x86.dll
.text C:\WINDOWS\system32\svchost.exe[192] GDI32.dll!GetHFONT + 51 77F17EA7 7 Bytes CALL 35672DC2 \\?\globalroot\Device\__max++>\88796E1A.x86.dll
.text C:\WINDOWS\system32\svchost.exe[192] GDI32.dll!GetTextExtentPoint32W + E4 77F18081 7 Bytes CALL 35672DDE \\?\globalroot\Device\__max++>\88796E1A.x86.dll
.text C:\WINDOWS\system32\svchost.exe[192] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00CD0031
.text C:\WINDOWS\system32\svchost.exe[192] msvcrt.dll!system 77C293C7 5 Bytes JMP 00CD0FA6
.text C:\WINDOWS\system32\svchost.exe[192] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00CD000C
.text C:\WINDOWS\system32\svchost.exe[192] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00CD0FEF
.text C:\WINDOWS\system32\svchost.exe[192] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00CD0FC1
.text C:\WINDOWS\system32\svchost.exe[192] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00CD0FD2
.text C:\WINDOWS\system32\svchost.exe[192] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00CB0FEF
.text C:\WINDOWS\system32\svchost.exe[192] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00CB0FDE
.text C:\WINDOWS\system32\svchost.exe[192] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00CB0014
.text C:\WINDOWS\system32\svchost.exe[192] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00CB0FB9
.text C:\WINDOWS\system32\svchost.exe[192] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00CC0FE5
.text C:\WINDOWS\system32\spoolsv.exe[432] GDI32.dll!GetHFONT + 51 77F17EA7 7 Bytes CALL 35672DC2 \\?\globalroot\Device\__max++>\88796E1A.x86.dll
.text C:\WINDOWS\system32\spoolsv.exe[432] GDI32.dll!GetTextExtentPoint32W + E4 77F18081 7 Bytes CALL 35672DDE \\?\globalroot\Device\__max++>\88796E1A.x86.dll
.text C:\WINDOWS\system32\spoolsv.exe[432] USER32.dll!CallNextHookEx + 4A 7E42B410 7 Bytes CALL 35672D96 \\?\globalroot\Device\__max++>\88796E1A.x86.dll
.text C:\WINDOWS\system32\services.exe[1036] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 013F0FEF
.text C:\WINDOWS\system32\services.exe[1036] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 013F0051
.text C:\WINDOWS\system32\services.exe[1036] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 013F0F5C
.text C:\WINDOWS\system32\services.exe[1036] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 013F0040
.text C:\WINDOWS\system32\services.exe[1036] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 013F0F83
.text C:\WINDOWS\system32\services.exe[1036] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 013F0F9E
.text C:\WINDOWS\system32\services.exe[1036] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 013F0F13
.text C:\WINDOWS\system32\services.exe[1036] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 013F0F30
.text C:\WINDOWS\system32\services.exe[1036] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 013F0ECC
.text C:\WINDOWS\system32\services.exe[1036] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 013F0EE7
.text C:\WINDOWS\system32\services.exe[1036] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 013F008A
.text C:\WINDOWS\system32\services.exe[1036] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 013F0025
.text C:\WINDOWS\system32\services.exe[1036] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 013F0FDE
.text C:\WINDOWS\system32\services.exe[1036] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 013F0F41
.text C:\WINDOWS\system32\services.exe[1036] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 013F000A
.text C:\WINDOWS\system32\services.exe[1036] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 013F0FB9
.text C:\WINDOWS\system32\services.exe[1036] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 013F0EF8
.text C:\WINDOWS\system32\services.exe[1036] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 013E0036
.text C:\WINDOWS\system32\services.exe[1036] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 013E006C
.text C:\WINDOWS\system32\services.exe[1036] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 013E0025
.text C:\WINDOWS\system32\services.exe[1036] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 013E0FE5
.text C:\WINDOWS\system32\services.exe[1036] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 013E0FAF
.text C:\WINDOWS\system32\services.exe[1036] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 013E0000
.text C:\WINDOWS\system32\services.exe[1036] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 013E005B
.text C:\WINDOWS\system32\services.exe[1036] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 013E0FD4
.text C:\WINDOWS\system32\services.exe[1036] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01240055
.text C:\WINDOWS\system32\services.exe[1036] msvcrt.dll!system 77C293C7 5 Bytes JMP 01240FD4
.text C:\WINDOWS\system32\services.exe[1036] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01240FE5
.text C:\WINDOWS\system32\services.exe[1036] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01240000
.text C:\WINDOWS\system32\services.exe[1036] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0124003A
.text C:\WINDOWS\system32\services.exe[1036] msvcrt.dll!_wopen 77C30055 3 Bytes JMP 01240029
.text C:\WINDOWS\system32\services.exe[1036] msvcrt.dll!_wopen + 4 77C30059 1 Byte [89]
.text C:\WINDOWS\system32\services.exe[1036] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 01220000
.text C:\WINDOWS\system32\services.exe[1036] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 01220FEF
.text C:\WINDOWS\system32\services.exe[1036] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 01220FCA
.text C:\WINDOWS\system32\services.exe[1036] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 01220025
.text C:\WINDOWS\system32\services.exe[1036] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01230000
.text C:\WINDOWS\system32\lsass.exe[1048] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01110FEF
.text C:\WINDOWS\system32\lsass.exe[1048] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01110062
.text C:\WINDOWS\system32\lsass.exe[1048] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01110047
.text C:\WINDOWS\system32\lsass.exe[1048] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01110F79
.text C:\WINDOWS\system32\lsass.exe[1048] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01110F8A
.text C:\WINDOWS\system32\lsass.exe[1048] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01110FC0
.text C:\WINDOWS\system32\lsass.exe[1048] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01110084
.text C:\WINDOWS\system32\lsass.exe[1048] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01110073
.text C:\WINDOWS\system32\lsass.exe[1048] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 011100B0
.text C:\WINDOWS\system32\lsass.exe[1048] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01110095
.text C:\WINDOWS\system32\lsass.exe[1048] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 01110EF2
.text C:\WINDOWS\system32\lsass.exe[1048] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01110FA5
.text C:\WINDOWS\system32\lsass.exe[1048] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01110014
.text C:\WINDOWS\system32\lsass.exe[1048] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01110F48
.text C:\WINDOWS\system32\lsass.exe[1048] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01110036
.text C:\WINDOWS\system32\lsass.exe[1048] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 01110025
.text C:\WINDOWS\system32\lsass.exe[1048] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01110F17
.text C:\WINDOWS\system32\lsass.exe[1048] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01100FD4
.text C:\WINDOWS\system32\lsass.exe[1048] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01100FB2
.text C:\WINDOWS\system32\lsass.exe[1048] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 01100025
.text C:\WINDOWS\system32\lsass.exe[1048] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01100014
.text C:\WINDOWS\system32\lsass.exe[1048] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 0110006F
.text C:\WINDOWS\system32\lsass.exe[1048] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01100FEF
.text C:\WINDOWS\system32\lsass.exe[1048] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 01100054
.text C:\WINDOWS\system32\lsass.exe[1048] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 01100FC3
.text C:\WINDOWS\system32\lsass.exe[1048] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01060058
.text C:\WINDOWS\system32\lsass.exe[1048] msvcrt.dll!system 77C293C7 5 Bytes JMP 01060FCD
.text C:\WINDOWS\system32\lsass.exe[1048] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01060018
.text C:\WINDOWS\system32\lsass.exe[1048] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01060FEF
.text C:\WINDOWS\system32\lsass.exe[1048] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0106003D
.text C:\WINDOWS\system32\lsass.exe[1048] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 01060FDE
.text C:\WINDOWS\system32\lsass.exe[1048] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01050000
.text C:\WINDOWS\system32\lsass.exe[1048] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00FF0000
.text C:\WINDOWS\system32\lsass.exe[1048] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00FF0FEF
.text C:\WINDOWS\system32\lsass.exe[1048] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00FF0025
.text C:\WINDOWS\system32\lsass.exe[1048] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00FF0FD4
.text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1108] USER32.dll!CallNextHookEx + 4A 7E42B410 7 Bytes CALL 35672D96 \\?\globalroot\Device\__max++>\88796E1A.x86.dll
.text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1108] GDI32.dll!GetHFONT + 51 77F17EA7 7 Bytes CALL 35672DC2 \\?\globalroot\Device\__max++>\88796E1A.x86.dll
.text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1108] GDI32.dll!GetTextExtentPoint32W + E4 77F18081 7 Bytes CALL 35672DDE \\?\globalroot\Device\__max++>\88796E1A.x86.dll
.text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00EA0FEF
.text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00EA00A9
.text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00EA0098
.text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00EA0087
.text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00EA0FCA
.text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00EA0051
.text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00EA0F74
.text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00EA0F8F
.text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00EA00EB
.text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00EA0F52
.text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00EA0F37
.text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00EA0062
.text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00EA000A
.text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00EA00BA
.text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00EA0036
.text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00EA0025
.text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00EA0F63
.text C:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00D9002C
.text C:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00D90062
.text C:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00D90FDB
.text C:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00D9001B
.text C:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00D90FA5
.text C:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00D90000
.text C:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00D90047
.text C:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00D90FC0
.text C:\WINDOWS\system32\svchost.exe[1272] USER32.dll!CallNextHookEx + 4A 7E42B410 7 Bytes CALL 35672D96 \\?\globalroot\Device\__max++>\88796E1A.x86.dll
.text C:\WINDOWS\system32\svchost.exe[1272] GDI32.dll!GetHFONT + 51 77F17EA7 7 Bytes CALL 35672DC2 \\?\globalroot\Device\__max++>\88796E1A.x86.dll
.text C:\WINDOWS\system32\svchost.exe[1272] GDI32.dll!GetTextExtentPoint32W + E4 77F18081 7 Bytes CALL 35672DDE \\?\globalroot\Device\__max++>\88796E1A.x86.dll
.text C:\WINDOWS\system32\svchost.exe[1272] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00D80055
.text C:\WINDOWS\system32\svchost.exe[1272] msvcrt.dll!system 77C293C7 5 Bytes JMP 00D80FD4
.text C:\WINDOWS\system32\svchost.exe[1272] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00D80FE5
.text C:\WINDOWS\system32\svchost.exe[1272] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00D80000
.text C:\WINDOWS\system32\svchost.exe[1272] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00D80044
.text C:\WINDOWS\system32\svchost.exe[1272] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00D80029
.text C:\WINDOWS\system32\svchost.exe[1272] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00D00FEF
.text C:\WINDOWS\system32\svchost.exe[1272] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00D00014
.text C:\WINDOWS\system32\svchost.exe[1272] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00D00FD4
.text C:\WINDOWS\system32\svchost.exe[1272] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00D00FC3
.text C:\WINDOWS\system32\svchost.exe[1272] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00D70FEF
.text C:\WINDOWS\system32\svchost.exe[1420] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 010B0000
.text C:\WINDOWS\system32\svchost.exe[1420] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 010B0080
.text C:\WINDOWS\system32\svchost.exe[1420] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 010B0F81
.text C:\WINDOWS\system32\svchost.exe[1420] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 010B0F9E
.text C:\WINDOWS\system32\svchost.exe[1420] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 010B0FAF
.text C:\WINDOWS\system32\svchost.exe[1420] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 010B0047
.text C:\WINDOWS\system32\svchost.exe[1420] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 010B0F38
.text C:\WINDOWS\system32\svchost.exe[1420] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 010B0F49
.text C:\WINDOWS\system32\svchost.exe[1420] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 010B0F0C
.text C:\WINDOWS\system32\svchost.exe[1420] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 010B0F1D
.text C:\WINDOWS\system32\svchost.exe[1420] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 010B00CA
.text C:\WINDOWS\system32\svchost.exe[1420] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 010B0FC0
.text C:\WINDOWS\system32\svchost.exe[1420] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 010B001B
.text C:\WINDOWS\system32\svchost.exe[1420] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 010B0F66
.text C:\WINDOWS\system32\svchost.exe[1420] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 010B0FDB
.text C:\WINDOWS\system32\svchost.exe[1420] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 010B002C
.text C:\WINDOWS\system32\svchost.exe[1420] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 010B009B
.text C:\WINDOWS\system32\svchost.exe[1420] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 010A0FCA
.text C:\WINDOWS\system32\svchost.exe[1420] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 010A0F9E
.text C:\WINDOWS\system32\svchost.exe[1420] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 010A001B
.text C:\WINDOWS\system32\svchost.exe[1420] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 010A000A
.text C:\WINDOWS\system32\svchost.exe[1420] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 010A0FAF
.text C:\WINDOWS\system32\svchost.exe[1420] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 010A0FEF
.text C:\WINDOWS\system32\svchost.exe[1420] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 010A0051
.text C:\WINDOWS\system32\svchost.exe[1420] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 010A0040
.text C:\WINDOWS\system32\svchost.exe[1420] USER32.dll!CallNextHookEx + 4A 7E42B410 7 Bytes CALL 35672D96 \\?\globalroot\Device\__max++>\88796E1A.x86.dll
.text C:\WINDOWS\system32\svchost.exe[1420] GDI32.dll!GetHFONT + 51 77F17EA7 7 Bytes CALL 35672DC2 \\?\globalroot\Device\__max++>\88796E1A.x86.dll
.text C:\WINDOWS\system32\svchost.exe[1420] GDI32.dll!GetTextExtentPoint32W + E4 77F18081 7 Bytes CALL 35672DDE \\?\globalroot\Device\__max++>\88796E1A.x86.dll
.text C:\WINDOWS\system32\svchost.exe[1420] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01090F81
.text C:\WINDOWS\system32\svchost.exe[1420] msvcrt.dll!system 77C293C7 5 Bytes JMP 01090F9C
.text C:\WINDOWS\system32\svchost.exe[1420] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01090FC8
.text C:\WINDOWS\system32\svchost.exe[1420] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01090000
.text C:\WINDOWS\system32\svchost.exe[1420] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01090FAD
.text C:\WINDOWS\system32\svchost.exe[1420] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 01090FE3
.text C:\WINDOWS\system32\svchost.exe[1420] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00FE0FE5
.text C:\WINDOWS\system32\svchost.exe[1420] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00FE000A
.text C:\WINDOWS\system32\svchost.exe[1420] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00FE0FD4
.text C:\WINDOWS\system32\svchost.exe[1420] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00FE002F
.text C:\WINDOWS\system32\svchost.exe[1420] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00FF0FEF
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[1512] GDI32.dll!GetHFONT + 51 77F17EA7 7 Bytes CALL 35672DC2 \\?\globalroot\Device\__max++>\88796E1A.x86.dll
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[1512] GDI32.dll!GetTextExtentPoint32W + E4 77F18081 7 Bytes CALL 35672DDE \\?\globalroot\Device\__max++>\88796E1A.x86.dll
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[1512] USER32.dll!CallNextHookEx + 4A 7E42B410 7 Bytes CALL 35672D96 \\?\globalroot\Device\__max++>\88796E1A.x86.dll
.text C:\WINDOWS\System32\svchost.exe[1628] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02710FE5
.text C:\WINDOWS\System32\svchost.exe[1628] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02710F83
.text C:\WINDOWS\System32\svchost.exe[1628] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02710F94
.text C:\WINDOWS\System32\svchost.exe[1628] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0271006E
.text C:\WINDOWS\System32\svchost.exe[1628] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02710FA5
.text C:\WINDOWS\System32\svchost.exe[1628] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0271002C
.text C:\WINDOWS\System32\svchost.exe[1628] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 02710F4D
.text C:\WINDOWS\System32\svchost.exe[1628] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 02710093
.text C:\WINDOWS\System32\svchost.exe[1628] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 027100D5
.text C:\WINDOWS\System32\svchost.exe[1628] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 02710F3C
.text C:\WINDOWS\System32\svchost.exe[1628] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 027100F0
.text C:\WINDOWS\System32\svchost.exe[1628] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0271003D
.text C:\WINDOWS\System32\svchost.exe[1628] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 02710000
.text C:\WINDOWS\System32\svchost.exe[1628] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 02710F68
.text C:\WINDOWS\System32\svchost.exe[1628] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 0271001B
.text C:\WINDOWS\System32\svchost.exe[1628] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 02710FCA
.text C:\WINDOWS\System32\svchost.exe[1628] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 027100B0
.text C:\WINDOWS\System32\svchost.exe[1628] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 022A002C
.text C:\WINDOWS\System32\svchost.exe[1628] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 022A0062
.text C:\WINDOWS\System32\svchost.exe[1628] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 022A0FDB
.text C:\WINDOWS\System32\svchost.exe[1628] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 022A0011
.text C:\WINDOWS\System32\svchost.exe[1628] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 022A0FA5
.text C:\WINDOWS\System32\svchost.exe[1628] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 022A0000
.text C:\WINDOWS\System32\svchost.exe[1628] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 022A0047
.text C:\WINDOWS\System32\svchost.exe[1628] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 022A0FC0
.text C:\WINDOWS\System32\svchost.exe[1628] USER32.dll!CallNextHookEx + 4A 7E42B410 7 Bytes CALL 35672D96 \\?\globalroot\Device\__max++>\88796E1A.x86.dll
.text C:\WINDOWS\System32\svchost.exe[1628] GDI32.dll!GetHFONT + 51 77F17EA7 7 Bytes CALL 35672DC2 \\?\globalroot\Device\__max++>\88796E1A.x86.dll
.text C:\WINDOWS\System32\svchost.exe[1628] GDI32.dll!GetTextExtentPoint32W + E4 77F18081 7 Bytes CALL 35672DDE \\?\globalroot\Device\__max++>\88796E1A.x86.dll
.text C:\WINDOWS\System32\svchost.exe[1628] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 02290049
.text C:\WINDOWS\System32\svchost.exe[1628] msvcrt.dll!system 77C293C7 5 Bytes JMP 02290038
.text C:\WINDOWS\System32\svchost.exe[1628] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0229000C
.text C:\WINDOWS\System32\svchost.exe[1628] msvcrt.dll!_open 77C2F566 5 Bytes JMP 02290FEF
.text C:\WINDOWS\System32\svchost.exe[1628] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0229001D
.text C:\WINDOWS\System32\svchost.exe[1628] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 02290FDE
.text C:\WINDOWS\System32\svchost.exe[1628] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 02260000
.text C:\WINDOWS\System32\svchost.exe[1628] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 02260FE5
.text C:\WINDOWS\System32\svchost.exe[1628] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 02260FCA
.text C:\WINDOWS\System32\svchost.exe[1628] WININET.dll!InternetOpenUrlW 3D9A6DDF 3 Bytes JMP 02260FB9
.text C:\WINDOWS\System32\svchost.exe[1628] WININET.dll!InternetOpenUrlW + 4 3D9A6DE3 1 Byte [C4]
.text C:\WINDOWS\System32\svchost.exe[1628] WS2_32.dll!socket 71AB4211 5 Bytes JMP 0227000A
.text C:\WINDOWS\system32\svchost.exe[1828] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 011F0FE5
.text C:\WINDOWS\system32\svchost.exe[1828] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 011F0F72
.text C:\WINDOWS\system32\svchost.exe[1828] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 011F0F83
.text C:\WINDOWS\system32\svchost.exe[1828] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 011F0051
.text C:\WINDOWS\system32\svchost.exe[1828] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 011F0040
.text C:\WINDOWS\system32\svchost.exe[1828] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 011F0FAF
.text C:\WINDOWS\system32\svchost.exe[1828] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 011F0F3A
.text C:\WINDOWS\system32\svchost.exe[1828] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 011F008C
.text C:\WINDOWS\system32\svchost.exe[1828] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 011F0EF3
.text C:\WINDOWS\system32\svchost.exe[1828] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 011F0F04
.text C:\WINDOWS\system32\svchost.exe[1828] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 011F0ED8
.text C:\WINDOWS\system32\svchost.exe[1828] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 011F0F9E
.text C:\WINDOWS\system32\svchost.exe[1828] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 011F0000
.text C:\WINDOWS\system32\svchost.exe[1828] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 011F0F61
.text C:\WINDOWS\system32\svchost.exe[1828] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 011F0025
.text C:\WINDOWS\system32\svchost.exe[1828] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 011F0FCA
.text C:\WINDOWS\system32\svchost.exe[1828] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 011F0F1F
.text C:\WINDOWS\system32\svchost.exe[1828] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00FC0FD1
.text C:\WINDOWS\system32\svchost.exe[1828] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00FC0FB6
.text C:\WINDOWS\system32\svchost.exe[1828] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00FC0022
.text C:\WINDOWS\system32\svchost.exe[1828] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00FC0011
.text C:\WINDOWS\system32\svchost.exe[1828] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00FC0073
.text C:\WINDOWS\system32\svchost.exe[1828] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00FC0000
.text C:\WINDOWS\system32\svchost.exe[1828] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00FC0062
.text C:\WINDOWS\system32\svchost.exe[1828] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00FC0047
.text C:\WINDOWS\system32\svchost.exe[1828] USER32.dll!CallNextHookEx + 4A 7E42B410 7 Bytes CALL 35672D96 \\?\globalroot\Device\__max++>\88796E1A.x86.dll
.text C:\WINDOWS\system32\svchost.exe[1828] GDI32.dll!GetHFONT + 51 77F17EA7 7 Bytes CALL 35672DC2 \\?\globalroot\Device\__max++>\88796E1A.x86.dll
.text C:\WINDOWS\system32\svchost.exe[1828] GDI32.dll!GetTextExtentPoint32W + E4 77F18081 7 Bytes CALL 35672DDE \\?\globalroot\Device\__max++>\88796E1A.x86.dll
.text C:\WINDOWS\system32\svchost.exe[1828] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00FB0070
.text C:\WINDOWS\system32\svchost.exe[1828] msvcrt.dll!system 77C293C7 5 Bytes JMP 00FB005F
.text C:\WINDOWS\system32\svchost.exe[1828] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00FB0029
.text C:\WINDOWS\system32\svchost.exe[1828] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00FB0FEF
.text C:\WINDOWS\system32\svchost.exe[1828] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00FB0044
.text C:\WINDOWS\system32\svchost.exe[1828] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00FB0018
.text C:\WINDOWS\system32\svchost.exe[1828] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00F9000A
.text C:\WINDOWS\system32\svchost.exe[1828] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00F9001B
.text C:\WINDOWS\system32\svchost.exe[1828] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00F90FE5
.text C:\WINDOWS\system32\svchost.exe[1828] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00F90FD4
.text C:\WINDOWS\system32\svchost.exe[1828] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00FA0000
.text C:\WINDOWS\system32\svchost.exe[1864] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00DA0000
.text C:\WINDOWS\system32\svchost.exe[1864] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00DA0F84
.text C:\WINDOWS\system32\svchost.exe[1864] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00DA0F95
.text C:\WINDOWS\system32\svchost.exe[1864] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00DA006F
.text C:\WINDOWS\system32\svchost.exe[1864] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00DA0054
.text C:\WINDOWS\system32\svchost.exe[1864] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00DA0FBC
.text C:\WINDOWS\system32\svchost.exe[1864] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00DA00AF
.text C:\WINDOWS\system32\svchost.exe[1864] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00DA0F5D
.text C:\WINDOWS\system32\svchost.exe[1864] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00DA0F16
.text C:\WINDOWS\system32\svchost.exe[1864] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00DA0F27
.text C:\WINDOWS\system32\svchost.exe[1864] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00DA00C0
.text C:\WINDOWS\system32\svchost.exe[1864] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00DA0043
.text C:\WINDOWS\system32\svchost.exe[1864] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00DA0FEF
.text C:\WINDOWS\system32\svchost.exe[1864] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00DA0094
.text C:\WINDOWS\system32\svchost.exe[1864] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00DA0FCD
.text C:\WINDOWS\system32\svchost.exe[1864] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00DA0FDE
.text C:\WINDOWS\system32\svchost.exe[1864] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00DA0F4C
.text C:\WINDOWS\system32\svchost.exe[1864] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00D90FC3
.text C:\WINDOWS\system32\svchost.exe[1864] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00D90F8D
.text C:\WINDOWS\system32\svchost.exe[1864] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00D9000A
.text C:\WINDOWS\system32\svchost.exe[1864] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00D90FD4
.text C:\WINDOWS\system32\svchost.exe[1864] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00D9004A
.text C:\WINDOWS\system32\svchost.exe[1864] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00D90FEF
.text C:\WINDOWS\system32\svchost.exe[1864] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00D90FB2
.text C:\WINDOWS\system32\svchost.exe[1864] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [F9, 88]
.text C:\WINDOWS\system32\svchost.exe[1864] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00D90039
.text C:\WINDOWS\system32\svchost.exe[1864] USER32.dll!CallNextHookEx + 4A 7E42B410 7 Bytes CALL 35672D96 \\?\globalroot\Device\__max++>\88796E1A.x86.dll
.text C:\WINDOWS\system32\svchost.exe[1864] GDI32.dll!GetHFONT + 51 77F17EA7 7 Bytes CALL 35672DC2 \\?\globalroot\Device\__max++>\88796E1A.x86.dll
.text C:\WINDOWS\system32\svchost.exe[1864] GDI32.dll!GetTextExtentPoint32W + E4 77F18081 7 Bytes CALL 35672DDE \\?\globalroot\Device\__max++>\88796E1A.x86.dll
.text C:\WINDOWS\system32\svchost.exe[1864] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00D80044
.text C:\WINDOWS\system32\svchost.exe[1864] msvcrt.dll!system 77C293C7 5 Bytes JMP 00D80033
.text C:\WINDOWS\system32\svchost.exe[1864] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00D80FDE
.text C:\WINDOWS\system32\svchost.exe[1864] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00D80FEF
.text C:\WINDOWS\system32\svchost.exe[1864] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00D80FC3
.text C:\WINDOWS\system32\svchost.exe[1864] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00D8000C
.text C:\WINDOWS\system32\svchost.exe[1864] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00A80FEF
.text C:\WINDOWS\system32\svchost.exe[1864] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00A80FD4
.text C:\WINDOWS\system32\svchost.exe[1864] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00A80FC3
.text C:\WINDOWS\system32\svchost.exe[1864] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00A80FB2
.text C:\WINDOWS\system32\svchost.exe[1864] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00A9000A
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2124] USER32.dll!CallNextHookEx + 4A 7E42B410 7 Bytes CALL 35672D96 \\?\globalroot\Device\__max++>\88796E1A.x86.dll
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2124] GDI32.dll!GetHFONT + 51 77F17EA7 7 Bytes CALL 35672DC2 \\?\globalroot\Device\__max++>\88796E1A.x86.dll
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2124] GDI32.dll!GetTextExtentPoint32W + E4 77F18081 7 Bytes CALL 35672DDE \\?\globalroot\Device\__max++>\88796E1A.x86.dll
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2304] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0041C130 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2304] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0041C1B0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2340] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00270FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[2340] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00270F57
.text C:\Program Files\Internet Explorer\iexplore.exe[2340] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00270F68
.text C:\Program Files\Internet Explorer\iexplore.exe[2340] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00270F83
.text C:\Program Files\Internet Explorer\iexplore.exe[2340] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00270036
.text C:\Program Files\Internet Explorer\iexplore.exe[2340] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0027001B
.text C:\Program Files\Internet Explorer\iexplore.exe[2340] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 0027008E
.text C:\Program Files\Internet Explorer\iexplore.exe[2340] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00270F3C
.text C:\Program Files\Internet Explorer\iexplore.exe[2340] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00270F21
.text C:\Program Files\Internet Explorer\iexplore.exe[2340] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 002700BA
.text C:\Program Files\Internet Explorer\iexplore.exe[2340] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00270EFC
.text C:\Program Files\Internet Explorer\iexplore.exe[2340] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00270F94
.text C:\Program Files\Internet Explorer\iexplore.exe[2340] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00270FDE
.text C:\Program Files\Internet Explorer\iexplore.exe[2340] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00270067
.text C:\Program Files\Internet Explorer\iexplore.exe[2340] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00270FB9
.text C:\Program Files\Internet Explorer\iexplore.exe[2340] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0027000A
.text C:\Program Files\Internet Explorer\iexplore.exe[2340] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 002700A9
.text C:\Program Files\Internet Explorer\iexplore.exe[2340] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00360FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[2340] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00360087
.text C:\Program Files\Internet Explorer\iexplore.exe[2340] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00360036
.text C:\Program Files\Internet Explorer\iexplore.exe[2340] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00360011
.text C:\Program Files\Internet Explorer\iexplore.exe[2340] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00360FCA
.text C:\Program Files\Internet Explorer\iexplore.exe[2340] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00360000
.text C:\Program Files\Internet Explorer\iexplore.exe[2340] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 0036006C
.text C:\Program Files\Internet Explorer\iexplore.exe[2340] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00360051
.text C:\Program Files\Internet Explorer\iexplore.exe[2340] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215435 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2340] USER32.dll!CallNextHookEx + 4A 7E42B410 7 Bytes CALL 35672D96 \\?\globalroot\Device\__max++>\88796E1A.x86.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2340] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2ED67C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2340] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E418F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2340] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E40C1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2340] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E412C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2340] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E3F92 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2340] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E3FF4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2340] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E41F2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2340] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4056 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2340] GDI32.dll!GetHFONT + 51 77F17EA7 7 Bytes CALL 35672DC2 \\?\globalroot\Device\__max++>\88796E1A.x86.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2340] GDI32.dll!GetTextExtentPoint32W + E4 77F18081 7 Bytes CALL 35672DDE \\?\globalroot\Device\__max++>\88796E1A.x86.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2340] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00370044
.text C:\Program Files\Internet Explorer\iexplore.exe[2340] msvcrt.dll!system 77C293C7 5 Bytes JMP 00370033
.text C:\Program Files\Internet Explorer\iexplore.exe[2340] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00370FDE
.text C:\Program Files\Internet Explorer\iexplore.exe[2340] msvcrt.dll!_open 77C2F566 5 Bytes JMP 0037000C
.text C:\Program Files\Internet Explorer\iexplore.exe[2340] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00370FC3
.text C:\Program Files\Internet Explorer\iexplore.exe[2340] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00370FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[2340] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 01830FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[2340] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 01830FD4
.text C:\Program Files\Internet Explorer\iexplore.exe[2340] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 01830FC3
.text C:\Program Files\Internet Explorer\iexplore.exe[2340] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 0183000A
.text C:\Program Files\Internet Explorer\iexplore.exe[2340] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01860FE5
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[2996] USER32.dll!CallNextHookEx + 4A 7E42B410 7 Bytes CALL 35672D96 \\?\globalroot\Device\__max++>\88796E1A.x86.dll
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[2996] GDI32.dll!GetHFONT + 51 77F17EA7 7 Bytes CALL 35672DC2 \\?\globalroot\Device\__max++>\88796E1A.x86.dll
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[2996] GDI32.dll!GetTextExtentPoint32W + E4 77F18081 7 Bytes CALL 35672DDE \\?\globalroot\Device\__max++>\88796E1A.x86.dll
.text C:\WINDOWS\system32\svchost.exe[3244] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00930FEF
.text C:\WINDOWS\system32\svchost.exe[3244] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0093009F
.text C:\WINDOWS\system32\svchost.exe[3244] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00930FAA
.text C:\WINDOWS\system32\svchost.exe[3244] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00930084
.text C:\WINDOWS\system32\svchost.exe[3244] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00930073
.text C:\WINDOWS\system32\svchost.exe[3244] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00930047
.text C:\WINDOWS\system32\svchost.exe[3244] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 009300B0
.text C:\WINDOWS\system32\svchost.exe[3244] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00930F74
.text C:\WINDOWS\system32\svchost.exe[3244] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 009300DC
.text C:\WINDOWS\system32\svchost.exe[3244] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00930F4D
.text C:\WINDOWS\system32\svchost.exe[3244] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 009300ED
.text C:\WINDOWS\system32\svchost.exe[3244] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00930058
.text C:\WINDOWS\system32\svchost.exe[3244] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0093000A
.text C:\WINDOWS\system32\svchost.exe[3244] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00930F8F
.text C:\WINDOWS\system32\svchost.exe[3244] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00930036
.text C:\WINDOWS\system32\svchost.exe[3244] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00930025
.text C:\WINDOWS\system32\svchost.exe[3244] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 009300C1
.text C:\WINDOWS\system32\svchost.exe[3244] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00920040
.text C:\WINDOWS\system32\svchost.exe[3244] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00920F94
.text C:\WINDOWS\system32\svchost.exe[3244] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00920025
.text C:\WINDOWS\system32\svchost.exe[3244] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0092000A
.text C:\WINDOWS\system32\svchost.exe[3244] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 0092005B
.text C:\WINDOWS\system32\svchost.exe[3244] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00920FEF
.text C:\WINDOWS\system32\svchost.exe[3244] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00920FB9
.text C:\WINDOWS\system32\svchost.exe[3244] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [B2, 88] {MOV DL, 0x88}
.text C:\WINDOWS\system32\svchost.exe[3244] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00920FCA
.text C:\WINDOWS\system32\svchost.exe[3244] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00910042
.text C:\WINDOWS\system32\svchost.exe[3244] msvcrt.dll!system 77C293C7 5 Bytes JMP 00910FAD
.text C:\WINDOWS\system32\svchost.exe[3244] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0091000C
.text C:\WINDOWS\system32\svchost.exe[3244] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00910FEF
.text C:\WINDOWS\system32\svchost.exe[3244] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00910027
.text C:\WINDOWS\system32\svchost.exe[3244] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00910FDE
.text C:\WINDOWS\system32\svchost.exe[3244] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00900FEF
.text C:\WINDOWS\system32\svchost.exe[3244] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00900FDE
.text C:\WINDOWS\system32\svchost.exe[3244] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00900FCD
.text C:\WINDOWS\system32\svchost.exe[3244] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 0090001E
.text C:\Program Files\Internet Explorer\iexplore.exe[3284] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00270FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[3284] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00270F63
.text C:\Program Files\Internet Explorer\iexplore.exe[3284] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00270F7E
.text C:\Program Files\Internet Explorer\iexplore.exe[3284] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00270062
.text C:\Program Files\Internet Explorer\iexplore.exe[3284] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00270FAF
.text C:\Program Files\Internet Explorer\iexplore.exe[3284] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00270036
.text C:\Program Files\Internet Explorer\iexplore.exe[3284] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00270F48
.text C:\Program Files\Internet Explorer\iexplore.exe[3284] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 0027009A
.text C:\Program Files\Internet Explorer\iexplore.exe[3284] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 002700D0
.text C:\Program Files\Internet Explorer\iexplore.exe[3284] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 002700BF
.text C:\Program Files\Internet Explorer\iexplore.exe[3284] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 002700EB
.text C:\Program Files\Internet Explorer\iexplore.exe[3284] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00270047
.text C:\Program Files\Internet Explorer\iexplore.exe[3284] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0027000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3284] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 0027007D
.text C:\Program Files\Internet Explorer\iexplore.exe[3284] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00270FCA
.text C:\Program Files\Internet Explorer\iexplore.exe[3284] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00270025
.text C:\Program Files\Internet Explorer\iexplore.exe[3284] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00270F37
.text C:\Program Files\Internet Explorer\iexplore.exe[3284] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00360FC3
.text C:\Program Files\Internet Explorer\iexplore.exe[3284] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0036006F
.text C:\Program Files\Internet Explorer\iexplore.exe[3284] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00360FDE
.text C:\Program Files\Internet Explorer\iexplore.exe[3284] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0036000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3284] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 0036005E
.text C:\Program Files\Internet Explorer\iexplore.exe[3284] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00360FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[3284] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00360FB2
.text C:\Program Files\Internet Explorer\iexplore.exe[3284] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [56, 88]
.text C:\Program Files\Internet Explorer\iexplore.exe[3284] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00360039
.text C:\Program Files\Internet Explorer\iexplore.exe[3284] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215435 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3284] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E97F5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3284] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DCE79 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3284] USER32.dll!CallNextHookEx + 4A 7E42B410 7 Bytes CALL 35672D96 \\?\globalroot\Device\__max++>\88796E1A.x86.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3284] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2ED67C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3284] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25466C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3284] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E418F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3284] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E40C1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3284] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E412C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3284] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E3F92 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3284] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E3FF4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3284] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E41F2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3284] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4056 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3284] GDI32.dll!GetHFONT + 51 77F17EA7 7 Bytes CALL 35672DC2 \\?\globalroot\Device\__max++>\88796E1A.x86.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3284] GDI32.dll!GetTextExtentPoint32W + E4 77F18081 7 Bytes CALL 35672DDE \\?\globalroot\Device\__max++>\88796E1A.x86.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3284] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00370F8B
.text C:\Program Files\Internet Explorer\iexplore.exe[3284] msvcrt.dll!system 77C293C7 5 Bytes JMP 00370F9C
.text C:\Program Files\Internet Explorer\iexplore.exe[3284] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00370FD2
.text C:\Program Files\Internet Explorer\iexplore.exe[3284] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00370000
.text C:\Program Files\Internet Explorer\iexplore.exe[3284] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00370FB7
.text C:\Program Files\Internet Explorer\iexplore.exe[3284] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00370FE3
.text C:\Program Files\Internet Explorer\iexplore.exe[3284] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2ED6D8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3284] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E44F7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3284] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 01830000
.text C:\Program Files\Internet Explorer\iexplore.exe[3284] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 01830011
.text C:\Program Files\Internet Explorer\iexplore.exe[3284] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 01830022
.text C:\Program Files\Internet Explorer\iexplore.exe[3284] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 01830FD1
.text C:\Program Files\Internet Explorer\iexplore.exe[3284] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01B60FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00270000
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00270078
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00270F83
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00270F9E
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0027005B
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00270FCA
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 002700A6
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00270F5E
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00270F1E
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00270F2F
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 002700DC
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00270FB9
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00270FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00270089
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00270036
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0027001B
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 002700B7
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00360FA8
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00360039
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00360FB9
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00360FCA
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00360F7C
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00360FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 0036001E
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00360F97
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215435 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E97F5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DCE79 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] USER32.dll!CallNextHookEx + 4A 7E42B410 7 Bytes CALL 35672D96 \\?\globalroot\Device\__max++>\88796E1A.x86.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2ED67C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25466C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E418F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E40C1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E412C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E3F92 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E3FF4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E41F2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4056 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] GDI32.dll!GetHFONT + 51 77F17EA7 7 Bytes CALL 35672DC2 \\?\globalroot\Device\__max++>\88796E1A.x86.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] GDI32.dll!GetTextExtentPoint32W + E4 77F18081 7 Bytes CALL 35672DDE \\?\globalroot\Device\__max++>\88796E1A.x86.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0037006E
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] msvcrt.dll!system 77C293C7 5 Bytes JMP 00370053
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00370FE3
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00370000
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00370038
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0037001D
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2ED6D8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E44F7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 01830000
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 0183001B
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 01830FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 01830036
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01B60FEF
.text C:\WINDOWS\explorer.exe[7944] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001B0FEF
.text C:\WINDOWS\explorer.exe[7944] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001B009D
.text C:\WINDOWS\explorer.exe[7944] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001B008C
.text C:\WINDOWS\explorer.exe[7944] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001B007B
.text C:\WINDOWS\explorer.exe[7944] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001B005E
.text C:\WINDOWS\explorer.exe[7944] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001B0FB2
.text C:\WINDOWS\explorer.exe[7944] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001B0F6D
.text C:\WINDOWS\explorer.exe[7944] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001B00BF
.text C:\WINDOWS\explorer.exe[7944] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001B00E1
.text C:\WINDOWS\explorer.exe[7944] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001B00D0
.text C:\WINDOWS\explorer.exe[7944] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 001B0F2D
.text C:\WINDOWS\explorer.exe[7944] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 001B0043
.text C:\WINDOWS\explorer.exe[7944] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 001B000A
.text C:\WINDOWS\explorer.exe[7944] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 001B00AE
.text C:\WINDOWS\explorer.exe[7944] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 001B0FC3
.text C:\WINDOWS\explorer.exe[7944] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 001B0FDE
.text C:\WINDOWS\explorer.exe[7944] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 001B0F5C
.text C:\WINDOWS\explorer.exe[7944] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 002A000A
.text C:\WINDOWS\explorer.exe[7944] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 002A0040
.text C:\WINDOWS\explorer.exe[7944] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 002A0FB9
.text C:\WINDOWS\explorer.exe[7944] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 002A0FDE
.text C:\WINDOWS\explorer.exe[7944] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 002A002F
.text C:\WINDOWS\explorer.exe[7944] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 002A0FEF
.text C:\WINDOWS\explorer.exe[7944] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 002A0F8D
.text C:\WINDOWS\explorer.exe[7944] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [4A, 88]
.text C:\WINDOWS\explorer.exe[7944] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 002A0F9E
.text C:\WINDOWS\explorer.exe[7944] GDI32.dll!GetHFONT + 51 77F17EA7 7 Bytes CALL 35672DC2 \\?\globalroot\Device\__max++>\88796E1A.x86.dll
.text C:\WINDOWS\explorer.exe[7944] GDI32.dll!GetTextExtentPoint32W + E4 77F18081 7 Bytes CALL 35672DDE \\?\globalroot\Device\__max++>\88796E1A.x86.dll
.text C:\WINDOWS\explorer.exe[7944] USER32.dll!CallNextHookEx + 4A 7E42B410 7 Bytes CALL 35672D96 \\?\globalroot\Device\__max++>\88796E1A.x86.dll
.text C:\WINDOWS\explorer.exe[7944] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 002B0FA6
.text C:\WINDOWS\explorer.exe[7944] msvcrt.dll!system 77C293C7 5 Bytes JMP 002B0031
.text C:\WINDOWS\explorer.exe[7944] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 002B0FC1
.text C:\WINDOWS\explorer.exe[7944] msvcrt.dll!_open 77C2F566 5 Bytes JMP 002B0FEF
.text C:\WINDOWS\explorer.exe[7944] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 002B0016
.text C:\WINDOWS\explorer.exe[7944] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 002B0FD2
.text C:\WINDOWS\explorer.exe[7944] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 002D0000
.text C:\WINDOWS\explorer.exe[7944] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 002D001B
.text C:\WINDOWS\explorer.exe[7944] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 002D0FEF
.text C:\WINDOWS\explorer.exe[7944] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 002D0040
.text C:\WINDOWS\explorer.exe[7944] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00BD0000

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\svchost.exe[192] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtWriteFile] [35672A94] \\?\globalroot\Device\__max++>\88796E1A.x86.dll
IAT C:\WINDOWS\system32\svchost.exe[192] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [35672A1E] \\?\globalroot\Device\__max++>\88796E1A.x86.dll
IAT C:\WINDOWS\system32\spoolsv.exe[432] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtWriteFile] [35672A94] \\?\globalroot\Device\__max++>\88796E1A.x86.dll
IAT C:\WINDOWS\system32\spoolsv.exe[432] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [35672A1E] \\?\globalroot\Device\__max++>\88796E1A.x86.dll
IAT C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1108] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtWriteFile] [35672A94] \\?\globalroot\Device\__max++>\88796E1A.x86.dll
IAT C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1108] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [35672A1E] \\?\globalroot\Device\__max++>\88796E1A.x86.dll
IAT C:\WINDOWS\system32\svchost.exe[1272] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtWriteFile] [35672A94] \\?\globalroot\Device\__max++>\88796E1A.x86.dll
IAT C:\WINDOWS\system32\svchost.exe[1272] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [35672A1E] \\?\globalroot\Device\__max++>\88796E1A.x86.dll
IAT C:\WINDOWS\system32\svchost.exe[1420] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtWriteFile] [35672A94] \\?\globalroot\Device\__max++>\88796E1A.x86.dll
IAT C:\WINDOWS\system32\svchost.exe[1420] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [35672A1E] \\?\globalroot\Device\__max++>\88796E1A.x86.dll
IAT C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[1512] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtWriteFile] [35672A94] \\?\globalroot\Device\__max++>\88796E1A.x86.dll
IAT C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[1512] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [35672A1E] \\?\globalroot\Device\__max++>\88796E1A.x86.dll
IAT C:\WINDOWS\System32\svchost.exe[1628] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtWriteFile] [35672A94] \\?\globalroot\Device\__max++>\88796E1A.x86.dll
IAT C:\WINDOWS\System32\svchost.exe[1628] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [35672A1E] \\?\globalroot\Device\__max++>\88796E1A.x86.dll
IAT C:\WINDOWS\system32\svchost.exe[1828] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtWriteFile] [35672A94] \\?\globalroot\Device\__max++>\88796E1A.x86.dll
IAT C:\WINDOWS\system32\svchost.exe[1828] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [35672A1E] \\?\globalroot\Device\__max++>\88796E1A.x86.dll
IAT C:\WINDOWS\system32\svchost.exe[1864] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtWriteFile] [35672A94] \\?\globalroot\Device\__max++>\88796E1A.x86.dll
IAT C:\WINDOWS\system32\svchost.exe[1864] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [35672A1E] \\?\globalroot\Device\__max++>\88796E1A.x86.dll
IAT c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2124] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtWriteFile] [35672A94] \\?\globalroot\Device\__max++>\88796E1A.x86.dll
IAT c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2124] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [35672A1E] \\?\globalroot\Device\__max++>\88796E1A.x86.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[2340] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtWriteFile] [35672A94] \\?\globalroot\Device\__max++>\88796E1A.x86.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[2340] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [35672A1E] \\?\globalroot\Device\__max++>\88796E1A.x86.dll
IAT C:\Program Files\McAfee\MPF\MPFSrv.exe[2996] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtWriteFile] [35672A94] \\?\globalroot\Device\__max++>\88796E1A.x86.dll
IAT C:\Program Files\McAfee\MPF\MPFSrv.exe[2996] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [35672A1E] \\?\globalroot\Device\__max++>\88796E1A.x86.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtWriteFile] [35672A94] \\?\globalroot\Device\__max++>\88796E1A.x86.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [35672A1E] \\?\globalroot\Device\__max++>\88796E1A.x86.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CloseHandle] [0467B810] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [046A0920] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileA] [0467AD70] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [046A08C0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!WriteFile] [0467B910] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!ReadFile] [0467B8B0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] [0467AF80] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [046A0890] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [046A0950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateFileW] [0467AF80] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [046A0890] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [046A08C0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [046A0950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CloseHandle] [0467B810] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!WriteFile] [0467B910] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [046A0890] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!CreateFileW] [0467AF80] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!CloseHandle] [0467B810] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [046A08C0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [046A0950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [046A0920] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CloseHandle] [0467B810] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!ReadFile] [0467B8B0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [0467B460] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [046A0890] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [046A0950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [046A08C0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateFileW] [0467AF80] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [046A0920] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [046A0890] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [046A0950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [046A08C0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!CloseHandle] [0467B810] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!WriteFile] [0467B910] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!CreateFileW] [0467AF80] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CloseHandle] [0467B810] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [046A0950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [046A0890] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [0467B240] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [0467B460] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateFileA] [0467AD70] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!ReadFile] [0467B8B0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateFileW] [0467AF80] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!WriteFile] [0467B910] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!WriteFile] [0467B910] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] [0467AD70] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [0467AF80] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [046A08F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [046A0920] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [046A08C0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [0467B240] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [0467B460] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!ReadFile] [0467B8B0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [046A0890] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [046A0950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CloseHandle] [0467B810] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DialogBoxParamW] [04679BC0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!MessageBoxIndirectA] [0467A320] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!MessageBoxIndirectW] [0467A7F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [046A0890] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [0467B460] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [046A08C0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [046A0950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] [0467AF80] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!ReadFile] [0467B8B0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CloseHandle] [0467B810] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!WriteFile] [0467B910] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [046A0920] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [046A08F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DialogBoxParamW] [04679BC0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!MessageBoxIndirectW] [0467A7F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [046A0950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [046A0890] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CloseHandle] [0467B810] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [046A08C0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] [0467AF80] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!ReadFile] [0467B8B0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [046A08F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [0467B460] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!WriteFile] [0467B910] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DialogBoxParamW] [04679BC0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [046A08C0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!WriteFile] [0467B910] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateFileW] [0467AF80] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateFileA] [0467AD70] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!ReadFile] [0467B8B0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [046A0920] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [046A0950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [046A0890] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CloseHandle] [0467B810] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!DialogBoxParamW] [04679BC0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [046A0950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [046A0890] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!CloseHandle] [0467B810] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!CloseHandle] [0467B810] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [046A0890] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [046A0950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!CreateFileW] [0467AF80] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!CreateFileA] [0467AD70] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!CloseHandle] [0467B810] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [046A0950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [046A0890] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [046A08C0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [046A0890] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [046A0950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!CreateFileW] [0467AF80] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!WriteFile] [0467B910] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!CloseHandle] [0467B810] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!ReadFile] [0467B8B0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [046A08C0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!WriteFile] [0467B910] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateFileW] [0467AF80] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [046A08F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [0467B460] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CloseHandle] [0467B810] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [046A0950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [046A0890] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!ReadFile] [0467B8B0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\USERENV.dll [USER32.dll!DialogBoxParamW] [04679BC0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [046A0890] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [046A0950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!CreateFileA] [0467AD70] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!CloseHandle] [0467B810] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [046A0950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [046A0890] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateFileA] [0467AD70] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateFileW] [0467AF80] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [046A08F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [046A0920] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CloseHandle] [0467B810] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!WriteFile] [0467B910] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3284] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!ReadFile] [0467B8B0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtWriteFile] [35672A94] \\?\globalroot\Device\__max++>\88796E1A.x86.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [35672A1E] \\?\globalroot\Device\__max++>\88796E1A.x86.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CloseHandle] [048BB810] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [048E0920] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileA] [048BAD70] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [048E08C0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!WriteFile] [048BB910] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!ReadFile] [048BB8B0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] [048BAF80] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [048E0890] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [048E0950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateFileW] [048BAF80] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [048E0890] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [048E08C0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [048E0950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CloseHandle] [048BB810] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!WriteFile] [048BB910] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [048E0890] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!CreateFileW] [048BAF80] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!CloseHandle] [048BB810] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [048E08C0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [048E0950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [048E0920] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CloseHandle] [048BB810] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!ReadFile] [048BB8B0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [048BB460] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [048E0890] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [048E0950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [048E08C0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateFileW] [048BAF80] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [048E0920] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [048E0890] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [048E0950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [048E08C0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!CloseHandle] [048BB810] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!WriteFile] [048BB910] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!CreateFileW] [048BAF80] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CloseHandle] [048BB810] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [048E0950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [048E0890] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [048BB240] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [048BB460] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateFileA] [048BAD70] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!ReadFile] [048BB8B0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateFileW] [048BAF80] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!WriteFile] [048BB910] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!WriteFile] [048BB910] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] [048BAD70] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [048BAF80] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [048E08F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [048E0920] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [048E08C0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [048BB240] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [048BB460] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!ReadFile] [048BB8B0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [048E0890] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [048E0950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CloseHandle] [048BB810] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DialogBoxParamW] [048B9BC0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!MessageBoxIndirectA] [048BA320] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!MessageBoxIndirectW] [048BA7F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [048E0890] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [048BB460] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [048E08C0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [048E0950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] [048BAF80] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!ReadFile] [048BB8B0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CloseHandle] [048BB810] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!WriteFile] [048BB910] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [048E0920] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [048E08F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DialogBoxParamW] [048B9BC0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!MessageBoxIndirectW] [048BA7F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [048E0950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [048E0890] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CloseHandle] [048BB810] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [048E08C0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] [048BAF80] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!ReadFile] [048BB8B0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [048E08F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [048BB460] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!WriteFile] [048BB910] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DialogBoxParamW] [048B9BC0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [048E08C0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!WriteFile] [048BB910] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateFileW] [048BAF80] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateFileA] [048BAD70] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!ReadFile] [048BB8B0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [048E0920] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [048E0950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [048E0890] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CloseHandle] [048BB810] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!DialogBoxParamW] [048B9BC0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [048E0950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [048E0890] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!CloseHandle] [048BB810] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!CloseHandle] [048BB810] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [048E0890] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [048E0950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [048E08C0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [048E0890] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [048E0950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!CreateFileW] [048BAF80] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!WriteFile] [048BB910] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!CloseHandle] [048BB810] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!ReadFile] [048BB8B0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [048E08C0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!WriteFile] [048BB910] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateFileW] [048BAF80] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [048E08F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [048BB460] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CloseHandle] [048BB810] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [048E0950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [048E0890] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!ReadFile] [048BB8B0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\USERENV.dll [USER32.dll!DialogBoxParamW] [048B9BC0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!CreateFileW] [048BAF80] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!CreateFileA] [048BAD70] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!CloseHandle] [048BB810] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [048E0950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [048E0890] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [048E0890] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [048E0950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!CreateFileA] [048BAD70] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!CloseHandle] [048BB810] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [048E0950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [048E0890] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateFileA] [048BAD70] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateFileW] [048BAF80] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [048E08F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [048E0920] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CloseHandle] [048BB810] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!WriteFile] [048BB910] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3640] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!ReadFile] [048BB8B0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\WINDOWS\explorer.exe[7944] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtWriteFile] [35672A94] \\?\globalroot\Device\__max++>\88796E1A.x86.dll
IAT C:\WINDOWS\explorer.exe[7944] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [35672A1E] \\?\globalroot\Device\__max++>\88796E1A.x86.dll

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)
Device tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\iastor \Device\Ide\iaStor0 [F7414146] iaStor.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xfc]}
Device \Driver\iastor \Device\Ide\IAAStorageDevice-0 [F7414146] iaStor.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xfc]}

AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device Cdfs.SYS (CD-ROM File System Driver/Microsoft Corporation)
---- Processes - GMER 1.0.15 ----

Library \\?\globalroot\Device\__max++>\88796E1A.x86.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [192] 0x35670000
Library \\?\globalroot\Device\__max++>\88796E1A.x86.dll (*** hidden *** ) @ C:\WINDOWS\system32\spoolsv.exe [432] 0x35670000
Library \\?\globalroot\Device\__max++>\88796E1A.x86.dll (*** hidden *** ) @ C:\Program Files\Juniper Networks\Common Files\dsNcService.exe [1108] 0x35670000
Library \\?\globalroot\Device\__max++>\88796E1A.x86.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1272] 0x35670000
Library \\?\globalroot\Device\__max++>\88796E1A.x86.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1420] 0x35670000
Library \\?\globalroot\Device\__max++>\88796E1A.x86.dll (*** hidden *** ) @ C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [1512] 0x35670000
Library \\?\globalroot\Device\__max++>\88796E1A.x86.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1628] 0x35670000
Library \\?\globalroot\Device\__max++>\88796E1A.x86.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1828] 0x35670000
Library \\?\globalroot\Device\__max++>\88796E1A.x86.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1864] 0x35670000
Library \\?\globalroot\Device\__max++>\88796E1A.x86.dll (*** hidden *** ) @ c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2124] 0x35670000
Library \\?\globalroot\Device\__max++>\88796E1A.x86.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\iexplore.exe [2340] 0x35670000
Library \\?\globalroot\Device\__max++>\88796E1A.x86.dll (*** hidden *** ) @ C:\Program Files\McAfee\MPF\MPFSrv.exe [2996] 0x35670000
Library \\?\globalroot\Device\__max++>\88796E1A.x86.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\iexplore.exe [3284] 0x35670000
Library \\?\globalroot\Device\__max++>\88796E1A.x86.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\iexplore.exe [3640] 0x35670000
Library \\?\globalroot\Device\__max++>\88796E1A.x86.dll (*** hidden *** ) @ C:\WINDOWS\explorer.exe [7944] 0x35670000

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv@start 1
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv@type 1
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv@imagepath \systemroot\system32\drivers\TDSSserv.sys

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\drivers\iaStor.sys suspicious modification

---- EOF - GMER 1.0.15 ----

BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,944 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:46 PM

Posted 29 October 2009 - 12:00 AM

Hi, joe_braman :(

Welcome.

Please save this file to your desktop. Click on Start->Run, and copy-paste the following command (the bolded text) into the "Open" box, and click OK. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here. (Please allow the application to finish. You will know as the last sentence in the report will be "Finished".)

"%userprofile%\desktop\win32kdiag.exe" -f -r

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**
  • If you are using Firefox, make sure that your download settings are as follows:
    • Tools->Options->Main tab
    • Set to "Always ask me where to Save the files".
  • During the download, rename Combofix to Combo-Fix as follows:

    Posted Image

    Posted Image

  • It is important you rename Combofix during the download, but not after.
  • Please do not rename Combofix to other names, but only to the one indicated.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\Combo-Fix.txt" .
**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**


Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything unless told to do so while we are fixing your problem.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 joe_braman

joe_braman
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:46 PM

Posted 31 October 2009 - 10:11 AM

Firstly, thank you for the response and detailed instruction. I ran the steps as you instructed. The Win32KDiag ran and here is the log. The Combo-Fix ran but there was one error in one of the sessions saying GREP is not a recognized command. After that it finished all actions and when it rebooted for the 3rd time and was preparing the log file I got a blue screen on PCT Core . sys file or something like that. When I restarted, there was no log file in the c:\ Please advise if I have to do anything else. Appreciate your help again.

Running from: C:\Documents and Settings\Selvaraj Pichaiyan\desktop\win32kdiag.exe

Log file at : C:\Documents and Settings\Selvaraj Pichaiyan\Desktop\Win32kDiag.txt

Removing all found mount points.

Attempting to reset file permissions.

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...



Found mount point : C:\WINDOWS\$hf_mig$\KB912812\KB912812

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB912812\KB912812

Found mount point : C:\WINDOWS\$hf_mig$\KB916281\KB916281

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB916281\KB916281

Found mount point : C:\WINDOWS\$hf_mig$\KB918899\KB918899

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB918899\KB918899

Found mount point : C:\WINDOWS\$hf_mig$\KB920213\KB920213

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB920213\KB920213

Found mount point : C:\WINDOWS\$hf_mig$\KB922760\KB922760

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB922760\KB922760

Found mount point : C:\WINDOWS\$hf_mig$\KB924496\KB924496

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB924496\KB924496

Found mount point : C:\WINDOWS\$hf_mig$\KB925454\KB925454

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB925454\KB925454

Found mount point : C:\WINDOWS\$hf_mig$\KB928090\KB928090

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB928090\KB928090

Found mount point : C:\WINDOWS\$hf_mig$\KB929338\KB929338

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB929338\KB929338

Found mount point : C:\WINDOWS\$hf_mig$\KB931768\KB931768

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB931768\KB931768

Found mount point : C:\WINDOWS\$hf_mig$\KB931784\KB931784

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB931784\KB931784

Found mount point : C:\WINDOWS\$hf_mig$\KB932168\KB932168

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB932168\KB932168

Found mount point : C:\WINDOWS\$hf_mig$\KB933566\KB933566

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB933566\KB933566

Found mount point : C:\WINDOWS\$hf_mig$\KB937143\KB937143

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB937143\KB937143

Found mount point : C:\WINDOWS\$hf_mig$\KB939653\KB939653

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB939653\KB939653

Found mount point : C:\WINDOWS\$hf_mig$\KB942615\KB942615

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB942615\KB942615

Found mount point : C:\WINDOWS\$hf_mig$\KB943460\KB943460

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB943460\KB943460

Found mount point : C:\WINDOWS\$hf_mig$\KB944533\KB944533

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB944533\KB944533

Found mount point : C:\WINDOWS\assembly\temp\temp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\temp\temp

Found mount point : C:\WINDOWS\assembly\tmp\tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\tmp\tmp

Found mount point : C:\WINDOWS\Config\Config

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Config\Config

Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Found mount point : C:\WINDOWS\Debug\Setup\Backup\Backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Debug\Setup\Backup\Backup

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Cbz\Cbz

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Cbz\Cbz

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Lib\Lib

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Lib\Lib

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Wave\Wave

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Wave\Wave

Found mount point : C:\WINDOWS\ime\chsime\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\chsime\applets\applets

Found mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets

Found mount point : C:\WINDOWS\ime\imejp\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imejp\applets\applets

Found mount point : C:\WINDOWS\ime\imejp98\imejp98

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imejp98\imejp98

Found mount point : C:\WINDOWS\ime\imjp8_1\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imjp8_1\applets\applets

Found mount point : C:\WINDOWS\ime\imkr6_1\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imkr6_1\applets\applets

Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts

Found mount point : C:\WINDOWS\ime\shared\res\res

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\shared\res\res

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109411090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109411090400000000000F01FEC\12.0.4518\12.0.4518

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109440090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109440090400000000000F01FEC\12.0.4518\12.0.4518

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109511090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109511090400000000000F01FEC\12.0.4518\12.0.4518

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109711090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109711090400000000000F01FEC\12.0.4518\12.0.4518

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109910090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109910090400000000000F01FEC\12.0.4518\12.0.4518

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109B10090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109B10090400000000000F01FEC\12.0.4518\12.0.4518

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0

Found mount point : C:\WINDOWS\java\classes\classes

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\java\classes\classes

Found mount point : C:\WINDOWS\java\trustlib\trustlib

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\java\trustlib\trustlib

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Found mount point : C:\WINDOWS\msapps\msinfo\msinfo

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\msapps\msinfo\msinfo

Found mount point : C:\WINDOWS\mui\mui

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\mui\mui

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF

Found mount point : C:\WINDOWS\pchealth\ERRORREP\UserDumps\UserDumps

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\ERRORREP\UserDumps\UserDumps

Found mount point : C:\WINDOWS\pchealth\helpctr\BATCH\BATCH

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\BATCH\BATCH

Cannot access: C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe

Attempting to restore permissions of : C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe

Found mount point : C:\WINDOWS\pchealth\helpctr\Config\Cache\Cache

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\Config\Cache\Cache

Found mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint

Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles

Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs

Found mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS

Found mount point : C:\WINDOWS\pchealth\helpctr\System\News\News

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\System\News\News

Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp

Found mount point : C:\WINDOWS\PIF\PIF

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\PIF\PIF

Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Found mount point : C:\WINDOWS\security\logs\logs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\security\logs\logs

Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\5cfa09586faf6d9470f0c817d855bb6b\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\5cfa09586faf6d9470f0c817d855bb6b\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\85947e1a809663c7f480717673587a59\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\85947e1a809663c7f480717673587a59\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\9868363812bbe4a0a4d814b7943ba906\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\9868363812bbe4a0a4d814b7943ba906\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\d3767eab8f4479a8d252b47e8ec225c8\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\d3767eab8f4479a8d252b47e8ec225c8\backup\backup

Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment

Found mount point : C:\WINDOWS\SxsCaPendDel\SxsCaPendDel

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SxsCaPendDel\SxsCaPendDel

Cannot access: C:\WINDOWS\system32\eventlog.dll

Attempting to restore permissions of : C:\WINDOWS\system32\eventlog.dll

[1] 2004-08-04 08:00:00 55808 C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll (Microsoft Corporation)

[1] 2008-04-13 20:11:53 56320 C:\WINDOWS\ServicePackFiles\i386\eventlog.dll (Microsoft Corporation)

[1] 2008-04-13 20:11:53 61952 C:\WINDOWS\system32\eventlog.dll ()

[2] 2008-04-13 20:11:53 56320 C:\WINDOWS\system32\logevent.dll (Microsoft Corporation)

[1] 2004-08-04 07:00:00 55808 C:\i386\eventlog.dll (Microsoft Corporation)



Cannot access: C:\WINDOWS\system32\MRT.exe

Attempting to restore permissions of : C:\WINDOWS\system32\MRT.exe



Finished!

#4 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,944 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:46 PM

Posted 31 October 2009 - 10:58 AM

Hi, joe_braman :(

Lets try this again as if the computer is restarted the mountpoints will be recreated.

Please follow these steps:

Step 1

Open a command prompt. (Start->Run, type CMD and click OK) At the prompt copy and paste the following and press Enter after each line:

Copy C:\WINDOWS\ServicePackFiles\i386\eventlog.dll C:\
Exit


Step 2

Click on Start->Run, copy and paste the following command into the "Run" box (including the quotation marks), and click OK. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here in your next reply. (Please allow the application to finish. You will know as the last sentence in the report will be "Finished".)


"%userprofile%\desktop\win32kdiag.exe" -f -r

Step 3

1. Please download The Avenger by Swandog46 to your Desktop.
  • Right click on the Avenger.zip folder and select "Extract All..."
  • Follow the prompts and extract the avenger folder to your desktop
2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Begin copying here:
Files to move:
C:\eventlog.dll | C:\WINDOWS\system32\eventlog.dll

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


3. Now, open the avenger folder and start The Avenger program by clicking on its icon.
  • Right click on the window under Input script here:, and select Paste.
  • You can also click on this window and press (Ctrl+V) to paste the contents of the clipboard.
  • Click on Execute
  • Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avengerís actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply.

Step 4

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

Step 5

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**
  • If you are using Firefox, make sure that your download settings are as follows:
    • Tools->Options->Main tab
    • Set to "Always ask me where to Save the files".
  • During the download, rename Combofix to Combo-Fix as follows:

    Posted Image

    Posted Image

  • It is important you rename Combofix during the download, but not after.
  • Please do not rename Combofix to other names, but only to the one indicated.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\Combo-Fix.txt" .
**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**


Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything unless told to do so while we are fixing your problem.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#5 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,944 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:46 PM

Posted 06 November 2009 - 07:14 PM

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member with address of this thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users