Multiple instances of iexplorer.exe and cannot connect to internet

[wausau99]

Hello everyone,

Recently, I have been having an issue with my computer connecting to the internet using IE8. After a restart of the computer, I am able to connect to the internet, but if I close the browser and try to log in later I am not able to get to the internet.

Today, while trying to figure this out I noticed that I have multiple instances of iexplorer listed in Task Manager even when IE is not open.

Hoping someone could be of assistance. Here are the logs that are requested. I have the Attach.txt log but have been unable to attach it to this post.

HijackThis Log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:14:23 PM, on 1/16/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Charter Security Suite\Anti-Virus\fsgk32st.exe
C:\Program Files\Charter Security Suite\Common\FSMA32.EXE
C:\Program Files\Charter Security Suite\Anti-Virus\FSGK32.EXE
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Charter Security Suite\Common\FSHDLL32.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Charter Security Suite\Common\FSM32.EXE
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb13.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hphmon06.exe
C:\PROGRA~1\HP\{BA2D9~1\pexpress\hphPED06.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\desktop weather\desktopweather_1219728.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Charter Security Suite\Anti-Virus\fssm32.exe
C:\Program Files\Charter Security Suite\FWES\Program\fsdfwd.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Charter Security Suite\Anti-Virus\fsav32.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Steve\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - Disabled:{18DF081C-E8AD-4283-A596-FA578C2EBDC3} - (no file)
O2 - BHO: Search Helper - Disabled:{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - (no file)
O2 - BHO: (no name) - Disabled:{9030D464-4C02-4ABF-8ECC-5164760863C6} - (no file)
O2 - BHO: (no name) - Disabled:{AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - Disabled:{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: LitmusBHO - Disabled:{C6867EB7-8350-4856-877F-93CF8AE3DC9C} - (no file)
O2 - BHO: Ask Toolbar BHO - Disabled:{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O2 - BHO: (no name) - Disabled:{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Browsing Protection Toolbar - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files\Charter Security Suite\NRS\iescript\baselitmus.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: @C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Charter Security Suite\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Charter Security Suite\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,[email protected]
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb13.exe
O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\HP\{BA2D9411-DBB4-43e4-9421-780413650A67}\hphupd06.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [HPHped06] C:\PROGRA~1\HP\{BA2D9~1\pexpress\hphPED06.exe
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: desktop weather.lnk = C:\Program Files\desktop weather\desktopweather_1219728.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: taskmgr.lnk = C:\WINDOWS\system32\taskmgr.exe
O4 - Global Startup: WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
O4 - Global Startup: WDSmartWare.lnk = C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
O16 - DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} (SOE Web Installer) - http://launch.soe.com/plugin/web/SOEWebInstaller.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - https://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} (Scanner.SysScanner) - http://i.dell.com/images/global/js/scanner/SysProExe.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1272159645750
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Program Files\Charter Security Suite\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Charter Security Suite\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Charter Security Suite\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\Charter Security Suite\ORSP Client\fsorsp.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\Steve\LOCALS~1\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: WD SmartWare Drive Manager (WDDMService) - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
O23 - Service: WD SmartWare Background Service (WDSmartWareBackgroundService) - Memeo - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

--
End of file - 15126 bytes


DDS.txt Log


DDS (Ver_10-12-12.02) - NTFSx86
Run by Steve at 16:15:23.89 on Sun 01/16/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.394 [GMT -6:00]

AV: Charter Security Suite 9.01 *Disabled/Updated* {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: Charter Security Suite 9.01 *Disabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Charter Security Suite\Anti-Virus\fsgk32st.exe
C:\Program Files\Charter Security Suite\Common\FSMA32.EXE
C:\Program Files\Charter Security Suite\Anti-Virus\FSGK32.EXE
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb13.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hphmon06.exe
C:\PROGRA~1\HP\{BA2D9~1\pexpress\hphPED06.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\desktop weather\desktopweather_1219728.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Charter Security Suite\Anti-Virus\fssm32.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Charter Security Suite\Common\FSLAUNCH.EXE
C:\Documents and Settings\Steve\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/webhp?sourceid=navclient&ie=UTF-8
uInternet Settings,ProxyOverride = *.local
BHO: Disabled:{18DF081C-E8AD-4283-A596-FA578C2EBDC3} - No File
BHO: Disabled:{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - No File
BHO: Disabled:{9030D464-4C02-4ABF-8ECC-5164760863C6} - No File
BHO: Disabled:{AA58ED58-01DD-4d91-8333-CF10577473F7} - No File
BHO: Disabled:{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No File
BHO: Disabled:{C6867EB7-8350-4856-877F-93CF8AE3DC9C} - No File
BHO: Disabled:{D4027C7F-154A-4066-A1AD-4243D8127440} - No File
BHO: Disabled:{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\6.3.2348.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Browsing Protection Toolbar: {265eee8e-3228-44d3-aea5-f7fdf5860049} - c:\program files\charter security suite\nrs\iescript\baselitmus.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: @c:\program files\msn toolbar\platform\6.3.2348.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\6.3.2348.0\npwinext.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatchTray10.exe"
mRun: [F-Secure Manager] "c:\program files\charter security suite\common\FSM32.EXE" /splash
mRun: [F-Secure TNB] "c:\program files\charter security suite\fsgui\TNBUtil.exe" /CHECKALL /WAITFORSW
mRun: [DLCCCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCCtime.dll,[email protected]
mRun: [dlccmon.exe] "c:\program files\dell photo aio printer 924\dlccmon.exe"
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb13.exe
mRun: [HPHUPD06] c:\program files\hp\{ba2d9411-dbb4-43e4-9421-780413650a67}\hphupd06.exe
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
mRun: [HPHmon06] c:\windows\system32\hphmon06.exe
mRun: [HPHped06] c:\progra~1\hp\{ba2d9~1\pexpress\hphPED06.exe
mRun: [CoolSwitch] c:\windows\system32\taskswitch.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
StartupFolder: c:\docume~1\steve\startm~1\programs\startup\deskto~1.lnk - c:\program files\desktop weather\desktopweather_1219728.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\taskmgr.lnk - c:\windows\system32\taskmgr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wdsmar~1.lnk - c:\program files\western digital\wd smartware\front parlor\WDSmartWare.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: c:\program files\charter security suite\fsps\program\FSLSP.DLL
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: intuit.com\ttlc
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} - hxxp://launch.soe.com/plugin/web/SOEWebInstaller.cab
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxps://support.dell.com/systemprofiler/SysPro.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} - hxxp://i.dell.com/images/global/js/scanner/SysProExe.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1272159645750
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\steve\applic~1\mozilla\firefox\profiles\kwvvwaiq.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=MSNTLB&PC=MSNTDF&q=
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=MSNTLB&PC=MSNTDF&q=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\charter security suite\nrs\[email protected]\components\litmus-ff.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\downloaded program files\npsoe.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Browsing Protection: [email protected] - c:\program files\charter security suite\nrs\[email protected]
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: [email protected] - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

============= SERVICES / DRIVERS ===============

R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [2010-4-24 42664]
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2010-4-24 82120]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\charter security suite\hips\drivers\fshs.sys [2010-4-24 68064]
R2 F-Secure Gatekeeper Handler Starter;FSGKHS;c:\program files\charter security suite\anti-virus\fsgk32st.exe [2010-4-24 215648]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2010-4-24 54752]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2010-1-21 110592]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\western digital\wd smartware\front parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\charter security suite\anti-virus\minifilter\fsgk.sys [2010-4-24 130728]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2010-4-24 11520]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-8 135664]
S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxLiveShare10.exe [2008-5-14 309744]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatch10.exe [2008-5-14 166384]
S2 SessionLauncher;SessionLauncher;c:\docume~1\steve\locals~1\temp\dx9\sessionlauncher.exe --> c:\docume~1\steve\locals~1\temp\dx9\SessionLauncher.exe [?]
S3 FSORSPClient;F-Secure ORSP Client;c:\program files\charter security suite\orsp client\fsorsp.exe [2010-4-24 63992]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2008-5-14 1120752]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-10 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\charter security suite\anti-virus\win2k\fsfilter.sys [2010-4-24 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\charter security suite\anti-virus\win2k\fsrec.sys [2010-4-24 25184]

=============== Created Last 30 ================

2011-01-12 01:55:27 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-01-12 01:55:27 -------- d-----w- c:\windows\system32\wbem\Repository
2011-01-06 22:47:07 -------- d-----w- c:\docume~1\steve\locals~1\applic~1\Intuit
2011-01-06 22:46:35 -------- d-----w- c:\docume~1\steve\applic~1\Intuit
2011-01-06 22:40:50 -------- d-----w- c:\docume~1\steve\locals~1\applic~1\IsolatedStorage
2011-01-06 22:40:47 -------- d-----w- c:\program files\common files\Intuit
2011-01-06 22:40:14 -------- d-----w- c:\program files\TurboTax
2011-01-06 22:39:28 -------- d-----w- c:\docume~1\alluse~1\applic~1\Intuit
2010-12-31 04:09:05 1790635 ----a-w- c:\documents and settings\all users\SPL287.tmp
2010-12-28 13:53:09 4448708 ----a-w- c:\documents and settings\all users\SPL1B7.tmp
2010-12-26 15:34:22 7340 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2010-12-20 00:07:12 -------- d-----w- c:\docume~1\steve\locals~1\applic~1\KodakGallery
2010-12-20 00:05:29 -------- d-----w- c:\docume~1\steve\applic~1\Skinux
2010-12-20 00:02:07 -------- d-----w- c:\docume~1\steve\locals~1\applic~1\ArcSoft
2010-12-20 00:01:53 -------- d-----w- c:\docume~1\alluse~1\applic~1\ArcSoft
2010-12-19 23:58:46 -------- d-----w- c:\program files\common files\Kodak
2010-12-19 23:57:39 62976 -c----w- c:\windows\system32\dllcache\cdrom.sys
2010-12-19 23:57:38 465920 -c----w- c:\windows\system32\dllcache\imapi2fs.dll
2010-12-19 23:57:38 465920 ------w- c:\windows\system32\imapi2fs.dll
2010-12-19 23:57:38 317952 -c----w- c:\windows\system32\dllcache\imapi2.dll
2010-12-19 23:57:38 317952 ------w- c:\windows\system32\imapi2.dll
2010-12-19 23:57:34 -------- d-----w- c:\program files\Kodak
2010-12-19 23:54:55 -------- d-----w- c:\docume~1\alluse~1\applic~1\Kodak
2010-12-19 20:58:27 -------- d-----w- c:\docume~1\steve\locals~1\applic~1\SCE
2010-12-19 20:55:00 -------- d-----w- c:\program files\Sony Online Entertainment
2010-12-19 20:54:58 -------- d-----w- c:\docume~1\steve\applic~1\Sony Online Entertainment

==================== Find3M ====================

2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-09 14:52:35 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26:58 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 20:52:22 1716297 ----a-w- c:\windows\system32\InetClnt.dll
2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys

============= FINISH: 16:16:16.29 ===============


Ark.txt Log


GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-01-16 18:48:02
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 Intel___ rev.1.0.
Running: 8yr3xfgc.exe; Driver: C:\DOCUME~1\Steve\LOCALS~1\Temp\awtdypow.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\Charter Security Suite\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwCreateProcess [0xF6FD0CD6]
SSDT \??\C:\Program Files\Charter Security Suite\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwCreateProcessEx [0xF6FD0CF0]
SSDT \??\C:\Program Files\Charter Security Suite\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwCreateThread [0xF6FCFE8C]
SSDT \??\C:\Program Files\Charter Security Suite\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwLoadDriver [0xF6FD01BC]
SSDT \??\C:\Program Files\Charter Security Suite\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwMapViewOfSection [0xF6FCFBCC]
SSDT \??\C:\Program Files\Charter Security Suite\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwOpenSection [0xF6FD05EE]
SSDT \??\C:\Program Files\Charter Security Suite\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwRenameKey [0xF6FD188C]
SSDT \??\C:\Program Files\Charter Security Suite\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwSetSystemInformation [0xF6FD043E]
SSDT \??\C:\Program Files\Charter Security Suite\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwSuspendProcess [0xF6FCFA4C]
SSDT \??\C:\Program Files\Charter Security Suite\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwSuspendThread [0xF6FCFEC0]
SSDT \??\C:\Program Files\Charter Security Suite\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwSystemDebugControl [0xF6FD0042]
SSDT \??\C:\Program Files\Charter Security Suite\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwTerminateProcess [0xF6FCF9A6]
SSDT \??\C:\Program Files\Charter Security Suite\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwTerminateThread [0xF6FCFB06]
SSDT \??\C:\Program Files\Charter Security Suite\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwWriteVirtualMemory [0xF6FCFF86]

INT 0x01 \??\C:\DOCUME~1\Steve\LOCALS~1\Temp\mbr.sys B3DC3C42

Code fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation) IoCreateDevice

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2FD8 80504874 12 Bytes [4C, FA, FC, F6, C0, FE, FC, ...]
? C:\DOCUME~1\Steve\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Java\jre6\bin\jqs.exe[244] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0282000C
.text C:\Program Files\Java\jre6\bin\jqs.exe[244] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0282100C
.text C:\Program Files\Java\jre6\bin\jqs.exe[244] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0282200C
.text C:\Program Files\Java\jre6\bin\jqs.exe[244] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 0282300C
.text C:\Program Files\Java\jre6\bin\jqs.exe[244] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 0282700C
.text C:\Program Files\Java\jre6\bin\jqs.exe[244] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 0282500C
.text C:\Program Files\Java\jre6\bin\jqs.exe[244] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 0282600C
.text C:\Program Files\Java\jre6\bin\jqs.exe[244] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0282800C
.text C:\Program Files\Java\jre6\bin\jqs.exe[244] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 0282900C
.text C:\Program Files\Java\jre6\bin\jqs.exe[244] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 0282400C
.text C:\Program Files\Java\jre6\bin\jqs.exe[244] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 0282A00C
.text C:\Program Files\Bonjour\mDNSResponder.exe[312] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0087000C
.text C:\Program Files\Bonjour\mDNSResponder.exe[312] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0087100C
.text C:\Program Files\Bonjour\mDNSResponder.exe[312] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0087200C
.text C:\Program Files\Bonjour\mDNSResponder.exe[312] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 0087300C
.text C:\Program Files\Bonjour\mDNSResponder.exe[312] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 0087700C
.text C:\Program Files\Bonjour\mDNSResponder.exe[312] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 0087500C
.text C:\Program Files\Bonjour\mDNSResponder.exe[312] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 0087600C
.text C:\Program Files\Bonjour\mDNSResponder.exe[312] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0087800C
.text C:\Program Files\Bonjour\mDNSResponder.exe[312] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 0087400C
.text C:\Program Files\Bonjour\mDNSResponder.exe[312] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 0087A00C
.text C:\Program Files\Bonjour\mDNSResponder.exe[312] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 0087900C
.text C:\WINDOWS\eHome\ehRecvr.exe[476] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00A1000C
.text C:\WINDOWS\eHome\ehRecvr.exe[476] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00A1100C
.text C:\WINDOWS\eHome\ehRecvr.exe[476] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00A1200C
.text C:\WINDOWS\eHome\ehRecvr.exe[476] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 00A1300C
.text C:\WINDOWS\eHome\ehRecvr.exe[476] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00A1400C
.text C:\WINDOWS\eHome\ehRecvr.exe[476] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 00A1A00C
.text C:\WINDOWS\eHome\ehRecvr.exe[476] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 00A1700C
.text C:\WINDOWS\eHome\ehRecvr.exe[476] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 00A1500C
.text C:\WINDOWS\eHome\ehRecvr.exe[476] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 00A1600C
.text C:\WINDOWS\eHome\ehRecvr.exe[476] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00A1800C
.text C:\WINDOWS\eHome\ehRecvr.exe[476] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 00A1900C
.text C:\WINDOWS\eHome\ehSched.exe[532] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0219000C
.text C:\WINDOWS\eHome\ehSched.exe[532] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0219100C
.text C:\WINDOWS\eHome\ehSched.exe[532] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0219200C
.text C:\WINDOWS\eHome\ehSched.exe[532] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 0219300C
.text C:\WINDOWS\eHome\ehSched.exe[532] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 0219400C
.text C:\WINDOWS\eHome\ehSched.exe[532] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 0219A00C
.text C:\WINDOWS\eHome\ehSched.exe[532] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 0219700C
.text C:\WINDOWS\eHome\ehSched.exe[532] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 0219500C
.text C:\WINDOWS\eHome\ehSched.exe[532] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 0219600C
.text C:\WINDOWS\eHome\ehSched.exe[532] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0219800C
.text C:\WINDOWS\eHome\ehSched.exe[532] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 0219900C
.text C:\WINDOWS\system32\dlcccoms.exe[636] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00F3000C
.text C:\WINDOWS\system32\dlcccoms.exe[636] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00F3100C
.text C:\WINDOWS\system32\dlcccoms.exe[636] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F3200C
.text C:\WINDOWS\system32\dlcccoms.exe[636] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 00F3300C
.text C:\WINDOWS\system32\dlcccoms.exe[636] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00F3400C
.text C:\WINDOWS\system32\dlcccoms.exe[636] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 00F3A00C
.text C:\WINDOWS\system32\dlcccoms.exe[636] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 00F3700C
.text C:\WINDOWS\system32\dlcccoms.exe[636] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 00F3500C
.text C:\WINDOWS\system32\dlcccoms.exe[636] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 00F3600C
.text C:\WINDOWS\system32\dlcccoms.exe[636] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00F3800C
.text C:\WINDOWS\system32\dlcccoms.exe[636] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 00F3900C
.text C:\WINDOWS\system32\winlogon.exe[788] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0113000C
.text C:\WINDOWS\system32\winlogon.exe[788] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0113100C
.text C:\WINDOWS\system32\winlogon.exe[788] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0113200C
.text C:\WINDOWS\system32\winlogon.exe[788] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 0113300C
.text C:\WINDOWS\system32\winlogon.exe[788] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 0113700C
.text C:\WINDOWS\system32\winlogon.exe[788] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 0113500C
.text C:\WINDOWS\system32\winlogon.exe[788] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 0113600C
.text C:\WINDOWS\system32\winlogon.exe[788] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0113800C
.text C:\WINDOWS\system32\winlogon.exe[788] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 0113400C
.text C:\WINDOWS\system32\winlogon.exe[788] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 0113A00C
.text C:\WINDOWS\system32\winlogon.exe[788] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 0113900C
.text C:\WINDOWS\system32\lsass.exe[848] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00C7000C
.text C:\WINDOWS\system32\lsass.exe[848] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00C7100C
.text C:\WINDOWS\system32\lsass.exe[848] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C7200C
.text C:\WINDOWS\system32\lsass.exe[848] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 00C7300C
.text C:\WINDOWS\system32\lsass.exe[848] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 00C7700C
.text C:\WINDOWS\system32\lsass.exe[848] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 00C7500C
.text C:\WINDOWS\system32\lsass.exe[848] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 00C7600C
.text C:\WINDOWS\system32\lsass.exe[848] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00C7800C
.text C:\WINDOWS\system32\lsass.exe[848] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00C7400C
.text C:\WINDOWS\system32\lsass.exe[848] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 00C7A00C
.text C:\WINDOWS\system32\lsass.exe[848] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 00C7900C
.text C:\Program Files\Charter Security Suite\Common\FSM32.EXE[908] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 03D7000C
.text C:\Program Files\Charter Security Suite\Common\FSM32.EXE[908] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 03D7100C
.text C:\Program Files\iPod\bin\iPodService.exe[964] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00B2000C
.text C:\Program Files\iPod\bin\iPodService.exe[964] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00B2100C
.text C:\Program Files\iPod\bin\iPodService.exe[964] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B2200C
.text C:\Program Files\iPod\bin\iPodService.exe[964] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 00B2300C
.text C:\Program Files\iPod\bin\iPodService.exe[964] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 00B2700C
.text C:\Program Files\iPod\bin\iPodService.exe[964] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 00B2500C
.text C:\Program Files\iPod\bin\iPodService.exe[964] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 00B2600C
.text C:\Program Files\iPod\bin\iPodService.exe[964] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00B2800C
.text C:\Program Files\iPod\bin\iPodService.exe[964] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00B2400C
.text C:\Program Files\iPod\bin\iPodService.exe[964] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 00B2A00C
.text C:\Program Files\iPod\bin\iPodService.exe[964] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 00B2900C
.text C:\WINDOWS\system32\Ati2evxx.exe[1008] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00B3000C
.text C:\WINDOWS\system32\Ati2evxx.exe[1008] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00B3100C
.text C:\WINDOWS\system32\Ati2evxx.exe[1008] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B3200C
.text C:\WINDOWS\system32\Ati2evxx.exe[1008] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 00B3300C
.text C:\WINDOWS\system32\Ati2evxx.exe[1008] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00B3400C
.text C:\WINDOWS\system32\Ati2evxx.exe[1008] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 00B3A00C
.text C:\WINDOWS\system32\Ati2evxx.exe[1008] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 00B3900C
.text C:\WINDOWS\system32\Ati2evxx.exe[1008] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 00B3700C
.text C:\WINDOWS\system32\Ati2evxx.exe[1008] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 00B3500C
.text C:\WINDOWS\system32\Ati2evxx.exe[1008] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 00B3600C
.text C:\WINDOWS\system32\Ati2evxx.exe[1008] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00B3800C
.text C:\WINDOWS\system32\dllhost.exe[1124] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0099000C
.text C:\WINDOWS\system32\dllhost.exe[1124] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0099100C
.text C:\WINDOWS\system32\dllhost.exe[1124] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0099200C
.text C:\WINDOWS\system32\dllhost.exe[1124] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 0099300C
.text C:\WINDOWS\system32\dllhost.exe[1124] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 0099900C
.text C:\WINDOWS\system32\dllhost.exe[1124] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 0099700C
.text C:\WINDOWS\system32\dllhost.exe[1124] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 0099500C
.text C:\WINDOWS\system32\dllhost.exe[1124] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 0099600C
.text C:\WINDOWS\system32\dllhost.exe[1124] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0099800C
.text C:\WINDOWS\system32\dllhost.exe[1124] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 0099400C
.text C:\WINDOWS\system32\dllhost.exe[1124] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 0099A00C
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1640] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 008F000C
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1640] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 008F100C
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1640] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 008F200C
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1640] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 008F300C
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1640] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 008F700C
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1640] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 008F500C
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1640] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 008F600C
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1640] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 008F800C
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1640] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 008F900C
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1640] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 008F400C
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1640] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 008FA00C
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1884] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0064000C
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1884] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0064100C
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1884] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0064200C
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1884] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 0064300C
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1884] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 0064700C
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1884] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 0064500C
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1884] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 0064600C
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1884] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0064800C
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1884] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 0064400C
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1884] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 0064A00C
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1884] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 0064900C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1908] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00CB000C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1908] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00CB100C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1908] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00CB200C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1908] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 00CB300C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1908] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 00CB700C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1908] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 00CB500C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1908] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 00CB600C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1908] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00CB800C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1908] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00CB400C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1908] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 00CBA00C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1908] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 00CB900C
.text C:\WINDOWS\Explorer.EXE[2032] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00C1000C
.text C:\WINDOWS\Explorer.EXE[2032] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00C1100C
.text C:\WINDOWS\Explorer.EXE[2032] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C1200C
.text C:\WINDOWS\Explorer.EXE[2032] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 00C1300C
.text C:\WINDOWS\Explorer.EXE[2032] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 00C1700C
.text C:\WINDOWS\Explorer.EXE[2032] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 00C1500C
.text C:\WINDOWS\Explorer.EXE[2032] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 00C1600C
.text C:\WINDOWS\Explorer.EXE[2032] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00C1800C
.text C:\WINDOWS\Explorer.EXE[2032] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00C1400C
.text C:\WINDOWS\Explorer.EXE[2032] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 00C1A00C
.text C:\WINDOWS\Explorer.EXE[2032] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 00C1900C
.text C:\WINDOWS\ehome\ehtray.exe[2072] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 02E7000C
.text C:\WINDOWS\ehome\ehtray.exe[2072] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 02E7100C
.text C:\WINDOWS\ehome\ehtray.exe[2072] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02E7200C
.text C:\WINDOWS\ehome\ehtray.exe[2072] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 02E7300C
.text C:\WINDOWS\ehome\ehtray.exe[2072] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 02E7400C
.text C:\WINDOWS\ehome\ehtray.exe[2072] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 02E7A00C
.text C:\WINDOWS\ehome\ehtray.exe[2072] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 02E7700C
.text C:\WINDOWS\ehome\ehtray.exe[2072] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 02E7500C
.text C:\WINDOWS\ehome\ehtray.exe[2072] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 02E7600C
.text C:\WINDOWS\ehome\ehtray.exe[2072] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 02E7800C
.text C:\WINDOWS\ehome\ehtray.exe[2072] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 02E7900C
.text C:\WINDOWS\stsystra.exe[2084] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00C7000C
.text C:\WINDOWS\stsystra.exe[2084] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00C7100C
.text C:\WINDOWS\stsystra.exe[2084] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C7200C
.text C:\WINDOWS\stsystra.exe[2084] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 00C7300C
.text C:\WINDOWS\stsystra.exe[2084] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 00C7700C
.text C:\WINDOWS\stsystra.exe[2084] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 00C7500C
.text C:\WINDOWS\stsystra.exe[2084] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 00C7600C
.text C:\WINDOWS\stsystra.exe[2084] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00C7800C
.text C:\WINDOWS\stsystra.exe[2084] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00C7400C
.text C:\WINDOWS\stsystra.exe[2084] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 00C7A00C
.text C:\WINDOWS\stsystra.exe[2084] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 00C7900C
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2100] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0385000C
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2100] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0385100C
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2100] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0385200C
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2100] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 0385300C
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2100] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 0385700C
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2100] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 0385500C
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2100] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 0385600C
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2100] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0385800C
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2100] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 0385400C
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2100] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 0385A00C
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2100] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 0385900C
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[2188] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00AD000C
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[2188] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00AD100C
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[2188] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00AD200C
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[2188] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 00AD300C
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[2188] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00AD400C
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[2188] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 00ADA00C
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[2188] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 00AD700C
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[2188] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 00AD500C
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[2188] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 00AD600C
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[2188] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00AD800C
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[2188] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 00AD900C
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb13.exe[2216] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00C7000C
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb13.exe[2216] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00C7100C
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb13.exe[2216] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C7200C
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb13.exe[2216] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 00C7300C
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb13.exe[2216] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00C7400C
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb13.exe[2216] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 00C7A00C
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb13.exe[2216] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 00C7700C
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb13.exe[2216] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 00C7500C
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb13.exe[2216] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 00C7600C
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb13.exe[2216] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00C7800C
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb13.exe[2216] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 00C7900C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2320] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0062000C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2320] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0062100C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2320] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0062200C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2320] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 0062300C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2320] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 0062700C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2320] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 0062500C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2320] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 0062600C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2320] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0062800C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2320] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 0062400C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2320] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 0062900C
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2364] ntdll.dll!NtCreateProcess 7C90D14E 3 Bytes JMP 0091000C
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2364] ntdll.dll!NtCreateProcess + 4 7C90D152 1 Byte [84]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2364] ntdll.dll!NtCreateProcessEx 7C90D15E 3 Bytes JMP 0091100C
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2364] ntdll.dll!NtCreateProcessEx + 4 7C90D162 1 Byte [84]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2364] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0091200C
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2364] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 0091300C
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2364] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 0091400C
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2364] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 0091A00C
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2364] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 0091700C
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2364] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 0091500C
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2364] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 0091600C
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2364] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0091800C
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2364] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 0091900C
.text C:\WINDOWS\system32\hphmon06.exe[2372] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0272000C
.text C:\WINDOWS\system32\hphmon06.exe[2372] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0272100C
.text C:\WINDOWS\system32\hphmon06.exe[2372] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0272200C
.text C:\WINDOWS\system32\hphmon06.exe[2372] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 0272300C
.text C:\WINDOWS\system32\hphmon06.exe[2372] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 0272700C
.text C:\WINDOWS\system32\hphmon06.exe[2372] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 0272500C
.text C:\WINDOWS\system32\hphmon06.exe[2372] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 0272600C
.text C:\WINDOWS\system32\hphmon06.exe[2372] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0272800C
.text C:\WINDOWS\system32\hphmon06.exe[2372] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 0272400C
.text C:\WINDOWS\system32\hphmon06.exe[2372] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 0272A00C
.text C:\WINDOWS\system32\hphmon06.exe[2372] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 0272900C
.text C:\PROGRA~1\HP\{BA2D9~1\pexpress\hphPED06.exe[2388] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0127000C
.text C:\PROGRA~1\HP\{BA2D9~1\pexpress\hphPED06.exe[2388] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0127100C
.text C:\PROGRA~1\HP\{BA2D9~1\pexpress\hphPED06.exe[2388] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0127200C
.text C:\PROGRA~1\HP\{BA2D9~1\pexpress\hphPED06.exe[2388] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 0127300C
.text C:\PROGRA~1\HP\{BA2D9~1\pexpress\hphPED06.exe[2388] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 0127400C
.text C:\PROGRA~1\HP\{BA2D9~1\pexpress\hphPED06.exe[2388] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 0127A00C
.text C:\PROGRA~1\HP\{BA2D9~1\pexpress\hphPED06.exe[2388] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 0127700C
.text C:\PROGRA~1\HP\{BA2D9~1\pexpress\hphPED06.exe[2388] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 0127500C
.text C:\PROGRA~1\HP\{BA2D9~1\pexpress\hphPED06.exe[2388] ADVAPI32.dll!ControlService 77DF4A09 3 Bytes JMP 0127600C
.text C:\PROGRA~1\HP\{BA2D9~1\pexpress\hphPED06.exe[2388] ADVAPI32.dll!ControlService + 4 77DF4A0D 1 Byte [89]
.text C:\PROGRA~1\HP\{BA2D9~1\pexpress\hphPED06.exe[2388] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0127800C
.text C:\PROGRA~1\HP\{BA2D9~1\pexpress\hphPED06.exe[2388] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 0127900C
.text C:\WINDOWS\system32\taskswitch.exe[2396] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0082000C
.text C:\WINDOWS\system32\taskswitch.exe[2396] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0082100C
.text C:\WINDOWS\system32\taskswitch.exe[2396] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0082200C
.text C:\WINDOWS\system32\taskswitch.exe[2396] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 0082300C
.text C:\WINDOWS\system32\taskswitch.exe[2396] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 0082400C
.text C:\WINDOWS\system32\taskswitch.exe[2396] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 0082900C
.text C:\WINDOWS\system32\taskswitch.exe[2396] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 0082700C
.text C:\WINDOWS\system32\taskswitch.exe[2396] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 0082500C
.text C:\WINDOWS\system32\taskswitch.exe[2396] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 0082600C
.text C:\WINDOWS\system32\taskswitch.exe[2396] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0082800C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2424] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0231000C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2424] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0231100C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2424] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0231200C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2424] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 0231300C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2424] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 0231700C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2424] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 0231500C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2424] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 0231600C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2424] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0231800C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2424] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 0231400C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2424] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 0231A00C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2424] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 0231900C
.text C:\Program Files\iTunes\iTunesHelper.exe[2576] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0C7B000C
.text C:\Program Files\iTunes\iTunesHelper.exe[2576] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0C7B100C
.text C:\Program Files\iTunes\iTunesHelper.exe[2576] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0C7B200C
.text C:\Program Files\iTunes\iTunesHelper.exe[2576] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 0C7B300C
.text C:\Program Files\iTunes\iTunesHelper.exe[2576] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 0C7B400C
.text C:\Program Files\iTunes\iTunesHelper.exe[2576] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 0C7BA00C
.text C:\Program Files\iTunes\iTunesHelper.exe[2576] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 0C7B700C
.text C:\Program Files\iTunes\iTunesHelper.exe[2576] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 0C7B500C
.text C:\Program Files\iTunes\iTunesHelper.exe[2576] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 0C7B600C
.text C:\Program Files\iTunes\iTunesHelper.exe[2576] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0C7B800C
.text C:\Program Files\iTunes\iTunesHelper.exe[2576] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 0C7B900C
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[2624] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0196000C
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[2624] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0196100C
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[2624] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0196200C
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[2624] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 0196300C
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[2624] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 0196900C
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[2624] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 0196700C
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[2624] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 0196500C
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[2624] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 0196600C
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[2624] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0196800C
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[2624] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 0196400C
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[2624] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 0196A00C
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2648] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00EE000C
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2648] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00EE100C
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2648] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00EE200C
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2648] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 00EE300C
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2648] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 00EE700C
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2648] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 00EE500C
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2648] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 00EE600C
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2648] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00EE800C
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2648] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00EE400C
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2648] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 00EEA00C
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2648] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 00EE900C
.text C:\Program Files\HP\digital imaging\bin\hpqtra08.exe[2800] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00E8000C
.text C:\Program Files\HP\digital imaging\bin\hpqtra08.exe[2800] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00E8100C
.text C:\Program Files\HP\digital imaging\bin\hpqtra08.exe[2800] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00E8200C
.text C:\Program Files\HP\digital imaging\bin\hpqtra08.exe[2800] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 00E8300C
.text C:\Program Files\HP\digital imaging\bin\hpqtra08.exe[2800] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00E8400C
.text C:\Program Files\HP\digital imaging\bin\hpqtra08.exe[2800] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 00E8A00C
.text C:\Program Files\HP\digital imaging\bin\hpqtra08.exe[2800] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 00E8700C
.text C:\Program Files\HP\digital imaging\bin\hpqtra08.exe[2800] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 00E8500C
.text C:\Program Files\HP\digital imaging\bin\hpqtra08.exe[2800] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 00E8600C
.text C:\Program Files\HP\digital imaging\bin\hpqtra08.exe[2800] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00E8800C
.text C:\Program Files\HP\digital imaging\bin\hpqtra08.exe[2800] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 00E8900C
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[2816] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 064E000C
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[2816] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 064E100C
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[2816] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 064E200C
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[2816] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 064E300C
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[2816] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 064E700C
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[2816] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 064E500C
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[2816] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 064E600C
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[2816] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 064E800C
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[2816] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 064E400C
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[2816] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 064EA00C
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[2816] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 064E900C
.text C:\WINDOWS\system32\taskmgr.exe[2888] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00AA000C
.text C:\WINDOWS\system32\taskmgr.exe[2888] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00AA100C
.text C:\WINDOWS\system32\taskmgr.exe[2888] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00AA200C
.text C:\WINDOWS\system32\taskmgr.exe[2888] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 00AA300C
.text C:\WINDOWS\system32\taskmgr.exe[2888] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 00AA700C
.text C:\WINDOWS\system32\taskmgr.exe[2888] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 00AA500C
.text C:\WINDOWS\system32\taskmgr.exe[2888] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 00AA600C
.text C:\WINDOWS\system32\taskmgr.exe[2888] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00AA800C
.text C:\WINDOWS\system32\taskmgr.exe[2888] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00AA400C
.text C:\WINDOWS\system32\taskmgr.exe[2888] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 00AAA00C
.text C:\WINDOWS\system32\taskmgr.exe[2888] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 00AA900C
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[2908] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 02E5000C
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[2908] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 02E5100C
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[2908] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02E5200C
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[2908] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 02E5300C
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[2908] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 02E5400C
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[2908] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 02E5A00C
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[2908] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 02E5900C
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[2908] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 02E5700C
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[2908] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 02E5500C
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[2908] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 02E5600C
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[2908] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 02E5800C
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2936] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 025D000C
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2936] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 025D100C
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2936] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 025D200C
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2936] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 025D300C
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2936] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 025D700C
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2936] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 025D500C
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2936] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 025D600C
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2936] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 025D800C
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2936] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 025D400C
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2936] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 025DA00C
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2936] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 025D900C
.text C:\Program Files\desktop weather\desktopweather_1219728.exe[2972] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00F7000C
.text C:\Program Files\desktop weather\desktopweather_1219728.exe[2972] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00F7100C
.text C:\Program Files\desktop weather\desktopweather_1219728.exe[2972] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F7200C
.text C:\Program Files\desktop weather\desktopweather_1219728.exe[2972] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 00F7300C
.text C:\Program Files\desktop weather\desktopweather_1219728.exe[2972] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 00F7700C
.text C:\Program Files\desktop weather\desktopweather_1219728.exe[2972] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 00F7500C
.text C:\Program Files\desktop weather\desktopweather_1219728.exe[2972] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 00F7600C
.text C:\Program Files\desktop weather\desktopweather_1219728.exe[2972] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00F7800C
.text C:\Program Files\desktop weather\desktopweather_1219728.exe[2972] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00F7400C
.text C:\Program Files\desktop weather\desktopweather_1219728.exe[2972] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 00F7A00C
.text C:\Program Files\desktop weather\desktopweather_1219728.exe[2972] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 00F7900C
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3416] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 02EB000C
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3416] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 02EB100C
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3416] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02EB200C
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3416] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 02EB300C
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3416] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 02EB700C
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3416] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 02EB500C
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3416] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 02EB600C
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3416] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 02EB800C
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3416] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 02EB400C
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3416] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 02EBA00C
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3416] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 02EB900C
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3512] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 04D7000C
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3512] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 04D7100C
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3512] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 04D7200C
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3512] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 04D7300C
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3512] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 04D7700C
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3512] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 04D7500C
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3512] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 04D7600C
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3512] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 04D7800C
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3512] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 04D7400C
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3512] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 04D7A00C
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3512] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 04D7900C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3704] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00D9000C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3704] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00D9100C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3704] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00D9200C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3704] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 00D9300C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3704] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 00D9700C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3704] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 00D9500C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3704] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 00D9600C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3704] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00D9800C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3704] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00D9400C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3704] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 00D9A00C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3704] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 00D9900C
.text C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe[3748] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0229000C
.text C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe[3748] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0229100C
.text C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe[3748] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0229200C
.text C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe[3748] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 0229300C
.text C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe[3748] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 0229400C
.text C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe[3748] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 0229900C
.text C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe[3748] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 0229700C
.text C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe[3748] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 0229500C
.text C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe[3748] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 0229600C
.text C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe[3748] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0229800C
.text C:\WINDOWS\system32\SearchIndexer.exe[3776] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0118000C
.text C:\WINDOWS\system32\SearchIndexer.exe[3776] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0118100C
.text C:\WINDOWS\system32\SearchIndexer.exe[3776] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0118200C
.text C:\WINDOWS\system32\SearchIndexer.exe[3776] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\WINDOWS\system32\SearchIndexer.exe[3776] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 0118300C
.text C:\WINDOWS\system32\SearchIndexer.exe[3776] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 0118700C
.text C:\WINDOWS\system32\SearchIndexer.exe[3776] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 0118500C
.text C:\WINDOWS\system32\SearchIndexer.exe[3776] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 0118600C
.text C:\WINDOWS\system32\SearchIndexer.exe[3776] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0118800C
.text C:\WINDOWS\system32\SearchIndexer.exe[3776] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 0118400C
.text C:\WINDOWS\system32\SearchIndexer.exe[3776] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 0118A00C
.text C:\WINDOWS\system32\SearchIndexer.exe[3776] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 0118900C
.text C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe[3780] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0325000C
.text C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe[3780] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0325100C
.text C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe[3780] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0325200C
.text C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe[3780] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 0325300C
.text C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe[3780] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 0325700C
.text C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe[3780] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 0325500C
.text C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe[3780] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 0325600C
.text C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe[3780] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0325800C
.text C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe[3780] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 0325400C
.text C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe[3780] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 0325A00C
.text C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe[3780] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 0325900C
.text C:\WINDOWS\ehome\mcrdsvc.exe[3892] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00B2000C
.text C:\WINDOWS\ehome\mcrdsvc.exe[3892] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00B2100C
.text C:\WINDOWS\ehome\mcrdsvc.exe[3892] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B2200C
.text C:\WINDOWS\ehome\mcrdsvc.exe[3892] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 00B2300C
.text C:\WINDOWS\ehome\mcrdsvc.exe[3892] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00B2400C
.text C:\WINDOWS\ehome\mcrdsvc.exe[3892] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 00B2A00C
.text C:\WINDOWS\ehome\mcrdsvc.exe[3892] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 00B2700C
.text C:\WINDOWS\ehome\mcrdsvc.exe[3892] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 00B2500C
.text C:\WINDOWS\ehome\mcrdsvc.exe[3892] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 00B2600C
.text C:\WINDOWS\ehome\mcrdsvc.exe[3892] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00B2800C
.text C:\WINDOWS\ehome\mcrdsvc.exe[3892] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 00B2900C
.text C:\WINDOWS\eHome\ehmsas.exe[4008] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0243000C
.text C:\WINDOWS\eHome\ehmsas.exe[4008] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0243100C
.text C:\WINDOWS\eHome\ehmsas.exe[4008] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0243200C
.text C:\WINDOWS\eHome\ehmsas.exe[4008] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 0243300C
.text C:\WINDOWS\eHome\ehmsas.exe[4008] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 0243400C
.text C:\WINDOWS\eHome\ehmsas.exe[4008] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 0243A00C
.text C:\WINDOWS\eHome\ehmsas.exe[4008] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 0243700C
.text C:\WINDOWS\eHome\ehmsas.exe[4008] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 0243500C
.text C:\WINDOWS\eHome\ehmsas.exe[4008] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 0243600C
.text C:\WINDOWS\eHome\ehmsas.exe[4008] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0243800C
.text C:\WINDOWS\eHome\ehmsas.exe[4008] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 0243900C
.text C:\WINDOWS\System32\alg.exe[4204] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00A2000C
.text C:\WINDOWS\System32\alg.exe[4204] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00A2100C
.text C:\WINDOWS\System32\alg.exe[4204] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00A2200C
.text C:\WINDOWS\System32\alg.exe[4204] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 00A2300C
.text C:\WINDOWS\System32\alg.exe[4204] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00A2400C
.text C:\WINDOWS\System32\alg.exe[4204] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 00A2A00C
.text C:\WINDOWS\System32\alg.exe[4204] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 00A2700C
.text C:\WINDOWS\System32\alg.exe[4204] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 00A2500C
.text C:\WINDOWS\System32\alg.exe[4204] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 00A2600C
.text C:\WINDOWS\System32\alg.exe[4204] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00A2800C
.text C:\WINDOWS\System32\alg.exe[4204] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 00A2900C
.text C:\Documents and Settings\Steve\Desktop\8yr3xfgc.exe[4684] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0038000C
.text C:\Documents and Settings\Steve\Desktop\8yr3xfgc.exe[4684] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0038100C
.text C:\Documents and Settings\Steve\Desktop\8yr3xfgc.exe[4684] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0038200C
.text C:\Documents and Settings\Steve\Desktop\8yr3xfgc.exe[4684] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 0038300C
.text C:\Documents and Settings\Steve\Desktop\8yr3xfgc.exe[4684] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 0038400C
.text C:\Documents and Settings\Steve\Desktop\8yr3xfgc.exe[4684] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 0038900C
.text C:\Documents and Settings\Steve\Desktop\8yr3xfgc.exe[4684] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 0038700C
.text C:\Documents and Settings\Steve\Desktop\8yr3xfgc.exe[4684] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 0038500C
.text C:\Documents and Settings\Steve\Desktop\8yr3xfgc.exe[4684] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 0038600C
.text C:\Documents and Settings\Steve\Desktop\8yr3xfgc.exe[4684] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0038800C
.text C:\Documents and Settings\Steve\Desktop\8yr3xfgc.exe[4684] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 0038A00C

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device Udfs.SYS (UDF File System Driver/Microsoft Corporation)
Device \Driver\Tcpip \Device\Ip fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
Device \Driver\Tcpip \Device\Tcp fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)

AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)

Device \Driver\Tcpip \Device\Udp fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
Device \Driver\Tcpip \Device\RawIp fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
Device \Driver\Tcpip \Device\IPMULTICAST fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device Cdfs.SYS (CD-ROM File System Driver/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

 

[wausau99]

Attaching the Attach.txt log.

 

[wausau99]

bump

 

[wausau99]

Bump

 

[dvk01]

no obvious signs of malware there

first thing I wopuld suspect is charter internet security playing up
uninstall it
reboot & see if problem goes away

 

[wausau99]

Ok, I'll give it a try and let you know.

 

[wausau99]

Ok, so it seems to have been Charter Internet Security. I "Unloaded" it and the reloaded it and everything has been working fine since. 3 days now and the Internet has not locked up since.

 

[dvk01]

glad it was easily fixed