Multiple instances of iexplorer.exe and cannot connect to internet

wausau99 · Jan 16, 2011

Hello everyone,

Recently, I have been having an issue with my computer connecting to the internet using IE8. After a restart of the computer, I am able to connect to the internet, but if I close the browser and try to log in later I am not able to get to the internet.

Today, while trying to figure this out I noticed that I have multiple instances of iexplorer listed in Task Manager even when IE is not open.

Hoping someone could be of assistance. Here are the logs that are requested. I have the Attach.txt log but have been unable to attach it to this post.

HijackThis Log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:14:23 PM, on 1/16/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Charter Security Suite\Anti-Virus\fsgk32st.exe
C:\Program Files\Charter Security Suite\Common\FSMA32.EXE
C:\Program Files\Charter Security Suite\Anti-Virus\FSGK32.EXE
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Charter Security Suite\Common\FSHDLL32.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Charter Security Suite\Common\FSM32.EXE
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb13.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hphmon06.exe
C:\PROGRA~1\HP\{BA2D9~1\pexpress\hphPED06.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\desktop weather\desktopweather_1219728.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Charter Security Suite\Anti-Virus\fssm32.exe
C:\Program Files\Charter Security Suite\FWES\Program\fsdfwd.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Charter Security Suite\Anti-Virus\fsav32.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Steve\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - Disabled:{18DF081C-E8AD-4283-A596-FA578C2EBDC3} - (no file)
O2 - BHO: Search Helper - Disabled:{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - (no file)
O2 - BHO: (no name) - Disabled:{9030D464-4C02-4ABF-8ECC-5164760863C6} - (no file)
O2 - BHO: (no name) - Disabled:{AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - Disabled:{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: LitmusBHO - Disabled:{C6867EB7-8350-4856-877F-93CF8AE3DC9C} - (no file)
O2 - BHO: Ask Toolbar BHO - Disabled:{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O2 - BHO: (no name) - Disabled:{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Browsing Protection Toolbar - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files\Charter Security Suite\NRS\iescript\baselitmus.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: @C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Charter Security Suite\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Charter Security Suite\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,[email protected]
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb13.exe
O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\HP\{BA2D9411-DBB4-43e4-9421-780413650A67}\hphupd06.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [HPHped06] C:\PROGRA~1\HP\{BA2D9~1\pexpress\hphPED06.exe
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: desktop weather.lnk = C:\Program Files\desktop weather\desktopweather_1219728.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: taskmgr.lnk = C:\WINDOWS\system32\taskmgr.exe
O4 - Global Startup: WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
O4 - Global Startup: WDSmartWare.lnk = C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
O16 - DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} (SOE Web Installer) - http://launch.soe.com/plugin/web/SOEWebInstaller.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - https://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} (Scanner.SysScanner) - http://i.dell.com/images/global/js/scanner/SysProExe.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1272159645750
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Program Files\Charter Security Suite\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Charter Security Suite\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Charter Security Suite\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\Charter Security Suite\ORSP Client\fsorsp.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\Steve\LOCALS~1\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: WD SmartWare Drive Manager (WDDMService) - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
O23 - Service: WD SmartWare Background Service (WDSmartWareBackgroundService) - Memeo - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

--
End of file - 15126 bytes

DDS.txt Log

DDS (Ver_10-12-12.02) - NTFSx86
Run by Steve at 16:15:23.89 on Sun 01/16/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.394 [GMT -6:00]

AV: Charter Security Suite 9.01 *Disabled/Updated* {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: Charter Security Suite 9.01 *Disabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Charter Security Suite\Anti-Virus\fsgk32st.exe
C:\Program Files\Charter Security Suite\Common\FSMA32.EXE
C:\Program Files\Charter Security Suite\Anti-Virus\FSGK32.EXE
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb13.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hphmon06.exe
C:\PROGRA~1\HP\{BA2D9~1\pexpress\hphPED06.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\desktop weather\desktopweather_1219728.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Charter Security Suite\Anti-Virus\fssm32.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Charter Security Suite\Common\FSLAUNCH.EXE
C:\Documents and Settings\Steve\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/webhp?sourceid=navclient&ie=UTF-8
uInternet Settings,ProxyOverride = *.local
BHO: Disabled:{18DF081C-E8AD-4283-A596-FA578C2EBDC3} - No File
BHO: Disabled:{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - No File
BHO: Disabled:{9030D464-4C02-4ABF-8ECC-5164760863C6} - No File
BHO: Disabled:{AA58ED58-01DD-4d91-8333-CF10577473F7} - No File
BHO: Disabled:{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No File
BHO: Disabled:{C6867EB7-8350-4856-877F-93CF8AE3DC9C} - No File
BHO: Disabled:{D4027C7F-154A-4066-A1AD-4243D8127440} - No File
BHO: Disabled:{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\6.3.2348.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Browsing Protection Toolbar: {265eee8e-3228-44d3-aea5-f7fdf5860049} - c:\program files\charter security suite\nrs\iescript\baselitmus.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: @c:\program files\msn toolbar\platform\6.3.2348.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\6.3.2348.0\npwinext.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatchTray10.exe"
mRun: [F-Secure Manager] "c:\program files\charter security suite\common\FSM32.EXE" /splash
mRun: [F-Secure TNB] "c:\program files\charter security suite\fsgui\TNBUtil.exe" /CHECKALL /WAITFORSW
mRun: [DLCCCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCCtime.dll,[email protected]
mRun: [dlccmon.exe] "c:\program files\dell photo aio printer 924\dlccmon.exe"
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb13.exe
mRun: [HPHUPD06] c:\program files\hp\{ba2d9411-dbb4-43e4-9421-780413650a67}\hphupd06.exe
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
mRun: [HPHmon06] c:\windows\system32\hphmon06.exe
mRun: [HPHped06] c:\progra~1\hp\{ba2d9~1\pexpress\hphPED06.exe
mRun: [CoolSwitch] c:\windows\system32\taskswitch.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
StartupFolder: c:\docume~1\steve\startm~1\programs\startup\deskto~1.lnk - c:\program files\desktop weather\desktopweather_1219728.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\taskmgr.lnk - c:\windows\system32\taskmgr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wdsmar~1.lnk - c:\program files\western digital\wd smartware\front parlor\WDSmartWare.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: c:\program files\charter security suite\fsps\program\FSLSP.DLL
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: intuit.com\ttlc
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} - hxxp://launch.soe.com/plugin/web/SOEWebInstaller.cab
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxps://support.dell.com/systemprofiler/SysPro.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} - hxxp://i.dell.com/images/global/js/scanner/SysProExe.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1272159645750
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\steve\applic~1\mozilla\firefox\profiles\kwvvwaiq.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=MSNTLB&PC=MSNTDF&q=
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=MSNTLB&PC=MSNTDF&q=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\charter security suite\nrs\[email protected]\components\litmus-ff.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\downloaded program files\npsoe.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Browsing Protection: [email protected] - c:\program files\charter security suite\nrs\[email protected]
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: [email protected] - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

============= SERVICES / DRIVERS ===============

R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [2010-4-24 42664]
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2010-4-24 82120]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\charter security suite\hips\drivers\fshs.sys [2010-4-24 68064]
R2 F-Secure Gatekeeper Handler Starter;FSGKHS;c:\program files\charter security suite\anti-virus\fsgk32st.exe [2010-4-24 215648]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2010-4-24 54752]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2010-1-21 110592]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\western digital\wd smartware\front parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\charter security suite\anti-virus\minifilter\fsgk.sys [2010-4-24 130728]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2010-4-24 11520]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-8 135664]
S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxLiveShare10.exe [2008-5-14 309744]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatch10.exe [2008-5-14 166384]
S2 SessionLauncher;SessionLauncher;c:\docume~1\steve\locals~1\temp\dx9\sessionlauncher.exe --> c:\docume~1\steve\locals~1\temp\dx9\SessionLauncher.exe [?]
S3 FSORSPClient;F-Secure ORSP Client;c:\program files\charter security suite\orsp client\fsorsp.exe [2010-4-24 63992]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2008-5-14 1120752]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-10 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\charter security suite\anti-virus\win2k\fsfilter.sys [2010-4-24 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\charter security suite\anti-virus\win2k\fsrec.sys [2010-4-24 25184]

=============== Created Last 30 ================

2011-01-12 01:55:27 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-01-12 01:55:27 -------- d-----w- c:\windows\system32\wbem\Repository
2011-01-06 22:47:07 -------- d-----w- c:\docume~1\steve\locals~1\applic~1\Intuit
2011-01-06 22:46:35 -------- d-----w- c:\docume~1\steve\applic~1\Intuit
2011-01-06 22:40:50 -------- d-----w- c:\docume~1\steve\locals~1\applic~1\IsolatedStorage
2011-01-06 22:40:47 -------- d-----w- c:\program files\common files\Intuit
2011-01-06 22:40:14 -------- d-----w- c:\program files\TurboTax
2011-01-06 22:39:28 -------- d-----w- c:\docume~1\alluse~1\applic~1\Intuit
2010-12-31 04:09:05 1790635 ----a-w- c:\documents and settings\all users\SPL287.tmp
2010-12-28 13:53:09 4448708 ----a-w- c:\documents and settings\all users\SPL1B7.tmp
2010-12-26 15:34:22 7340 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2010-12-20 00:07:12 -------- d-----w- c:\docume~1\steve\locals~1\applic~1\KodakGallery
2010-12-20 00:05:29 -------- d-----w- c:\docume~1\steve\applic~1\Skinux
2010-12-20 00:02:07 -------- d-----w- c:\docume~1\steve\locals~1\applic~1\ArcSoft
2010-12-20 00:01:53 -------- d-----w- c:\docume~1\alluse~1\applic~1\ArcSoft
2010-12-19 23:58:46 -------- d-----w- c:\program files\common files\Kodak
2010-12-19 23:57:39 62976 -c----w- c:\windows\system32\dllcache\cdrom.sys
2010-12-19 23:57:38 465920 -c----w- c:\windows\system32\dllcache\imapi2fs.dll
2010-12-19 23:57:38 465920 ------w- c:\windows\system32\imapi2fs.dll
2010-12-19 23:57:38 317952 -c----w- c:\windows\system32\dllcache\imapi2.dll
2010-12-19 23:57:38 317952 ------w- c:\windows\system32\imapi2.dll
2010-12-19 23:57:34 -------- d-----w- c:\program files\Kodak
2010-12-19 23:54:55 -------- d-----w- c:\docume~1\alluse~1\applic~1\Kodak
2010-12-19 20:58:27 -------- d-----w- c:\docume~1\steve\locals~1\applic~1\SCE
2010-12-19 20:55:00 -------- d-----w- c:\program files\Sony Online Entertainment
2010-12-19 20:54:58 -------- d-----w- c:\docume~1\steve\applic~1\Sony Online Entertainment

==================== Find3M ====================

2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-09 14:52:35 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26:58 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 20:52:22 1716297 ----a-w- c:\windows\system32\InetClnt.dll
2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys

============= FINISH: 16:16:16.29 ===============

Ark.txt Log

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-01-16 18:48:02
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 Intel___ rev.1.0.
Running: 8yr3xfgc.exe; Driver: C:\DOCUME~1\Steve\LOCALS~1\Temp\awtdypow.sys

---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\Charter Security Suite\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwCreateProcess [0xF6FD0CD6]
SSDT \??\C:\Program Files\Charter Security Suite\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwCreateProcessEx [0xF6FD0CF0]
SSDT \??\C:\Program Files\Charter Security Suite\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwCreateThread [0xF6FCFE8C]
SSDT \??\C:\Program Files\Charter Security Suite\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwLoadDriver [0xF6FD01BC]
SSDT \??\C:\Program Files\Charter Security Suite\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwMapViewOfSection [0xF6FCFBCC]
SSDT \??\C:\Program Files\Charter Security Suite\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwOpenSection [0xF6FD05EE]
SSDT \??\C:\Program Files\Charter Security Suite\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwRenameKey [0xF6FD188C]
SSDT \??\C:\Program Files\Charter Security Suite\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwSetSystemInformation [0xF6FD043E]
SSDT \??\C:\Program Files\Charter Security Suite\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwSuspendProcess [0xF6FCFA4C]
SSDT \??\C:\Program Files\Charter Security Suite\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwSuspendThread [0xF6FCFEC0]
SSDT \??\C:\Program Files\Charter Security Suite\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwSystemDebugControl [0xF6FD0042]
SSDT \??\C:\Program Files\Charter Security Suite\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwTerminateProcess [0xF6FCF9A6]
SSDT \??\C:\Program Files\Charter Security Suite\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwTerminateThread [0xF6FCFB06]
SSDT \??\C:\Program Files\Charter Security Suite\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwWriteVirtualMemory [0xF6FCFF86]

INT 0x01 \??\C:\DOCUME~1\Steve\LOCALS~1\Temp\mbr.sys B3DC3C42

Code fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation) IoCreateDevice

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2FD8 80504874 12 Bytes [4C, FA, FC, F6, C0, FE, FC, ...]
? C:\DOCUME~1\Steve\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Java\jre6\bin\jqs.exe[244] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0282000C
.text C:\Program Files\Java\jre6\bin\jqs.exe[244] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0282100C
.text C:\Program Files\Java\jre6\bin\jqs.exe[244] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0282200C
.text C:\Program Files\Java\jre6\bin\jqs.exe[244] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 0282300C
.text C:\Program Files\Java\jre6\bin\jqs.exe[244] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 0282700C
.text C:\Program Files\Java\jre6\bin\jqs.exe[244] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 0282500C
.text C:\Program Files\Java\jre6\bin\jqs.exe[244] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 0282600C
.text C:\Program Files\Java\jre6\bin\jqs.exe[244] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0282800C
.text C:\Program Files\Java\jre6\bin\jqs.exe[244] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 0282900C
.text C:\Program Files\Java\jre6\bin\jqs.exe[244] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 0282400C
.text C:\Program Files\Java\jre6\bin\jqs.exe[244] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 0282A00C
.text C:\Program Files\Bonjour\mDNSResponder.exe[312] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0087000C
.text C:\Program Files\Bonjour\mDNSResponder.exe[312] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0087100C
.text C:\Program Files\Bonjour\mDNSResponder.exe[312] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0087200C
.text C:\Program Files\Bonjour\mDNSResponder.exe[312] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 0087300C
.text C:\Program Files\Bonjour\mDNSResponder.exe[312] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 0087700C
.text C:\Program Files\Bonjour\mDNSResponder.exe[312] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 0087500C
.text C:\Program Files\Bonjour\mDNSResponder.exe[312] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 0087600C
.text C:\Program Files\Bonjour\mDNSResponder.exe[312] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0087800C
.text C:\Program Files\Bonjour\mDNSResponder.exe[312] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 0087400C
.text C:\Program Files\Bonjour\mDNSResponder.exe[312] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 0087A00C
.text C:\Program Files\Bonjour\mDNSResponder.exe[312] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 0087900C
.text C:\WINDOWS\eHome\ehRecvr.exe[476] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00A1000C
.text C:\WINDOWS\eHome\ehRecvr.exe[476] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00A1100C
.text C:\WINDOWS\eHome\ehRecvr.exe[476] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00A1200C
.text C:\WINDOWS\eHome\ehRecvr.exe[476] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 00A1300C
.text C:\WINDOWS\eHome\ehRecvr.exe[476] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00A1400C
.text C:\WINDOWS\eHome\ehRecvr.exe[476] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 00A1A00C
.text C:\WINDOWS\eHome\ehRecvr.exe[476] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 00A1700C
.text C:\WINDOWS\eHome\ehRecvr.exe[476] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 00A1500C
.text C:\WINDOWS\eHome\ehRecvr.exe[476] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 00A1600C
.text C:\WINDOWS\eHome\ehRecvr.exe[476] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00A1800C
.text C:\WINDOWS\eHome\ehRecvr.exe[476] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 00A1900C
.text C:\WINDOWS\eHome\ehSched.exe[532] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0219000C
.text C:\WINDOWS\eHome\ehSched.exe[532] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0219100C
.text C:\WINDOWS\eHome\ehSched.exe[532] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0219200C
.text C:\WINDOWS\eHome\ehSched.exe[532] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 0219300C
.text C:\WINDOWS\eHome\ehSched.exe[532] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 0219400C
.text C:\WINDOWS\eHome\ehSched.exe[532] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 0219A00C
.text C:\WINDOWS\eHome\ehSched.exe[532] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 0219700C
.text C:\WINDOWS\eHome\ehSched.exe[532] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 0219500C
.text C:\WINDOWS\eHome\ehSched.exe[532] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 0219600C
.text C:\WINDOWS\eHome\ehSched.exe[532] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0219800C
.text C:\WINDOWS\eHome\ehSched.exe[532] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 0219900C
.text C:\WINDOWS\system32\dlcccoms.exe[636] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00F3000C
.text C:\WINDOWS\system32\dlcccoms.exe[636] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00F3100C
.text C:\WINDOWS\system32\dlcccoms.exe[636] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F3200C
.text C:\WINDOWS\system32\dlcccoms.exe[636] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 00F3300C
.text C:\WINDOWS\system32\dlcccoms.exe[636] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00F3400C
.text C:\WINDOWS\system32\dlcccoms.exe[636] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 00F3A00C
.text C:\WINDOWS\system32\dlcccoms.exe[636] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 00F3700C
.text C:\WINDOWS\system32\dlcccoms.exe[636] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 00F3500C
.text C:\WINDOWS\system32\dlcccoms.exe[636] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 00F3600C
.text C:\WINDOWS\system32\dlcccoms.exe[636] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00F3800C
.text C:\WINDOWS\system32\dlcccoms.exe[636] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 00F3900C
.text C:\WINDOWS\system32\winlogon.exe[788] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0113000C
.text C:\WINDOWS\system32\winlogon.exe[788] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0113100C
.text C:\WINDOWS\system32\winlogon.exe[788] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0113200C
.text C:\WINDOWS\system32\winlogon.exe[788] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 0113300C
.text C:\WINDOWS\system32\winlogon.exe[788] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 0113700C
.text C:\WINDOWS\system32\winlogon.exe[788] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 0113500C
.text C:\WINDOWS\system32\winlogon.exe[788] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 0113600C
.text C:\WINDOWS\system32\winlogon.exe[788] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0113800C
.text C:\WINDOWS\system32\winlogon.exe[788] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 0113400C
.text C:\WINDOWS\system32\winlogon.exe[788] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 0113A00C
.text C:\WINDOWS\system32\winlogon.exe[788] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 0113900C
.text C:\WINDOWS\system32\lsass.exe[848] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00C7000C
.text C:\WINDOWS\system32\lsass.exe[848] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00C7100C
.text C:\WINDOWS\system32\lsass.exe[848] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C7200C
.text C:\WINDOWS\system32\lsass.exe[848] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 00C7300C
.text C:\WINDOWS\system32\lsass.exe[848] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 00C7700C
.text C:\WINDOWS\system32\lsass.exe[848] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 00C7500C
.text C:\WINDOWS\system32\lsass.exe[848] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 00C7600C
.text C:\WINDOWS\system32\lsass.exe[848] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00C7800C
.text C:\WINDOWS\system32\lsass.exe[848] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00C7400C
.text C:\WINDOWS\system32\lsass.exe[848] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 00C7A00C
.text C:\WINDOWS\system32\lsass.exe[848] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 00C7900C
.text C:\Program Files\Charter Security Suite\Common\FSM32.EXE[908] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 03D7000C
.text C:\Program Files\Charter Security Suite\Common\FSM32.EXE[908] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 03D7100C
.text C:\Program Files\iPod\bin\iPodService.exe[964] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00B2000C
.text C:\Program Files\iPod\bin\iPodService.exe[964] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00B2100C
.text C:\Program Files\iPod\bin\iPodService.exe[964] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B2200C
.text C:\Program Files\iPod\bin\iPodService.exe[964] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 00B2300C
.text C:\Program Files\iPod\bin\iPodService.exe[964] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 00B2700C
.text C:\Program Files\iPod\bin\iPodService.exe[964] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 00B2500C
.text C:\Program Files\iPod\bin\iPodService.exe[964] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 00B2600C
.text C:\Program Files\iPod\bin\iPodService.exe[964] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00B2800C
.text C:\Program Files\iPod\bin\iPodService.exe[964] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00B2400C
.text C:\Program Files\iPod\bin\iPodService.exe[964] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 00B2A00C
.text C:\Program Files\iPod\bin\iPodService.exe[964] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 00B2900C
.text C:\WINDOWS\system32\Ati2evxx.exe[1008] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00B3000C
.text C:\WINDOWS\system32\Ati2evxx.exe[1008] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00B3100C
.text C:\WINDOWS\system32\Ati2evxx.exe[1008] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B3200C
.text C:\WINDOWS\system32\Ati2evxx.exe[1008] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 00B3300C
.text C:\WINDOWS\system32\Ati2evxx.exe[1008] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00B3400C
.text C:\WINDOWS\system32\Ati2evxx.exe[1008] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 00B3A00C
.text C:\WINDOWS\system32\Ati2evxx.exe[1008] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 00B3900C
.text C:\WINDOWS\system32\Ati2evxx.exe[1008] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 00B3700C
.text C:\WINDOWS\system32\Ati2evxx.exe[1008] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 00B3500C
.text C:\WINDOWS\system32\Ati2evxx.exe[1008] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 00B3600C
.text C:\WINDOWS\system32\Ati2evxx.exe[1008] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00B3800C
.text C:\WINDOWS\system32\dllhost.exe[1124] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0099000C
.text C:\WINDOWS\system32\dllhost.exe[1124] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0099100C
.text C:\WINDOWS\system32\dllhost.exe[1124] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0099200C
.text C:\WINDOWS\system32\dllhost.exe[1124] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 0099300C
.text C:\WINDOWS\system32\dllhost.exe[1124] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 0099900C
.text C:\WINDOWS\system32\dllhost.exe[1124] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 0099700C
.text C:\WINDOWS\system32\dllhost.exe[1124] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 0099500C
.text C:\WINDOWS\system32\dllhost.exe[1124] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 0099600C
.text C:\WINDOWS\system32\dllhost.exe[1124] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0099800C
.text C:\WINDOWS\system32\dllhost.exe[1124] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 0099400C
.text C:\WINDOWS\system32\dllhost.exe[1124] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 0099A00C
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1640] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 008F000C
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1640] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 008F100C
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1640] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 008F200C
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1640] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 008F300C
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1640] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 008F700C
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1640] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 008F500C
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1640] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 008F600C
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1640] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 008F800C
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1640] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 008F900C
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1640] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 008F400C
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1640] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 008FA00C
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1884] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0064000C
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1884] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0064100C
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1884] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0064200C
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1884] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 0064300C
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1884] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 0064700C
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1884] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 0064500C
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1884] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 0064600C
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1884] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0064800C
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1884] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 0064400C
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1884] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 0064A00C
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1884] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 0064900C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1908] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00CB000C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1908] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00CB100C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1908] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00CB200C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1908] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 00CB300C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1908] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 00CB700C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1908] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 00CB500C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1908] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 00CB600C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1908] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00CB800C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1908] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00CB400C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1908] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 00CBA00C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1908] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 00CB900C
.text C:\WINDOWS\Explorer.EXE[2032] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00C1000C
.text C:\WINDOWS\Explorer.EXE[2032] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00C1100C
.text C:\WINDOWS\Explorer.EXE[2032] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C1200C
.text C:\WINDOWS\Explorer.EXE[2032] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 00C1300C
.text C:\WINDOWS\Explorer.EXE[2032] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 00C1700C
.text C:\WINDOWS\Explorer.EXE[2032] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 00C1500C
.text C:\WINDOWS\Explorer.EXE[2032] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 00C1600C
.text C:\WINDOWS\Explorer.EXE[2032] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00C1800C
.text C:\WINDOWS\Explorer.EXE[2032] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00C1400C
.text C:\WINDOWS\Explorer.EXE[2032] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 00C1A00C
.text C:\WINDOWS\Explorer.EXE[2032] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 00C1900C
.text C:\WINDOWS\ehome\ehtray.exe[2072] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 02E7000C
.text C:\WINDOWS\ehome\ehtray.exe[2072] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 02E7100C
.text C:\WINDOWS\ehome\ehtray.exe[2072] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02E7200C
.text C:\WINDOWS\ehome\ehtray.exe[2072] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 02E7300C
.text C:\WINDOWS\ehome\ehtray.exe[2072] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 02E7400C
.text C:\WINDOWS\ehome\ehtray.exe[2072] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 02E7A00C
.text C:\WINDOWS\ehome\ehtray.exe[2072] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 02E7700C
.text C:\WINDOWS\ehome\ehtray.exe[2072] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 02E7500C
.text C:\WINDOWS\ehome\ehtray.exe[2072] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 02E7600C
.text C:\WINDOWS\ehome\ehtray.exe[2072] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 02E7800C
.text C:\WINDOWS\ehome\ehtray.exe[2072] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 02E7900C
.text C:\WINDOWS\stsystra.exe[2084] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00C7000C
.text C:\WINDOWS\stsystra.exe[2084] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00C7100C
.text C:\WINDOWS\stsystra.exe[2084] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C7200C
.text C:\WINDOWS\stsystra.exe[2084] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 00C7300C
.text C:\WINDOWS\stsystra.exe[2084] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 00C7700C
.text C:\WINDOWS\stsystra.exe[2084] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 00C7500C
.text C:\WINDOWS\stsystra.exe[2084] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 00C7600C
.text C:\WINDOWS\stsystra.exe[2084] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00C7800C
.text C:\WINDOWS\stsystra.exe[2084] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00C7400C
.text C:\WINDOWS\stsystra.exe[2084] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 00C7A00C
.text C:\WINDOWS\stsystra.exe[2084] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 00C7900C
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2100] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0385000C
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2100] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0385100C
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2100] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0385200C
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2100] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 0385300C
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2100] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 0385700C
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2100] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 0385500C
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2100] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 0385600C
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2100] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0385800C
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2100] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 0385400C
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2100] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 0385A00C
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2100] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 0385900C
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[2188] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00AD000C
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[2188] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00AD100C
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[2188] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00AD200C
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[2188] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 00AD300C
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[2188] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00AD400C
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[2188] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 00ADA00C
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[2188] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 00AD700C
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[2188] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 00AD500C
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[2188] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 00AD600C
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[2188] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00AD800C
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[2188] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 00AD900C
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb13.exe[2216] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00C7000C
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb13.exe[2216] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00C7100C
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb13.exe[2216] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C7200C
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb13.exe[2216] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 00C7300C
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb13.exe[2216] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00C7400C
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb13.exe[2216] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 00C7A00C
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb13.exe[2216] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 00C7700C
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb13.exe[2216] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 00C7500C
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb13.exe[2216] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 00C7600C
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb13.exe[2216] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00C7800C
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb13.exe[2216] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 00C7900C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2320] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0062000C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2320] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0062100C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2320] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0062200C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2320] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 0062300C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2320] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 0062700C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2320] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 0062500C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2320] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 0062600C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2320] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0062800C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2320] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 0062400C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2320] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 0062900C
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2364] ntdll.dll!NtCreateProcess 7C90D14E 3 Bytes JMP 0091000C
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2364] ntdll.dll!NtCreateProcess + 4 7C90D152 1 Byte [84]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2364] ntdll.dll!NtCreateProcessEx 7C90D15E 3 Bytes JMP 0091100C
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2364] ntdll.dll!NtCreateProcessEx + 4 7C90D162 1 Byte [84]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2364] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0091200C
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2364] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 0091300C
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2364] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 0091400C
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2364] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 0091A00C
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2364] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 0091700C
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2364] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 0091500C
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2364] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 0091600C
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2364] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0091800C
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2364] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 0091900C
.text C:\WINDOWS\system32\hphmon06.exe[2372] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0272000C
.text C:\WINDOWS\system32\hphmon06.exe[2372] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0272100C
.text C:\WINDOWS\system32\hphmon06.exe[2372] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0272200C
.text C:\WINDOWS\system32\hphmon06.exe[2372] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 0272300C
.text C:\WINDOWS\system32\hphmon06.exe[2372] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 0272700C
.text C:\WINDOWS\system32\hphmon06.exe[2372] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 0272500C
.text C:\WINDOWS\system32\hphmon06.exe[2372] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 0272600C
.text C:\WINDOWS\system32\hphmon06.exe[2372] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0272800C
.text C:\WINDOWS\system32\hphmon06.exe[2372] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 0272400C
.text C:\WINDOWS\system32\hphmon06.exe[2372] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 0272A00C
.text C:\WINDOWS\system32\hphmon06.exe[2372] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 0272900C
.text C:\PROGRA~1\HP\{BA2D9~1\pexpress\hphPED06.exe[2388] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0127000C
.text C:\PROGRA~1\HP\{BA2D9~1\pexpress\hphPED06.exe[2388] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0127100C
.text C:\PROGRA~1\HP\{BA2D9~1\pexpress\hphPED06.exe[2388] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0127200C
.text C:\PROGRA~1\HP\{BA2D9~1\pexpress\hphPED06.exe[2388] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 0127300C
.text C:\PROGRA~1\HP\{BA2D9~1\pexpress\hphPED06.exe[2388] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 0127400C
.text C:\PROGRA~1\HP\{BA2D9~1\pexpress\hphPED06.exe[2388] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 0127A00C
.text C:\PROGRA~1\HP\{BA2D9~1\pexpress\hphPED06.exe[2388] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 0127700C
.text C:\PROGRA~1\HP\{BA2D9~1\pexpress\hphPED06.exe[2388] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 0127500C
.text C:\PROGRA~1\HP\{BA2D9~1\pexpress\hphPED06.exe[2388] ADVAPI32.dll!ControlService 77DF4A09 3 Bytes JMP 0127600C
.text C:\PROGRA~1\HP\{BA2D9~1\pexpress\hphPED06.exe[2388] ADVAPI32.dll!ControlService + 4 77DF4A0D 1 Byte [89]
.text C:\PROGRA~1\HP\{BA2D9~1\pexpress\hphPED06.exe[2388] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0127800C
.text C:\PROGRA~1\HP\{BA2D9~1\pexpress\hphPED06.exe[2388] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 0127900C
.text C:\WINDOWS\system32\taskswitch.exe[2396] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0082000C
.text C:\WINDOWS\system32\taskswitch.exe[2396] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0082100C
.text C:\WINDOWS\system32\taskswitch.exe[2396] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0082200C
.text C:\WINDOWS\system32\taskswitch.exe[2396] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 0082300C
.text C:\WINDOWS\system32\taskswitch.exe[2396] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 0082400C
.text C:\WINDOWS\system32\taskswitch.exe[2396] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 0082900C
.text C:\WINDOWS\system32\taskswitch.exe[2396] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 0082700C
.text C:\WINDOWS\system32\taskswitch.exe[2396] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 0082500C
.text C:\WINDOWS\system32\taskswitch.exe[2396] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 0082600C
.text C:\WINDOWS\system32\taskswitch.exe[2396] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0082800C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2424] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0231000C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2424] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0231100C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2424] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0231200C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2424] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 0231300C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2424] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 0231700C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2424] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 0231500C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2424] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 0231600C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2424] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0231800C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2424] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 0231400C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2424] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 0231A00C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2424] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 0231900C
.text C:\Program Files\iTunes\iTunesHelper.exe[2576] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0C7B000C
.text C:\Program Files\iTunes\iTunesHelper.exe[2576] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0C7B100C
.text C:\Program Files\iTunes\iTunesHelper.exe[2576] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0C7B200C
.text C:\Program Files\iTunes\iTunesHelper.exe[2576] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 0C7B300C
.text C:\Program Files\iTunes\iTunesHelper.exe[2576] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 0C7B400C
.text C:\Program Files\iTunes\iTunesHelper.exe[2576] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 0C7BA00C
.text C:\Program Files\iTunes\iTunesHelper.exe[2576] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 0C7B700C
.text C:\Program Files\iTunes\iTunesHelper.exe[2576] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 0C7B500C
.text C:\Program Files\iTunes\iTunesHelper.exe[2576] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 0C7B600C
.text C:\Program Files\iTunes\iTunesHelper.exe[2576] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0C7B800C
.text C:\Program Files\iTunes\iTunesHelper.exe[2576] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 0C7B900C
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[2624] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0196000C
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[2624] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0196100C
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[2624] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0196200C
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[2624] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 0196300C
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[2624] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 0196900C
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[2624] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 0196700C
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[2624] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 0196500C
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[2624] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 0196600C
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[2624] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0196800C
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[2624] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 0196400C
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[2624] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 0196A00C
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2648] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00EE000C
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2648] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00EE100C
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2648] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00EE200C
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2648] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 00EE300C
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2648] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 00EE700C
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2648] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 00EE500C
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2648] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 00EE600C
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2648] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00EE800C
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2648] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00EE400C
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2648] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 00EEA00C
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2648] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 00EE900C
.text C:\Program Files\HP\digital imaging\bin\hpqtra08.exe[2800] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00E8000C
.text C:\Program Files\HP\digital imaging\bin\hpqtra08.exe[2800] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00E8100C
.text C:\Program Files\HP\digital imaging\bin\hpqtra08.exe[2800] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00E8200C
.text C:\Program Files\HP\digital imaging\bin\hpqtra08.exe[2800] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 00E8300C
.text C:\Program Files\HP\digital imaging\bin\hpqtra08.exe[2800] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00E8400C
.text C:\Program Files\HP\digital imaging\bin\hpqtra08.exe[2800] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 00E8A00C
.text C:\Program Files\HP\digital imaging\bin\hpqtra08.exe[2800] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 00E8700C
.text C:\Program Files\HP\digital imaging\bin\hpqtra08.exe[2800] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 00E8500C
.text C:\Program Files\HP\digital imaging\bin\hpqtra08.exe[2800] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 00E8600C
.text C:\Program Files\HP\digital imaging\bin\hpqtra08.exe[2800] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00E8800C
.text C:\Program Files\HP\digital imaging\bin\hpqtra08.exe[2800] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 00E8900C
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[2816] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 064E000C
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[2816] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 064E100C
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[2816] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 064E200C
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[2816] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 064E300C
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[2816] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 064E700C
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[2816] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 064E500C
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[2816] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 064E600C
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[2816] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 064E800C
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[2816] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 064E400C
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[2816] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 064EA00C
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[2816] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 064E900C
.text C:\WINDOWS\system32\taskmgr.exe[2888] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00AA000C
.text C:\WINDOWS\system32\taskmgr.exe[2888] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00AA100C
.text C:\WINDOWS\system32\taskmgr.exe[2888] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00AA200C
.text C:\WINDOWS\system32\taskmgr.exe[2888] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 00AA300C
.text C:\WINDOWS\system32\taskmgr.exe[2888] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 00AA700C
.text C:\WINDOWS\system32\taskmgr.exe[2888] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 00AA500C
.text C:\WINDOWS\system32\taskmgr.exe[2888] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 00AA600C
.text C:\WINDOWS\system32\taskmgr.exe[2888] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00AA800C
.text C:\WINDOWS\system32\taskmgr.exe[2888] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00AA400C
.text C:\WINDOWS\system32\taskmgr.exe[2888] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 00AAA00C
.text C:\WINDOWS\system32\taskmgr.exe[2888] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 00AA900C
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[2908] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 02E5000C
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[2908] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 02E5100C
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[2908] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02E5200C
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[2908] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 02E5300C
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[2908] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 02E5400C
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[2908] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 02E5A00C
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[2908] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 02E5900C
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[2908] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 02E5700C
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[2908] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 02E5500C
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[2908] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 02E5600C
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[2908] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 02E5800C
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2936] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 025D000C
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2936] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 025D100C
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2936] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 025D200C
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2936] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 025D300C
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2936] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 025D700C
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2936] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 025D500C
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2936] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 025D600C
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2936] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 025D800C
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2936] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 025D400C
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2936] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 025DA00C
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2936] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 025D900C
.text C:\Program Files\desktop weather\desktopweather_1219728.exe[2972] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00F7000C
.text C:\Program Files\desktop weather\desktopweather_1219728.exe[2972] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00F7100C
.text C:\Program Files\desktop weather\desktopweather_1219728.exe[2972] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F7200C
.text C:\Program Files\desktop weather\desktopweather_1219728.exe[2972] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 00F7300C
.text C:\Program Files\desktop weather\desktopweather_1219728.exe[2972] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 00F7700C
.text C:\Program Files\desktop weather\desktopweather_1219728.exe[2972] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 00F7500C
.text C:\Program Files\desktop weather\desktopweather_1219728.exe[2972] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 00F7600C
.text C:\Program Files\desktop weather\desktopweather_1219728.exe[2972] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00F7800C
.text C:\Program Files\desktop weather\desktopweather_1219728.exe[2972] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00F7400C
.text C:\Program Files\desktop weather\desktopweather_1219728.exe[2972] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 00F7A00C
.text C:\Program Files\desktop weather\desktopweather_1219728.exe[2972] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 00F7900C
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3416] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 02EB000C
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3416] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 02EB100C
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3416] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02EB200C
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3416] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 02EB300C
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3416] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 02EB700C
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3416] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 02EB500C
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3416] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 02EB600C
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3416] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 02EB800C
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3416] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 02EB400C
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3416] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 02EBA00C
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3416] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 02EB900C
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3512] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 04D7000C
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3512] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 04D7100C
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3512] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 04D7200C
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3512] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 04D7300C
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3512] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 04D7700C
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3512] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 04D7500C
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3512] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 04D7600C
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3512] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 04D7800C
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3512] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 04D7400C
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3512] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 04D7A00C
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3512] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 04D7900C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3704] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00D9000C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3704] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00D9100C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3704] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00D9200C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3704] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 00D9300C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3704] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 00D9700C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3704] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 00D9500C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3704] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 00D9600C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3704] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00D9800C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3704] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00D9400C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3704] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 00D9A00C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3704] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 00D9900C
.text C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe[3748] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0229000C
.text C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe[3748] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0229100C
.text C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe[3748] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0229200C
.text C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe[3748] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 0229300C
.text C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe[3748] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 0229400C
.text C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe[3748] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 0229900C
.text C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe[3748] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 0229700C
.text C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe[3748] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 0229500C
.text C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe[3748] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 0229600C
.text C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe[3748] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0229800C
.text C:\WINDOWS\system32\SearchIndexer.exe[3776] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0118000C
.text C:\WINDOWS\system32\SearchIndexer.exe[3776] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0118100C
.text C:\WINDOWS\system32\SearchIndexer.exe[3776] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0118200C
.text C:\WINDOWS\system32\SearchIndexer.exe[3776] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\WINDOWS\system32\SearchIndexer.exe[3776] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 0118300C
.text C:\WINDOWS\system32\SearchIndexer.exe[3776] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 0118700C
.text C:\WINDOWS\system32\SearchIndexer.exe[3776] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 0118500C
.text C:\WINDOWS\system32\SearchIndexer.exe[3776] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 0118600C
.text C:\WINDOWS\system32\SearchIndexer.exe[3776] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0118800C
.text C:\WINDOWS\system32\SearchIndexer.exe[3776] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 0118400C
.text C:\WINDOWS\system32\SearchIndexer.exe[3776] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 0118A00C
.text C:\WINDOWS\system32\SearchIndexer.exe[3776] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 0118900C
.text C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe[3780] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0325000C
.text C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe[3780] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0325100C
.text C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe[3780] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0325200C
.text C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe[3780] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 0325300C
.text C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe[3780] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 0325700C
.text C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe[3780] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 0325500C
.text C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe[3780] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 0325600C
.text C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe[3780] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0325800C
.text C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe[3780] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 0325400C
.text C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe[3780] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 0325A00C
.text C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe[3780] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 0325900C
.text C:\WINDOWS\ehome\mcrdsvc.exe[3892] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00B2000C
.text C:\WINDOWS\ehome\mcrdsvc.exe[3892] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00B2100C
.text C:\WINDOWS\ehome\mcrdsvc.exe[3892] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B2200C
.text C:\WINDOWS\ehome\mcrdsvc.exe[3892] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 00B2300C
.text C:\WINDOWS\ehome\mcrdsvc.exe[3892] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00B2400C
.text C:\WINDOWS\ehome\mcrdsvc.exe[3892] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 00B2A00C
.text C:\WINDOWS\ehome\mcrdsvc.exe[3892] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 00B2700C
.text C:\WINDOWS\ehome\mcrdsvc.exe[3892] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 00B2500C
.text C:\WINDOWS\ehome\mcrdsvc.exe[3892] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 00B2600C
.text C:\WINDOWS\ehome\mcrdsvc.exe[3892] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00B2800C
.text C:\WINDOWS\ehome\mcrdsvc.exe[3892] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 00B2900C
.text C:\WINDOWS\eHome\ehmsas.exe[4008] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0243000C
.text C:\WINDOWS\eHome\ehmsas.exe[4008] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0243100C
.text C:\WINDOWS\eHome\ehmsas.exe[4008] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0243200C
.text C:\WINDOWS\eHome\ehmsas.exe[4008] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 0243300C
.text C:\WINDOWS\eHome\ehmsas.exe[4008] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 0243400C
.text C:\WINDOWS\eHome\ehmsas.exe[4008] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 0243A00C
.text C:\WINDOWS\eHome\ehmsas.exe[4008] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 0243700C
.text C:\WINDOWS\eHome\ehmsas.exe[4008] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 0243500C
.text C:\WINDOWS\eHome\ehmsas.exe[4008] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 0243600C
.text C:\WINDOWS\eHome\ehmsas.exe[4008] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0243800C
.text C:\WINDOWS\eHome\ehmsas.exe[4008] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 0243900C
.text C:\WINDOWS\System32\alg.exe[4204] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00A2000C
.text C:\WINDOWS\System32\alg.exe[4204] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00A2100C
.text C:\WINDOWS\System32\alg.exe[4204] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00A2200C
.text C:\WINDOWS\System32\alg.exe[4204] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 00A2300C
.text C:\WINDOWS\System32\alg.exe[4204] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00A2400C
.text C:\WINDOWS\System32\alg.exe[4204] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 00A2A00C
.text C:\WINDOWS\System32\alg.exe[4204] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 00A2700C
.text C:\WINDOWS\System32\alg.exe[4204] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 00A2500C
.text C:\WINDOWS\System32\alg.exe[4204] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 00A2600C
.text C:\WINDOWS\System32\alg.exe[4204] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00A2800C
.text C:\WINDOWS\System32\alg.exe[4204] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 00A2900C
.text C:\Documents and Settings\Steve\Desktop\8yr3xfgc.exe[4684] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0038000C
.text C:\Documents and Settings\Steve\Desktop\8yr3xfgc.exe[4684] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0038100C
.text C:\Documents and Settings\Steve\Desktop\8yr3xfgc.exe[4684] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0038200C
.text C:\Documents and Settings\Steve\Desktop\8yr3xfgc.exe[4684] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 0038300C
.text C:\Documents and Settings\Steve\Desktop\8yr3xfgc.exe[4684] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 0038400C
.text C:\Documents and Settings\Steve\Desktop\8yr3xfgc.exe[4684] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 0038900C
.text C:\Documents and Settings\Steve\Desktop\8yr3xfgc.exe[4684] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 0038700C
.text C:\Documents and Settings\Steve\Desktop\8yr3xfgc.exe[4684] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 0038500C
.text C:\Documents and Settings\Steve\Desktop\8yr3xfgc.exe[4684] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 0038600C
.text C:\Documents and Settings\Steve\Desktop\8yr3xfgc.exe[4684] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0038800C
.text C:\Documents and Settings\Steve\Desktop\8yr3xfgc.exe[4684] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 0038A00C

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device Udfs.SYS (UDF File System Driver/Microsoft Corporation)
Device \Driver\Tcpip \Device\Ip fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
Device \Driver\Tcpip \Device\Tcp fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)

AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)

Device \Driver\Tcpip \Device\Udp fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
Device \Driver\Tcpip \Device\RawIp fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
Device \Driver\Tcpip \Device\IPMULTICAST fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device Cdfs.SYS (CD-ROM File System Driver/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

wausau99 · Jan 17, 2011

Attaching the Attach.txt log.

wausau99 · Jan 19, 2011

bump

wausau99 · Jan 21, 2011

Bump

dvk01 · Jan 22, 2011

no obvious signs of malware there

first thing I wopuld suspect is charter internet security playing up
uninstall it
reboot & see if problem goes away

wausau99 · Jan 22, 2011

Ok, I'll give it a try and let you know.

wausau99 · Jan 26, 2011

Ok, so it seems to have been Charter Internet Security. I "Unloaded" it and the reloaded it and everything has been working fine since. 3 days now and the Internet has not locked up since.

dvk01 · Jan 27, 2011

glad it was easily fixed

Log in or Sign up

Multiple instances of iexplorer.exe and cannot connect to internet

wausau99 Thread Starter

wausau99 Thread Starter

Attached Files:

Attach.txt

wausau99 Thread Starter

wausau99 Thread Starter

dvk01 Moderator Malware Specialist

wausau99 Thread Starter

wausau99 Thread Starter

dvk01 Moderator Malware Specialist

Sponsor

Welcome to Tech Support Guy!

New Multiple Chrome instances listed in Task Manager

Log in or Sign up

Multiple instances of iexplorer.exe and cannot connect to internet

wausau99 Thread Starter

wausau99 Thread Starter

Attached Files:

Attach.txt

wausau99 Thread Starter

wausau99 Thread Starter

dvk01 Moderator Malware Specialist

wausau99 Thread Starter

wausau99 Thread Starter

dvk01 Moderator Malware Specialist

Sponsor

Welcome to Tech Support Guy!

New Multiple Chrome instances listed in Task Manager

Useful Searches