1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Suspect virus/malware/spyware issue

Discussion in 'Virus & Other Malware Removal' started by jgrenie, Nov 6, 2011.

Thread Status:
Not open for further replies.
  1. jgrenie

    jgrenie Thread Starter

    Joined:
    Mar 10, 2008
    Messages:
    72
    Hi all,

    Looking for some help for a laptop. I ran the HijackThis and DDS tests and will include the logs. However, the GMER scan would never complete on the computer.

    Can someone please take a look at the logs and let me know what steps I need to take?

    Hijackthis Log:
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 10:06:42 AM, on 11/6/2011
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v9.00 (9.00.8112.16421)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\HP\QuickPlay\QPService.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Webroot\Security\Current\Framework\WRTray.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Users\Jen\Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6522
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
    O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
    O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
    O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
    O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [QlbCtrl.exe] "C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
    O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
    O4 - HKLM\..\Run: [UpdatePDIRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
    O4 - HKLM\..\Run: [HP Health Check Scheduler] "c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe"
    O4 - HKLM\..\Run: [hpWirelessAssistant] "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe"
    O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
    O4 - HKLM\..\Run: [hpqSRMon] "C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe"
    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKLM\..\Run: [IgfxTray] "C:\Windows\system32\igfxtray.exe"
    O4 - HKLM\..\Run: [HotKeysCmds] "C:\Windows\system32\hkcmd.exe"
    O4 - HKLM\..\Run: [Persistence] "C:\Windows\system32\igfxpers.exe"
    O4 - HKLM\..\Run: [WebrootTrayApp] "C:\Program Files\Webroot\Security\Current\Framework\WRTray.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKCU\..\Run: [LightScribe Control Panel] "C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" -hidden
    O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
    O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] "C:\Windows\system32\Macromed\Flash\FlashUtil10u_ActiveX.exe" -update activex
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: hpqwmiex - Unknown owner - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Security\current\plugins\antimalware\AEI.exe
    O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 10393 bytes


    ===========================================================================

    DDS.txt contents:

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 9.0.8112.16421
    Run by Jen at 10:11:46 on 2011-11-06
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3002.1727 [GMT -6:00]
    .
    AV: Webroot AntiVirus with Spy Sweeper *Enabled/Updated* {53211D91-0C31-95F2-E3A5-7661FB22889E}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Webroot AntiVirus with Spy Sweeper *Enabled/Updated* {E840FC75-2A0B-9A7C-D915-4D1380A5C223}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\WLANExt.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k hpdevmgmt
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\SMINST\BLService.exe
    C:\Program Files\CyberLink\Shared files\RichVideo.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Webroot\Security\current\plugins\antimalware\AEI.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\HP\QuickPlay\QPService.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Webroot\Security\Current\Framework\WRTray.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    C:\Program Files\Webroot\Security\current\plugins\antimalware\SSU.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\svchost.exe -k HPService
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\msiexec.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
    mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
    uInternet Settings,ProxyServer = http=127.0.0.1:6522
    uInternet Settings,ProxyOverride = *.local
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    uRun: [LightScribe Control Panel] "c:\program files\common files\lightscribe\LightScribeControlPanel.exe" -hidden
    uRun: [WMPNSCFG] "c:\program files\windows media player\WMPNSCFG.exe"
    uRunOnce: [FlashPlayerUpdate] "c:\windows\system32\macromed\flash\FlashUtil10u_ActiveX.exe" -update activex
    mRun: [SynTPEnh] "c:\program files\synaptics\syntp\SynTPEnh.exe"
    mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
    mRun: [UpdateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"
    mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"
    mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"
    mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
    mRun: [QlbCtrl.exe] "c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe" /Start
    mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
    mRun: [UpdatePDIRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"
    mRun: [HP Health Check Scheduler] "c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe"
    mRun: [hpWirelessAssistant] "c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe"
    mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
    mRun: [hpqSRMon] "c:\program files\hp\digital imaging\bin\hpqSRMon.exe"
    mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    mRun: [IgfxTray] "c:\windows\system32\igfxtray.exe"
    mRun: [HotKeysCmds] "c:\windows\system32\hkcmd.exe"
    mRun: [Persistence] "c:\windows\system32\igfxpers.exe"
    mRun: [WebrootTrayApp] "c:\program files\webroot\security\current\framework\WRTray.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
    mRun: [<NO NAME>]
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    StartupFolder: c:\users\jen\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
    DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 10.0.1.1
    TCP: Interfaces\{705F09E2-C31B-4BE5-B8FD-B98333A1B7F2} : DhcpNameServer = 24.196.64.53 68.113.206.10 24.178.162.3
    TCP: Interfaces\{FFEFBEFB-00B6-489E-8A11-53DA75823D55} : DhcpNameServer = 10.0.1.1
    Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
    Notify: igfxcui - igfxdev.dll
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
    .
    ============= SERVICES / DRIVERS ===============
    .
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
    R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\sminst\BLService.exe [2008-10-23 365952]
    R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-10-12 1153368]
    R2 ssfmonm;ssfmonm;c:\windows\system32\drivers\ssfmonm.sys [2011-6-16 45584]
    R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\security\current\plugins\antimalware\AEI.exe [2011-6-16 3997912]
    R2 WRConsumerService;Webroot Client Service;c:\program files\webroot\security\current\framework\WRConsumerService.exe [2011-9-5 3381184]
    R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-10-23 193840]
    R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-6-29 112128]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2011-1-3 39272]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
    .
    =============== Created Last 30 ================
    .
    2011-11-06 15:56:46 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{a16170d4-722d-43d8-9d4a-8ae09a87e39f}\offreg.dll
    2011-11-06 15:56:42 6668624 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{a16170d4-722d-43d8-9d4a-8ae09a87e39f}\mpengine.dll
    2011-10-27 23:10:59 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
    2011-10-27 23:10:59 238080 ----a-w- c:\windows\system32\oleacc.dll
    2011-10-27 23:10:58 563712 ----a-w- c:\windows\system32\oleaut32.dll
    2011-10-27 23:10:58 4096 ----a-w- c:\windows\system32\oleaccrc.dll
    2011-10-27 23:10:50 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
    2011-10-27 23:10:50 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
    2011-10-27 23:10:50 293376 ----a-w- c:\windows\system32\psisdecd.dll
    2011-10-27 23:10:50 217088 ----a-w- c:\windows\system32\psisrndr.ax
    2011-10-27 23:10:49 2043392 ----a-w- c:\windows\system32\win32k.sys
    2011-10-27 23:10:31 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
    .
    ==================== Find3M ====================
    .
    2011-10-03 11:06:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-09-01 02:35:59 1798144 ----a-w- c:\windows\system32\jscript9.dll
    2011-09-01 02:28:15 1126912 ----a-w- c:\windows\system32\wininet.dll
    2011-09-01 02:22:54 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    .
    ============= FINISH: 10:13:51.43 ===============
     

    Attached Files:

  2. jgrenie

    jgrenie Thread Starter

    Joined:
    Mar 10, 2008
    Messages:
    72
    This computer previously had Webroot Antivirus installed on it. I have now uninstalled that and installed the Charter Security Suite on it.

    I now re-ran the HijackThis and DDS scans and also was now able to get the GMER scan to finish. I have included the log files and attached the new Attach file here.

    ===================

    HijackThis log:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 2:52:54 PM, on 11/6/2011
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v9.00 (9.00.8112.16421)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\HP\QuickPlay\QPService.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Charter Security Suite\Common\FSM32.EXE
    C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Users\Jen\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6522
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: LitmusBHO - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files\Charter Security Suite\NRS\iescript\baselitmus.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: Browsing Protection Toolbar - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files\Charter Security Suite\NRS\iescript\baselitmus.dll
    O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
    O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
    O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
    O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
    O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [QlbCtrl.exe] "C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
    O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
    O4 - HKLM\..\Run: [UpdatePDIRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
    O4 - HKLM\..\Run: [HP Health Check Scheduler] "c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe"
    O4 - HKLM\..\Run: [hpWirelessAssistant] "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe"
    O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
    O4 - HKLM\..\Run: [hpqSRMon] "C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe"
    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKLM\..\Run: [IgfxTray] "C:\Windows\system32\igfxtray.exe"
    O4 - HKLM\..\Run: [HotKeysCmds] "C:\Windows\system32\hkcmd.exe"
    O4 - HKLM\..\Run: [Persistence] "C:\Windows\system32\igfxpers.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Charter Security Suite\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Charter Security Suite\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKCU\..\Run: [LightScribe Control Panel] "C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" -hidden
    O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Program Files\Charter Security Suite\Anti-Virus\fsgk32st.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Charter Security Suite\FWES\Program\fsdfwd.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Charter Security Suite\Common\FSMA32.EXE
    O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\Charter Security Suite\ORSP Client\fsorsp.exe
    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: hpqwmiex - Unknown owner - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 10849 bytes

    ===================================================================================

    DDS log:

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 9.0.8112.16421
    Run by Jen at 14:53:16 on 2011-11-06
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3002.1497 [GMT -6:00]
    .
    AV: Charter Security Suite 9.01 *Enabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}
    SP: Charter Security Suite 9.01 *Enabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: Charter Security Suite 9.01 *Enabled* {2D7AC0A6-6241-D774-E168-461178D9686C}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\WLANExt.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Charter Security Suite\Anti-Virus\fsgk32st.exe
    C:\Program Files\Charter Security Suite\Common\FSMA32.EXE
    C:\Program Files\Charter Security Suite\Anti-Virus\FSGK32.EXE
    C:\Windows\system32\svchost.exe -k hpdevmgmt
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files\Charter Security Suite\Common\FSHDLL32.EXE
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\SMINST\BLService.exe
    C:\Program Files\CyberLink\Shared files\RichVideo.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\svchost.exe -k HPService
    C:\Program Files\Charter Security Suite\FWES\Program\fsdfwd.exe
    C:\Program Files\Charter Security Suite\ORSP Client\fsorsp.exe
    C:\Program Files\Charter Security Suite\Anti-Virus\fssm32.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\HP\QuickPlay\QPService.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Charter Security Suite\Common\FSM32.EXE
    C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Charter Security Suite\Anti-Virus\fsav32.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
    mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
    uInternet Settings,ProxyServer = http=127.0.0.1:6522
    uInternet Settings,ProxyOverride = *.local
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Browsing Protection Class: {c6867eb7-8350-4856-877f-93cf8ae3dc9c} - c:\program files\charter security suite\nrs\iescript\baselitmus.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: Browsing Protection Toolbar: {265eee8e-3228-44d3-aea5-f7fdf5860049} - c:\program files\charter security suite\nrs\iescript\baselitmus.dll
    TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    uRun: [LightScribe Control Panel] "c:\program files\common files\lightscribe\LightScribeControlPanel.exe" -hidden
    uRun: [WMPNSCFG] "c:\program files\windows media player\WMPNSCFG.exe"
    mRun: [SynTPEnh] "c:\program files\synaptics\syntp\SynTPEnh.exe"
    mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
    mRun: [UpdateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"
    mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"
    mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"
    mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
    mRun: [QlbCtrl.exe] "c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe" /Start
    mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
    mRun: [UpdatePDIRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"
    mRun: [HP Health Check Scheduler] "c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe"
    mRun: [hpWirelessAssistant] "c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe"
    mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
    mRun: [hpqSRMon] "c:\program files\hp\digital imaging\bin\hpqSRMon.exe"
    mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    mRun: [IgfxTray] "c:\windows\system32\igfxtray.exe"
    mRun: [HotKeysCmds] "c:\windows\system32\hkcmd.exe"
    mRun: [Persistence] "c:\windows\system32\igfxpers.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
    mRun: [<NO NAME>]
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [F-Secure Manager] "c:\program files\charter security suite\common\FSM32.EXE" /splash
    mRun: [F-Secure TNB] "c:\program files\charter security suite\fsgui\TNBUtil.exe" /CHECKALL /WAITFORSW
    StartupFolder: c:\users\jen\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
    LSP: c:\program files\charter security suite\fsps\program\FSLSP.DLL
    DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 10.0.1.1
    TCP: Interfaces\{705F09E2-C31B-4BE5-B8FD-B98333A1B7F2} : DhcpNameServer = 24.196.64.53 68.113.206.10 24.178.162.3
    TCP: Interfaces\{FFEFBEFB-00B6-489E-8A11-53DA75823D55} : DhcpNameServer = 10.0.1.1
    Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
    Notify: igfxcui - igfxdev.dll
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [2011-11-6 42672]
    R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\charter security suite\hips\drivers\fshs.sys [2011-11-6 68064]
    R1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [2011-11-6 36792]
    R1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2011-11-6 73160]
    R1 fsvista;F-Secure Vista Support Driver;c:\program files\charter security suite\anti-virus\minifilter\fsvista.sys [2011-11-6 12384]
    R2 F-Secure Gatekeeper Handler Starter;FSGKHS;c:\program files\charter security suite\anti-virus\fsgk32st.exe [2011-11-6 215648]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
    R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\sminst\BLService.exe [2008-10-23 365952]
    R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-10-12 1153368]
    R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-10-23 193840]
    R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\charter security suite\anti-virus\minifilter\fsgk.sys [2011-11-6 148632]
    R3 FSORSPClient;F-Secure ORSP Client;c:\program files\charter security suite\orsp client\fsorsp.exe [2011-11-6 61088]
    R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-6-29 112128]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2011-1-3 39272]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
    .
    =============== Created Last 30 ================
    .
    2011-11-06 18:24:57 42672 ----a-w- c:\windows\system32\drivers\fsbts.sys
    2011-11-06 18:22:51 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{a16170d4-722d-43d8-9d4a-8ae09a87e39f}\offreg.dll
    2011-11-06 18:20:30 36792 ----a-w- c:\windows\system32\drivers\fses.sys
    2011-11-06 18:20:22 73160 ----a-w- c:\windows\system32\drivers\fsdfw.sys
    2011-11-06 18:20:22 572512 ----a-w- c:\windows\system32\msvcp50.dll
    2011-11-06 18:19:23 -------- d-----w- c:\program files\Charter Security Suite
    2011-11-06 18:18:33 -------- d-----w- c:\programdata\fssg
    2011-11-06 15:56:42 6668624 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{a16170d4-722d-43d8-9d4a-8ae09a87e39f}\mpengine.dll
    2011-10-27 23:10:59 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
    2011-10-27 23:10:59 238080 ----a-w- c:\windows\system32\oleacc.dll
    2011-10-27 23:10:58 563712 ----a-w- c:\windows\system32\oleaut32.dll
    2011-10-27 23:10:58 4096 ----a-w- c:\windows\system32\oleaccrc.dll
    2011-10-27 23:10:50 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
    2011-10-27 23:10:50 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
    2011-10-27 23:10:50 293376 ----a-w- c:\windows\system32\psisdecd.dll
    2011-10-27 23:10:50 217088 ----a-w- c:\windows\system32\psisrndr.ax
    2011-10-27 23:10:49 2043392 ----a-w- c:\windows\system32\win32k.sys
    2011-10-27 23:10:31 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
    .
    ==================== Find3M ====================
    .
    2011-11-06 16:38:54 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-10-03 11:06:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-09-01 02:35:59 1798144 ----a-w- c:\windows\system32\jscript9.dll
    2011-09-01 02:28:15 1126912 ----a-w- c:\windows\system32\wininet.dll
    2011-09-01 02:22:54 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    .
    ============= FINISH: 14:55:05.63 ===============

    ===========================================================================
    GMER log:

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2011-11-06 14:49:59
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-1 FUJITSU_MHZ2320BH_G2 rev.8909
    Running: qnzcjscq.exe; Driver: C:\Users\Jen\AppData\Local\Temp\uwldypow.sys


    ---- System - GMER 1.0.15 ----

    SSDT \??\C:\Program Files\Charter Security Suite\HIPS\drivers\fshs.sys ZwCreateThread [0x9192EE8C]
    SSDT \??\C:\Program Files\Charter Security Suite\HIPS\drivers\fshs.sys ZwLoadDriver [0x9192F1BC]
    SSDT \??\C:\Program Files\Charter Security Suite\HIPS\drivers\fshs.sys ZwMapViewOfSection [0x9192EBCC]
    SSDT \??\C:\Program Files\Charter Security Suite\HIPS\drivers\fshs.sys ZwOpenSection [0x9192F5EE]
    SSDT \??\C:\Program Files\Charter Security Suite\HIPS\drivers\fshs.sys ZwRenameKey [0x9193088C]
    SSDT \??\C:\Program Files\Charter Security Suite\HIPS\drivers\fshs.sys ZwSetSystemInformation [0x9192F43E]
    SSDT \??\C:\Program Files\Charter Security Suite\HIPS\drivers\fshs.sys ZwSuspendProcess [0x9192EA4C]
    SSDT \??\C:\Program Files\Charter Security Suite\HIPS\drivers\fshs.sys ZwSuspendThread [0x9192EEC0]
    SSDT \??\C:\Program Files\Charter Security Suite\HIPS\drivers\fshs.sys ZwSystemDebugControl [0x9192F042]
    SSDT \??\C:\Program Files\Charter Security Suite\HIPS\drivers\fshs.sys ZwTerminateProcess [0x9192E9A6]
    SSDT \??\C:\Program Files\Charter Security Suite\HIPS\drivers\fshs.sys ZwTerminateThread [0x9192EB06]
    SSDT \??\C:\Program Files\Charter Security Suite\HIPS\drivers\fshs.sys ZwWriteVirtualMemory [0x9192EF86]
    SSDT \??\C:\Program Files\Charter Security Suite\HIPS\drivers\fshs.sys ZwCreateThreadEx [0x9192EEA6]

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!KeSetEvent + 221 81EB99A4 4 Bytes [8C, EE, 92, 91] {MOV ESI, GS; XCHG EDX, EAX; XCHG ECX, EAX}
    .text ntkrnlpa.exe!KeSetEvent + 37D 81EB9B00 4 Bytes [BC, F1, 92, 91]
    .text ntkrnlpa.exe!KeSetEvent + 3AD 81EB9B30 4 Bytes [CC, EB, 92, 91] {INT 3 ; JMP 0xffffffffffffff95; XCHG ECX, EAX}
    .text ntkrnlpa.exe!KeSetEvent + 3FD 81EB9B80 4 Bytes [EE, F5, 92, 91] {OUT DX, AL ; CMC ; XCHG EDX, EAX; XCHG ECX, EAX}
    .text ntkrnlpa.exe!KeSetEvent + 515 81EB9C98 4 Bytes [8C, 08, 93, 91] {MOV WORD [EAX], CS; XCHG EBX, EAX; XCHG ECX, EAX}
    .text ...

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Windows\system32\svchost.exe[532] ntdll.dll!NtCreateProcess 773242E4 5 Bytes JMP 007E000C
    .text C:\Windows\system32\svchost.exe[532] ntdll.dll!NtCreateProcessEx 773242F4 5 Bytes JMP 007E100C
    .text C:\Windows\system32\svchost.exe[532] ntdll.dll!NtCreateUserProcess 77325654 5 Bytes JMP 007E200C
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[544] ntdll.dll!NtCreateProcess 773242E4 5 Bytes JMP 003A000C
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[544] ntdll.dll!NtCreateProcessEx 773242F4 5 Bytes JMP 003A100C
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[544] ntdll.dll!NtCreateUserProcess 77325654 5 Bytes JMP 003A200C
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[544] kernel32.dll!LoadLibraryExW 75BA927C 5 Bytes JMP 003A300C
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[544] kernel32.dll!TerminateThread 75BC4413 5 Bytes JMP 003A400C
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[544] ADVAPI32.dll!CloseServiceHandle 76F682A5 5 Bytes JMP 003A800C
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[544] ADVAPI32.dll!OpenServiceW 76F68354 5 Bytes JMP 003A600C
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[544] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 003A900C
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[544] ADVAPI32.dll!ControlService 76F89FB8 5 Bytes JMP 003A700C
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[544] USER32.dll!SetWindowsHookExW 76C387AD 5 Bytes JMP 003A500C
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[544] USER32.dll!DdeConnect 76C79A1F 5 Bytes JMP 003AB00C
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[544] ole32.dll!CoCreateInstanceEx 75A69F81 5 Bytes JMP 003AA00C
    .text C:\Windows\system32\wininit.exe[596] ntdll.dll!NtCreateProcess 773242E4 5 Bytes JMP 0019000C
    .text C:\Windows\system32\wininit.exe[596] ntdll.dll!NtCreateProcessEx 773242F4 5 Bytes JMP 0019100C
    .text C:\Windows\system32\wininit.exe[596] ntdll.dll!NtCreateUserProcess 77325654 5 Bytes JMP 0019200C
    .text C:\Windows\system32\wininit.exe[596] kernel32.dll!LoadLibraryExW 75BA927C 5 Bytes JMP 0019300C
    .text C:\Windows\system32\wininit.exe[596] kernel32.dll!TerminateThread 75BC4413 5 Bytes JMP 0019400C
    .text C:\Windows\system32\wininit.exe[596] ADVAPI32.dll!CloseServiceHandle 76F682A5 5 Bytes JMP 0019800C
    .text C:\Windows\system32\wininit.exe[596] ADVAPI32.dll!OpenServiceW 76F68354 5 Bytes JMP 0019600C
    .text C:\Windows\system32\wininit.exe[596] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 0019900C
    .text C:\Windows\system32\wininit.exe[596] ADVAPI32.dll!ControlService 76F89FB8 5 Bytes JMP 0019700C
    .text C:\Windows\system32\wininit.exe[596] USER32.dll!SetWindowsHookExW 76C387AD 5 Bytes JMP 0019500C
    .text C:\Windows\system32\wininit.exe[596] USER32.dll!DdeConnect 76C79A1F 5 Bytes JMP 0019A00C
    .text C:\Windows\System32\svchost.exe[632] ntdll.dll!NtCreateProcess 773242E4 5 Bytes JMP 001A000C
    .text C:\Windows\System32\svchost.exe[632] ntdll.dll!NtCreateProcessEx 773242F4 5 Bytes JMP 001A100C
    .text C:\Windows\System32\svchost.exe[632] ntdll.dll!NtCreateUserProcess 77325654 5 Bytes JMP 001A200C
    .text C:\Windows\system32\lsass.exe[676] ntdll.dll!NtCreateProcess 773242E4 5 Bytes JMP 00D3000C
    .text C:\Windows\system32\lsass.exe[676] ntdll.dll!NtCreateProcessEx 773242F4 5 Bytes JMP 00D3100C
    .text C:\Windows\system32\lsass.exe[676] ntdll.dll!NtCreateUserProcess 77325654 5 Bytes JMP 00D3200C
    .text C:\Windows\system32\lsass.exe[676] kernel32.dll!LoadLibraryExW 75BA927C 5 Bytes JMP 00D3300C
    .text C:\Windows\system32\lsass.exe[676] kernel32.dll!TerminateThread 75BC4413 5 Bytes JMP 00D3400C
    .text C:\Windows\system32\lsass.exe[676] ADVAPI32.dll!CloseServiceHandle 76F682A5 5 Bytes JMP 00D3800C
    .text C:\Windows\system32\lsass.exe[676] ADVAPI32.dll!OpenServiceW 76F68354 5 Bytes JMP 00D3600C
    .text C:\Windows\system32\lsass.exe[676] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 00D3900C
    .text C:\Windows\system32\lsass.exe[676] ADVAPI32.dll!ControlService 76F89FB8 5 Bytes JMP 00D3700C
    .text C:\Windows\system32\lsass.exe[676] USER32.dll!SetWindowsHookExW 76C387AD 5 Bytes JMP 00D3500C
    .text C:\Windows\system32\lsass.exe[676] USER32.dll!DdeConnect 76C79A1F 5 Bytes JMP 00D3B00C
    .text C:\Windows\system32\lsass.exe[676] ole32.dll!CoCreateInstanceEx 75A69F81 5 Bytes JMP 00D3A00C
    .text C:\Windows\system32\lsm.exe[688] ntdll.dll!NtCreateProcess 773242E4 5 Bytes JMP 0015000C
    .text C:\Windows\system32\lsm.exe[688] ntdll.dll!NtCreateProcessEx 773242F4 5 Bytes JMP 0015100C
    .text C:\Windows\system32\lsm.exe[688] ntdll.dll!NtCreateUserProcess 77325654 5 Bytes JMP 0015200C
    .text C:\Windows\system32\lsm.exe[688] kernel32.dll!LoadLibraryExW 75BA927C 5 Bytes JMP 0015300C
    .text C:\Windows\system32\lsm.exe[688] kernel32.dll!TerminateThread 75BC4413 5 Bytes JMP 0015400C
    .text C:\Windows\system32\lsm.exe[688] ADVAPI32.dll!CloseServiceHandle 76F682A5 5 Bytes JMP 0015800C
    .text C:\Windows\system32\lsm.exe[688] ADVAPI32.dll!OpenServiceW 76F68354 5 Bytes JMP 0015600C
    .text C:\Windows\system32\lsm.exe[688] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 0015900C
    .text C:\Windows\system32\lsm.exe[688] ADVAPI32.dll!ControlService 76F89FB8 5 Bytes JMP 0015700C
    .text C:\Windows\system32\lsm.exe[688] USER32.dll!SetWindowsHookExW 76C387AD 5 Bytes JMP 0015500C
    .text C:\Windows\system32\lsm.exe[688] USER32.dll!DdeConnect 76C79A1F 5 Bytes JMP 0015A00C
    .text C:\Windows\system32\winlogon.exe[712] ntdll.dll!NtCreateProcess 773242E4 5 Bytes JMP 007C000C
    .text C:\Windows\system32\winlogon.exe[712] ntdll.dll!NtCreateProcessEx 773242F4 5 Bytes JMP 007C100C
    .text C:\Windows\system32\winlogon.exe[712] ntdll.dll!NtCreateUserProcess 77325654 5 Bytes JMP 007C200C
    .text C:\Windows\system32\winlogon.exe[712] kernel32.dll!LoadLibraryExW 75BA927C 5 Bytes JMP 007C300C
    .text C:\Windows\system32\winlogon.exe[712] kernel32.dll!TerminateThread 75BC4413 5 Bytes JMP 007C400C
    .text C:\Windows\system32\winlogon.exe[712] ADVAPI32.dll!CloseServiceHandle 76F682A5 5 Bytes JMP 007C800C
    .text C:\Windows\system32\winlogon.exe[712] ADVAPI32.dll!OpenServiceW 76F68354 5 Bytes JMP 007C600C
    .text C:\Windows\system32\winlogon.exe[712] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 007C900C
    .text C:\Windows\system32\winlogon.exe[712] ADVAPI32.dll!ControlService 76F89FB8 5 Bytes JMP 007C700C
    .text C:\Windows\system32\winlogon.exe[712] USER32.dll!SetWindowsHookExW 76C387AD 5 Bytes JMP 007C500C
    .text C:\Windows\system32\winlogon.exe[712] USER32.dll!DdeConnect 76C79A1F 5 Bytes JMP 007CB00C
    .text C:\Windows\system32\winlogon.exe[712] ole32.dll!CoCreateInstanceEx 75A69F81 5 Bytes JMP 007CA00C
    .text C:\Windows\system32\svchost.exe[856] ntdll.dll!NtCreateProcess 773242E4 5 Bytes JMP 0072000C
    .text C:\Windows\system32\svchost.exe[856] ntdll.dll!NtCreateProcessEx 773242F4 5 Bytes JMP 0072100C
    .text C:\Windows\system32\svchost.exe[856] ntdll.dll!NtCreateUserProcess 77325654 5 Bytes JMP 0072200C
    .text C:\Windows\system32\svchost.exe[916] ntdll.dll!NtCreateProcess 773242E4 5 Bytes JMP 000E000C
    .text C:\Windows\system32\svchost.exe[916] ntdll.dll!NtCreateProcessEx 773242F4 5 Bytes JMP 000E100C
    .text C:\Windows\system32\svchost.exe[916] ntdll.dll!NtCreateUserProcess 77325654 5 Bytes JMP 000E200C
    .text C:\Windows\System32\svchost.exe[956] ntdll.dll!NtCreateProcess 773242E4 5 Bytes JMP 0020000C
    .text C:\Windows\System32\svchost.exe[956] ntdll.dll!NtCreateProcessEx 773242F4 5 Bytes JMP 0020100C
    .text C:\Windows\System32\svchost.exe[956] ntdll.dll!NtCreateUserProcess 77325654 5 Bytes JMP 0020200C
    .text C:\Windows\System32\svchost.exe[1044] ntdll.dll!NtCreateProcess 773242E4 5 Bytes JMP 0063000C
    .text C:\Windows\System32\svchost.exe[1044] ntdll.dll!NtCreateProcessEx 773242F4 5 Bytes JMP 0063100C
    .text C:\Windows\System32\svchost.exe[1044] ntdll.dll!NtCreateUserProcess 77325654 5 Bytes JMP 0063200C
    .text C:\Windows\System32\svchost.exe[1112] ntdll.dll!NtCreateProcess 773242E4 5 Bytes JMP 0111000C
    .text C:\Windows\System32\svchost.exe[1112] ntdll.dll!NtCreateProcessEx 773242F4 5 Bytes JMP 0111100C
    .text C:\Windows\System32\svchost.exe[1112] ntdll.dll!NtCreateUserProcess 77325654 5 Bytes JMP 0111200C
    .text C:\Windows\system32\svchost.exe[1144] ntdll.dll!NtCreateProcess 773242E4 5 Bytes JMP 0083000C
    .text C:\Windows\system32\svchost.exe[1144] ntdll.dll!NtCreateProcessEx 773242F4 5 Bytes JMP 0083100C
    .text C:\Windows\system32\svchost.exe[1144] ntdll.dll!NtCreateUserProcess 77325654 5 Bytes JMP 0083200C
    .text C:\Windows\system32\svchost.exe[1224] ntdll.dll!NtCreateProcess 773242E4 5 Bytes JMP 007B000C
    .text C:\Windows\system32\svchost.exe[1224] ntdll.dll!NtCreateProcessEx 773242F4 5 Bytes JMP 007B100C
    .text C:\Windows\system32\svchost.exe[1224] ntdll.dll!NtCreateUserProcess 77325654 5 Bytes JMP 007B200C
    .text C:\Windows\system32\svchost.exe[1276] ntdll.dll!NtCreateProcess 773242E4 5 Bytes JMP 00D4000C
    .text C:\Windows\system32\svchost.exe[1276] ntdll.dll!NtCreateProcessEx 773242F4 5 Bytes JMP 00D4100C
    .text C:\Windows\system32\svchost.exe[1276] ntdll.dll!NtCreateUserProcess 77325654 5 Bytes JMP 00D4200C
    .text C:\Windows\System32\svchost.exe[1340] ntdll.dll!NtCreateProcess 773242E4 5 Bytes JMP 0013000C
    .text C:\Windows\System32\svchost.exe[1340] ntdll.dll!NtCreateProcessEx 773242F4 5 Bytes JMP 0013100C
    .text C:\Windows\System32\svchost.exe[1340] ntdll.dll!NtCreateUserProcess 77325654 5 Bytes JMP 0013200C
    .text C:\Windows\system32\svchost.exe[1400] ntdll.dll!NtCreateProcess 773242E4 5 Bytes JMP 0017000C
    .text C:\Windows\system32\svchost.exe[1400] ntdll.dll!NtCreateProcessEx 773242F4 5 Bytes JMP 0017100C
    .text C:\Windows\system32\svchost.exe[1400] ntdll.dll!NtCreateUserProcess 77325654 5 Bytes JMP 0017200C
    .text C:\Program Files\SMINST\BLService.exe[1476] ntdll.dll!NtCreateProcess 773242E4 5 Bytes JMP 0029000C
    .text C:\Program Files\SMINST\BLService.exe[1476] ntdll.dll!NtCreateProcessEx 773242F4 5 Bytes JMP 0029100C
    .text C:\Program Files\SMINST\BLService.exe[1476] ntdll.dll!NtCreateUserProcess 77325654 5 Bytes JMP 0029200C
    .text C:\Program Files\SMINST\BLService.exe[1476] kernel32.dll!LoadLibraryExW 75BA927C 5 Bytes JMP 0029300C
    .text C:\Program Files\SMINST\BLService.exe[1476] kernel32.dll!TerminateThread 75BC4413 5 Bytes JMP 0029400C
    .text C:\Program Files\SMINST\BLService.exe[1476] USER32.dll!SetWindowsHookExW 76C387AD 5 Bytes JMP 0029500C
    .text C:\Program Files\SMINST\BLService.exe[1476] USER32.dll!DdeConnect 76C79A1F 5 Bytes JMP 0029B00C
    .text C:\Program Files\SMINST\BLService.exe[1476] ADVAPI32.dll!CloseServiceHandle 76F682A5 5 Bytes JMP 0029800C
    .text C:\Program Files\SMINST\BLService.exe[1476] ADVAPI32.dll!OpenServiceW 76F68354 5 Bytes JMP 0029600C
    .text C:\Program Files\SMINST\BLService.exe[1476] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 0029900C
    .text C:\Program Files\SMINST\BLService.exe[1476] ADVAPI32.dll!ControlService 76F89FB8 5 Bytes JMP 0029700C
    .text C:\Program Files\SMINST\BLService.exe[1476] ole32.dll!CoCreateInstanceEx 75A69F81 5 Bytes JMP 0029A00C
    .text C:\Windows\system32\svchost.exe[1484] ntdll.dll!NtCreateProcess 773242E4 5 Bytes JMP 009D000C
    .text C:\Windows\system32\svchost.exe[1484] ntdll.dll!NtCreateProcessEx 773242F4 5 Bytes JMP 009D100C
    .text C:\Windows\system32\svchost.exe[1484] ntdll.dll!NtCreateUserProcess 77325654 5 Bytes JMP 009D200C
    .text C:\Windows\system32\WLANExt.exe[1612] ntdll.dll!NtCreateProcess 773242E4 5 Bytes JMP 0030000C
    .text C:\Windows\system32\WLANExt.exe[1612] ntdll.dll!NtCreateProcessEx 773242F4 5 Bytes JMP 0030100C
    .text C:\Windows\system32\WLANExt.exe[1612] ntdll.dll!NtCreateUserProcess 77325654 5 Bytes JMP 0030200C
    .text C:\Windows\system32\WLANExt.exe[1612] kernel32.dll!LoadLibraryExW 75BA927C 5 Bytes JMP 0030300C
    .text C:\Windows\system32\WLANExt.exe[1612] kernel32.dll!TerminateThread 75BC4413 5 Bytes JMP 0030400C
    .text C:\Windows\system32\WLANExt.exe[1612] ADVAPI32.dll!CloseServiceHandle 76F682A5 5 Bytes JMP 0030800C
    .text C:\Windows\system32\WLANExt.exe[1612] ADVAPI32.dll!OpenServiceW 76F68354 5 Bytes JMP 0030600C
    .text C:\Windows\system32\WLANExt.exe[1612] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 0030900C
    .text C:\Windows\system32\WLANExt.exe[1612] ADVAPI32.dll!ControlService 76F89FB8 5 Bytes JMP 0030700C
    .text C:\Windows\system32\WLANExt.exe[1612] USER32.dll!SetWindowsHookExW 76C387AD 5 Bytes JMP 0030500C
    .text C:\Windows\system32\WLANExt.exe[1612] USER32.dll!DdeConnect 76C79A1F 5 Bytes JMP 0030B00C
    .text C:\Windows\system32\WLANExt.exe[1612] ole32.dll!CoCreateInstanceEx 75A69F81 5 Bytes JMP 0030A00C
    .text C:\Windows\system32\svchost.exe[1760] ntdll.dll!NtCreateProcess 773242E4 5 Bytes JMP 006E000C
    .text C:\Windows\system32\svchost.exe[1760] ntdll.dll!NtCreateProcessEx 773242F4 5 Bytes JMP 006E100C
    .text C:\Windows\system32\svchost.exe[1760] ntdll.dll!NtCreateUserProcess 77325654 5 Bytes JMP 006E200C
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1972] ntdll.dll!NtCreateProcess 773242E4 5 Bytes JMP 00AA000C
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1972] ntdll.dll!NtCreateProcessEx 773242F4 5 Bytes JMP 00AA100C
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1972] ntdll.dll!NtCreateUserProcess 77325654 5 Bytes JMP 00AA200C
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1972] kernel32.dll!LoadLibraryExW 75BA927C 5 Bytes JMP 00AA300C
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1972] kernel32.dll!TerminateThread 75BC4413 5 Bytes JMP 00AA400C
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1972] ADVAPI32.dll!CloseServiceHandle 76F682A5 5 Bytes JMP 00AA800C
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1972] ADVAPI32.dll!OpenServiceW 76F68354 5 Bytes JMP 00AA600C
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1972] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 00AA900C
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1972] ADVAPI32.dll!ControlService 76F89FB8 5 Bytes JMP 00AA700C
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1972] USER32.dll!SetWindowsHookExW 76C387AD 5 Bytes JMP 00AA500C
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1972] USER32.dll!DdeConnect 76C79A1F 5 Bytes JMP 00AAB00C
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1972] ole32.dll!CoCreateInstanceEx 75A69F81 5 Bytes JMP 00AAA00C
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1988] ntdll.dll!NtCreateProcess 773242E4 5 Bytes JMP 002C000C
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1988] ntdll.dll!NtCreateProcessEx 773242F4 5 Bytes JMP 002C100C
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1988] ntdll.dll!NtCreateUserProcess 77325654 5 Bytes JMP 002C200C
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1988] kernel32.dll!LoadLibraryExW 75BA927C 5 Bytes JMP 002C300C
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1988] kernel32.dll!TerminateThread 75BC4413 5 Bytes JMP 002C400C
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1988] ADVAPI32.dll!CloseServiceHandle 76F682A5 5 Bytes JMP 002C800C
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1988] ADVAPI32.dll!OpenServiceW 76F68354 5 Bytes JMP 002C600C
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1988] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 002C900C
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1988] ADVAPI32.dll!ControlService 76F89FB8 5 Bytes JMP 002C700C
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1988] USER32.dll!SetWindowsHookExW 76C387AD 5 Bytes JMP 002C500C
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1988] USER32.dll!DdeConnect 76C79A1F 5 Bytes JMP 002CB00C
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1988] ole32.dll!CoCreateInstanceEx 75A69F81 5 Bytes JMP 002CA00C
    .text C:\Program Files\CyberLink\Shared files\RichVideo.exe[2004] ntdll.dll!NtCreateProcess 773242E4 5 Bytes JMP 0045000C
    .text C:\Program Files\CyberLink\Shared files\RichVideo.exe[2004] ntdll.dll!NtCreateProcessEx 773242F4 5 Bytes JMP 0045100C
    .text C:\Program Files\CyberLink\Shared files\RichVideo.exe[2004] ntdll.dll!NtCreateUserProcess 77325654 5 Bytes JMP 0045200C
    .text C:\Program Files\CyberLink\Shared files\RichVideo.exe[2004] kernel32.dll!LoadLibraryExW 75BA927C 5 Bytes JMP 0045300C
    .text C:\Program Files\CyberLink\Shared files\RichVideo.exe[2004] kernel32.dll!TerminateThread 75BC4413 5 Bytes JMP 0045400C
    .text C:\Program Files\CyberLink\Shared files\RichVideo.exe[2004] USER32.dll!SetWindowsHookExW 76C387AD 5 Bytes JMP 0045500C
    .text C:\Program Files\CyberLink\Shared files\RichVideo.exe[2004] USER32.dll!DdeConnect 76C79A1F 5 Bytes JMP 0045B00C
    .text C:\Program Files\CyberLink\Shared files\RichVideo.exe[2004] ADVAPI32.dll!CloseServiceHandle 76F682A5 5 Bytes JMP 0045800C
    .text C:\Program Files\CyberLink\Shared files\RichVideo.exe[2004] ADVAPI32.dll!OpenServiceW 76F68354 5 Bytes JMP 0045600C
    .text C:\Program Files\CyberLink\Shared files\RichVideo.exe[2004] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 0045900C
    .text C:\Program Files\CyberLink\Shared files\RichVideo.exe[2004] ADVAPI32.dll!ControlService 76F89FB8 5 Bytes JMP 0045700C
    .text C:\Program Files\CyberLink\Shared files\RichVideo.exe[2004] ole32.dll!CoCreateInstanceEx 75A69F81 5 Bytes JMP 0045A00C
    .text C:\Windows\system32\svchost.exe[2056] ntdll.dll!NtCreateProcess 773242E4 5 Bytes JMP 007F000C
    .text C:\Windows\system32\svchost.exe[2056] ntdll.dll!NtCreateProcessEx 773242F4 5 Bytes JMP 007F100C
    .text C:\Windows\system32\svchost.exe[2056] ntdll.dll!NtCreateUserProcess 77325654 5 Bytes JMP 007F200C
    .text C:\Windows\System32\svchost.exe[2100] ntdll.dll!NtCreateProcess 773242E4 5 Bytes JMP 0010000C
    .text C:\Windows\System32\svchost.exe[2100] ntdll.dll!NtCreateProcessEx 773242F4 5 Bytes JMP 0010100C
    .text C:\Windows\System32\svchost.exe[2100] ntdll.dll!NtCreateUserProcess 77325654 5 Bytes JMP 0010200C
    .text C:\Windows\system32\Dwm.exe[2700] ntdll.dll!NtCreateProcess 773242E4 5 Bytes JMP 0093000C
    .text C:\Windows\system32\Dwm.exe[2700] ntdll.dll!NtCreateProcessEx 773242F4 5 Bytes JMP 0093100C
    .text C:\Windows\system32\Dwm.exe[2700] ntdll.dll!NtCreateUserProcess 77325654 5 Bytes JMP 0093200C
    .text C:\Windows\system32\Dwm.exe[2700] kernel32.dll!LoadLibraryExW 75BA927C 5 Bytes JMP 0093300C
    .text C:\Windows\system32\Dwm.exe[2700] kernel32.dll!TerminateThread 75BC4413 5 Bytes JMP 0093400C
    .text C:\Windows\system32\Dwm.exe[2700] ADVAPI32.dll!CloseServiceHandle 76F682A5 5 Bytes JMP 0093800C
    .text C:\Windows\system32\Dwm.exe[2700] ADVAPI32.dll!OpenServiceW 76F68354 5 Bytes JMP 0093600C
    .text C:\Windows\system32\Dwm.exe[2700] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 0093900C
    .text C:\Windows\system32\Dwm.exe[2700] ADVAPI32.dll!ControlService 76F89FB8 5 Bytes JMP 0093700C
    .text C:\Windows\system32\Dwm.exe[2700] USER32.dll!SetWindowsHookExW 76C387AD 5 Bytes JMP 0093500C
    .text C:\Windows\system32\Dwm.exe[2700] USER32.dll!DdeConnect 76C79A1F 5 Bytes JMP 0093B00C
    .text C:\Windows\system32\Dwm.exe[2700] ole32.dll!CoCreateInstanceEx 75A69F81 5 Bytes JMP 0093A00C
    .text C:\Windows\system32\taskeng.exe[2732] ntdll.dll!NtCreateProcess 773242E4 5 Bytes JMP 0240000C
    .text C:\Windows\system32\taskeng.exe[2732] ntdll.dll!NtCreateProcessEx 773242F4 5 Bytes JMP 0240100C
    .text C:\Windows\system32\taskeng.exe[2732] ntdll.dll!NtCreateUserProcess 77325654 5 Bytes JMP 0240200C
    .text C:\Windows\system32\taskeng.exe[2732] kernel32.dll!LoadLibraryExW 75BA927C 5 Bytes JMP 0240300C
    .text C:\Windows\system32\taskeng.exe[2732] kernel32.dll!TerminateThread 75BC4413 5 Bytes JMP 0240400C
    .text C:\Windows\system32\taskeng.exe[2732] ADVAPI32.dll!CloseServiceHandle 76F682A5 5 Bytes JMP 0240800C
    .text C:\Windows\system32\taskeng.exe[2732] ADVAPI32.dll!OpenServiceW 76F68354 5 Bytes JMP 0240600C
    .text C:\Windows\system32\taskeng.exe[2732] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 0240900C
    .text C:\Windows\system32\taskeng.exe[2732] ADVAPI32.dll!ControlService 76F89FB8 5 Bytes JMP 0240700C
    .text C:\Windows\system32\taskeng.exe[2732] USER32.dll!SetWindowsHookExW 76C387AD 5 Bytes JMP 0240500C
    .text C:\Windows\system32\taskeng.exe[2732] USER32.dll!DdeConnect 76C79A1F 5 Bytes JMP 0240B00C
    .text C:\Windows\system32\taskeng.exe[2732] ole32.dll!CoCreateInstanceEx 75A69F81 5 Bytes JMP 0240A00C
    .text C:\Windows\Explorer.EXE[2860] ntdll.dll!NtCreateProcess 773242E4 5 Bytes JMP 00F3000C
    .text C:\Windows\Explorer.EXE[2860] ntdll.dll!NtCreateProcessEx 773242F4 5 Bytes JMP 00F3100C
    .text C:\Windows\Explorer.EXE[2860] ntdll.dll!NtCreateUserProcess 77325654 5 Bytes JMP 00F3200C
    .text C:\Windows\Explorer.EXE[2860] kernel32.dll!LoadLibraryExW 75BA927C 5 Bytes JMP 00F3300C
    .text C:\Windows\Explorer.EXE[2860] kernel32.dll!TerminateThread 75BC4413 5 Bytes JMP 00F3400C
    .text C:\Windows\Explorer.EXE[2860] ADVAPI32.dll!CloseServiceHandle 76F682A5 5 Bytes JMP 00F3800C
    .text C:\Windows\Explorer.EXE[2860] ADVAPI32.dll!OpenServiceW 76F68354 5 Bytes JMP 00F3600C
    .text C:\Windows\Explorer.EXE[2860] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 00F3900C
    .text C:\Windows\Explorer.EXE[2860] ADVAPI32.dll!ControlService 76F89FB8 5 Bytes JMP 00F3700C
    .text C:\Windows\Explorer.EXE[2860] USER32.dll!SetWindowsHookExW 76C387AD 5 Bytes JMP 00F3500C
    .text C:\Windows\Explorer.EXE[2860] USER32.dll!DdeConnect 76C79A1F 5 Bytes JMP 00F3B00C
    .text C:\Windows\Explorer.EXE[2860] ole32.dll!CoCreateInstanceEx 75A69F81 5 Bytes JMP 00F3A00C
    .text C:\Windows\system32\SearchIndexer.exe[2896] ntdll.dll!NtCreateProcess 773242E4 5 Bytes JMP 00DD000C
    .text C:\Windows\system32\SearchIndexer.exe[2896] ntdll.dll!NtCreateProcessEx 773242F4 5 Bytes JMP 00DD100C
    .text C:\Windows\system32\SearchIndexer.exe[2896] ntdll.dll!NtCreateUserProcess 77325654 5 Bytes JMP 00DD200C
    .text C:\Windows\system32\SearchIndexer.exe[2896] kernel32.dll!LoadLibraryExW 75BA927C 5 Bytes JMP 00DD300C
    .text C:\Windows\system32\SearchIndexer.exe[2896] kernel32.dll!TerminateThread 75BC4413 5 Bytes JMP 00DD400C
    .text C:\Windows\system32\SearchIndexer.exe[2896] ADVAPI32.dll!CloseServiceHandle 76F682A5 5 Bytes JMP 00DD800C
    .text C:\Windows\system32\SearchIndexer.exe[2896] ADVAPI32.dll!OpenServiceW 76F68354 5 Bytes JMP 00DD600C
    .text C:\Windows\system32\SearchIndexer.exe[2896] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 00DD900C
    .text C:\Windows\system32\SearchIndexer.exe[2896] ADVAPI32.dll!ControlService 76F89FB8 5 Bytes JMP 00DD700C
    .text C:\Windows\system32\SearchIndexer.exe[2896] USER32.dll!SetWindowsHookExW 76C387AD 5 Bytes JMP 00DD500C
    .text C:\Windows\system32\SearchIndexer.exe[2896] USER32.dll!DdeConnect 76C79A1F 5 Bytes JMP 00DDB00C
    .text C:\Windows\system32\SearchIndexer.exe[2896] ole32.dll!CoCreateInstanceEx 75A69F81 5 Bytes JMP 00DDA00C
    .text C:\Windows\system32\DRIVERS\xaudio.exe[3132] ntdll.dll!NtCreateProcess 773242E4 5 Bytes JMP 0022000C
    .text C:\Windows\system32\DRIVERS\xaudio.exe[3132] ntdll.dll!NtCreateProcessEx 773242F4 5 Bytes JMP 0022100C
    .text C:\Windows\system32\DRIVERS\xaudio.exe[3132] ntdll.dll!NtCreateUserProcess 77325654 5 Bytes JMP 0022200C
    .text C:\Windows\system32\DRIVERS\xaudio.exe[3132] kernel32.dll!LoadLibraryExW 75BA927C 5 Bytes JMP 0022300C
    .text C:\Windows\system32\DRIVERS\xaudio.exe[3132] kernel32.dll!TerminateThread 75BC4413 5 Bytes JMP 0022400C
    .text C:\Windows\system32\DRIVERS\xaudio.exe[3132] ADVAPI32.dll!CloseServiceHandle 76F682A5 5 Bytes JMP 0022800C
    .text C:\Windows\system32\DRIVERS\xaudio.exe[3132] ADVAPI32.dll!OpenServiceW 76F68354 5 Bytes JMP 0022600C
    .text C:\Windows\system32\DRIVERS\xaudio.exe[3132] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 0022900C
    .text C:\Windows\system32\DRIVERS\xaudio.exe[3132] ADVAPI32.dll!ControlService 76F89FB8 5 Bytes JMP 0022700C
    .text C:\Windows\system32\DRIVERS\xaudio.exe[3132] ole32.dll!CoCreateInstanceEx 75A69F81 5 Bytes JMP 0022A00C
    .text C:\Windows\system32\DRIVERS\xaudio.exe[3132] USER32.dll!SetWindowsHookExW 76C387AD 5 Bytes JMP 0022500C
    .text C:\Windows\system32\DRIVERS\xaudio.exe[3132] USER32.dll!DdeConnect 76C79A1F 5 Bytes JMP 0022B00C
    .text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe[3184] ntdll.dll!NtCreateProcess 773242E4 5 Bytes JMP 00E9000C
    .text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe[3184] ntdll.dll!NtCreateProcessEx 773242F4 5 Bytes JMP 00E9100C
    .text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe[3184] ntdll.dll!NtCreateUserProcess 77325654 5 Bytes JMP 00E9200C
    .text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe[3184] kernel32.dll!LoadLibraryExW 75BA927C 5 Bytes JMP 00E9300C
    .text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe[3184] kernel32.dll!TerminateThread 75BC4413 5 Bytes JMP 00E9400C
    .text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe[3184] ole32.dll!CoCreateInstanceEx 75A69F81 5 Bytes JMP 00E9A00C
    .text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe[3184] USER32.dll!SetWindowsHookExW 76C387AD 5 Bytes JMP 00E9500C
    .text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe[3184] USER32.dll!DdeConnect 76C79A1F 5 Bytes JMP 00E9B00C
    .text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe[3184] ADVAPI32.dll!CloseServiceHandle 76F682A5 5 Bytes JMP 00E9800C
    .text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe[3184] ADVAPI32.dll!OpenServiceW 76F68354 5 Bytes JMP 00E9600C
    .text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe[3184] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 00E9900C
    .text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe[3184] ADVAPI32.dll!ControlService 76F89FB8 5 Bytes JMP 00E9700C
    .text C:\Windows\system32\wbem\unsecapp.exe[3296] ntdll.dll!NtCreateProcess 773242E4 5 Bytes JMP 0006000C
    .text C:\Windows\system32\wbem\unsecapp.exe[3296] ntdll.dll!NtCreateProcessEx 773242F4 5 Bytes JMP 0006100C
    .text C:\Windows\system32\wbem\unsecapp.exe[3296] ntdll.dll!NtCreateUserProcess 77325654 5 Bytes JMP 0006200C
    .text C:\Windows\system32\wbem\unsecapp.exe[3296] kernel32.dll!LoadLibraryExW 75BA927C 5 Bytes JMP 0006300C
    .text C:\Windows\system32\wbem\unsecapp.exe[3296] kernel32.dll!TerminateThread 75BC4413 5 Bytes JMP 0006400C
    .text C:\Windows\system32\wbem\unsecapp.exe[3296] ADVAPI32.dll!CloseServiceHandle 76F682A5 5 Bytes JMP 0006800C
    .text C:\Windows\system32\wbem\unsecapp.exe[3296] ADVAPI32.dll!OpenServiceW 76F68354 5 Bytes JMP 0006600C
    .text C:\Windows\system32\wbem\unsecapp.exe[3296] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 0006900C
    .text C:\Windows\system32\wbem\unsecapp.exe[3296] ADVAPI32.dll!ControlService 76F89FB8 5 Bytes JMP 0006700C
    .text C:\Windows\system32\wbem\unsecapp.exe[3296] ole32.dll!CoCreateInstanceEx 75A69F81 5 Bytes JMP 0006A00C
    .text C:\Windows\system32\wbem\unsecapp.exe[3296] USER32.dll!SetWindowsHookExW 76C387AD 5 Bytes JMP 0006500C
    .text C:\Windows\system32\wbem\unsecapp.exe[3296] USER32.dll!DdeConnect 76C79A1F 5 Bytes JMP 0006B00C
    .text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3468] ntdll.dll!NtCreateProcess 773242E4 5 Bytes JMP 00A4000C
    .text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3468] ntdll.dll!NtCreateProcessEx 773242F4 5 Bytes JMP 00A4100C
    .text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3468] ntdll.dll!NtCreateUserProcess 77325654 5 Bytes JMP 00A4200C
    .text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3468] kernel32.dll!LoadLibraryExW 75BA927C 5 Bytes JMP 00A4300C
    .text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3468] kernel32.dll!TerminateThread 75BC4413 5 Bytes JMP 00A4400C
    .text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3468] ole32.dll!CoCreateInstanceEx 75A69F81 5 Bytes JMP 00A4A00C
    .text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3468] USER32.dll!SetWindowsHookExW 76C387AD 5 Bytes JMP 00A4500C
    .text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3468] USER32.dll!DdeConnect 76C79A1F 5 Bytes JMP 00A4B00C
    .text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3468] ADVAPI32.dll!CloseServiceHandle 76F682A5 5 Bytes JMP 00A4800C
    .text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3468] ADVAPI32.dll!OpenServiceW 76F68354 5 Bytes JMP 00A4600C
    .text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3468] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 00A4900C
    .text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3468] ADVAPI32.dll!ControlService 76F89FB8 5 Bytes JMP 00A4700C
    .text C:\Windows\system32\wbem\wmiprvse.exe[3584] ntdll.dll!NtCreateProcess 773242E4 5 Bytes JMP 0006000C
    .text C:\Windows\system32\wbem\wmiprvse.exe[3584] ntdll.dll!NtCreateProcessEx 773242F4 5 Bytes JMP 0006100C
    .text C:\Windows\system32\wbem\wmiprvse.exe[3584] ntdll.dll!NtCreateUserProcess 77325654 5 Bytes JMP 0006200C
    .text C:\Windows\system32\wbem\wmiprvse.exe[3584] kernel32.dll!LoadLibraryExW 75BA927C 5 Bytes JMP 0006300C
    .text C:\Windows\system32\wbem\wmiprvse.exe[3584] kernel32.dll!TerminateThread 75BC4413 5 Bytes JMP 0006400C
    .text C:\Windows\system32\wbem\wmiprvse.exe[3584] ADVAPI32.dll!CloseServiceHandle 76F682A5 5 Bytes JMP 0006800C
    .text C:\Windows\system32\wbem\wmiprvse.exe[3584] ADVAPI32.dll!OpenServiceW 76F68354 5 Bytes JMP 0006600C
    .text C:\Windows\system32\wbem\wmiprvse.exe[3584] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 0006900C
    .text C:\Windows\system32\wbem\wmiprvse.exe[3584] ADVAPI32.dll!ControlService 76F89FB8 5 Bytes JMP 0006700C
    .text C:\Windows\system32\wbem\wmiprvse.exe[3584] USER32.dll!SetWindowsHookExW 76C387AD 5 Bytes JMP 0006500C
    .text C:\Windows\system32\wbem\wmiprvse.exe[3584] USER32.dll!DdeConnect 76C79A1F 5 Bytes JMP 0006B00C
    .text C:\Windows\system32\wbem\wmiprvse.exe[3584] ole32.dll!CoCreateInstanceEx 75A69F81 5 Bytes JMP 0006A00C
    .text C:\Windows\system32\igfxsrvc.exe[3592] ntdll.dll!NtCreateProcess 773242E4 5 Bytes JMP 003C000C
    .text C:\Windows\system32\igfxsrvc.exe[3592] ntdll.dll!NtCreateProcessEx 773242F4 5 Bytes JMP 003C100C
    .text C:\Windows\system32\igfxsrvc.exe[3592] ntdll.dll!NtCreateUserProcess 77325654 5 Bytes JMP 003C200C
    .text C:\Windows\system32\igfxsrvc.exe[3592] kernel32.dll!LoadLibraryExW 75BA927C 5 Bytes JMP 003C300C
    .text C:\Windows\system32\igfxsrvc.exe[3592] kernel32.dll!TerminateThread 75BC4413 5 Bytes JMP 003C400C
    .text C:\Windows\system32\igfxsrvc.exe[3592] USER32.dll!SetWindowsHookExW 76C387AD 5 Bytes JMP 003C500C
    .text C:\Windows\system32\igfxsrvc.exe[3592] USER32.dll!DdeConnect 76C79A1F 5 Bytes JMP 003CB00C
    .text C:\Windows\system32\igfxsrvc.exe[3592] ADVAPI32.dll!CloseServiceHandle 76F682A5 5 Bytes JMP 003C800C
    .text C:\Windows\system32\igfxsrvc.exe[3592] ADVAPI32.dll!OpenServiceW 76F68354 5 Bytes JMP 003C600C
    .text C:\Windows\system32\igfxsrvc.exe[3592] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 003C900C
    .text C:\Windows\system32\igfxsrvc.exe[3592] ADVAPI32.dll!ControlService 76F89FB8 5 Bytes JMP 003C700C
    .text C:\Windows\system32\igfxsrvc.exe[3592] ole32.dll!CoCreateInstanceEx 75A69F81 5 Bytes JMP 003CA00C
    .text C:\Windows\system32\taskeng.exe[3656] ntdll.dll!NtCreateProcess 773242E4 5 Bytes JMP 0088000C
    .text C:\Windows\system32\taskeng.exe[3656] ntdll.dll!NtCreateProcessEx 773242F4 5 Bytes JMP 0088100C
    .text C:\Windows\system32\taskeng.exe[3656] ntdll.dll!NtCreateUserProcess 77325654 5 Bytes JMP 0088200C
    .text C:\Windows\system32\taskeng.exe[3656] kernel32.dll!LoadLibraryExW 75BA927C 5 Bytes JMP 0088300C
    .text C:\Windows\system32\taskeng.exe[3656] kernel32.dll!TerminateThread 75BC4413 5 Bytes JMP 0088400C
    .text C:\Windows\system32\taskeng.exe[3656] ADVAPI32.dll!CloseServiceHandle 76F682A5 5 Bytes JMP 0088800C
    .text C:\Windows\system32\taskeng.exe[3656] ADVAPI32.dll!OpenServiceW 76F68354 5 Bytes JMP 0088600C
    .text C:\Windows\system32\taskeng.exe[3656] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 0088900C
    .text C:\Windows\system32\taskeng.exe[3656] ADVAPI32.dll!ControlService 76F89FB8 5 Bytes JMP 0088700C
    .text C:\Windows\system32\taskeng.exe[3656] USER32.dll!SetWindowsHookExW 76C387AD 5 Bytes JMP 0088500C
    .text C:\Windows\system32\taskeng.exe[3656] USER32.dll!DdeConnect 76C79A1F 5 Bytes JMP 0088B00C
    .text C:\Windows\system32\taskeng.exe[3656] ole32.dll!CoCreateInstanceEx 75A69F81 5 Bytes JMP 0088A00C
    .text C:\Windows\system32\svchost.exe[3804] ntdll.dll!NtCreateProcess 773242E4 5 Bytes JMP 000C000C
    .text C:\Windows\system32\svchost.exe[3804] ntdll.dll!NtCreateProcessEx 773242F4 5 Bytes JMP 000C100C
    .text C:\Windows\system32\svchost.exe[3804] ntdll.dll!NtCreateUserProcess 77325654 5 Bytes JMP 000C200C
    .text C:\Users\Jen\Desktop\qnzcjscq.exe[3876] ntdll.dll!NtCreateProcess 773242E4 5 Bytes JMP 0016000C
    .text C:\Users\Jen\Desktop\qnzcjscq.exe[3876] ntdll.dll!NtCreateProcessEx 773242F4 5 Bytes JMP 0016100C
    .text C:\Users\Jen\Desktop\qnzcjscq.exe[3876] ntdll.dll!NtCreateUserProcess 77325654 5 Bytes JMP 0016200C
    .text C:\Users\Jen\Desktop\qnzcjscq.exe[3876] kernel32.dll!LoadLibraryExW 75BA927C 5 Bytes JMP 0016300C
    .text C:\Users\Jen\Desktop\qnzcjscq.exe[3876] kernel32.dll!TerminateThread 75BC4413 5 Bytes JMP 0016400C
    .text C:\Users\Jen\Desktop\qnzcjscq.exe[3876] USER32.dll!SetWindowsHookExW 76C387AD 5 Bytes JMP 0016500C
    .text C:\Users\Jen\Desktop\qnzcjscq.exe[3876] USER32.dll!DdeConnect 76C79A1F 5 Bytes JMP 0016A00C
    .text C:\Users\Jen\Desktop\qnzcjscq.exe[3876] ADVAPI32.dll!CloseServiceHandle 76F682A5 5 Bytes JMP 0016800C
    .text C:\Users\Jen\Desktop\qnzcjscq.exe[3876] ADVAPI32.dll!OpenServiceW 76F68354 5 Bytes JMP 0016600C
    .text C:\Users\Jen\Desktop\qnzcjscq.exe[3876] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 0016900C
    .text C:\Users\Jen\Desktop\qnzcjscq.exe[3876] ADVAPI32.dll!ControlService 76F89FB8 5 Bytes JMP 0016700C
    .text C:\Users\Jen\Desktop\qnzcjscq.exe[3876] ole32.dll!CoCreateInstanceEx 75A69F81 5 Bytes JMP 0016B00C
    .text C:\Windows\system32\wbem\wmiprvse.exe[4512] ntdll.dll!NtCreateProcess 773242E4 5 Bytes JMP 0013000C
    .text C:\Windows\system32\wbem\wmiprvse.exe[4512] ntdll.dll!NtCreateProcessEx 773242F4 5 Bytes JMP 0013100C
    .text C:\Windows\system32\wbem\wmiprvse.exe[4512] ntdll.dll!NtCreateUserProcess 77325654 5 Bytes JMP 0013200C
    .text C:\Windows\system32\wbem\wmiprvse.exe[4512] kernel32.dll!LoadLibraryExW 75BA927C 5 Bytes JMP 0013300C
    .text C:\Windows\system32\wbem\wmiprvse.exe[4512] kernel32.dll!TerminateThread 75BC4413 5 Bytes JMP 0013400C
    .text C:\Windows\system32\wbem\wmiprvse.exe[4512] ADVAPI32.dll!CloseServiceHandle 76F682A5 5 Bytes JMP 0013800C
    .text C:\Windows\system32\wbem\wmiprvse.exe[4512] ADVAPI32.dll!OpenServiceW 76F68354 5 Bytes JMP 0013600C
    .text C:\Windows\system32\wbem\wmiprvse.exe[4512] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 0013900C
    .text C:\Windows\system32\wbem\wmiprvse.exe[4512] ADVAPI32.dll!ControlService 76F89FB8 5 Bytes JMP 0013700C
    .text C:\Windows\system32\wbem\wmiprvse.exe[4512] USER32.dll!SetWindowsHookExW 76C387AD 5 Bytes JMP 0013500C
    .text C:\Windows\system32\wbem\wmiprvse.exe[4512] USER32.dll!DdeConnect 76C79A1F 5 Bytes JMP 0013B00C
    .text C:\Windows\system32\wbem\wmiprvse.exe[4512] ole32.dll!CoCreateInstanceEx 75A69F81 5 Bytes JMP 0013A00C
    .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4912] ntdll.dll!NtCreateProcess 773242E4 5 Bytes JMP 0037000C
    .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4912] ntdll.dll!NtCreateProcessEx 773242F4 5 Bytes JMP 0037100C
    .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4912] ntdll.dll!NtCreateUserProcess 77325654 5 Bytes JMP 0037200C
    .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4912] kernel32.dll!LoadLibraryExW 75BA927C 5 Bytes JMP 0037300C
    .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4912] kernel32.dll!TerminateThread 75BC4413 5 Bytes JMP 0037400C
    .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4912] ADVAPI32.dll!CloseServiceHandle 76F682A5 5 Bytes JMP 0037800C
    .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4912] ADVAPI32.dll!OpenServiceW 76F68354 5 Bytes JMP 0037600C
    .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4912] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 0037900C
    .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4912] ADVAPI32.dll!ControlService 76F89FB8 5 Bytes JMP 0037700C
    .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4912] USER32.dll!SetWindowsHookExW 76C387AD 5 Bytes JMP 0037500C
    .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4912] USER32.dll!DdeConnect 76C79A1F 5 Bytes JMP 0037B00C
    .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4912] ole32.dll!CoCreateInstanceEx 75A69F81 5 Bytes JMP 0037A00C
    .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5244] ntdll.dll!NtCreateProcess 773242E4 5 Bytes JMP 0023000C
    .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5244] ntdll.dll!NtCreateProcessEx 773242F4 5 Bytes JMP 0023100C
    .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5244] ntdll.dll!NtCreateUserProcess 77325654 5 Bytes JMP 0023200C
    .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5244] kernel32.dll!LoadLibraryExW 75BA927C 5 Bytes JMP 0023300C
    .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5244] kernel32.dll!TerminateThread 75BC4413 5 Bytes JMP 0023400C
    .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5244] USER32.dll!SetWindowsHookExW 76C387AD 5 Bytes JMP 0023500C
    .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5244] USER32.dll!DdeConnect 76C79A1F 5 Bytes JMP 0023A00C
    .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5244] ADVAPI32.dll!CloseServiceHandle 76F682A5 5 Bytes JMP 0023800C
    .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5244] ADVAPI32.dll!OpenServiceW 76F68354 5 Bytes JMP 0023600C
    .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5244] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 0023900C
    .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5244] ADVAPI32.dll!ControlService 76F89FB8 5 Bytes JMP 0023700C
    .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5372] ntdll.dll!NtCreateProcess 773242E4 5 Bytes JMP 0019000C
    .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5372] ntdll.dll!NtCreateProcessEx 773242F4 5 Bytes JMP 0019100C
    .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5372] ntdll.dll!NtCreateUserProcess 77325654 5 Bytes JMP 0019200C
    .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5372] kernel32.dll!LoadLibraryExW 75BA927C 5 Bytes JMP 0019300C
    .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5372] kernel32.dll!TerminateThread 75BC4413 5 Bytes JMP 0019400C
    .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5372] USER32.dll!SetWindowsHookExW 76C387AD 5 Bytes JMP 0019500C
    .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5372] USER32.dll!DdeConnect 76C79A1F 5 Bytes JMP 0019B00C
    .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5372] ADVAPI32.dll!CloseServiceHandle 76F682A5 5 Bytes JMP 0019800C
    .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5372] ADVAPI32.dll!OpenServiceW 76F68354 5 Bytes JMP 0019600C
    .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5372] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 0019900C
    .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5372] ADVAPI32.dll!ControlService 76F89FB8 5 Bytes JMP 0019700C
    .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5372] ole32.dll!CoCreateInstanceEx 75A69F81 5 Bytes JMP 0019A00C
    .text \\?\C:\Windows\system32\wbem\WMIADAP.EXE[6132] ntdll.dll!NtCreateProcess 773242E4 5 Bytes JMP 0013000C
    .text \\?\C:\Windows\system32\wbem\WMIADAP.EXE[6132] ntdll.dll!NtCreateProcessEx 773242F4 5 Bytes JMP 0013100C
    .text \\?\C:\Windows\system32\wbem\WMIADAP.EXE[6132] ntdll.dll!NtCreateUserProcess 77325654 5 Bytes JMP 0013200C
    .text \\?\C:\Windows\system32\wbem\WMIADAP.EXE[6132] kernel32.dll!LoadLibraryExW 75BA927C 5 Bytes JMP 0013300C
    .text \\?\C:\Windows\system32\wbem\WMIADAP.EXE[6132] kernel32.dll!TerminateThread 75BC4413 5 Bytes JMP 0013400C
    .text \\?\C:\Windows\system32\wbem\WMIADAP.EXE[6132] ADVAPI32.dll!CloseServiceHandle 76F682A5 5 Bytes JMP 0013800C
    .text \\?\C:\Windows\system32\wbem\WMIADAP.EXE[6132] ADVAPI32.dll!OpenServiceW 76F68354 5 Bytes JMP 0013600C
    .text \\?\C:\Windows\system32\wbem\WMIADAP.EXE[6132] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 0013900C
    .text \\?\C:\Windows\system32\wbem\WMIADAP.EXE[6132] ADVAPI32.dll!ControlService 76F89FB8 5 Bytes JMP 0013700C
    .text \\?\C:\Windows\system32\wbem\WMIADAP.EXE[6132] USER32.dll!SetWindowsHookExW 76C387AD 5 Bytes JMP 0013500C
    .text \\?\C:\Windows\system32\wbem\WMIADAP.EXE[6132] USER32.dll!DdeConnect 76C79A1F 5 Bytes JMP 0013B00C
    .text \\?\C:\Windows\system32\wbem\WMIADAP.EXE[6132] ole32.dll!CoCreateInstanceEx 75A69F81 5 Bytes JMP 0013A00C

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based [email protected] 1247292517
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto [email protected] 1

    ---- EOF - GMER 1.0.15 ----

    ======================================================================

    Thanks in advance!
     

    Attached Files:

  3. jgrenie

    jgrenie Thread Starter

    Joined:
    Mar 10, 2008
    Messages:
    72
    Bump ... Can someone please take a look and let me know if there is anything I need to get rid of here?

    Thanks.
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1025721

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice