[Inactive] 2 iexplore.exe processes in task manager and slow computer

GetOffMe · Mar 28, 2011

Hello to all and you wonderful volunteers of Tech Spot.
I've noticed 2 processes of iexplore.exe running in task manager
I'm sure there are other nasties hiding inside this computer, which free Avast, MBAM and Norton cant find....please help. below find my HJT logfile: Thanx

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:05:44 AM, on 3/28/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Compaq_Owner\Desktop\Glenn\Computer Stuff\Tools\Scanning\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games – Texas Holdem Poker) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab79352.cab
O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} (ZPA_SHVL Object) - http://zone.msn.com/bingame/zpagames/zpa_shvl.cab55579.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IHA_MessageCenter - Unknown owner - C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 6834 bytes

Bobbye · Mar 28, 2011

Welcome to TechSpot! Perhaps I can put you mind at ease by telling you that 2 -or-more- iexplore.exe in Internet Explorer v8 is normal!

We do not 'screen' for malware with HijackThis If you have reason to suspect malware in spite of the clean scans, describe the problems you are having -other than slow

Then please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

When you have finished, leave the logs for review in your next reply .
NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.

Important!
Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.

GetOffMe · Apr 7, 2011

Bobbye,
What makes me think something fishy is going on in the computer:
During startup, I get 2 warnings that I didn't get before.
First a "security center" warning that my firewall is not up, then it goes away
when my local area connection finishes syncing up. Then I get a warning from my local area connection that I may have limited or no connectivity, this goes to normal after about 40 seconds or when I "repair".
Also, there are times when my PF Usage is sky high after opening Internet Explorer.
After I posted my first thread, I realized how little free space I had left, I know this I probably the cause of a few of my problems, I can't defrag till I clean up this computer.
Below are my scan results:
Avast: No Threats Found

MBAM: Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6218

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

3/30/2011 2:57:47 PM
mbam-log-2011-03-30 (14-57-47).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 267265
Time elapsed: 1 hour(s), 58 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Please see next post

GetOffMe · Apr 7, 2011

GMER 1.0.15.15570 - http://www.gmer.net
Rootkit scan 2011-04-02 14:54:40
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD800BB-22JHA0 rev.05.01C05
Running: f04ni0up.exe; Driver: C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\kgriiaoc.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xF002A9CA]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xF007FA68]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xF004AAF5]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xF002CEAC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xF002CF04]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xF002D01A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xF004A4A9]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xF002CE02]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xF002CF54]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xF002CE56]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xF002CFC8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xF002A9EE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xF004B1BB]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xF004B471]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xF002D29E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xF004B026]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xF004AE91]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xF007FB18]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xF002A7B8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xF002AA12]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xF002D412]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xF002B4AA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xF002CEDC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xF002CF2C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xF002D044]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xF004A805]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xF002CE2E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xF002D0D6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xF002CF94]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xF002CE84]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xF002D1BA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xF002CFF2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xF007FBB0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xF004AD0C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xF002B370]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xF004AB5E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xF0087E26]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xF0049B1C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xF002AA36]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xF002AA5A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xF002A812]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xF002A94E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xF004B2C2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xF002A92A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xF002A972]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xF002AA7E]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xF00948DE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

PAGE ntoskrnl.exe!ObInsertObject 8056503A 5 Bytes JMP F0091D38 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 3CC 8056B8E8 4 Bytes CALL F002BE25 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntoskrnl.exe!ZwCreateProcessEx 8057FE4C 7 Bytes JMP F00948E2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ObMakeTemporaryObject 8059F8CA 5 Bytes JMP F009029E \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)

GetOffMe · Apr 7, 2011

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\spoolsv.exe[524] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\spoolsv.exe[524] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\spoolsv.exe[524] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B01D4
.text C:\WINDOWS\system32\spoolsv.exe[524] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\spoolsv.exe[524] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\spoolsv.exe[524] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B015C
.text C:\WINDOWS\system32\spoolsv.exe[524] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0198
.text C:\WINDOWS\system32\spoolsv.exe[524] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\spoolsv.exe[524] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\spoolsv.exe[524] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\spoolsv.exe[524] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C00E4
.text C:\WINDOWS\system32\spoolsv.exe[524] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0120
.text C:\WINDOWS\system32\spoolsv.exe[524] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C00A8
.text C:\WINDOWS\system32\spoolsv.exe[524] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C0030
.text C:\WINDOWS\system32\spoolsv.exe[524] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C006C
.text C:\Program Files\iPod\bin\iPodService.exe[704] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00150030
.text C:\Program Files\iPod\bin\iPodService.exe[704] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0015006C
.text C:\Program Files\iPod\bin\iPodService.exe[704] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003901D4
.text C:\Program Files\iPod\bin\iPodService.exe[704] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003900E4
.text C:\Program Files\iPod\bin\iPodService.exe[704] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390120
.text C:\Program Files\iPod\bin\iPodService.exe[704] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 0039015C
.text C:\Program Files\iPod\bin\iPodService.exe[704] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390198
.text C:\Program Files\iPod\bin\iPodService.exe[704] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00390030
.text C:\Program Files\iPod\bin\iPodService.exe[704] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0039006C
.text C:\Program Files\iPod\bin\iPodService.exe[704] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003900A8
.text C:\Program Files\iPod\bin\iPodService.exe[704] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A00E4
.text C:\Program Files\iPod\bin\iPodService.exe[704] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0120
.text C:\Program Files\iPod\bin\iPodService.exe[704] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A00A8
.text C:\Program Files\iPod\bin\iPodService.exe[704] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A0030
.text C:\Program Files\iPod\bin\iPodService.exe[704] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A006C
.text C:\Program Files\Java\jre6\bin\jqs.exe[724] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00150030
.text C:\Program Files\Java\jre6\bin\jqs.exe[724] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0015006C
.text C:\Program Files\Java\jre6\bin\jqs.exe[724] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003901D4
.text C:\Program Files\Java\jre6\bin\jqs.exe[724] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003900E4
.text C:\Program Files\Java\jre6\bin\jqs.exe[724] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390120
.text C:\Program Files\Java\jre6\bin\jqs.exe[724] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 0039015C
.text C:\Program Files\Java\jre6\bin\jqs.exe[724] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390198
.text C:\Program Files\Java\jre6\bin\jqs.exe[724] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00390030
.text C:\Program Files\Java\jre6\bin\jqs.exe[724] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0039006C
.text C:\Program Files\Java\jre6\bin\jqs.exe[724] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003900A8
.text C:\Program Files\Java\jre6\bin\jqs.exe[724] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A00E4
.text C:\Program Files\Java\jre6\bin\jqs.exe[724] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0120
.text C:\Program Files\Java\jre6\bin\jqs.exe[724] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A00A8
.text C:\Program Files\Java\jre6\bin\jqs.exe[724] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A0030
.text C:\Program Files\Java\jre6\bin\jqs.exe[724] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A006C
.text C:\WINDOWS\system32\winlogon.exe[808] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00070030
.text C:\WINDOWS\system32\winlogon.exe[808] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0007006C
.text C:\WINDOWS\system32\winlogon.exe[808] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B01D4
.text C:\WINDOWS\system32\winlogon.exe[808] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\winlogon.exe[808] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\winlogon.exe[808] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B015C
.text C:\WINDOWS\system32\winlogon.exe[808] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0198
.text C:\WINDOWS\system32\winlogon.exe[808] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\winlogon.exe[808] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\winlogon.exe[808] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\winlogon.exe[808] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C00E4
.text C:\WINDOWS\system32\winlogon.exe[808] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0120
.text C:\WINDOWS\system32\winlogon.exe[808] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C00A8
.text C:\WINDOWS\system32\winlogon.exe[808] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C0030
.text C:\WINDOWS\system32\winlogon.exe[808] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C006C
.text C:\WINDOWS\system32\services.exe[856] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\services.exe[856] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\services.exe[856] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B01D4
.text C:\WINDOWS\system32\services.exe[856] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\services.exe[856] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\services.exe[856] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B015C
.text C:\WINDOWS\system32\services.exe[856] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0198
.text C:\WINDOWS\system32\services.exe[856] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\services.exe[856] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\services.exe[856] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\services.exe[856] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C00E4
.text C:\WINDOWS\system32\services.exe[856] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0120
.text C:\WINDOWS\system32\services.exe[856] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C00A8
.text C:\WINDOWS\system32\services.exe[856] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C0030
.text C:\WINDOWS\system32\services.exe[856] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C006C
.text C:\WINDOWS\system32\lsass.exe[868] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\lsass.exe[868] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\lsass.exe[868] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B01D4
.text C:\WINDOWS\system32\lsass.exe[868] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\lsass.exe[868] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\lsass.exe[868] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B015C
.text C:\WINDOWS\system32\lsass.exe[868] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0198
.text C:\WINDOWS\system32\lsass.exe[868] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\lsass.exe[868] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\lsass.exe[868] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\lsass.exe[868] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C00E4
.text C:\WINDOWS\system32\lsass.exe[868] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0120
.text C:\WINDOWS\system32\lsass.exe[868] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C00A8
.text C:\WINDOWS\system32\lsass.exe[868] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C0030
.text C:\WINDOWS\system32\lsass.exe[868] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C006C
.text C:\WINDOWS\system32\svchost.exe[1036] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\svchost.exe[1036] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B01D4
.text C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B015C
.text C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0198
.text C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\svchost.exe[1036] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C00E4
.text C:\WINDOWS\system32\svchost.exe[1036] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0120
.text C:\WINDOWS\system32\svchost.exe[1036] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C00A8
.text C:\WINDOWS\system32\svchost.exe[1036] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C0030
.text C:\WINDOWS\system32\svchost.exe[1036] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C006C
.text C:\WINDOWS\system32\svchost.exe[1104] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\svchost.exe[1104] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\svchost.exe[1104] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B01D4
.text C:\WINDOWS\system32\svchost.exe[1104] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\svchost.exe[1104] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\svchost.exe[1104] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B015C
.text C:\WINDOWS\system32\svchost.exe[1104] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0198
.text C:\WINDOWS\system32\svchost.exe[1104] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\svchost.exe[1104] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\svchost.exe[1104] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\svchost.exe[1104] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C00E4
.text C:\WINDOWS\system32\svchost.exe[1104] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0120
.text C:\WINDOWS\system32\svchost.exe[1104] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C00A8
.text C:\WINDOWS\system32\svchost.exe[1104] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C0030
.text C:\WINDOWS\system32\svchost.exe[1104] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C006C
.text C:\Program Files\Common Files\Motive\McciCMService.exe[1156] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00150030
.text C:\Program Files\Common Files\Motive\McciCMService.exe[1156] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0015006C
.text C:\Program Files\Common Files\Motive\McciCMService.exe[1156] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003900E4
.text C:\Program Files\Common Files\Motive\McciCMService.exe[1156] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390120
.text C:\Program Files\Common Files\Motive\McciCMService.exe[1156] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003900A8
.text C:\Program Files\Common Files\Motive\McciCMService.exe[1156] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00390030
.text C:\Program Files\Common Files\Motive\McciCMService.exe[1156] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 0039006C
.text C:\Program Files\Common Files\Motive\McciCMService.exe[1156] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A01D4
.text C:\Program Files\Common Files\Motive\McciCMService.exe[1156] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A00E4
.text C:\Program Files\Common Files\Motive\McciCMService.exe[1156] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0120
.text C:\Program Files\Common Files\Motive\McciCMService.exe[1156] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A015C
.text C:\Program Files\Common Files\Motive\McciCMService.exe[1156] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0198
.text C:\Program Files\Common Files\Motive\McciCMService.exe[1156] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A0030
.text C:\Program Files\Common Files\Motive\McciCMService.exe[1156] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A006C
.text C:\Program Files\Common Files\Motive\McciCMService.exe[1156] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A00A8
.text C:\WINDOWS\System32\svchost.exe[1216] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00090030
.text C:\WINDOWS\System32\svchost.exe[1216] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0009006C
.text C:\WINDOWS\System32\svchost.exe[1216] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B01D4
.text C:\WINDOWS\System32\svchost.exe[1216] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B00E4
.text C:\WINDOWS\System32\svchost.exe[1216] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0120
.text C:\WINDOWS\System32\svchost.exe[1216] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B015C
.text C:\WINDOWS\System32\svchost.exe[1216] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0198
.text C:\WINDOWS\System32\svchost.exe[1216] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B0030
.text C:\WINDOWS\System32\svchost.exe[1216] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B006C
.text C:\WINDOWS\System32\svchost.exe[1216] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\System32\svchost.exe[1216] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C00E4
.text C:\WINDOWS\System32\svchost.exe[1216] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0120
.text C:\WINDOWS\System32\svchost.exe[1216] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C00A8
.text C:\WINDOWS\System32\svchost.exe[1216] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C0030
.text C:\WINDOWS\System32\svchost.exe[1216] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C006C
.text C:\WINDOWS\system32\svchost.exe[1260] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\svchost.exe[1260] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\svchost.exe[1260] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B01D4
.text C:\WINDOWS\system32\svchost.exe[1260] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\svchost.exe[1260] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\svchost.exe[1260] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B015C
.text C:\WINDOWS\system32\svchost.exe[1260] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0198
.text C:\WINDOWS\system32\svchost.exe[1260] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\svchost.exe[1260] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\svchost.exe[1260] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\svchost.exe[1260] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C00E4
.text C:\WINDOWS\system32\svchost.exe[1260] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0120
.text C:\WINDOWS\system32\svchost.exe[1260] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C00A8
.text C:\WINDOWS\system32\svchost.exe[1260] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C0030
.text C:\WINDOWS\system32\svchost.exe[1260] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C006C
.text C:\WINDOWS\system32\HPZipm12.exe[1284] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00140030
.text C:\WINDOWS\system32\HPZipm12.exe[1284] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0014006C
.text C:\WINDOWS\system32\HPZipm12.exe[1284] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003801D4
.text C:\WINDOWS\system32\HPZipm12.exe[1284] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003800E4
.text C:\WINDOWS\system32\HPZipm12.exe[1284] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380120
.text C:\WINDOWS\system32\HPZipm12.exe[1284] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 0038015C
.text C:\WINDOWS\system32\HPZipm12.exe[1284] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380198
.text C:\WINDOWS\system32\HPZipm12.exe[1284] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00380030
.text C:\WINDOWS\system32\HPZipm12.exe[1284] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0038006C
.text C:\WINDOWS\system32\HPZipm12.exe[1284] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003800A8
.text C:\WINDOWS\system32\HPZipm12.exe[1284] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003900E4
.text C:\WINDOWS\system32\HPZipm12.exe[1284] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390120
.text C:\WINDOWS\system32\HPZipm12.exe[1284] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003900A8
.text C:\WINDOWS\system32\HPZipm12.exe[1284] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00390030
.text C:\WINDOWS\system32\HPZipm12.exe[1284] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 0039006C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1300] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00150030
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1300] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0015006C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1300] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003901D4
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1300] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003900E4
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1300] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390120
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1300] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 0039015C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1300] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390198
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1300] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00390030
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1300] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0039006C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1300] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003900A8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1300] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A00E4
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1300] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0120
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1300] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A00A8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1300] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A0030
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1300] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A006C
.text C:\WINDOWS\system32\svchost.exe[1380] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00090030
.text

GetOffMe · Apr 7, 2011

C:\WINDOWS\system32\svchost.exe[1380] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\svchost.exe[1380] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B01D4
.text C:\WINDOWS\system32\svchost.exe[1380] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\svchost.exe[1380] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\svchost.exe[1380] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B015C
.text C:\WINDOWS\system32\svchost.exe[1380] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0198
.text C:\WINDOWS\system32\svchost.exe[1380] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\svchost.exe[1380] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\svchost.exe[1380] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\svchost.exe[1380] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C00E4
.text C:\WINDOWS\system32\svchost.exe[1380] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0120
.text C:\WINDOWS\system32\svchost.exe[1380] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C00A8
.text C:\WINDOWS\system32\svchost.exe[1380] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C0030
.text C:\WINDOWS\system32\svchost.exe[1380] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C006C
.text C:\WINDOWS\system32\svchost.exe[1412] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\svchost.exe[1412] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\svchost.exe[1412] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B01D4
.text C:\WINDOWS\system32\svchost.exe[1412] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\svchost.exe[1412] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\svchost.exe[1412] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B015C
.text C:\WINDOWS\system32\svchost.exe[1412] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0198
.text C:\WINDOWS\system32\svchost.exe[1412] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\svchost.exe[1412] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\svchost.exe[1412] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\svchost.exe[1412] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C00E4
.text C:\WINDOWS\system32\svchost.exe[1412] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0120
.text C:\WINDOWS\system32\svchost.exe[1412] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C00A8
.text C:\WINDOWS\system32\svchost.exe[1412] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C0030
.text C:\WINDOWS\system32\svchost.exe[1412] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C006C
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1492] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\WINDOWS\system32\svchost.exe[1676] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\svchost.exe[1676] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\svchost.exe[1676] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B01D4
.text C:\WINDOWS\system32\svchost.exe[1676] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\svchost.exe[1676] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\svchost.exe[1676] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B015C
.text C:\WINDOWS\system32\svchost.exe[1676] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0198
.text C:\WINDOWS\system32\svchost.exe[1676] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\svchost.exe[1676] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\svchost.exe[1676] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\svchost.exe[1676] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C00E4
.text C:\WINDOWS\system32\svchost.exe[1676] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0120
.text C:\WINDOWS\system32\svchost.exe[1676] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C00A8
.text C:\WINDOWS\system32\svchost.exe[1676] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C0030
.text C:\WINDOWS\system32\svchost.exe[1676] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C006C
.text C:\WINDOWS\Explorer.EXE[1696] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00090030
.text C:\WINDOWS\Explorer.EXE[1696] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0009006C
.text C:\WINDOWS\Explorer.EXE[1696] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C01D4
.text C:\WINDOWS\Explorer.EXE[1696] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C00E4
.text C:\WINDOWS\Explorer.EXE[1696] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0120
.text C:\WINDOWS\Explorer.EXE[1696] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C015C
.text C:\WINDOWS\Explorer.EXE[1696] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0198
.text C:\WINDOWS\Explorer.EXE[1696] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C0030
.text C:\WINDOWS\Explorer.EXE[1696] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C006C
.text C:\WINDOWS\Explorer.EXE[1696] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C00A8
.text C:\WINDOWS\Explorer.EXE[1696] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D00E4
.text C:\WINDOWS\Explorer.EXE[1696] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0120
.text C:\WINDOWS\Explorer.EXE[1696] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D00A8
.text C:\WINDOWS\Explorer.EXE[1696] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D0030
.text C:\WINDOWS\Explorer.EXE[1696] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D006C
.text C:\Program Files\Bonjour\mDNSResponder.exe[1784] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00150030
.text C:\Program Files\Bonjour\mDNSResponder.exe[1784] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0015006C
.text C:\Program Files\Bonjour\mDNSResponder.exe[1784] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003901D4
.text C:\Program Files\Bonjour\mDNSResponder.exe[1784] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003900E4
.text C:\Program Files\Bonjour\mDNSResponder.exe[1784] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390120
.text C:\Program Files\Bonjour\mDNSResponder.exe[1784] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 0039015C
.text C:\Program Files\Bonjour\mDNSResponder.exe[1784] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390198
.text C:\Program Files\Bonjour\mDNSResponder.exe[1784] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00390030
.text C:\Program Files\Bonjour\mDNSResponder.exe[1784] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0039006C
.text C:\Program Files\Bonjour\mDNSResponder.exe[1784] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003900A8
.text C:\Program Files\Bonjour\mDNSResponder.exe[1784] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A00E4
.text C:\Program Files\Bonjour\mDNSResponder.exe[1784] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0120
.text C:\Program Files\Bonjour\mDNSResponder.exe[1784] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A00A8
.text C:\Program Files\Bonjour\mDNSResponder.exe[1784] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A0030
.text C:\Program Files\Bonjour\mDNSResponder.exe[1784] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A006C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1908] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00150030
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1908] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0015006C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1908] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A01D4
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1908] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A00E4
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1908] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0120
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1908] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A015C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1908] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0198
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1908] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A0030
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1908] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A006C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1908] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A00A8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1908] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003B00E4
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1908] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003B0120
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1908] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003B00A8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1908] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003B0030
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1908] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003B006C
.text C:\program files\real\realplayer\update\realsched.exe[1920] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00140030
.text C:\program files\real\realplayer\update\realsched.exe[1920] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0014006C
.text C:\program files\real\realplayer\update\realsched.exe[1920] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\program files\real\realplayer\update\realsched.exe[1920] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003901D4
.text C:\program files\real\realplayer\update\realsched.exe[1920] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003900E4
.text C:\program files\real\realplayer\update\realsched.exe[1920] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390120
.text C:\program files\real\realplayer\update\realsched.exe[1920] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 0039015C
.text C:\program files\real\realplayer\update\realsched.exe[1920] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390198
.text C:\program files\real\realplayer\update\realsched.exe[1920] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00390030
.text C:\program files\real\realplayer\update\realsched.exe[1920] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0039006C
.text C:\program files\real\realplayer\update\realsched.exe[1920] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003900A8
.text C:\program files\real\realplayer\update\realsched.exe[1920] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A00E4
.text C:\program files\real\realplayer\update\realsched.exe[1920] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0120
.text C:\program files\real\realplayer\update\realsched.exe[1920] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A00A8
.text C:\program files\real\realplayer\update\realsched.exe[1920] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A0030
.text C:\program files\real\realplayer\update\realsched.exe[1920] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A006C
.text C:\WINDOWS\system32\ctfmon.exe[1928] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000A0030
.text C:\WINDOWS\system32\ctfmon.exe[1928] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000A006C
.text C:\WINDOWS\system32\ctfmon.exe[1928] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C01D4
.text C:\WINDOWS\system32\ctfmon.exe[1928] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C00E4
.text C:\WINDOWS\system32\ctfmon.exe[1928] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0120
.text C:\WINDOWS\system32\ctfmon.exe[1928] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C015C
.text C:\WINDOWS\system32\ctfmon.exe[1928] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0198
.text C:\WINDOWS\system32\ctfmon.exe[1928] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C0030
.text C:\WINDOWS\system32\ctfmon.exe[1928] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C006C
.text C:\WINDOWS\system32\ctfmon.exe[1928] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C00A8
.text C:\WINDOWS\system32\ctfmon.exe[1928] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D00E4
.text C:\WINDOWS\system32\ctfmon.exe[1928] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0120
.text C:\WINDOWS\system32\ctfmon.exe[1928] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D00A8
.text C:\WINDOWS\system32\ctfmon.exe[1928] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D0030
.text C:\WINDOWS\system32\ctfmon.exe[1928] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D006C
.text C:\WINDOWS\system32\wuauclt.exe[2888] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000A0030
.text C:\WINDOWS\system32\wuauclt.exe[2888] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000A006C
.text C:\WINDOWS\system32\wuauclt.exe[2888] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C01D4
.text C:\WINDOWS\system32\wuauclt.exe[2888] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C00E4
.text C:\WINDOWS\system32\wuauclt.exe[2888] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0120
.text C:\WINDOWS\system32\wuauclt.exe[2888] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C015C
.text C:\WINDOWS\system32\wuauclt.exe[2888] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0198
.text C:\WINDOWS\system32\wuauclt.exe[2888] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C0030
.text C:\WINDOWS\system32\wuauclt.exe[2888] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C006C
.text C:\WINDOWS\system32\wuauclt.exe[2888] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C00A8
.text C:\WINDOWS\system32\wuauclt.exe[2888] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D00E4
.text C:\WINDOWS\system32\wuauclt.exe[2888] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0120
.text C:\WINDOWS\system32\wuauclt.exe[2888] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D00A8
.text C:\WINDOWS\system32\wuauclt.exe[2888] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D0030
.text C:\WINDOWS\system32\wuauclt.exe[2888] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D006C
.text C:\WINDOWS\System32\alg.exe[3460] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00090030
.text C:\WINDOWS\System32\alg.exe[3460] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0009006C
.text C:\WINDOWS\System32\alg.exe[3460] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002B00E4
.text C:\WINDOWS\System32\alg.exe[3460] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002B0120
.text C:\WINDOWS\System32\alg.exe[3460] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002B00A8
.text C:\WINDOWS\System32\alg.exe[3460] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002B0030
.text C:\WINDOWS\System32\alg.exe[3460] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002B006C
.text C:\WINDOWS\System32\alg.exe[3460] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C01D4
.text C:\WINDOWS\System32\alg.exe[3460] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C00E4
.text C:\WINDOWS\System32\alg.exe[3460] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0120
.text C:\WINDOWS\System32\alg.exe[3460] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C015C
.text C:\WINDOWS\System32\alg.exe[3460] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0198
.text C:\WINDOWS\System32\alg.exe[3460] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C0030
.text C:\WINDOWS\System32\alg.exe[3460] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C006C
.text C:\WINDOWS\System32\alg.exe[3460] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C00A8

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F99F53FC] \SystemRoot\System32\Drivers\NDISRD.SYS (NDISRD helper driver/NT Kernel Resources)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F99F5458] \SystemRoot\System32\Drivers\NDISRD.SYS (NDISRD helper driver/NT Kernel Resources)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F99F5684] \SystemRoot\System32\Drivers\NDISRD.SYS (NDISRD helper driver/NT Kernel Resources)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [F99F56B2] \SystemRoot\System32\Drivers\NDISRD.SYS (NDISRD helper driver/NT Kernel Resources)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F99F5684] \SystemRoot\System32\Drivers\NDISRD.SYS (NDISRD helper driver/NT Kernel Resources)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F99F5458] \SystemRoot\System32\Drivers\NDISRD.SYS (NDISRD helper driver/NT Kernel Resources)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F99F53FC] \SystemRoot\System32\Drivers\NDISRD.SYS (NDISRD helper driver/NT Kernel Resources)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCloseAdapter] [F99F53FC] \SystemRoot\System32\Drivers\NDISRD.SYS (NDISRD helper driver/NT Kernel Resources)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisOpenAdapter] [F99F5458] \SystemRoot\System32\Drivers\NDISRD.SYS (NDISRD helper driver/NT Kernel Resources)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisDeregisterProtocol] [F99F56B2] \SystemRoot\System32\Drivers\NDISRD.SYS (NDISRD helper driver/NT Kernel Resources)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol] [F99F5684] \SystemRoot\System32\Drivers\NDISRD.SYS (NDISRD helper driver/NT Kernel Resources)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[856] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 005E0002
IAT C:\WINDOWS\system32\services.exe[856] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 005E0000

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

Device \FileSystem\Fastfat \FatCdrom aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

---- EOF - GMER 1.0.15 ----

GetOffMe · Apr 7, 2011

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Compaq_Owner at 8:31:29.42 on Thu 04/07/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.247.96 [GMT -4:00]
.
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Compaq_Owner\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [Verizon_McciTrayApp] "c:\program files\verizon\McciTrayApp.exe"
mRun: [PS2] c:\windows\system32\ps2.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [AlcxMonitor] ALCXMNTR.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - c:\program files\paltalk messenger\Paltalk.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} - hxxp://zone.msn.com/bingame/zpagames/zpa_txhe.cab79352.cab
DPF: {A4110378-789B-455F-AE86-3A1BFC402853} - hxxp://zone.msn.com/bingame/zpagames/zpa_shvl.cab55579.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\compaq~1\applic~1\mozilla\firefox\profiles\hmxo04tc.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\compaq_owner\application data\mozilla\firefox\profiles\hmxo04tc.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\compaq_owner\application data\mozilla\firefox\profiles\hmxo04tc.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\compaq_owner\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\common files\motive\npMotive.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Search Toolbar: searchtoolbar@zugo.com - %profile%\extensions\searchtoolbar@zugo.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-2-25 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2008-10-19 301528]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-10-19 19544]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-3-19 42184]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-6-14 54752]
S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [2008-2-28 18432]
.
=============== Created Last 30 ================
.
2011-03-28 12:45:55 -------- d-----w- C:\lspfix
2011-03-16 19:07:15 190032 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-03-16 19:07:14 56400 ----a-w- c:\windows\system32\drivers\tmrkb.sys
2011-03-12 16:28:40 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2011-03-12 16:28:40 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
.
==================== Find3M ====================
.
2011-03-23 15:56:30 967 -c--a-w- c:\windows\ScUnin.pif
2011-03-23 15:56:30 70656 -c--a-w- c:\windows\ScUnin.exe
2011-02-23 15:04:21 40648 ----a-w- c:\windows\avastSS.scr
2011-02-03 02:40:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-03 00:19:39 73728 ----a-w- c:\windows\system32\javacpl.cpl
.
============= FINISH: 8:33:51.96

Bobbye · Apr 7, 2011

So far, I don't see much, Too bad you missed " don't check 'show all' in the GMER log! Go ahead and delete it on your system. No rootkits.

Please paste in the other logs from DDS, Attach.txt. Do not zip it.
===========================================
Download Combofix from HERE or HERE and save to the desktop

Double click combofix.exe & follow the prompts.

ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

.Click on Yes, to continue scanning for malware

.If Combofix asks you to update the program, allow

.Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

.Close any open browsers.

.Double click combofix.exe & follow the prompts to run.

When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..

Re-enable your Antivirus software.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Combofix will sow me if the Security Center has been disabled.

The limited connectivity message is something you may need to discuss with your ISP. The is no visible infection so far and you don't have an excess of processes running.

As for high CPU usage when you open IE, right click on the Taskbar> Task Manager> Double click on top frame of CPU column. What do you see besides Taskmgr, System and System Idle running high?

It is possible that one or more addons you have on IE is resource intensive. You can try disabling the addons (Tools> Manage Addons), then add them back one at a time, checking the system between. If you find one that is high resource user, consider removing it.

TechSpot

[Inactive] 2 iexplore.exe processes in task manager and slow computer

GetOffMe Newcomer, in training

Bobbye Helper on the Fringe

GetOffMe Newcomer, in training

GetOffMe Newcomer, in training

GetOffMe Newcomer, in training

GetOffMe Newcomer, in training

GetOffMe Newcomer, in training

Bobbye Helper on the Fringe