TechSpot

2 iexplore.exe processes in task manager and slow computer

By GetOffMe
Mar 28, 2011
  1. Hello to all and you wonderful volunteers of Tech Spot.
    I've noticed 2 processes of iexplore.exe running in task manager
    I'm sure there are other nasties hiding inside this computer, which free Avast, MBAM and Norton cant find....please help. below find my HJT logfile: Thanx

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 9:05:44 AM, on 3/28/2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Motive\McciCMService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Documents and Settings\Compaq_Owner\Desktop\Glenn\Computer Stuff\Tools\Scanning\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games – Texas Holdem Poker) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab79352.cab
    O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} (ZPA_SHVL Object) - http://zone.msn.com/bingame/zpagames/zpa_shvl.cab55579.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: IHA_MessageCenter - Unknown owner - C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

    --
    End of file - 6834 bytes
     
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Welcome to TechSpot! Perhaps I can put you mind at ease by telling you that 2 -or-more- iexplore.exe in Internet Explorer v8 is normal!

    We do not 'screen' for malware with HijackThis
    If you have reason to suspect malware in spite of the clean scans, describe the problems you are having -other than slow

    Then please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

    When you have finished, leave the logs for review in your next reply .
    NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.

    Important!
    Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.
     
  3. GetOffMe

    GetOffMe TS Rookie Topic Starter

    Bobbye,
    What makes me think something fishy is going on in the computer:
    During startup, I get 2 warnings that I didn't get before.
    First a "security center" warning that my firewall is not up, then it goes away
    when my local area connection finishes syncing up. Then I get a warning from my local area connection that I may have limited or no connectivity, this goes to normal after about 40 seconds or when I "repair".
    Also, there are times when my PF Usage is sky high after opening Internet Explorer.
    After I posted my first thread, I realized how little free space I had left, I know this I probably the cause of a few of my problems, I can't defrag till I clean up this computer.
    Below are my scan results:
    Avast: No Threats Found

    MBAM: Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6218

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    3/30/2011 2:57:47 PM
    mbam-log-2011-03-30 (14-57-47).txt

    Scan type: Full scan (C:\|D:\|)
    Objects scanned: 267265
    Time elapsed: 1 hour(s), 58 minute(s), 7 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    Please see next post
     
  4. GetOffMe

    GetOffMe TS Rookie Topic Starter

    GMER 1.0.15.15570 - http://www.gmer.net
    Rootkit scan 2011-04-02 14:54:40
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD800BB-22JHA0 rev.05.01C05
    Running: f04ni0up.exe; Driver: C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\kgriiaoc.sys


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xF002A9CA]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xF007FA68]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xF004AAF5]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xF002CEAC]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xF002CF04]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xF002D01A]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xF004A4A9]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xF002CE02]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xF002CF54]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xF002CE56]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xF002CFC8]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xF002A9EE]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xF004B1BB]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xF004B471]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xF002D29E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xF004B026]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xF004AE91]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xF007FB18]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xF002A7B8]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xF002AA12]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xF002D412]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xF002B4AA]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xF002CEDC]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xF002CF2C]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xF002D044]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xF004A805]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xF002CE2E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xF002D0D6]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xF002CF94]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xF002CE84]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xF002D1BA]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xF002CFF2]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xF007FBB0]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xF004AD0C]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xF002B370]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xF004AB5E]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xF0087E26]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xF0049B1C]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xF002AA36]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xF002AA5A]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xF002A812]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xF002A94E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xF004B2C2]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xF002A92A]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xF002A972]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xF002AA7E]

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xF00948DE]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

    ---- Kernel code sections - GMER 1.0.15 ----

    PAGE ntoskrnl.exe!ObInsertObject 8056503A 5 Bytes JMP F0091D38 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 3CC 8056B8E8 4 Bytes CALL F002BE25 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    PAGE ntoskrnl.exe!ZwCreateProcessEx 8057FE4C 7 Bytes JMP F00948E2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntoskrnl.exe!ObMakeTemporaryObject 8059F8CA 5 Bytes JMP F009029E \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
     
  5. GetOffMe

    GetOffMe TS Rookie Topic Starter

    ---- User code sections - GMER 1.0.15 ----

    .text C:\WINDOWS\system32\spoolsv.exe[524] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00090030
    .text C:\WINDOWS\system32\spoolsv.exe[524] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0009006C
    .text C:\WINDOWS\system32\spoolsv.exe[524] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B01D4
    .text C:\WINDOWS\system32\spoolsv.exe[524] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B00E4
    .text C:\WINDOWS\system32\spoolsv.exe[524] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0120
    .text C:\WINDOWS\system32\spoolsv.exe[524] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B015C
    .text C:\WINDOWS\system32\spoolsv.exe[524] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0198
    .text C:\WINDOWS\system32\spoolsv.exe[524] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B0030
    .text C:\WINDOWS\system32\spoolsv.exe[524] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B006C
    .text C:\WINDOWS\system32\spoolsv.exe[524] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B00A8
    .text C:\WINDOWS\system32\spoolsv.exe[524] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C00E4
    .text C:\WINDOWS\system32\spoolsv.exe[524] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0120
    .text C:\WINDOWS\system32\spoolsv.exe[524] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C00A8
    .text C:\WINDOWS\system32\spoolsv.exe[524] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C0030
    .text C:\WINDOWS\system32\spoolsv.exe[524] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C006C
    .text C:\Program Files\iPod\bin\iPodService.exe[704] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00150030
    .text C:\Program Files\iPod\bin\iPodService.exe[704] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0015006C
    .text C:\Program Files\iPod\bin\iPodService.exe[704] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003901D4
    .text C:\Program Files\iPod\bin\iPodService.exe[704] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003900E4
    .text C:\Program Files\iPod\bin\iPodService.exe[704] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390120
    .text C:\Program Files\iPod\bin\iPodService.exe[704] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 0039015C
    .text C:\Program Files\iPod\bin\iPodService.exe[704] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390198
    .text C:\Program Files\iPod\bin\iPodService.exe[704] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00390030
    .text C:\Program Files\iPod\bin\iPodService.exe[704] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0039006C
    .text C:\Program Files\iPod\bin\iPodService.exe[704] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003900A8
    .text C:\Program Files\iPod\bin\iPodService.exe[704] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A00E4
    .text C:\Program Files\iPod\bin\iPodService.exe[704] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0120
    .text C:\Program Files\iPod\bin\iPodService.exe[704] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A00A8
    .text C:\Program Files\iPod\bin\iPodService.exe[704] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A0030
    .text C:\Program Files\iPod\bin\iPodService.exe[704] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A006C
    .text C:\Program Files\Java\jre6\bin\jqs.exe[724] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00150030
    .text C:\Program Files\Java\jre6\bin\jqs.exe[724] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0015006C
    .text C:\Program Files\Java\jre6\bin\jqs.exe[724] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003901D4
    .text C:\Program Files\Java\jre6\bin\jqs.exe[724] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003900E4
    .text C:\Program Files\Java\jre6\bin\jqs.exe[724] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390120
    .text C:\Program Files\Java\jre6\bin\jqs.exe[724] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 0039015C
    .text C:\Program Files\Java\jre6\bin\jqs.exe[724] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390198
    .text C:\Program Files\Java\jre6\bin\jqs.exe[724] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00390030
    .text C:\Program Files\Java\jre6\bin\jqs.exe[724] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0039006C
    .text C:\Program Files\Java\jre6\bin\jqs.exe[724] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003900A8
    .text C:\Program Files\Java\jre6\bin\jqs.exe[724] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A00E4
    .text C:\Program Files\Java\jre6\bin\jqs.exe[724] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0120
    .text C:\Program Files\Java\jre6\bin\jqs.exe[724] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A00A8
    .text C:\Program Files\Java\jre6\bin\jqs.exe[724] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A0030
    .text C:\Program Files\Java\jre6\bin\jqs.exe[724] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A006C
    .text C:\WINDOWS\system32\winlogon.exe[808] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00070030
    .text C:\WINDOWS\system32\winlogon.exe[808] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0007006C
    .text C:\WINDOWS\system32\winlogon.exe[808] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B01D4
    .text C:\WINDOWS\system32\winlogon.exe[808] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B00E4
    .text C:\WINDOWS\system32\winlogon.exe[808] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0120
    .text C:\WINDOWS\system32\winlogon.exe[808] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B015C
    .text C:\WINDOWS\system32\winlogon.exe[808] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0198
    .text C:\WINDOWS\system32\winlogon.exe[808] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B0030
    .text C:\WINDOWS\system32\winlogon.exe[808] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B006C
    .text C:\WINDOWS\system32\winlogon.exe[808] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B00A8
    .text C:\WINDOWS\system32\winlogon.exe[808] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C00E4
    .text C:\WINDOWS\system32\winlogon.exe[808] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0120
    .text C:\WINDOWS\system32\winlogon.exe[808] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C00A8
    .text C:\WINDOWS\system32\winlogon.exe[808] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C0030
    .text C:\WINDOWS\system32\winlogon.exe[808] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C006C
    .text C:\WINDOWS\system32\services.exe[856] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00090030
    .text C:\WINDOWS\system32\services.exe[856] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0009006C
    .text C:\WINDOWS\system32\services.exe[856] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B01D4
    .text C:\WINDOWS\system32\services.exe[856] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B00E4
    .text C:\WINDOWS\system32\services.exe[856] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0120
    .text C:\WINDOWS\system32\services.exe[856] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B015C
    .text C:\WINDOWS\system32\services.exe[856] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0198
    .text C:\WINDOWS\system32\services.exe[856] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B0030
    .text C:\WINDOWS\system32\services.exe[856] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B006C
    .text C:\WINDOWS\system32\services.exe[856] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B00A8
    .text C:\WINDOWS\system32\services.exe[856] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C00E4
    .text C:\WINDOWS\system32\services.exe[856] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0120
    .text C:\WINDOWS\system32\services.exe[856] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C00A8
    .text C:\WINDOWS\system32\services.exe[856] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C0030
    .text C:\WINDOWS\system32\services.exe[856] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C006C
    .text C:\WINDOWS\system32\lsass.exe[868] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00090030
    .text C:\WINDOWS\system32\lsass.exe[868] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0009006C
    .text C:\WINDOWS\system32\lsass.exe[868] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B01D4
    .text C:\WINDOWS\system32\lsass.exe[868] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B00E4
    .text C:\WINDOWS\system32\lsass.exe[868] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0120
    .text C:\WINDOWS\system32\lsass.exe[868] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B015C
    .text C:\WINDOWS\system32\lsass.exe[868] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0198
    .text C:\WINDOWS\system32\lsass.exe[868] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B0030
    .text C:\WINDOWS\system32\lsass.exe[868] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B006C
    .text C:\WINDOWS\system32\lsass.exe[868] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B00A8
    .text C:\WINDOWS\system32\lsass.exe[868] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C00E4
    .text C:\WINDOWS\system32\lsass.exe[868] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0120
    .text C:\WINDOWS\system32\lsass.exe[868] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C00A8
    .text C:\WINDOWS\system32\lsass.exe[868] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C0030
    .text C:\WINDOWS\system32\lsass.exe[868] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C006C
    .text C:\WINDOWS\system32\svchost.exe[1036] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00090030
    .text C:\WINDOWS\system32\svchost.exe[1036] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0009006C
    .text C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B01D4
    .text C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B00E4
    .text C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0120
    .text C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B015C
    .text C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0198
    .text C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B0030
    .text C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B006C
    .text C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B00A8
    .text C:\WINDOWS\system32\svchost.exe[1036] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C00E4
    .text C:\WINDOWS\system32\svchost.exe[1036] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0120
    .text C:\WINDOWS\system32\svchost.exe[1036] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C00A8
    .text C:\WINDOWS\system32\svchost.exe[1036] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C0030
    .text C:\WINDOWS\system32\svchost.exe[1036] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C006C
    .text C:\WINDOWS\system32\svchost.exe[1104] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00090030
    .text C:\WINDOWS\system32\svchost.exe[1104] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0009006C
    .text C:\WINDOWS\system32\svchost.exe[1104] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B01D4
    .text C:\WINDOWS\system32\svchost.exe[1104] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B00E4
    .text C:\WINDOWS\system32\svchost.exe[1104] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0120
    .text C:\WINDOWS\system32\svchost.exe[1104] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B015C
    .text C:\WINDOWS\system32\svchost.exe[1104] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0198
    .text C:\WINDOWS\system32\svchost.exe[1104] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B0030
    .text C:\WINDOWS\system32\svchost.exe[1104] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B006C
    .text C:\WINDOWS\system32\svchost.exe[1104] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B00A8
    .text C:\WINDOWS\system32\svchost.exe[1104] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C00E4
    .text C:\WINDOWS\system32\svchost.exe[1104] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0120
    .text C:\WINDOWS\system32\svchost.exe[1104] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C00A8
    .text C:\WINDOWS\system32\svchost.exe[1104] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C0030
    .text C:\WINDOWS\system32\svchost.exe[1104] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C006C
    .text C:\Program Files\Common Files\Motive\McciCMService.exe[1156] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00150030
    .text C:\Program Files\Common Files\Motive\McciCMService.exe[1156] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0015006C
    .text C:\Program Files\Common Files\Motive\McciCMService.exe[1156] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003900E4
    .text C:\Program Files\Common Files\Motive\McciCMService.exe[1156] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390120
    .text C:\Program Files\Common Files\Motive\McciCMService.exe[1156] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003900A8
    .text C:\Program Files\Common Files\Motive\McciCMService.exe[1156] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00390030
    .text C:\Program Files\Common Files\Motive\McciCMService.exe[1156] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 0039006C
    .text C:\Program Files\Common Files\Motive\McciCMService.exe[1156] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A01D4
    .text C:\Program Files\Common Files\Motive\McciCMService.exe[1156] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A00E4
    .text C:\Program Files\Common Files\Motive\McciCMService.exe[1156] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0120
    .text C:\Program Files\Common Files\Motive\McciCMService.exe[1156] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A015C
    .text C:\Program Files\Common Files\Motive\McciCMService.exe[1156] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0198
    .text C:\Program Files\Common Files\Motive\McciCMService.exe[1156] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A0030
    .text C:\Program Files\Common Files\Motive\McciCMService.exe[1156] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A006C
    .text C:\Program Files\Common Files\Motive\McciCMService.exe[1156] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A00A8
    .text C:\WINDOWS\System32\svchost.exe[1216] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00090030
    .text C:\WINDOWS\System32\svchost.exe[1216] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0009006C
    .text C:\WINDOWS\System32\svchost.exe[1216] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B01D4
    .text C:\WINDOWS\System32\svchost.exe[1216] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B00E4
    .text C:\WINDOWS\System32\svchost.exe[1216] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0120
    .text C:\WINDOWS\System32\svchost.exe[1216] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B015C
    .text C:\WINDOWS\System32\svchost.exe[1216] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0198
    .text C:\WINDOWS\System32\svchost.exe[1216] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B0030
    .text C:\WINDOWS\System32\svchost.exe[1216] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B006C
    .text C:\WINDOWS\System32\svchost.exe[1216] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B00A8
    .text C:\WINDOWS\System32\svchost.exe[1216] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C00E4
    .text C:\WINDOWS\System32\svchost.exe[1216] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0120
    .text C:\WINDOWS\System32\svchost.exe[1216] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C00A8
    .text C:\WINDOWS\System32\svchost.exe[1216] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C0030
    .text C:\WINDOWS\System32\svchost.exe[1216] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C006C
    .text C:\WINDOWS\system32\svchost.exe[1260] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00090030
    .text C:\WINDOWS\system32\svchost.exe[1260] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0009006C
    .text C:\WINDOWS\system32\svchost.exe[1260] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B01D4
    .text C:\WINDOWS\system32\svchost.exe[1260] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B00E4
    .text C:\WINDOWS\system32\svchost.exe[1260] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0120
    .text C:\WINDOWS\system32\svchost.exe[1260] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B015C
    .text C:\WINDOWS\system32\svchost.exe[1260] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0198
    .text C:\WINDOWS\system32\svchost.exe[1260] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B0030
    .text C:\WINDOWS\system32\svchost.exe[1260] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B006C
    .text C:\WINDOWS\system32\svchost.exe[1260] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B00A8
    .text C:\WINDOWS\system32\svchost.exe[1260] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C00E4
    .text C:\WINDOWS\system32\svchost.exe[1260] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0120
    .text C:\WINDOWS\system32\svchost.exe[1260] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C00A8
    .text C:\WINDOWS\system32\svchost.exe[1260] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C0030
    .text C:\WINDOWS\system32\svchost.exe[1260] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C006C
    .text C:\WINDOWS\system32\HPZipm12.exe[1284] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00140030
    .text C:\WINDOWS\system32\HPZipm12.exe[1284] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0014006C
    .text C:\WINDOWS\system32\HPZipm12.exe[1284] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003801D4
    .text C:\WINDOWS\system32\HPZipm12.exe[1284] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003800E4
    .text C:\WINDOWS\system32\HPZipm12.exe[1284] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380120
    .text C:\WINDOWS\system32\HPZipm12.exe[1284] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 0038015C
    .text C:\WINDOWS\system32\HPZipm12.exe[1284] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380198
    .text C:\WINDOWS\system32\HPZipm12.exe[1284] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00380030
    .text C:\WINDOWS\system32\HPZipm12.exe[1284] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0038006C
    .text C:\WINDOWS\system32\HPZipm12.exe[1284] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003800A8
    .text C:\WINDOWS\system32\HPZipm12.exe[1284] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003900E4
    .text C:\WINDOWS\system32\HPZipm12.exe[1284] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390120
    .text C:\WINDOWS\system32\HPZipm12.exe[1284] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003900A8
    .text C:\WINDOWS\system32\HPZipm12.exe[1284] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00390030
    .text C:\WINDOWS\system32\HPZipm12.exe[1284] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 0039006C
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1300] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00150030
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1300] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0015006C
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1300] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003901D4
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1300] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003900E4
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1300] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390120
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1300] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 0039015C
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1300] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390198
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1300] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00390030
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1300] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0039006C
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1300] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003900A8
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1300] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A00E4
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1300] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0120
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1300] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A00A8
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1300] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A0030
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1300] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A006C
    .text C:\WINDOWS\system32\svchost.exe[1380] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00090030
    .text
     
  6. GetOffMe

    GetOffMe TS Rookie Topic Starter

    C:\WINDOWS\system32\svchost.exe[1380] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0009006C
    .text C:\WINDOWS\system32\svchost.exe[1380] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B01D4
    .text C:\WINDOWS\system32\svchost.exe[1380] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B00E4
    .text C:\WINDOWS\system32\svchost.exe[1380] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0120
    .text C:\WINDOWS\system32\svchost.exe[1380] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B015C
    .text C:\WINDOWS\system32\svchost.exe[1380] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0198
    .text C:\WINDOWS\system32\svchost.exe[1380] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B0030
    .text C:\WINDOWS\system32\svchost.exe[1380] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B006C
    .text C:\WINDOWS\system32\svchost.exe[1380] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B00A8
    .text C:\WINDOWS\system32\svchost.exe[1380] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C00E4
    .text C:\WINDOWS\system32\svchost.exe[1380] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0120
    .text C:\WINDOWS\system32\svchost.exe[1380] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C00A8
    .text C:\WINDOWS\system32\svchost.exe[1380] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C0030
    .text C:\WINDOWS\system32\svchost.exe[1380] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C006C
    .text C:\WINDOWS\system32\svchost.exe[1412] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00090030
    .text C:\WINDOWS\system32\svchost.exe[1412] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0009006C
    .text C:\WINDOWS\system32\svchost.exe[1412] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B01D4
    .text C:\WINDOWS\system32\svchost.exe[1412] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B00E4
    .text C:\WINDOWS\system32\svchost.exe[1412] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0120
    .text C:\WINDOWS\system32\svchost.exe[1412] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B015C
    .text C:\WINDOWS\system32\svchost.exe[1412] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0198
    .text C:\WINDOWS\system32\svchost.exe[1412] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B0030
    .text C:\WINDOWS\system32\svchost.exe[1412] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B006C
    .text C:\WINDOWS\system32\svchost.exe[1412] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B00A8
    .text C:\WINDOWS\system32\svchost.exe[1412] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C00E4
    .text C:\WINDOWS\system32\svchost.exe[1412] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0120
    .text C:\WINDOWS\system32\svchost.exe[1412] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C00A8
    .text C:\WINDOWS\system32\svchost.exe[1412] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C0030
    .text C:\WINDOWS\system32\svchost.exe[1412] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C006C
    .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1492] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
    .text C:\WINDOWS\system32\svchost.exe[1676] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00090030
    .text C:\WINDOWS\system32\svchost.exe[1676] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0009006C
    .text C:\WINDOWS\system32\svchost.exe[1676] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B01D4
    .text C:\WINDOWS\system32\svchost.exe[1676] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B00E4
    .text C:\WINDOWS\system32\svchost.exe[1676] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0120
    .text C:\WINDOWS\system32\svchost.exe[1676] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B015C
    .text C:\WINDOWS\system32\svchost.exe[1676] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0198
    .text C:\WINDOWS\system32\svchost.exe[1676] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B0030
    .text C:\WINDOWS\system32\svchost.exe[1676] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B006C
    .text C:\WINDOWS\system32\svchost.exe[1676] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B00A8
    .text C:\WINDOWS\system32\svchost.exe[1676] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C00E4
    .text C:\WINDOWS\system32\svchost.exe[1676] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0120
    .text C:\WINDOWS\system32\svchost.exe[1676] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C00A8
    .text C:\WINDOWS\system32\svchost.exe[1676] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C0030
    .text C:\WINDOWS\system32\svchost.exe[1676] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C006C
    .text C:\WINDOWS\Explorer.EXE[1696] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00090030
    .text C:\WINDOWS\Explorer.EXE[1696] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0009006C
    .text C:\WINDOWS\Explorer.EXE[1696] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C01D4
    .text C:\WINDOWS\Explorer.EXE[1696] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C00E4
    .text C:\WINDOWS\Explorer.EXE[1696] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0120
    .text C:\WINDOWS\Explorer.EXE[1696] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C015C
    .text C:\WINDOWS\Explorer.EXE[1696] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0198
    .text C:\WINDOWS\Explorer.EXE[1696] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C0030
    .text C:\WINDOWS\Explorer.EXE[1696] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C006C
    .text C:\WINDOWS\Explorer.EXE[1696] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C00A8
    .text C:\WINDOWS\Explorer.EXE[1696] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D00E4
    .text C:\WINDOWS\Explorer.EXE[1696] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0120
    .text C:\WINDOWS\Explorer.EXE[1696] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D00A8
    .text C:\WINDOWS\Explorer.EXE[1696] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D0030
    .text C:\WINDOWS\Explorer.EXE[1696] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D006C
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1784] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00150030
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1784] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0015006C
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1784] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003901D4
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1784] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003900E4
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1784] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390120
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1784] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 0039015C
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1784] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390198
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1784] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00390030
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1784] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0039006C
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1784] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003900A8
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1784] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A00E4
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1784] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0120
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1784] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A00A8
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1784] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A0030
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1784] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A006C
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1908] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00150030
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1908] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0015006C
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1908] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A01D4
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1908] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A00E4
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1908] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0120
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1908] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A015C
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1908] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0198
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1908] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A0030
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1908] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A006C
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1908] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A00A8
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1908] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003B00E4
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1908] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003B0120
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1908] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003B00A8
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1908] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003B0030
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1908] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003B006C
    .text C:\program files\real\realplayer\update\realsched.exe[1920] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00140030
    .text C:\program files\real\realplayer\update\realsched.exe[1920] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0014006C
    .text C:\program files\real\realplayer\update\realsched.exe[1920] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
    .text C:\program files\real\realplayer\update\realsched.exe[1920] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003901D4
    .text C:\program files\real\realplayer\update\realsched.exe[1920] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003900E4
    .text C:\program files\real\realplayer\update\realsched.exe[1920] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390120
    .text C:\program files\real\realplayer\update\realsched.exe[1920] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 0039015C
    .text C:\program files\real\realplayer\update\realsched.exe[1920] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390198
    .text C:\program files\real\realplayer\update\realsched.exe[1920] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00390030
    .text C:\program files\real\realplayer\update\realsched.exe[1920] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0039006C
    .text C:\program files\real\realplayer\update\realsched.exe[1920] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003900A8
    .text C:\program files\real\realplayer\update\realsched.exe[1920] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A00E4
    .text C:\program files\real\realplayer\update\realsched.exe[1920] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0120
    .text C:\program files\real\realplayer\update\realsched.exe[1920] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A00A8
    .text C:\program files\real\realplayer\update\realsched.exe[1920] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A0030
    .text C:\program files\real\realplayer\update\realsched.exe[1920] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A006C
    .text C:\WINDOWS\system32\ctfmon.exe[1928] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000A0030
    .text C:\WINDOWS\system32\ctfmon.exe[1928] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000A006C
    .text C:\WINDOWS\system32\ctfmon.exe[1928] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C01D4
    .text C:\WINDOWS\system32\ctfmon.exe[1928] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C00E4
    .text C:\WINDOWS\system32\ctfmon.exe[1928] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0120
    .text C:\WINDOWS\system32\ctfmon.exe[1928] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C015C
    .text C:\WINDOWS\system32\ctfmon.exe[1928] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0198
    .text C:\WINDOWS\system32\ctfmon.exe[1928] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C0030
    .text C:\WINDOWS\system32\ctfmon.exe[1928] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C006C
    .text C:\WINDOWS\system32\ctfmon.exe[1928] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C00A8
    .text C:\WINDOWS\system32\ctfmon.exe[1928] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D00E4
    .text C:\WINDOWS\system32\ctfmon.exe[1928] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0120
    .text C:\WINDOWS\system32\ctfmon.exe[1928] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D00A8
    .text C:\WINDOWS\system32\ctfmon.exe[1928] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D0030
    .text C:\WINDOWS\system32\ctfmon.exe[1928] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D006C
    .text C:\WINDOWS\system32\wuauclt.exe[2888] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000A0030
    .text C:\WINDOWS\system32\wuauclt.exe[2888] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000A006C
    .text C:\WINDOWS\system32\wuauclt.exe[2888] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C01D4
    .text C:\WINDOWS\system32\wuauclt.exe[2888] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C00E4
    .text C:\WINDOWS\system32\wuauclt.exe[2888] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0120
    .text C:\WINDOWS\system32\wuauclt.exe[2888] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C015C
    .text C:\WINDOWS\system32\wuauclt.exe[2888] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0198
    .text C:\WINDOWS\system32\wuauclt.exe[2888] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C0030
    .text C:\WINDOWS\system32\wuauclt.exe[2888] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C006C
    .text C:\WINDOWS\system32\wuauclt.exe[2888] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C00A8
    .text C:\WINDOWS\system32\wuauclt.exe[2888] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D00E4
    .text C:\WINDOWS\system32\wuauclt.exe[2888] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0120
    .text C:\WINDOWS\system32\wuauclt.exe[2888] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D00A8
    .text C:\WINDOWS\system32\wuauclt.exe[2888] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D0030
    .text C:\WINDOWS\system32\wuauclt.exe[2888] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D006C
    .text C:\WINDOWS\System32\alg.exe[3460] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00090030
    .text C:\WINDOWS\System32\alg.exe[3460] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0009006C
    .text C:\WINDOWS\System32\alg.exe[3460] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002B00E4
    .text C:\WINDOWS\System32\alg.exe[3460] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002B0120
    .text C:\WINDOWS\System32\alg.exe[3460] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002B00A8
    .text C:\WINDOWS\System32\alg.exe[3460] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002B0030
    .text C:\WINDOWS\System32\alg.exe[3460] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002B006C
    .text C:\WINDOWS\System32\alg.exe[3460] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C01D4
    .text C:\WINDOWS\System32\alg.exe[3460] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C00E4
    .text C:\WINDOWS\System32\alg.exe[3460] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0120
    .text C:\WINDOWS\System32\alg.exe[3460] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C015C
    .text C:\WINDOWS\System32\alg.exe[3460] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0198
    .text C:\WINDOWS\System32\alg.exe[3460] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C0030
    .text C:\WINDOWS\System32\alg.exe[3460] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C006C
    .text C:\WINDOWS\System32\alg.exe[3460] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C00A8

    ---- Kernel IAT/EAT - GMER 1.0.15 ----

    IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F99F53FC] \SystemRoot\System32\Drivers\NDISRD.SYS (NDISRD helper driver/NT Kernel Resources)
    IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F99F5458] \SystemRoot\System32\Drivers\NDISRD.SYS (NDISRD helper driver/NT Kernel Resources)
    IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F99F5684] \SystemRoot\System32\Drivers\NDISRD.SYS (NDISRD helper driver/NT Kernel Resources)
    IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [F99F56B2] \SystemRoot\System32\Drivers\NDISRD.SYS (NDISRD helper driver/NT Kernel Resources)
    IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F99F5684] \SystemRoot\System32\Drivers\NDISRD.SYS (NDISRD helper driver/NT Kernel Resources)
    IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F99F5458] \SystemRoot\System32\Drivers\NDISRD.SYS (NDISRD helper driver/NT Kernel Resources)
    IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F99F53FC] \SystemRoot\System32\Drivers\NDISRD.SYS (NDISRD helper driver/NT Kernel Resources)
    IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCloseAdapter] [F99F53FC] \SystemRoot\System32\Drivers\NDISRD.SYS (NDISRD helper driver/NT Kernel Resources)
    IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisOpenAdapter] [F99F5458] \SystemRoot\System32\Drivers\NDISRD.SYS (NDISRD helper driver/NT Kernel Resources)
    IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisDeregisterProtocol] [F99F56B2] \SystemRoot\System32\Drivers\NDISRD.SYS (NDISRD helper driver/NT Kernel Resources)
    IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol] [F99F5684] \SystemRoot\System32\Drivers\NDISRD.SYS (NDISRD helper driver/NT Kernel Resources)

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\WINDOWS\system32\services.exe[856] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 005E0002
    IAT C:\WINDOWS\system32\services.exe[856] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 005E0000

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

    AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

    Device \FileSystem\Fastfat \FatCdrom aswSP.SYS (avast! self protection module/AVAST Software)

    AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

    Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software)

    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

    ---- EOF - GMER 1.0.15 ----
     
  7. GetOffMe

    GetOffMe TS Rookie Topic Starter

    .
    DDS (Ver_11-03-05.01) - NTFSx86
    Run by Compaq_Owner at 8:31:29.42 on Thu 04/07/2011
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.247.96 [GMT -4:00]
    .
    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
    C:\Program Files\Verizon\McciTrayApp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Common Files\Motive\McciCMService.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Documents and Settings\Compaq_Owner\Desktop\dds.scr
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.bing.com/
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
    TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
    TB: {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - No File
    TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
    TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
    TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
    mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
    mRun: [Verizon_McciTrayApp] "c:\program files\verizon\McciTrayApp.exe"
    mRun: [PS2] c:\windows\system32\ps2.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [AlcxMonitor] ALCXMNTR.EXE
    IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office10\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
    IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - c:\program files\paltalk messenger\Paltalk.exe
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} - hxxp://zone.msn.com/bingame/zpagames/zpa_txhe.cab79352.cab
    DPF: {A4110378-789B-455F-AE86-3A1BFC402853} - hxxp://zone.msn.com/bingame/zpagames/zpa_shvl.cab55579.cab
    DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
    DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
    Notify: igfxcui - igfxsrvc.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\docume~1\compaq~1\applic~1\mozilla\firefox\profiles\hmxo04tc.default\
    FF - prefs.js: browser.search.selectedEngine - Bing
    FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/
    FF - prefs.js: network.proxy.type - 4
    FF - component: c:\documents and settings\compaq_owner\application data\mozilla\firefox\profiles\hmxo04tc.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
    FF - component: c:\documents and settings\compaq_owner\application data\mozilla\firefox\profiles\hmxo04tc.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
    FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
    FF - plugin: c:\documents and settings\compaq_owner\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\common files\motive\npMotive.dll
    FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft\office live\npOLW.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Search Toolbar: searchtoolbar@zugo.com - %profile%\extensions\searchtoolbar@zugo.com
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-2-25 371544]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2008-10-19 301528]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-10-19 19544]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-3-19 42184]
    R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-6-14 54752]
    S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [2008-2-28 18432]
    .
    =============== Created Last 30 ================
    .
    2011-03-28 12:45:55 -------- d-----w- C:\lspfix
    2011-03-16 19:07:15 190032 ----a-w- c:\windows\system32\drivers\tmcomm.sys
    2011-03-16 19:07:14 56400 ----a-w- c:\windows\system32\drivers\tmrkb.sys
    2011-03-12 16:28:40 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
    2011-03-12 16:28:40 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
    .
    ==================== Find3M ====================
    .
    2011-03-23 15:56:30 967 -c--a-w- c:\windows\ScUnin.pif
    2011-03-23 15:56:30 70656 -c--a-w- c:\windows\ScUnin.exe
    2011-02-23 15:04:21 40648 ----a-w- c:\windows\avastSS.scr
    2011-02-03 02:40:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-02-03 00:19:39 73728 ----a-w- c:\windows\system32\javacpl.cpl
    .
    ============= FINISH: 8:33:51.96
     
  8. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    So far, I don't see much, Too bad you missed " don't check 'show all' in the GMER log! Go ahead and delete it on your system. No rootkits.

    Please paste in the other logs from DDS, Attach.txt. Do not zip it.
    ===========================================
    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe & follow the prompts.
    • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
      [​IMG]
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.
    Notes:
    1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

    Combofix will sow me if the Security Center has been disabled.

    The limited connectivity message is something you may need to discuss with your ISP. The is no visible infection so far and you don't have an excess of processes running.

    As for high CPU usage when you open IE, right click on the Taskbar> Task Manager> Double click on top frame of CPU column. What do you see besides Taskmgr, System and System Idle running high?

    It is possible that one or more addons you have on IE is resource intensive. You can try disabling the addons (Tools> Manage Addons), then add them back one at a time, checking the system between. If you find one that is high resource user, consider removing it.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...