My computer has recently been rebooting unexpectantly. I also have noticed that when I'm on the internet, sometimes the screen freezes. Ran a scan with my McAfee virus scanner and it found and deleted a trojan. Can't tell if it worked in getting rid of all the bad stuff or not, it hasn't rebooted unexpectantly yet so that's good news. Just wanted to make sure there was nothing else on there. Here are my logs:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:54:03 PM, on 1/17/2013
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
C:\Users\EJS\Local Settings\Apps\F.lux\flux.exe
C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\McAfee\Common Framework\McTray.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files (x86)\internet explorer\iexplore.exe
C:\Program Files (x86)\internet explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe
C:\Users\EJS\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: ÿþ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - (no file)
O2 - BHO: PlayBryte BHO - {61e0ef7a-9bc0-45ea-9b2f-f3e9f02692bd} - mscoree.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110205090739.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
O3 - Toolbar: (no name) - {b278d9f8-0fa9-465e-9938-0c392605d8e3} - (no file)
O3 - Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - (no file)
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
O4 - HKCU\..\Run: [F.lux] "C:\Users\EJS\Local Settings\Apps\F.lux\flux.exe" /noshow
O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
O4 - Global Startup: ActivClient Agent.lnk = C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - http://support.dell.com/systemprofiler/SysProExe.CAB
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} (DellSystemLite.Scanner) - http://support.dell.com/systemprofil...SystemLite.CAB
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: c:\progra~3\browse~1\23787~1.43\{16cdf~1\browse~1.dll c:\progra~3\browse~1\22643~1.41\{16cdf~1\browse~1.dll
O23 - Service: ActivIdentity Shared Store Service (ac.sharedstore) - ActivIdentity - C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Interactive Services Detection (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: Credential Manager (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: DW WLAN Tray Service (wltrysvc) - Dell Inc. - C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
--
End of file - 10763 bytes
------------------------------------------------------------------------------------------------------------------------------------------------------------------
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 1/21/2011 7:54:19 PM
System Uptime: 1/17/2013 6:49:23 PM (3 hours ago)
.
Motherboard: Dell Inc. | | 021CN3
Processor: Intel(R) Pentium(R) CPU P6100 @ 2.00GHz | U2E1 | 1579/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 451 GiB total, 307.844 GiB free.
D: is CDROM ()
Y: is FIXED (NTFS) - 15 GiB total, 8.784 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP165: 11/24/2012 9:45:15 AM - Scheduled Checkpoint
RP166: 12/2/2012 7:45:23 PM - Scheduled Checkpoint
RP167: 12/11/2012 1:27:28 PM - Scheduled Checkpoint
RP168: 12/12/2012 10:00:22 AM - Windows Update
RP169: 12/22/2012 1:07:47 PM - Windows Update
RP170: 1/6/2013 2:54:57 PM - Scheduled Checkpoint
RP171: 1/9/2013 9:03:33 PM - Windows Update
RP172: 1/16/2013 8:15:20 AM - Installed Java 7 Update 11
RP173: 1/17/2013 6:31:38 PM - Removed Java(TM) 6 Update 29 (64-bit)
RP174: 1/17/2013 6:33:37 PM - Removed Java(TM) 6 Update 20
RP175: 1/17/2013 6:38:54 PM - Removed Skype 5.10
RP176: 1/17/2013 6:40:01 PM - Removed calibre
RP177: 1/17/2013 6:40:46 PM - Removed TWC Customer Controls
.
==== Installed Programs ======================
.
µTorrent
470_Help
470_Readme
64 Bit HP CIO Components Installer
7-Zip 9.20 (x64 edition)
ActivClient CAC x64
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.5)
Advanced Audio FX Engine
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Best Buy pc app
Bonjour
BPDSoftware
BPDSoftware_Ini
BufferChm
Canon Easy-WebPrint EX
Canon MP Navigator EX 3.0
Canon MP250 series MP Drivers
Canon MP250 series User Registration
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities Solution Menu
CCleaner
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco Packet Tracer 5.3.1
Cisco Packet Tracer 5.3.2
Cisco PEAP Module
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell Dock
Dell Edoc Viewer
Dell Getting Started Guide
Dell Support Center
Dell Webcam Central
Device Installer x64
DeviceDiscovery
Digital Line Detect
DW WLAN Card Utility
F.lux
Google Earth Plug-in
Google Update Helper
GoToAssist 8.0.0.514
GPBaseService2
H470
HandBrake 0.9.6
Hauppauge TV Tuner Diagnostics (1.2.7076)
Hauppauge TV Tuner Driver
HP Imaging Device Functions 13.0
HP OfficeJet H470
HP Smart Web Printing 4.51
HP Solution Center 13.0
HP Update
HPProductAssistant
Intel(R) Graphics Media Accelerator Driver
Intel(R) Management Engine Components
Intel(R) Rapid Storage Technology
Internet TV for Windows Media Center
iTunes
Java 7 Update 11
Java Auto Updater
Kies mini
Live! Cam Avatar Creator
MATLAB R2007b
McAfee Agent
McAfee VirusScan Enterprise
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft IntelliPoint 8.2
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Outlook Web Access S/MIME
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
MiKTeX 2.9
Modem Diagnostic Tool
MPM
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NavFit98A
Netwaiting
Network64
NTI Backup Now EZ
ProductContext
PuTTY version 0.59
Quickset64
QuickTime
Realtek High Definition Audio Driver
Roxio Burn
SAMSUNG USB Driver for Mobile Phones
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft Visio 2010 (KB2687508) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
SmartWebPrinting
SolutionCenter
Speccy
Status
Synaptics Pointing Device Driver
TeXstudio 2.3
Toolbox
TrayApp
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
WebReg
Windows Driver Package - Broadcom Corporation (BTHUSB) Bluetooth (03/24/2010 6.3.0.2501)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
X-Win32 2012
.
==== Event Viewer Messages From Past Week ========
.
1/17/2013 6:50:20 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
1/17/2013 6:49:46 PM, Error: Service Control Manager [7001] - The Media Center Extender Service service depends on the PnP-X IP Bus Enumerator service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
1/17/2013 6:41:52 PM, Error: Microsoft-Windows-Smartcard-Server [610] - Smart Card Reader 'SCM Microsystems Inc. SCR33x USB Smart Card Reader 0' rejected IOCTL GET_STATE: The device has been removed. If this error persists, your smart card or reader may not be functioning correctly. Command Header: XX XX XX XX
1/17/2013 2:39:56 PM, Error: Schannel [36888] - The following fatal alert was generated: 80. The internal error state is 301.
1/12/2013 11:18:13 AM, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107.
1/12/2013 11:18:13 AM, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
.
==== End Of File ===========================
------------------------------------------------------------------------------------------------------------------------------------------------------------------
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.11.2
Run by EJS at 21:19:02 on 2013-01-17
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3893.1956 [GMT -8:00]
.
AV: McAfee VirusScan Enterprise *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee VirusScan Enterprise Antispyware Module *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\UI0Detect.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\mfeann.exe
C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Users\EJS\Local Settings\Apps\F.lux\flux.exe
C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\McAfee\Common Framework\McTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\internet explorer\iexplore.exe
C:\Program Files (x86)\internet explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/
mWinlogon: Userinit = userinit.exe,
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {2EECD738-5844-4a99-B4B6-146BF802613B} - <orphaned>
BHO: PlayBryte BHO: {61e0ef7a-9bc0-45ea-9b2f-f3e9f02692bd} -
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110205090739.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [F.lux] "C:\Users\EJS\Local Settings\Apps\F.lux\flux.exe" /noshow
uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
mRun: [ShStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
StartupFolder: C:\Users\EJS\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DEL LDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe
StartupFolder: C:\Users\EJS\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONE NOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ACTIVC~1.LNK - C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxp://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{8520ED5B-1461-4053-A1EA-A8164F3AD26E} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{8520ED5B-1461-4053-A1EA-A8164F3AD26E}\2375942554232363 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{8520ED5B-1461-4053-A1EA-A8164F3AD26E}\7416C6F6 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{8520ED5B-1461-4053-A1EA-A8164F3AD26E}\C696E6B6379737 : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{8520ED5B-1461-4053-A1EA-A8164F3AD26E}\E4544574541425 : DHCPNameServer = 209.18.47.61 209.18.47.62
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: x-excid - {9D6CC632-1337-4a33-9214-2DA092E776F4} - c:\Windows\Downloaded Program Files\mimectl.dll
AppInit_DLLs= c:\progra~3\browse~1\23787~1.43\{16cdf~1\browse~1.dll c:\progra~3\browse~1\22643~1.41\{16cdf~1\browse~1.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110205090739.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - <orphaned>
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
x64-Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [acevents] "C:\Program Files\ActivIdentity\ActivClient\acevents.exe"
x64-Run: [accrdsub] "C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe"
x64-Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: x-excid - {9D6CC632-1337-4a33-9214-2DA092E776F4} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2011-2-5 607152]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2011-2-5 281544]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-9-19 55280]
R2 ac.sharedstore;ActivIdentity Shared Store Service;C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [2009-6-3 277032]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-1-21 98208]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-1-21 13336]
R2 McAfeeFramework;McAfee Framework Service;C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [2011-1-12 120128]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2011-2-5 190256]
R2 McTaskManager;McAfee Task Manager;C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe [2011-1-12 209760]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2011-2-5 156248]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-9-19 2533400]
R3 BcmVWL;Broadcom Virtual Wireless;C:\Windows\System32\drivers\bcmvwl64.sys [2011-1-21 20984]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2010-9-19 172704]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-9-19 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-9-19 158976]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-9-19 271872]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2010-9-19 74280]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2011-2-5 217696]
R3 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-9-19 689472]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2011-2-5 97960]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-9-19 245792]
S3 S3XXx64;SCR3xx USB SmartCardReader64;C:\Windows\System32\drivers\S3XXx64.sys [2011-9-7 70016]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2011-5-13 157672]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\drivers\ssadmdfl.sys [2011-5-13 16872]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\drivers\ssadmdm.sys [2011-5-13 177640]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-1-22 1255736]
S4 NTI BackupNowEZSvr;NTI BackupNowEZSvr;C:\Program Files (x86)\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe [2010-2-22 45312]
.
=============== Created Last 30 ================
.
2013-01-16 16:17:13 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-01-09 15:25:00 751104 ----a-w- C:\Windows\System32\win32spl.dll
2013-01-09 15:25:00 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
2013-01-09 15:24:30 2001408 ----a-w- C:\Windows\System32\msxml6.dll
2013-01-09 15:24:29 1880064 ----a-w- C:\Windows\System32\msxml3.dll
2013-01-09 15:24:29 1388544 ----a-w- C:\Windows\SysWow64\msxml6.dll
2013-01-09 15:24:29 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2013-01-09 15:24:26 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2013-01-09 15:24:26 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2013-01-09 15:24:20 3147264 ----a-w- C:\Windows\System32\win32k.sys
2012-12-22 21:08:47 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-22 21:08:47 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-22 21:08:45 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-22 21:08:45 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
.
==================== Find3M ====================
.
2013-01-09 03:48:03 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-09 03:48:03 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-11-09 05:34:27 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-11-09 04:49:37 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-11-02 05:27:51 478208 ----a-w- C:\Windows\System32\dpnet.dll
2012-11-02 04:48:28 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
2009-05-29 21:12:04 2648160 ------r- C:\Program Files\Start.exe
.
============= FINISH: 21:19:51.93 ===============
------------------------------------------------------------------------------------------------------------------------------------------------------------------
GMER 2.0.18444 - http://www.gmer.net
Rootkit scan 2013-01-17 22:35:37
Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD50 rev.01.0 465.76GB
Running: 7337mkpj.exe; Driver: C:\Users\EJS\AppData\Local\Temp\uxriifow.sys
---- User code sections - GMER 2.0 ----
.text C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe[1836] C:\Windows\syswow64\PsApi.dll!GetModuleFileNameExW + 17 00000000768e1401 2 bytes [8E, 76]
.text C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe[1836] C:\Windows\syswow64\PsApi.dll!EnumProcessModules + 17 00000000768e1419 2 bytes [8E, 76]
.text C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe[1836] C:\Windows\syswow64\PsApi.dll!GetModuleInformation + 17 00000000768e1431 2 bytes [8E, 76]
.text C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe[1836] C:\Windows\syswow64\PsApi.dll!GetModuleInformation + 42 00000000768e144a 2 bytes [8E, 76]
.text ... * 9
.text C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe[1836] C:\Windows\syswow64\PsApi.dll!EnumDeviceDrivers + 17 00000000768e14dd 2 bytes [8E, 76]
.text C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe[1836] C:\Windows\syswow64\PsApi.dll!GetDeviceDriverBaseNameA + 17 00000000768e14f5 2 bytes [8E, 76]
.text C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe[1836] C:\Windows\syswow64\PsApi.dll!QueryWorkingSetEx + 17 00000000768e150d 2 bytes [8E, 76]
.text C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe[1836] C:\Windows\syswow64\PsApi.dll!GetDeviceDriverBaseNameW + 17 00000000768e1525 2 bytes [8E, 76]
.text C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe[1836] C:\Windows\syswow64\PsApi.dll!GetModuleBaseNameW + 17 00000000768e153d 2 bytes [8E, 76]
.text C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe[1836] C:\Windows\syswow64\PsApi.dll!EnumProcesses + 17 00000000768e1555 2 bytes [8E, 76]
.text C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe[1836] C:\Windows\syswow64\PsApi.dll!GetProcessMemoryInfo + 17 00000000768e156d 2 bytes [8E, 76]
.text C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe[1836] C:\Windows\syswow64\PsApi.dll!GetPerformanceInfo + 17 00000000768e1585 2 bytes [8E, 76]
.text C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe[1836] C:\Windows\syswow64\PsApi.dll!QueryWorkingSet + 17 00000000768e159d 2 bytes [8E, 76]
.text C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe[1836] C:\Windows\syswow64\PsApi.dll!GetModuleBaseNameA + 17 00000000768e15b5 2 bytes [8E, 76]
.text C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe[1836] C:\Windows\syswow64\PsApi.dll!GetModuleFileNameExA + 17 00000000768e15cd 2 bytes [8E, 76]
.text C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe[1836] C:\Windows\syswow64\PsApi.dll!GetProcessImageFileNameW + 20 00000000768e16b2 2 bytes [8E, 76]
.text C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe[1836] C:\Windows\syswow64\PsApi.dll!GetProcessImageFileNameW + 31 00000000768e16bd 2 bytes [8E, 76]
.text C:\Users\EJS\Local Settings\Apps\F.lux\flux.exe[3284] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000768e1401 2 bytes [8E, 76]
.text C:\Users\EJS\Local Settings\Apps\F.lux\flux.exe[3284] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000768e1419 2 bytes [8E, 76]
.text C:\Users\EJS\Local Settings\Apps\F.lux\flux.exe[3284] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000768e1431 2 bytes [8E, 76]
.text C:\Users\EJS\Local Settings\Apps\F.lux\flux.exe[3284] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000768e144a 2 bytes [8E, 76]
.text ... * 9
.text C:\Users\EJS\Local Settings\Apps\F.lux\flux.exe[3284] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000768e14dd 2 bytes [8E, 76]
.text C:\Users\EJS\Local Settings\Apps\F.lux\flux.exe[3284] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000768e14f5 2 bytes [8E, 76]
.text C:\Users\EJS\Local Settings\Apps\F.lux\flux.exe[3284] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000768e150d 2 bytes [8E, 76]
.text C:\Users\EJS\Local Settings\Apps\F.lux\flux.exe[3284] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000768e1525 2 bytes [8E, 76]
.text C:\Users\EJS\Local Settings\Apps\F.lux\flux.exe[3284] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000768e153d 2 bytes [8E, 76]
.text C:\Users\EJS\Local Settings\Apps\F.lux\flux.exe[3284] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000768e1555 2 bytes [8E, 76]
.text C:\Users\EJS\Local Settings\Apps\F.lux\flux.exe[3284] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000768e156d 2 bytes [8E, 76]
.text C:\Users\EJS\Local Settings\Apps\F.lux\flux.exe[3284] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000768e1585 2 bytes [8E, 76]
.text C:\Users\EJS\Local Settings\Apps\F.lux\flux.exe[3284] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000768e159d 2 bytes [8E, 76]
.text C:\Users\EJS\Local Settings\Apps\F.lux\flux.exe[3284] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000768e15b5 2 bytes [8E, 76]
.text C:\Users\EJS\Local Settings\Apps\F.lux\flux.exe[3284] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000768e15cd 2 bytes [8E, 76]
.text C:\Users\EJS\Local Settings\Apps\F.lux\flux.exe[3284] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000768e16b2 2 bytes [8E, 76]
.text C:\Users\EJS\Local Settings\Apps\F.lux\flux.exe[3284] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000768e16bd 2 bytes [8E, 76]
.text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[3704] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000768e1401 2 bytes [8E, 76]
.text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[3704] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000768e1419 2 bytes [8E, 76]
.text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[3704] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000768e1431 2 bytes [8E, 76]
.text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[3704] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000768e144a 2 bytes [8E, 76]
.text ... * 9
.text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[3704] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000768e14dd 2 bytes [8E, 76]
.text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[3704] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000768e14f5 2 bytes [8E, 76]
.text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[3704] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000768e150d 2 bytes [8E, 76]
.text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[3704] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000768e1525 2 bytes [8E, 76]
.text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[3704] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000768e153d 2 bytes [8E, 76]
.text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[3704] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000768e1555 2 bytes [8E, 76]
.text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[3704] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000768e156d 2 bytes [8E, 76]
.text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[3704] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000768e1585 2 bytes [8E, 76]
.text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[3704] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000768e159d 2 bytes [8E, 76]
.text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[3704] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000768e15b5 2 bytes [8E, 76]
.text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[3704] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000768e15cd 2 bytes [8E, 76]
.text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[3704] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000768e16b2 2 bytes [8E, 76]
.text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[3704] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000768e16bd 2 bytes [8E, 76]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2516] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000768e1401 2 bytes [8E, 76]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2516] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000768e1419 2 bytes [8E, 76]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2516] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000768e1431 2 bytes [8E, 76]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2516] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000768e144a 2 bytes [8E, 76]
.text ... * 9
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2516] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000768e14dd 2 bytes [8E, 76]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2516] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000768e14f5 2 bytes [8E, 76]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2516] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000768e150d 2 bytes [8E, 76]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2516] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000768e1525 2 bytes [8E, 76]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2516] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000768e153d 2 bytes [8E, 76]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2516] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000768e1555 2 bytes [8E, 76]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2516] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000768e156d 2 bytes [8E, 76]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2516] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000768e1585 2 bytes [8E, 76]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2516] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000768e159d 2 bytes [8E, 76]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2516] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000768e15b5 2 bytes [8E, 76]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2516] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000768e15cd 2 bytes [8E, 76]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2516] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000768e16b2 2 bytes [8E, 76]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2516] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000768e16bd 2 bytes [8E, 76]
.text C:\Program Files (x86)\internet explorer\iexplore.exe[3444] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000074b73f54 5 bytes JMP 000000016b6a9eb4
.text C:\Program Files (x86)\internet explorer\iexplore.exe[3444] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamW 0000000074b82a3e 5 bytes JMP 000000016b7f8fb6
.text C:\Program Files (x86)\internet explorer\iexplore.exe[3444] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074b82a62 5 bytes JMP 000000016b601893
.text C:\Program Files (x86)\internet explorer\iexplore.exe[3444] C:\Windows\syswow64\USER32.dll!DialogBoxParamA 0000000074bacc1a 5 bytes JMP 000000016b7f8f51
.text C:\Program Files (x86)\internet explorer\iexplore.exe[3444] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamA 0000000074bacf72 5 bytes JMP 000000016b7f901b
.text C:\Program Files (x86)\internet explorer\iexplore.exe[3444] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA 0000000074bbfd61 5 bytes JMP 000000016b7f8ed8
.text C:\Program Files (x86)\internet explorer\iexplore.exe[3444] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW 0000000074bbfe2d 5 bytes JMP 000000016b7f8e5f
.text C:\Program Files (x86)\internet explorer\iexplore.exe[3444] C:\Windows\syswow64\USER32.dll!MessageBoxExA 0000000074bbfe66 5 bytes JMP 000000016b7f8dfb
.text C:\Program Files (x86)\internet explorer\iexplore.exe[3444] C:\Windows\syswow64\USER32.dll!MessageBoxExW 0000000074bbfe8a 5 bytes JMP 000000016b7f8d97
.text C:\Program Files (x86)\internet explorer\iexplore.exe[3444] C:\Windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect 00000000761f9404 5 bytes JMP 000000016b7f91d0
.text C:\Program Files (x86)\internet explorer\iexplore.exe[3444] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000768e1401 2 bytes [8E, 76]
.text C:\Program Files (x86)\internet explorer\iexplore.exe[3444] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000768e1419 2 bytes [8E, 76]
.text C:\Program Files (x86)\internet explorer\iexplore.exe[3444] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000768e1431 2 bytes [8E, 76]
.text C:\Program Files (x86)\internet explorer\iexplore.exe[3444] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000768e144a 2 bytes [8E, 76]
.text ... * 9
.text C:\Program Files (x86)\internet explorer\iexplore.exe[3444] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000768e14dd 2 bytes [8E, 76]
.text C:\Program Files (x86)\internet explorer\iexplore.exe[3444] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000768e14f5 2 bytes [8E, 76]
.text C:\Program Files (x86)\internet explorer\iexplore.exe[3444] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000768e150d 2 bytes [8E, 76]
.text C:\Program Files (x86)\internet explorer\iexplore.exe[3444] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000768e1525 2 bytes [8E, 76]
.text C:\Program Files (x86)\internet explorer\iexplore.exe[3444] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000768e153d 2 bytes [8E, 76]
.text C:\Program Files (x86)\internet explorer\iexplore.exe[3444] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000768e1555 2 bytes [8E, 76]
.text C:\Program Files (x86)\internet explorer\iexplore.exe[3444] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000768e156d 2 bytes [8E, 76]
.text C:\Program Files (x86)\internet explorer\iexplore.exe[3444] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000768e1585 2 bytes [8E, 76]
.text C:\Program Files (x86)\internet explorer\iexplore.exe[3444] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000768e159d 2 bytes [8E, 76]
.text C:\Program Files (x86)\internet explorer\iexplore.exe[3444] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000768e15b5 2 bytes [8E, 76]
.text C:\Program Files (x86)\internet explorer\iexplore.exe[3444] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000768e15cd 2 bytes [8E, 76]
.text C:\Program Files (x86)\internet explorer\iexplore.exe[3444] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000768e16b2 2 bytes [8E, 76]
.text C:\Program Files (x86)\internet explorer\iexplore.exe[3444] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000768e16bd 2 bytes [8E, 76]
.text C:\Program Files (x86)\internet explorer\iexplore.exe[3444] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll !PropertySheetW 00000000715f7c30 5 bytes JMP 000000016b7f9080
.text C:\Program Files (x86)\internet explorer\iexplore.exe[3444] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll !PropertySheet 0000000071697bb2 5 bytes JMP 000000016b7f9128
.text C:\Program Files (x86)\internet explorer\iexplore.exe[3444] C:\Windows\syswow64\comdlg32.dll!PageSetupDlgW 0000000075f29a4c 5 bytes JMP 000000016b7f93c8
.text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 000000007744260d 6 bytes JMP 000000016b6c8042
.text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077452a93 6 bytes JMP 000000016b669805
.text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\kernel32.dll!CreateThread 0000000075aa1ea8 5 bytes JMP 000000016b6675db
.text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000074b68b9a 5 bytes JMP 000000016b6d03cf
.text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\USER32.dll!CreateWindowExA 0000000074b6a5e6 5 bytes JMP 000000016b67363b
.text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000074b72902 5 bytes JMP 000000016b64ddab
.text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000074b73f54 5 bytes JMP 000000016b6a9eb4
.text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000074b74858 5 bytes JMP 000000016b64ded5
.text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamW 0000000074b795fa 5 bytes JMP 000000016b7f9390
.text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamA 0000000074b7b1dd 5 bytes JMP 000000016b7f9358
.text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\USER32.dll!EndDialog 0000000074b7c184 5 bytes JMP 000000016b7f9d26
.text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000074b806b3 5 bytes JMP 000000016b6a25ac
.text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\USER32.dll!CreateDialogParamW 0000000074b80a8f 5 bytes JMP 000000016b7f9320
.text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\USER32.dll!IsDialogMessageW 0000000074b82174 5 bytes JMP 000000016b7f9a7a
.text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamW 0000000074b82a3e 5 bytes JMP 000000016b7f8fb6
.text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074b82a62 5 bytes JMP 000000016b601893
.text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\USER32.dll!IsDialogMessage 0000000074b87051 5 bytes JMP 000000016b7f9a52
.text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\USER32.dll!CreateDialogParamA 0000000074b8711b 5 bytes JMP 000000016b7f92e8
.text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000074b8f006 5 bytes JMP 000000016b6c7fdf
.text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000074b90efc 5 bytes JMP 000000016b6eed00
.text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\USER32.dll!SendInput 0000000074b9195e 5 bytes JMP 000000016b7fa2e9
.text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\USER32.dll!SetKeyboardState 0000000074b924db 5 bytes JMP 000000016b7fa341
.text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000074ba9c8d 5 bytes JMP 000000016b7fa3c2
.text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\USER32.dll!DialogBoxParamA 0000000074bacc1a 5 bytes JMP 000000016b7f8f51
.text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamA 0000000074bacf72 5 bytes JMP 000000016b7f901b
.text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA 0000000074bbfd61 5 bytes JMP 000000016b7f8ed8
.text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW 0000000074bbfe2d 5 bytes JMP 000000016b7f8e5f
.text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\USER32.dll!MessageBoxExA 0000000074bbfe66 5 bytes JMP 000000016b7f8dfb
.text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\USER32.dll!MessageBoxExW 0000000074bbfe8a 5 bytes JMP 000000016b7f8d97
.text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\USER32.dll!keybd_event 0000000074bc044f 5 bytes JMP 000000016b7fa2a6
.text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\ole32.dll!OleLoadFromStream 0000000076725bf6 5 bytes JMP 000000016b7f9784
.text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\OLEAUT32.dll!SysFreeString 0000000076193e59 5 bytes JMP 000000016b7f987c
.text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\OLEAUT32.dll!VariantClear 0000000076193eae 5 bytes JMP 000000016b7f98fa
.text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\OLEAUT32.dll!SysAllocStringByteLen 0000000076194731 5 bytes JMP 000000016b7f97ee
.text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\OLEAUT32.dll!VariantChangeType 0000000076195dee 5 bytes JMP 000000016b7f989a
.text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect 00000000761f9404 5 bytes JMP 000000016b7f91d0
.text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000768e1401 2 bytes [8E, 76]
.text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000768e1419 2 bytes [8E, 76]
.text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000768e1431 2 bytes [8E, 76]
.text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000768e144a 2 bytes [8E, 76]
.text ... * 9
.text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000768e14dd 2 bytes [8E, 76]
.text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000768e14f5 2 bytes [8E, 76]
.text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000768e150d 2 bytes [8E, 76]
.text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000768e1525 2 bytes [8E, 76]
.text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000768e153d 2 bytes [8E, 76]
.text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000768e1555 2 bytes [8E, 76]
.text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000768e156d 2 bytes [8E, 76]
.text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000768e1585 2 bytes [8E, 76]
.text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000768e159d 2 bytes [8E, 76]
.text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000768e15b5 2 bytes [8E, 76]
.text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000768e15cd 2 bytes [8E, 76]
.text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000768e16b2 2 bytes [8E, 76]
.text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000768e16bd 2 bytes [8E, 76]
.text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll !PropertySheetW 00000000715f7c30 5 bytes JMP 000000016b7f9080
.text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll !PropertySheet 0000000071697bb2 5 bytes JMP 000000016b7f9128
.text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\comdlg32.dll!PageSetupDlgW 0000000075f29a4c 5 bytes JMP 000000016b7f93c8
.text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\comdlg32.dll!PrintDlgA 0000000075f327be 5 bytes JMP 000000016b7f9538
.text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\comdlg32.dll!PrintDlgW 0000000075f340fc 5 bytes JMP 000000016b7f946c
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[1524] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000768e1401 2 bytes [8E, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[1524] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000768e1419 2 bytes [8E, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[1524] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000768e1431 2 bytes [8E, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[1524] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000768e144a 2 bytes [8E, 76]
.text ... * 9
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[1524] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000768e14dd 2 bytes [8E, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[1524] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000768e14f5 2 bytes [8E, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[1524] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000768e150d 2 bytes [8E, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[1524] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000768e1525 2 bytes [8E, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[1524] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000768e153d 2 bytes [8E, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[1524] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000768e1555 2 bytes [8E, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[1524] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000768e156d 2 bytes [8E, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[1524] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000768e1585 2 bytes [8E, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[1524] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000768e159d 2 bytes [8E, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[1524] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000768e15b5 2 bytes [8E, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[1524] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000768e15cd 2 bytes [8E, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[1524] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000768e16b2 2 bytes [8E, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[1524] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000768e16bd 2 bytes [8E, 76]
.text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3668] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000768e1401 2 bytes [8E, 76]
.text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3668] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000768e1419 2 bytes [8E, 76]
.text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3668] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000768e1431 2 bytes [8E, 76]
.text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3668] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000768e144a 2 bytes [8E, 76]
.text ... * 9
.text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3668] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000768e14dd 2 bytes [8E, 76]
.text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3668] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000768e14f5 2 bytes [8E, 76]
.text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3668] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000768e150d 2 bytes [8E, 76]
.text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3668] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000768e1525 2 bytes [8E, 76]
.text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3668] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000768e153d 2 bytes [8E, 76]
.text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3668] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000768e1555 2 bytes [8E, 76]
.text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3668] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000768e156d 2 bytes [8E, 76]
.text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3668] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000768e1585 2 bytes [8E, 76]
.text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3668] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000768e159d 2 bytes [8E, 76]
.text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3668] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000768e15b5 2 bytes [8E, 76]
.text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3668] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000768e15cd 2 bytes [8E, 76]
.text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3668] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000768e16b2 2 bytes [8E, 76]
.text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3668] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000768e16bd 2 bytes [8E, 76]
---- Threads - GMER 2.0 ----
Thread C:\Program Files\Dell\DellDock\DockLogin.exe [584:620] 00000000765a7587
Thread C:\Program Files\Dell\DellDock\DockLogin.exe [584:2876] 0000000077462e3e
Thread C:\Program Files\Dell\DellDock\DockLogin.exe [584:7412] 0000000077463e59
Thread C:\Windows\SysWOW64\ntdll.dll [1948:1952] 0000000000101385
Thread C:\Windows\SysWOW64\ntdll.dll [1948:1956] 00000000000fdc80
Thread C:\Windows\SysWOW64\ntdll.dll [1948:2076] 00000000000fb3e0
Thread C:\Windows\SysWOW64\ntdll.dll [1948:2080] 0000000000100657
Thread C:\Windows\SysWOW64\ntdll.dll [1948:2108] 00000000000f87c0
Thread C:\Windows\SysWOW64\ntdll.dll [1948:2112] 00000000000f89c0
Thread C:\Windows\SysWOW64\ntdll.dll [1948:2116] 00000000000f8c20
Thread C:\Windows\SysWOW64\ntdll.dll [1948:2120] 00000000000f8140
Thread C:\Windows\SysWOW64\ntdll.dll [1948:3868] 00000000000fb380
Thread C:\Windows\SysWOW64\ntdll.dll [1948:4076] 00000000000f8070
Thread C:\Windows\SysWOW64\ntdll.dll [1948:3788] 00000000000f7fe0
Thread C:\Windows\SysWOW64\ntdll.dll [1948:3860] 00000000000fc280
Thread C:\Windows\SysWOW64\ntdll.dll [1948:3816] 00000000000f9d00
Thread C:\Windows\SysWOW64\ntdll.dll [1948:3812] 0000000073bb25a1
Thread C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [1224:2616] 00000000714726d0
Thread C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [1224:4932] 00000000714726d0
Thread C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [1224:2732] 00000000714726d0
Thread C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [1224:2000] 00000000714726d0
Thread C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [1224:3568] 00000000714726d0
Thread C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [1224:1216] 00000000714726d0
Thread C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [1224:2368] 00000000714726d0
Thread C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [1224:3216] 00000000714726d0
Thread C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [1224:976] 00000000714726d0
Thread C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [1224:2724] 000007fef87b1ebc
---- Processes - GMER 2.0 ----
Library ? (*** suspicious ***) @ C:\Windows\SysWOW64\ntdll.dll [1948] 0000000071920000
Library ? (*** suspicious ***) @ C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [1224] 000007fefd680000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe [3436] 0000000071130000
---- EOF - GMER 2.0 ----
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:54:03 PM, on 1/17/2013
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
C:\Users\EJS\Local Settings\Apps\F.lux\flux.exe
C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\McAfee\Common Framework\McTray.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files (x86)\internet explorer\iexplore.exe
C:\Program Files (x86)\internet explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe
C:\Users\EJS\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: ÿþ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - (no file)
O2 - BHO: PlayBryte BHO - {61e0ef7a-9bc0-45ea-9b2f-f3e9f02692bd} - mscoree.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110205090739.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
O3 - Toolbar: (no name) - {b278d9f8-0fa9-465e-9938-0c392605d8e3} - (no file)
O3 - Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - (no file)
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
O4 - HKCU\..\Run: [F.lux] "C:\Users\EJS\Local Settings\Apps\F.lux\flux.exe" /noshow
O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
O4 - Global Startup: ActivClient Agent.lnk = C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - http://support.dell.com/systemprofiler/SysProExe.CAB
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} (DellSystemLite.Scanner) - http://support.dell.com/systemprofil...SystemLite.CAB
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: c:\progra~3\browse~1\23787~1.43\{16cdf~1\browse~1.dll c:\progra~3\browse~1\22643~1.41\{16cdf~1\browse~1.dll
O23 - Service: ActivIdentity Shared Store Service (ac.sharedstore) - ActivIdentity - C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Interactive Services Detection (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: Credential Manager (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: DW WLAN Tray Service (wltrysvc) - Dell Inc. - C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
--
End of file - 10763 bytes
------------------------------------------------------------------------------------------------------------------------------------------------------------------
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 1/21/2011 7:54:19 PM
System Uptime: 1/17/2013 6:49:23 PM (3 hours ago)
.
Motherboard: Dell Inc. | | 021CN3
Processor: Intel(R) Pentium(R) CPU P6100 @ 2.00GHz | U2E1 | 1579/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 451 GiB total, 307.844 GiB free.
D: is CDROM ()
Y: is FIXED (NTFS) - 15 GiB total, 8.784 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP165: 11/24/2012 9:45:15 AM - Scheduled Checkpoint
RP166: 12/2/2012 7:45:23 PM - Scheduled Checkpoint
RP167: 12/11/2012 1:27:28 PM - Scheduled Checkpoint
RP168: 12/12/2012 10:00:22 AM - Windows Update
RP169: 12/22/2012 1:07:47 PM - Windows Update
RP170: 1/6/2013 2:54:57 PM - Scheduled Checkpoint
RP171: 1/9/2013 9:03:33 PM - Windows Update
RP172: 1/16/2013 8:15:20 AM - Installed Java 7 Update 11
RP173: 1/17/2013 6:31:38 PM - Removed Java(TM) 6 Update 29 (64-bit)
RP174: 1/17/2013 6:33:37 PM - Removed Java(TM) 6 Update 20
RP175: 1/17/2013 6:38:54 PM - Removed Skype 5.10
RP176: 1/17/2013 6:40:01 PM - Removed calibre
RP177: 1/17/2013 6:40:46 PM - Removed TWC Customer Controls
.
==== Installed Programs ======================
.
µTorrent
470_Help
470_Readme
64 Bit HP CIO Components Installer
7-Zip 9.20 (x64 edition)
ActivClient CAC x64
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.5)
Advanced Audio FX Engine
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Best Buy pc app
Bonjour
BPDSoftware
BPDSoftware_Ini
BufferChm
Canon Easy-WebPrint EX
Canon MP Navigator EX 3.0
Canon MP250 series MP Drivers
Canon MP250 series User Registration
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities Solution Menu
CCleaner
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco Packet Tracer 5.3.1
Cisco Packet Tracer 5.3.2
Cisco PEAP Module
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell Dock
Dell Edoc Viewer
Dell Getting Started Guide
Dell Support Center
Dell Webcam Central
Device Installer x64
DeviceDiscovery
Digital Line Detect
DW WLAN Card Utility
F.lux
Google Earth Plug-in
Google Update Helper
GoToAssist 8.0.0.514
GPBaseService2
H470
HandBrake 0.9.6
Hauppauge TV Tuner Diagnostics (1.2.7076)
Hauppauge TV Tuner Driver
HP Imaging Device Functions 13.0
HP OfficeJet H470
HP Smart Web Printing 4.51
HP Solution Center 13.0
HP Update
HPProductAssistant
Intel(R) Graphics Media Accelerator Driver
Intel(R) Management Engine Components
Intel(R) Rapid Storage Technology
Internet TV for Windows Media Center
iTunes
Java 7 Update 11
Java Auto Updater
Kies mini
Live! Cam Avatar Creator
MATLAB R2007b
McAfee Agent
McAfee VirusScan Enterprise
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft IntelliPoint 8.2
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Outlook Web Access S/MIME
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
MiKTeX 2.9
Modem Diagnostic Tool
MPM
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NavFit98A
Netwaiting
Network64
NTI Backup Now EZ
ProductContext
PuTTY version 0.59
Quickset64
QuickTime
Realtek High Definition Audio Driver
Roxio Burn
SAMSUNG USB Driver for Mobile Phones
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft Visio 2010 (KB2687508) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
SmartWebPrinting
SolutionCenter
Speccy
Status
Synaptics Pointing Device Driver
TeXstudio 2.3
Toolbox
TrayApp
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
WebReg
Windows Driver Package - Broadcom Corporation (BTHUSB) Bluetooth (03/24/2010 6.3.0.2501)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
X-Win32 2012
.
==== Event Viewer Messages From Past Week ========
.
1/17/2013 6:50:20 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
1/17/2013 6:49:46 PM, Error: Service Control Manager [7001] - The Media Center Extender Service service depends on the PnP-X IP Bus Enumerator service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
1/17/2013 6:41:52 PM, Error: Microsoft-Windows-Smartcard-Server [610] - Smart Card Reader 'SCM Microsystems Inc. SCR33x USB Smart Card Reader 0' rejected IOCTL GET_STATE: The device has been removed. If this error persists, your smart card or reader may not be functioning correctly. Command Header: XX XX XX XX
1/17/2013 2:39:56 PM, Error: Schannel [36888] - The following fatal alert was generated: 80. The internal error state is 301.
1/12/2013 11:18:13 AM, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107.
1/12/2013 11:18:13 AM, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
.
==== End Of File ===========================
------------------------------------------------------------------------------------------------------------------------------------------------------------------
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.11.2
Run by EJS at 21:19:02 on 2013-01-17
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3893.1956 [GMT -8:00]
.
AV: McAfee VirusScan Enterprise *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee VirusScan Enterprise Antispyware Module *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\UI0Detect.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\mfeann.exe
C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Users\EJS\Local Settings\Apps\F.lux\flux.exe
C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\McAfee\Common Framework\McTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\internet explorer\iexplore.exe
C:\Program Files (x86)\internet explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/
mWinlogon: Userinit = userinit.exe,
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {2EECD738-5844-4a99-B4B6-146BF802613B} - <orphaned>
BHO: PlayBryte BHO: {61e0ef7a-9bc0-45ea-9b2f-f3e9f02692bd} -
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110205090739.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [F.lux] "C:\Users\EJS\Local Settings\Apps\F.lux\flux.exe" /noshow
uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
mRun: [ShStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
StartupFolder: C:\Users\EJS\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DEL LDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe
StartupFolder: C:\Users\EJS\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONE NOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ACTIVC~1.LNK - C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxp://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{8520ED5B-1461-4053-A1EA-A8164F3AD26E} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{8520ED5B-1461-4053-A1EA-A8164F3AD26E}\2375942554232363 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{8520ED5B-1461-4053-A1EA-A8164F3AD26E}\7416C6F6 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{8520ED5B-1461-4053-A1EA-A8164F3AD26E}\C696E6B6379737 : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{8520ED5B-1461-4053-A1EA-A8164F3AD26E}\E4544574541425 : DHCPNameServer = 209.18.47.61 209.18.47.62
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: x-excid - {9D6CC632-1337-4a33-9214-2DA092E776F4} - c:\Windows\Downloaded Program Files\mimectl.dll
AppInit_DLLs= c:\progra~3\browse~1\23787~1.43\{16cdf~1\browse~1.dll c:\progra~3\browse~1\22643~1.41\{16cdf~1\browse~1.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110205090739.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - <orphaned>
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
x64-Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [acevents] "C:\Program Files\ActivIdentity\ActivClient\acevents.exe"
x64-Run: [accrdsub] "C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe"
x64-Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: x-excid - {9D6CC632-1337-4a33-9214-2DA092E776F4} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2011-2-5 607152]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2011-2-5 281544]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-9-19 55280]
R2 ac.sharedstore;ActivIdentity Shared Store Service;C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [2009-6-3 277032]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-1-21 98208]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-1-21 13336]
R2 McAfeeFramework;McAfee Framework Service;C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [2011-1-12 120128]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2011-2-5 190256]
R2 McTaskManager;McAfee Task Manager;C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe [2011-1-12 209760]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2011-2-5 156248]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-9-19 2533400]
R3 BcmVWL;Broadcom Virtual Wireless;C:\Windows\System32\drivers\bcmvwl64.sys [2011-1-21 20984]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2010-9-19 172704]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-9-19 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-9-19 158976]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-9-19 271872]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2010-9-19 74280]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2011-2-5 217696]
R3 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-9-19 689472]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2011-2-5 97960]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-9-19 245792]
S3 S3XXx64;SCR3xx USB SmartCardReader64;C:\Windows\System32\drivers\S3XXx64.sys [2011-9-7 70016]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2011-5-13 157672]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\drivers\ssadmdfl.sys [2011-5-13 16872]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\drivers\ssadmdm.sys [2011-5-13 177640]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-1-22 1255736]
S4 NTI BackupNowEZSvr;NTI BackupNowEZSvr;C:\Program Files (x86)\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe [2010-2-22 45312]
.
=============== Created Last 30 ================
.
2013-01-16 16:17:13 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-01-09 15:25:00 751104 ----a-w- C:\Windows\System32\win32spl.dll
2013-01-09 15:25:00 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
2013-01-09 15:24:30 2001408 ----a-w- C:\Windows\System32\msxml6.dll
2013-01-09 15:24:29 1880064 ----a-w- C:\Windows\System32\msxml3.dll
2013-01-09 15:24:29 1388544 ----a-w- C:\Windows\SysWow64\msxml6.dll
2013-01-09 15:24:29 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2013-01-09 15:24:26 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2013-01-09 15:24:26 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2013-01-09 15:24:20 3147264 ----a-w- C:\Windows\System32\win32k.sys
2012-12-22 21:08:47 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-22 21:08:47 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-22 21:08:45 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-22 21:08:45 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
.
==================== Find3M ====================
.
2013-01-09 03:48:03 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-09 03:48:03 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-11-09 05:34:27 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-11-09 04:49:37 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-11-02 05:27:51 478208 ----a-w- C:\Windows\System32\dpnet.dll
2012-11-02 04:48:28 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
2009-05-29 21:12:04 2648160 ------r- C:\Program Files\Start.exe
.
============= FINISH: 21:19:51.93 ===============
------------------------------------------------------------------------------------------------------------------------------------------------------------------
GMER 2.0.18444 - http://www.gmer.net
Rootkit scan 2013-01-17 22:35:37
Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD50 rev.01.0 465.76GB
Running: 7337mkpj.exe; Driver: C:\Users\EJS\AppData\Local\Temp\uxriifow.sys
---- User code sections - GMER 2.0 ----
.text C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe[1836] C:\Windows\syswow64\PsApi.dll!GetModuleFileNameExW + 17 00000000768e1401 2 bytes [8E, 76]
.text C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe[1836] C:\Windows\syswow64\PsApi.dll!EnumProcessModules + 17 00000000768e1419 2 bytes [8E, 76]
.text C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe[1836] C:\Windows\syswow64\PsApi.dll!GetModuleInformation + 17 00000000768e1431 2 bytes [8E, 76]
.text C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe[1836] C:\Windows\syswow64\PsApi.dll!GetModuleInformation + 42 00000000768e144a 2 bytes [8E, 76]
.text ... * 9
.text C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe[1836] C:\Windows\syswow64\PsApi.dll!EnumDeviceDrivers + 17 00000000768e14dd 2 bytes [8E, 76]
.text C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe[1836] C:\Windows\syswow64\PsApi.dll!GetDeviceDriverBaseNameA + 17 00000000768e14f5 2 bytes [8E, 76]
.text C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe[1836] C:\Windows\syswow64\PsApi.dll!QueryWorkingSetEx + 17 00000000768e150d 2 bytes [8E, 76]
.text C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe[1836] C:\Windows\syswow64\PsApi.dll!GetDeviceDriverBaseNameW + 17 00000000768e1525 2 bytes [8E, 76]
.text C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe[1836] C:\Windows\syswow64\PsApi.dll!GetModuleBaseNameW + 17 00000000768e153d 2 bytes [8E, 76]
.text C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe[1836] C:\Windows\syswow64\PsApi.dll!EnumProcesses + 17 00000000768e1555 2 bytes [8E, 76]
.text C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe[1836] C:\Windows\syswow64\PsApi.dll!GetProcessMemoryInfo + 17 00000000768e156d 2 bytes [8E, 76]
.text C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe[1836] C:\Windows\syswow64\PsApi.dll!GetPerformanceInfo + 17 00000000768e1585 2 bytes [8E, 76]
.text C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe[1836] C:\Windows\syswow64\PsApi.dll!QueryWorkingSet + 17 00000000768e159d 2 bytes [8E, 76]
.text C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe[1836] C:\Windows\syswow64\PsApi.dll!GetModuleBaseNameA + 17 00000000768e15b5 2 bytes [8E, 76]
.text C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe[1836] C:\Windows\syswow64\PsApi.dll!GetModuleFileNameExA + 17 00000000768e15cd 2 bytes [8E, 76]
.text C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe[1836] C:\Windows\syswow64\PsApi.dll!GetProcessImageFileNameW + 20 00000000768e16b2 2 bytes [8E, 76]
.text C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe[1836] C:\Windows\syswow64\PsApi.dll!GetProcessImageFileNameW + 31 00000000768e16bd 2 bytes [8E, 76]
.text C:\Users\EJS\Local Settings\Apps\F.lux\flux.exe[3284] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000768e1401 2 bytes [8E, 76]
.text C:\Users\EJS\Local Settings\Apps\F.lux\flux.exe[3284] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000768e1419 2 bytes [8E, 76]
.text C:\Users\EJS\Local Settings\Apps\F.lux\flux.exe[3284] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000768e1431 2 bytes [8E, 76]
.text C:\Users\EJS\Local Settings\Apps\F.lux\flux.exe[3284] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000768e144a 2 bytes [8E, 76]
.text ... * 9
.text C:\Users\EJS\Local Settings\Apps\F.lux\flux.exe[3284] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000768e14dd 2 bytes [8E, 76]
.text C:\Users\EJS\Local Settings\Apps\F.lux\flux.exe[3284] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000768e14f5 2 bytes [8E, 76]
.text C:\Users\EJS\Local Settings\Apps\F.lux\flux.exe[3284] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000768e150d 2 bytes [8E, 76]
.text C:\Users\EJS\Local Settings\Apps\F.lux\flux.exe[3284] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000768e1525 2 bytes [8E, 76]
.text C:\Users\EJS\Local Settings\Apps\F.lux\flux.exe[3284] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000768e153d 2 bytes [8E, 76]
.text C:\Users\EJS\Local Settings\Apps\F.lux\flux.exe[3284] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000768e1555 2 bytes [8E, 76]
.text C:\Users\EJS\Local Settings\Apps\F.lux\flux.exe[3284] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000768e156d 2 bytes [8E, 76]
.text C:\Users\EJS\Local Settings\Apps\F.lux\flux.exe[3284] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000768e1585 2 bytes [8E, 76]
.text C:\Users\EJS\Local Settings\Apps\F.lux\flux.exe[3284] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000768e159d 2 bytes [8E, 76]
.text C:\Users\EJS\Local Settings\Apps\F.lux\flux.exe[3284] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000768e15b5 2 bytes [8E, 76]
.text C:\Users\EJS\Local Settings\Apps\F.lux\flux.exe[3284] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000768e15cd 2 bytes [8E, 76]
.text C:\Users\EJS\Local Settings\Apps\F.lux\flux.exe[3284] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000768e16b2 2 bytes [8E, 76]
.text C:\Users\EJS\Local Settings\Apps\F.lux\flux.exe[3284] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000768e16bd 2 bytes [8E, 76]
.text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[3704] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000768e1401 2 bytes [8E, 76]
.text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[3704] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000768e1419 2 bytes [8E, 76]
.text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[3704] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000768e1431 2 bytes [8E, 76]
.text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[3704] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000768e144a 2 bytes [8E, 76]
.text ... * 9
.text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[3704] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000768e14dd 2 bytes [8E, 76]
.text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[3704] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000768e14f5 2 bytes [8E, 76]
.text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[3704] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000768e150d 2 bytes [8E, 76]
.text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[3704] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000768e1525 2 bytes [8E, 76]
.text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[3704] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000768e153d 2 bytes [8E, 76]
.text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[3704] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000768e1555 2 bytes [8E, 76]
.text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[3704] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000768e156d 2 bytes [8E, 76]
.text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[3704] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000768e1585 2 bytes [8E, 76]
.text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[3704] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000768e159d 2 bytes [8E, 76]
.text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[3704] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000768e15b5 2 bytes [8E, 76]
.text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[3704] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000768e15cd 2 bytes [8E, 76]
.text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[3704] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000768e16b2 2 bytes [8E, 76]
.text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[3704] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000768e16bd 2 bytes [8E, 76]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2516] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000768e1401 2 bytes [8E, 76]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2516] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000768e1419 2 bytes [8E, 76]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2516] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000768e1431 2 bytes [8E, 76]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2516] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000768e144a 2 bytes [8E, 76]
.text ... * 9
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2516] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000768e14dd 2 bytes [8E, 76]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2516] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000768e14f5 2 bytes [8E, 76]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2516] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000768e150d 2 bytes [8E, 76]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2516] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000768e1525 2 bytes [8E, 76]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2516] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000768e153d 2 bytes [8E, 76]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2516] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000768e1555 2 bytes [8E, 76]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2516] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000768e156d 2 bytes [8E, 76]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2516] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000768e1585 2 bytes [8E, 76]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2516] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000768e159d 2 bytes [8E, 76]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2516] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000768e15b5 2 bytes [8E, 76]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2516] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000768e15cd 2 bytes [8E, 76]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2516] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000768e16b2 2 bytes [8E, 76]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2516] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000768e16bd 2 bytes [8E, 76]
.text C:\Program Files (x86)\internet explorer\iexplore.exe[3444] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000074b73f54 5 bytes JMP 000000016b6a9eb4
.text C:\Program Files (x86)\internet explorer\iexplore.exe[3444] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamW 0000000074b82a3e 5 bytes JMP 000000016b7f8fb6
.text C:\Program Files (x86)\internet explorer\iexplore.exe[3444] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074b82a62 5 bytes JMP 000000016b601893
.text C:\Program Files (x86)\internet explorer\iexplore.exe[3444] C:\Windows\syswow64\USER32.dll!DialogBoxParamA 0000000074bacc1a 5 bytes JMP 000000016b7f8f51
.text C:\Program Files (x86)\internet explorer\iexplore.exe[3444] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamA 0000000074bacf72 5 bytes JMP 000000016b7f901b
.text C:\Program Files (x86)\internet explorer\iexplore.exe[3444] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA 0000000074bbfd61 5 bytes JMP 000000016b7f8ed8
.text C:\Program Files (x86)\internet explorer\iexplore.exe[3444] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW 0000000074bbfe2d 5 bytes JMP 000000016b7f8e5f
.text C:\Program Files (x86)\internet explorer\iexplore.exe[3444] C:\Windows\syswow64\USER32.dll!MessageBoxExA 0000000074bbfe66 5 bytes JMP 000000016b7f8dfb
.text C:\Program Files (x86)\internet explorer\iexplore.exe[3444] C:\Windows\syswow64\USER32.dll!MessageBoxExW 0000000074bbfe8a 5 bytes JMP 000000016b7f8d97
.text C:\Program Files (x86)\internet explorer\iexplore.exe[3444] C:\Windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect 00000000761f9404 5 bytes JMP 000000016b7f91d0
.text C:\Program Files (x86)\internet explorer\iexplore.exe[3444] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000768e1401 2 bytes [8E, 76]
.text C:\Program Files (x86)\internet explorer\iexplore.exe[3444] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000768e1419 2 bytes [8E, 76]
.text C:\Program Files (x86)\internet explorer\iexplore.exe[3444] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000768e1431 2 bytes [8E, 76]
.text C:\Program Files (x86)\internet explorer\iexplore.exe[3444] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000768e144a 2 bytes [8E, 76]
.text ... * 9
.text C:\Program Files (x86)\internet explorer\iexplore.exe[3444] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000768e14dd 2 bytes [8E, 76]
.text C:\Program Files (x86)\internet explorer\iexplore.exe[3444] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000768e14f5 2 bytes [8E, 76]
.text C:\Program Files (x86)\internet explorer\iexplore.exe[3444] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000768e150d 2 bytes [8E, 76]
.text C:\Program Files (x86)\internet explorer\iexplore.exe[3444] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000768e1525 2 bytes [8E, 76]
.text C:\Program Files (x86)\internet explorer\iexplore.exe[3444] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000768e153d 2 bytes [8E, 76]
.text C:\Program Files (x86)\internet explorer\iexplore.exe[3444] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000768e1555 2 bytes [8E, 76]
.text C:\Program Files (x86)\internet explorer\iexplore.exe[3444] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000768e156d 2 bytes [8E, 76]
.text C:\Program Files (x86)\internet explorer\iexplore.exe[3444] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000768e1585 2 bytes [8E, 76]
.text C:\Program Files (x86)\internet explorer\iexplore.exe[3444] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000768e159d 2 bytes [8E, 76]
.text C:\Program Files (x86)\internet explorer\iexplore.exe[3444] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000768e15b5 2 bytes [8E, 76]
.text C:\Program Files (x86)\internet explorer\iexplore.exe[3444] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000768e15cd 2 bytes [8E, 76]
.text C:\Program Files (x86)\internet explorer\iexplore.exe[3444] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000768e16b2 2 bytes [8E, 76]
.text C:\Program Files (x86)\internet explorer\iexplore.exe[3444] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000768e16bd 2 bytes [8E, 76]
.text C:\Program Files (x86)\internet explorer\iexplore.exe[3444] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll !PropertySheetW 00000000715f7c30 5 bytes JMP 000000016b7f9080
.text C:\Program Files (x86)\internet explorer\iexplore.exe[3444] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll !PropertySheet 0000000071697bb2 5 bytes JMP 000000016b7f9128
.text C:\Program Files (x86)\internet explorer\iexplore.exe[3444] C:\Windows\syswow64\comdlg32.dll!PageSetupDlgW 0000000075f29a4c 5 bytes JMP 000000016b7f93c8
.text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 000000007744260d 6 bytes JMP 000000016b6c8042
.text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077452a93 6 bytes JMP 000000016b669805
.text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\kernel32.dll!CreateThread 0000000075aa1ea8 5 bytes JMP 000000016b6675db
.text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000074b68b9a 5 bytes JMP 000000016b6d03cf
.text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\USER32.dll!CreateWindowExA 0000000074b6a5e6 5 bytes JMP 000000016b67363b
.text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000074b72902 5 bytes JMP 000000016b64ddab
.text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000074b73f54 5 bytes JMP 000000016b6a9eb4
.text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000074b74858 5 bytes JMP 000000016b64ded5
.text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamW 0000000074b795fa 5 bytes JMP 000000016b7f9390
.text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamA 0000000074b7b1dd 5 bytes JMP 000000016b7f9358
.text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\USER32.dll!EndDialog 0000000074b7c184 5 bytes JMP 000000016b7f9d26
.text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000074b806b3 5 bytes JMP 000000016b6a25ac
.text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\USER32.dll!CreateDialogParamW 0000000074b80a8f 5 bytes JMP 000000016b7f9320
.text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\USER32.dll!IsDialogMessageW 0000000074b82174 5 bytes JMP 000000016b7f9a7a
.text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamW 0000000074b82a3e 5 bytes JMP 000000016b7f8fb6
.text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074b82a62 5 bytes JMP 000000016b601893
.text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\USER32.dll!IsDialogMessage 0000000074b87051 5 bytes JMP 000000016b7f9a52
.text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\USER32.dll!CreateDialogParamA 0000000074b8711b 5 bytes JMP 000000016b7f92e8
.text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000074b8f006 5 bytes JMP 000000016b6c7fdf
.text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000074b90efc 5 bytes JMP 000000016b6eed00
.text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\USER32.dll!SendInput 0000000074b9195e 5 bytes JMP 000000016b7fa2e9
.text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\USER32.dll!SetKeyboardState 0000000074b924db 5 bytes JMP 000000016b7fa341
.text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000074ba9c8d 5 bytes JMP 000000016b7fa3c2
.text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\USER32.dll!DialogBoxParamA 0000000074bacc1a 5 bytes JMP 000000016b7f8f51
.text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamA 0000000074bacf72 5 bytes JMP 000000016b7f901b
.text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA 0000000074bbfd61 5 bytes JMP 000000016b7f8ed8
.text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW 0000000074bbfe2d 5 bytes JMP 000000016b7f8e5f
.text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\USER32.dll!MessageBoxExA 0000000074bbfe66 5 bytes JMP 000000016b7f8dfb
.text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\USER32.dll!MessageBoxExW 0000000074bbfe8a 5 bytes JMP 000000016b7f8d97
.text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\USER32.dll!keybd_event 0000000074bc044f 5 bytes JMP 000000016b7fa2a6
.text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\ole32.dll!OleLoadFromStream 0000000076725bf6 5 bytes JMP 000000016b7f9784
.text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\OLEAUT32.dll!SysFreeString 0000000076193e59 5 bytes JMP 000000016b7f987c
.text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\OLEAUT32.dll!VariantClear 0000000076193eae 5 bytes JMP 000000016b7f98fa
.text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\OLEAUT32.dll!SysAllocStringByteLen 0000000076194731 5 bytes JMP 000000016b7f97ee
.text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\OLEAUT32.dll!VariantChangeType 0000000076195dee 5 bytes JMP 000000016b7f989a
.text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect 00000000761f9404 5 bytes JMP 000000016b7f91d0
.text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000768e1401 2 bytes [8E, 76]
.text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000768e1419 2 bytes [8E, 76]
.text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000768e1431 2 bytes [8E, 76]
.text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000768e144a 2 bytes [8E, 76]
.text ... * 9
.text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000768e14dd 2 bytes [8E, 76]
.text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000768e14f5 2 bytes [8E, 76]
.text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000768e150d 2 bytes [8E, 76]
.text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000768e1525 2 bytes [8E, 76]
.text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000768e153d 2 bytes [8E, 76]
.text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000768e1555 2 bytes [8E, 76]
.text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000768e156d 2 bytes [8E, 76]
.text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000768e1585 2 bytes [8E, 76]
.text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000768e159d 2 bytes [8E, 76]
.text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000768e15b5 2 bytes [8E, 76]
.text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000768e15cd 2 bytes [8E, 76]
.text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000768e16b2 2 bytes [8E, 76]
.text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000768e16bd 2 bytes [8E, 76]
.text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll !PropertySheetW 00000000715f7c30 5 bytes JMP 000000016b7f9080
.text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll !PropertySheet 0000000071697bb2 5 bytes JMP 000000016b7f9128
.text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\comdlg32.dll!PageSetupDlgW 0000000075f29a4c 5 bytes JMP 000000016b7f93c8
.text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\comdlg32.dll!PrintDlgA 0000000075f327be 5 bytes JMP 000000016b7f9538
.text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\comdlg32.dll!PrintDlgW 0000000075f340fc 5 bytes JMP 000000016b7f946c
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[1524] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000768e1401 2 bytes [8E, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[1524] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000768e1419 2 bytes [8E, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[1524] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000768e1431 2 bytes [8E, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[1524] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000768e144a 2 bytes [8E, 76]
.text ... * 9
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[1524] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000768e14dd 2 bytes [8E, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[1524] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000768e14f5 2 bytes [8E, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[1524] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000768e150d 2 bytes [8E, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[1524] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000768e1525 2 bytes [8E, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[1524] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000768e153d 2 bytes [8E, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[1524] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000768e1555 2 bytes [8E, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[1524] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000768e156d 2 bytes [8E, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[1524] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000768e1585 2 bytes [8E, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[1524] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000768e159d 2 bytes [8E, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[1524] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000768e15b5 2 bytes [8E, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[1524] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000768e15cd 2 bytes [8E, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[1524] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000768e16b2 2 bytes [8E, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[1524] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000768e16bd 2 bytes [8E, 76]
.text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3668] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000768e1401 2 bytes [8E, 76]
.text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3668] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000768e1419 2 bytes [8E, 76]
.text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3668] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000768e1431 2 bytes [8E, 76]
.text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3668] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000768e144a 2 bytes [8E, 76]
.text ... * 9
.text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3668] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000768e14dd 2 bytes [8E, 76]
.text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3668] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000768e14f5 2 bytes [8E, 76]
.text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3668] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000768e150d 2 bytes [8E, 76]
.text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3668] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000768e1525 2 bytes [8E, 76]
.text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3668] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000768e153d 2 bytes [8E, 76]
.text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3668] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000768e1555 2 bytes [8E, 76]
.text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3668] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000768e156d 2 bytes [8E, 76]
.text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3668] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000768e1585 2 bytes [8E, 76]
.text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3668] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000768e159d 2 bytes [8E, 76]
.text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3668] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000768e15b5 2 bytes [8E, 76]
.text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3668] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000768e15cd 2 bytes [8E, 76]
.text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3668] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000768e16b2 2 bytes [8E, 76]
.text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3668] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000768e16bd 2 bytes [8E, 76]
---- Threads - GMER 2.0 ----
Thread C:\Program Files\Dell\DellDock\DockLogin.exe [584:620] 00000000765a7587
Thread C:\Program Files\Dell\DellDock\DockLogin.exe [584:2876] 0000000077462e3e
Thread C:\Program Files\Dell\DellDock\DockLogin.exe [584:7412] 0000000077463e59
Thread C:\Windows\SysWOW64\ntdll.dll [1948:1952] 0000000000101385
Thread C:\Windows\SysWOW64\ntdll.dll [1948:1956] 00000000000fdc80
Thread C:\Windows\SysWOW64\ntdll.dll [1948:2076] 00000000000fb3e0
Thread C:\Windows\SysWOW64\ntdll.dll [1948:2080] 0000000000100657
Thread C:\Windows\SysWOW64\ntdll.dll [1948:2108] 00000000000f87c0
Thread C:\Windows\SysWOW64\ntdll.dll [1948:2112] 00000000000f89c0
Thread C:\Windows\SysWOW64\ntdll.dll [1948:2116] 00000000000f8c20
Thread C:\Windows\SysWOW64\ntdll.dll [1948:2120] 00000000000f8140
Thread C:\Windows\SysWOW64\ntdll.dll [1948:3868] 00000000000fb380
Thread C:\Windows\SysWOW64\ntdll.dll [1948:4076] 00000000000f8070
Thread C:\Windows\SysWOW64\ntdll.dll [1948:3788] 00000000000f7fe0
Thread C:\Windows\SysWOW64\ntdll.dll [1948:3860] 00000000000fc280
Thread C:\Windows\SysWOW64\ntdll.dll [1948:3816] 00000000000f9d00
Thread C:\Windows\SysWOW64\ntdll.dll [1948:3812] 0000000073bb25a1
Thread C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [1224:2616] 00000000714726d0
Thread C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [1224:4932] 00000000714726d0
Thread C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [1224:2732] 00000000714726d0
Thread C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [1224:2000] 00000000714726d0
Thread C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [1224:3568] 00000000714726d0
Thread C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [1224:1216] 00000000714726d0
Thread C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [1224:2368] 00000000714726d0
Thread C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [1224:3216] 00000000714726d0
Thread C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [1224:976] 00000000714726d0
Thread C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [1224:2724] 000007fef87b1ebc
---- Processes - GMER 2.0 ----
Library ? (*** suspicious ***) @ C:\Windows\SysWOW64\ntdll.dll [1948] 0000000071920000
Library ? (*** suspicious ***) @ C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [1224] 000007fefd680000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe [3436] 0000000071130000
---- EOF - GMER 2.0 ----