1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

PC reboots and screen freezes

Discussion in 'Virus & Other Malware Removal' started by ejspin, Jan 18, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. ejspin

    ejspin Thread Starter

    Joined:
    Jan 5, 2005
    Messages:
    89
    My computer has recently been rebooting unexpectantly. I also have noticed that when I'm on the internet, sometimes the screen freezes. Ran a scan with my McAfee virus scanner and it found and deleted a trojan. Can't tell if it worked in getting rid of all the bad stuff or not, it hasn't rebooted unexpectantly yet so that's good news. Just wanted to make sure there was nothing else on there. Here are my logs:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 8:54:03 PM, on 1/17/2013
    Platform: Windows 7 (WinNT 6.00.3504)
    MSIE: Internet Explorer v9.00 (9.00.8112.16457)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
    C:\Users\EJS\Local Settings\Apps\F.lux\flux.exe
    C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\McAfee\Common Framework\McTray.exe
    C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE
    C:\Program Files (x86)\internet explorer\iexplore.exe
    C:\Program Files (x86)\internet explorer\iexplore.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe
    C:\Users\EJS\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe,
    O1 - Hosts: ÿþ127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - (no file)
    O2 - BHO: PlayBryte BHO - {61e0ef7a-9bc0-45ea-9b2f-f3e9f02692bd} - mscoree.dll (file missing)
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110205090739.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
    O3 - Toolbar: (no name) - {b278d9f8-0fa9-465e-9938-0c392605d8e3} - (no file)
    O3 - Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - (no file)
    O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
    O4 - HKCU\..\Run: [F.lux] "C:\Users\EJS\Local Settings\Apps\F.lux\flux.exe" /noshow
    O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
    O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
    O4 - Global Startup: ActivClient Agent.lnk = C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - http://support.dell.com/systemprofiler/SysProExe.CAB
    O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} (DellSystemLite.Scanner) - http://support.dell.com/systemprofiler/DellSystemLite.CAB
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O20 - AppInit_DLLs: c:\progra~3\browse~1\23787~1.43\{16cdf~1\browse~1.dll c:\progra~3\browse~1\22643~1.41\{16cdf~1\browse~1.dll
    O23 - Service: ActivIdentity Shared Store Service (ac.sharedstore) - ActivIdentity - C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
    O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
    O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
    O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: Interactive Services Detection (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    O23 - Service: Credential Manager (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: DW WLAN Tray Service (wltrysvc) - Dell Inc. - C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

    --
    End of file - 10763 bytes
    ------------------------------------------------------------------------------------------------------------------------------------------------------------------

    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 1/21/2011 7:54:19 PM
    System Uptime: 1/17/2013 6:49:23 PM (3 hours ago)
    .
    Motherboard: Dell Inc. | | 021CN3
    Processor: Intel(R) Pentium(R) CPU P6100 @ 2.00GHz | U2E1 | 1579/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 451 GiB total, 307.844 GiB free.
    D: is CDROM ()
    Y: is FIXED (NTFS) - 15 GiB total, 8.784 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP165: 11/24/2012 9:45:15 AM - Scheduled Checkpoint
    RP166: 12/2/2012 7:45:23 PM - Scheduled Checkpoint
    RP167: 12/11/2012 1:27:28 PM - Scheduled Checkpoint
    RP168: 12/12/2012 10:00:22 AM - Windows Update
    RP169: 12/22/2012 1:07:47 PM - Windows Update
    RP170: 1/6/2013 2:54:57 PM - Scheduled Checkpoint
    RP171: 1/9/2013 9:03:33 PM - Windows Update
    RP172: 1/16/2013 8:15:20 AM - Installed Java 7 Update 11
    RP173: 1/17/2013 6:31:38 PM - Removed Java(TM) 6 Update 29 (64-bit)
    RP174: 1/17/2013 6:33:37 PM - Removed Java(TM) 6 Update 20
    RP175: 1/17/2013 6:38:54 PM - Removed Skype™ 5.10
    RP176: 1/17/2013 6:40:01 PM - Removed calibre
    RP177: 1/17/2013 6:40:46 PM - Removed TWC Customer Controls
    .
    ==== Installed Programs ======================
    .
    µTorrent
    470_Help
    470_Readme
    64 Bit HP CIO Components Installer
    7-Zip 9.20 (x64 edition)
    ActivClient CAC x64
    Adobe Flash Player 11 ActiveX
    Adobe Reader X (10.1.5)
    Advanced Audio FX Engine
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Best Buy pc app
    Bonjour
    BPDSoftware
    BPDSoftware_Ini
    BufferChm
    Canon Easy-WebPrint EX
    Canon MP Navigator EX 3.0
    Canon MP250 series MP Drivers
    Canon MP250 series User Registration
    Canon Utilities Easy-PhotoPrint EX
    Canon Utilities My Printer
    Canon Utilities Solution Menu
    CCleaner
    Cisco EAP-FAST Module
    Cisco LEAP Module
    Cisco Packet Tracer 5.3.1
    Cisco Packet Tracer 5.3.2
    Cisco PEAP Module
    D3DX10
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    Dell DataSafe Local Backup
    Dell DataSafe Local Backup - Support Software
    Dell Dock
    Dell Edoc Viewer
    Dell Getting Started Guide
    Dell Support Center
    Dell Webcam Central
    Device Installer x64
    DeviceDiscovery
    Digital Line Detect
    DW WLAN Card Utility
    F.lux
    Google Earth Plug-in
    Google Update Helper
    GoToAssist 8.0.0.514
    GPBaseService2
    H470
    HandBrake 0.9.6
    Hauppauge TV Tuner Diagnostics (1.2.7076)
    Hauppauge TV Tuner Driver
    HP Imaging Device Functions 13.0
    HP OfficeJet H470
    HP Smart Web Printing 4.51
    HP Solution Center 13.0
    HP Update
    HPProductAssistant
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) Management Engine Components
    Intel(R) Rapid Storage Technology
    Internet TV for Windows Media Center
    iTunes
    Java 7 Update 11
    Java Auto Updater
    Kies mini
    Live! Cam Avatar Creator
    MATLAB R2007b
    McAfee Agent
    McAfee VirusScan Enterprise
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft IntelliPoint 8.2
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office Office 64-bit Components 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared 64-bit MUI (English) 2010
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Outlook Web Access S/MIME
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
    Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    MiKTeX 2.9
    Modem Diagnostic Tool
    MPM
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    NavFit98A
    Netwaiting
    Network64
    NTI Backup Now EZ
    ProductContext
    PuTTY version 0.59
    Quickset64
    QuickTime
    Realtek High Definition Audio Driver
    Roxio Burn
    SAMSUNG USB Driver for Mobile Phones
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
    Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
    Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553096)
    Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
    Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
    Security Update for Microsoft Visio 2010 (KB2687508) 32-Bit Edition
    Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
    Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
    SmartWebPrinting
    SolutionCenter
    Speccy
    Status
    Synaptics Pointing Device Driver
    TeXstudio 2.3
    Toolbox
    TrayApp
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft Office 2010 (KB2494150)
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553092)
    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
    Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
    Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
    WebReg
    Windows Driver Package - Broadcom Corporation (BTHUSB) Bluetooth (03/24/2010 6.3.0.2501)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Language Selector
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    X-Win32 2012
    .
    ==== Event Viewer Messages From Past Week ========
    .
    1/17/2013 6:50:20 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    1/17/2013 6:49:46 PM, Error: Service Control Manager [7001] - The Media Center Extender Service service depends on the PnP-X IP Bus Enumerator service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    1/17/2013 6:41:52 PM, Error: Microsoft-Windows-Smartcard-Server [610] - Smart Card Reader 'SCM Microsystems Inc. SCR33x USB Smart Card Reader 0' rejected IOCTL GET_STATE: The device has been removed. If this error persists, your smart card or reader may not be functioning correctly. Command Header: XX XX XX XX
    1/17/2013 2:39:56 PM, Error: Schannel [36888] - The following fatal alert was generated: 80. The internal error state is 301.
    1/12/2013 11:18:13 AM, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107.
    1/12/2013 11:18:13 AM, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
    .
    ==== End Of File ===========================



    ------------------------------------------------------------------------------------------------------------------------------------------------------------------


    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.11.2
    Run by EJS at 21:19:02 on 2013-01-17
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3893.1956 [GMT -8:00]
    .
    AV: McAfee VirusScan Enterprise *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: McAfee VirusScan Enterprise Antispyware Module *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\Dell\DellDock\DockLogin.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
    C:\Windows\system32\WLANExt.exe
    C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\ActivIdentity\ActivClient\acevents.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
    C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
    C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
    C:\Windows\system32\mfevtps.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\UI0Detect.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    C:\Program Files (x86)\McAfee\VirusScan Enterprise\mfeann.exe
    C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
    C:\Windows\system32\svchost.exe -k HPService
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\ActivIdentity\ActivClient\acevents.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Users\EJS\Local Settings\Apps\F.lux\flux.exe
    C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
    C:\Program Files\Dell\DellDock\DellDock.exe
    C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\McAfee\Common Framework\McTray.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Program Files (x86)\internet explorer\iexplore.exe
    C:\Program Files (x86)\internet explorer\iexplore.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxps://www.google.com/
    mWinlogon: Userinit = userinit.exe,
    BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: {2EECD738-5844-4a99-B4B6-146BF802613B} - <orphaned>
    BHO: PlayBryte BHO: {61e0ef7a-9bc0-45ea-9b2f-f3e9f02692bd} -
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
    BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110205090739.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
    BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
    TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
    EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
    EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
    EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
    uRun: [F.lux] "C:\Users\EJS\Local Settings\Apps\F.lux\flux.exe" /noshow
    uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
    mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
    mRun: [ShStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
    StartupFolder: C:\Users\EJS\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe
    StartupFolder: C:\Users\EJS\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ACTIVC~1.LNK - C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxp://support.dell.com/systemprofiler/SysProExe.CAB
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
    DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
    DPF: {CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{8520ED5B-1461-4053-A1EA-A8164F3AD26E} : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{8520ED5B-1461-4053-A1EA-A8164F3AD26E}\2375942554232363 : DHCPNameServer = 192.168.1.254
    TCP: Interfaces\{8520ED5B-1461-4053-A1EA-A8164F3AD26E}\7416C6F6 : DHCPNameServer = 192.168.1.254
    TCP: Interfaces\{8520ED5B-1461-4053-A1EA-A8164F3AD26E}\C696E6B6379737 : DHCPNameServer = 209.18.47.61 209.18.47.62
    TCP: Interfaces\{8520ED5B-1461-4053-A1EA-A8164F3AD26E}\E4544574541425 : DHCPNameServer = 209.18.47.61 209.18.47.62
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    Handler: x-excid - {9D6CC632-1337-4a33-9214-2DA092E776F4} - c:\Windows\Downloaded Program Files\mimectl.dll
    AppInit_DLLs= c:\progra~3\browse~1\23787~1.43\{16cdf~1\browse~1.dll c:\progra~3\browse~1\22643~1.41\{16cdf~1\browse~1.dll
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
    x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
    x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110205090739.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
    x64-BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - <orphaned>
    x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
    x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
    x64-Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe
    x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
    x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    x64-Run: [acevents] "C:\Program Files\ActivIdentity\ActivClient\acevents.exe"
    x64-Run: [accrdsub] "C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe"
    x64-Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
    x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    x64-Handler: x-excid - {9D6CC632-1337-4a33-9214-2DA092E776F4} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2011-2-5 607152]
    R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2011-2-5 281544]
    R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-9-19 55280]
    R2 ac.sharedstore;ActivIdentity Shared Store Service;C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [2009-6-3 277032]
    R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-1-21 98208]
    R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-1-21 13336]
    R2 McAfeeFramework;McAfee Framework Service;C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [2011-1-12 120128]
    R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2011-2-5 190256]
    R2 McTaskManager;McAfee Task Manager;C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe [2011-1-12 209760]
    R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2011-2-5 156248]
    R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-9-19 2533400]
    R3 BcmVWL;Broadcom Virtual Wireless;C:\Windows\System32\drivers\bcmvwl64.sys [2011-1-21 20984]
    R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2010-9-19 172704]
    R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-9-19 56344]
    R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-9-19 158976]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-9-19 271872]
    R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2010-9-19 74280]
    R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2011-2-5 217696]
    R3 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-9-19 689472]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2011-2-5 97960]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-9-19 245792]
    S3 S3XXx64;SCR3xx USB SmartCardReader64;C:\Windows\System32\drivers\S3XXx64.sys [2011-9-7 70016]
    S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2011-5-13 157672]
    S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\drivers\ssadmdfl.sys [2011-5-13 16872]
    S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\drivers\ssadmdm.sys [2011-5-13 177640]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-1-22 1255736]
    S4 NTI BackupNowEZSvr;NTI BackupNowEZSvr;C:\Program Files (x86)\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe [2010-2-22 45312]
    .
    =============== Created Last 30 ================
    .
    2013-01-16 16:17:13 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2013-01-09 15:25:00 751104 ----a-w- C:\Windows\System32\win32spl.dll
    2013-01-09 15:25:00 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
    2013-01-09 15:24:30 2001408 ----a-w- C:\Windows\System32\msxml6.dll
    2013-01-09 15:24:29 1880064 ----a-w- C:\Windows\System32\msxml3.dll
    2013-01-09 15:24:29 1388544 ----a-w- C:\Windows\SysWow64\msxml6.dll
    2013-01-09 15:24:29 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
    2013-01-09 15:24:26 307200 ----a-w- C:\Windows\System32\ncrypt.dll
    2013-01-09 15:24:26 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
    2013-01-09 15:24:20 3147264 ----a-w- C:\Windows\System32\win32k.sys
    2012-12-22 21:08:47 46080 ----a-w- C:\Windows\System32\atmlib.dll
    2012-12-22 21:08:47 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
    2012-12-22 21:08:45 367616 ----a-w- C:\Windows\System32\atmfd.dll
    2012-12-22 21:08:45 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
    .
    ==================== Find3M ====================
    .
    2013-01-09 03:48:03 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-01-09 03:48:03 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
    2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll
    2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-11-09 05:34:27 2048 ----a-w- C:\Windows\System32\tzres.dll
    2012-11-09 04:49:37 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2012-11-02 05:27:51 478208 ----a-w- C:\Windows\System32\dpnet.dll
    2012-11-02 04:48:28 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
    2009-05-29 21:12:04 2648160 ------r- C:\Program Files\Start.exe
    .
    ============= FINISH: 21:19:51.93 ===============


    ------------------------------------------------------------------------------------------------------------------------------------------------------------------


    GMER 2.0.18444 - http://www.gmer.net
    Rootkit scan 2013-01-17 22:35:37
    Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD50 rev.01.0 465.76GB
    Running: 7337mkpj.exe; Driver: C:\Users\EJS\AppData\Local\Temp\uxriifow.sys


    ---- User code sections - GMER 2.0 ----

    .text C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe[1836] C:\Windows\syswow64\PsApi.dll!GetModuleFileNameExW + 17 00000000768e1401 2 bytes [8E, 76]
    .text C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe[1836] C:\Windows\syswow64\PsApi.dll!EnumProcessModules + 17 00000000768e1419 2 bytes [8E, 76]
    .text C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe[1836] C:\Windows\syswow64\PsApi.dll!GetModuleInformation + 17 00000000768e1431 2 bytes [8E, 76]
    .text C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe[1836] C:\Windows\syswow64\PsApi.dll!GetModuleInformation + 42 00000000768e144a 2 bytes [8E, 76]
    .text ... * 9
    .text C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe[1836] C:\Windows\syswow64\PsApi.dll!EnumDeviceDrivers + 17 00000000768e14dd 2 bytes [8E, 76]
    .text C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe[1836] C:\Windows\syswow64\PsApi.dll!GetDeviceDriverBaseNameA + 17 00000000768e14f5 2 bytes [8E, 76]
    .text C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe[1836] C:\Windows\syswow64\PsApi.dll!QueryWorkingSetEx + 17 00000000768e150d 2 bytes [8E, 76]
    .text C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe[1836] C:\Windows\syswow64\PsApi.dll!GetDeviceDriverBaseNameW + 17 00000000768e1525 2 bytes [8E, 76]
    .text C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe[1836] C:\Windows\syswow64\PsApi.dll!GetModuleBaseNameW + 17 00000000768e153d 2 bytes [8E, 76]
    .text C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe[1836] C:\Windows\syswow64\PsApi.dll!EnumProcesses + 17 00000000768e1555 2 bytes [8E, 76]
    .text C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe[1836] C:\Windows\syswow64\PsApi.dll!GetProcessMemoryInfo + 17 00000000768e156d 2 bytes [8E, 76]
    .text C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe[1836] C:\Windows\syswow64\PsApi.dll!GetPerformanceInfo + 17 00000000768e1585 2 bytes [8E, 76]
    .text C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe[1836] C:\Windows\syswow64\PsApi.dll!QueryWorkingSet + 17 00000000768e159d 2 bytes [8E, 76]
    .text C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe[1836] C:\Windows\syswow64\PsApi.dll!GetModuleBaseNameA + 17 00000000768e15b5 2 bytes [8E, 76]
    .text C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe[1836] C:\Windows\syswow64\PsApi.dll!GetModuleFileNameExA + 17 00000000768e15cd 2 bytes [8E, 76]
    .text C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe[1836] C:\Windows\syswow64\PsApi.dll!GetProcessImageFileNameW + 20 00000000768e16b2 2 bytes [8E, 76]
    .text C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe[1836] C:\Windows\syswow64\PsApi.dll!GetProcessImageFileNameW + 31 00000000768e16bd 2 bytes [8E, 76]
    .text C:\Users\EJS\Local Settings\Apps\F.lux\flux.exe[3284] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000768e1401 2 bytes [8E, 76]
    .text C:\Users\EJS\Local Settings\Apps\F.lux\flux.exe[3284] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000768e1419 2 bytes [8E, 76]
    .text C:\Users\EJS\Local Settings\Apps\F.lux\flux.exe[3284] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000768e1431 2 bytes [8E, 76]
    .text C:\Users\EJS\Local Settings\Apps\F.lux\flux.exe[3284] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000768e144a 2 bytes [8E, 76]
    .text ... * 9
    .text C:\Users\EJS\Local Settings\Apps\F.lux\flux.exe[3284] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000768e14dd 2 bytes [8E, 76]
    .text C:\Users\EJS\Local Settings\Apps\F.lux\flux.exe[3284] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000768e14f5 2 bytes [8E, 76]
    .text C:\Users\EJS\Local Settings\Apps\F.lux\flux.exe[3284] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000768e150d 2 bytes [8E, 76]
    .text C:\Users\EJS\Local Settings\Apps\F.lux\flux.exe[3284] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000768e1525 2 bytes [8E, 76]
    .text C:\Users\EJS\Local Settings\Apps\F.lux\flux.exe[3284] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000768e153d 2 bytes [8E, 76]
    .text C:\Users\EJS\Local Settings\Apps\F.lux\flux.exe[3284] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000768e1555 2 bytes [8E, 76]
    .text C:\Users\EJS\Local Settings\Apps\F.lux\flux.exe[3284] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000768e156d 2 bytes [8E, 76]
    .text C:\Users\EJS\Local Settings\Apps\F.lux\flux.exe[3284] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000768e1585 2 bytes [8E, 76]
    .text C:\Users\EJS\Local Settings\Apps\F.lux\flux.exe[3284] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000768e159d 2 bytes [8E, 76]
    .text C:\Users\EJS\Local Settings\Apps\F.lux\flux.exe[3284] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000768e15b5 2 bytes [8E, 76]
    .text C:\Users\EJS\Local Settings\Apps\F.lux\flux.exe[3284] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000768e15cd 2 bytes [8E, 76]
    .text C:\Users\EJS\Local Settings\Apps\F.lux\flux.exe[3284] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000768e16b2 2 bytes [8E, 76]
    .text C:\Users\EJS\Local Settings\Apps\F.lux\flux.exe[3284] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000768e16bd 2 bytes [8E, 76]
    .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[3704] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000768e1401 2 bytes [8E, 76]
    .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[3704] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000768e1419 2 bytes [8E, 76]
    .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[3704] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000768e1431 2 bytes [8E, 76]
    .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[3704] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000768e144a 2 bytes [8E, 76]
    .text ... * 9
    .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[3704] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000768e14dd 2 bytes [8E, 76]
    .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[3704] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000768e14f5 2 bytes [8E, 76]
    .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[3704] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000768e150d 2 bytes [8E, 76]
    .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[3704] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000768e1525 2 bytes [8E, 76]
    .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[3704] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000768e153d 2 bytes [8E, 76]
    .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[3704] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000768e1555 2 bytes [8E, 76]
    .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[3704] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000768e156d 2 bytes [8E, 76]
    .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[3704] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000768e1585 2 bytes [8E, 76]
    .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[3704] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000768e159d 2 bytes [8E, 76]
    .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[3704] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000768e15b5 2 bytes [8E, 76]
    .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[3704] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000768e15cd 2 bytes [8E, 76]
    .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[3704] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000768e16b2 2 bytes [8E, 76]
    .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[3704] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000768e16bd 2 bytes [8E, 76]
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2516] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000768e1401 2 bytes [8E, 76]
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2516] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000768e1419 2 bytes [8E, 76]
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2516] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000768e1431 2 bytes [8E, 76]
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2516] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000768e144a 2 bytes [8E, 76]
    .text ... * 9
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2516] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000768e14dd 2 bytes [8E, 76]
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2516] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000768e14f5 2 bytes [8E, 76]
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2516] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000768e150d 2 bytes [8E, 76]
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2516] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000768e1525 2 bytes [8E, 76]
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2516] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000768e153d 2 bytes [8E, 76]
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2516] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000768e1555 2 bytes [8E, 76]
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2516] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000768e156d 2 bytes [8E, 76]
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2516] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000768e1585 2 bytes [8E, 76]
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2516] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000768e159d 2 bytes [8E, 76]
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2516] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000768e15b5 2 bytes [8E, 76]
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2516] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000768e15cd 2 bytes [8E, 76]
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2516] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000768e16b2 2 bytes [8E, 76]
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2516] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000768e16bd 2 bytes [8E, 76]
    .text C:\Program Files (x86)\internet explorer\iexplore.exe[3444] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000074b73f54 5 bytes JMP 000000016b6a9eb4
    .text C:\Program Files (x86)\internet explorer\iexplore.exe[3444] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamW 0000000074b82a3e 5 bytes JMP 000000016b7f8fb6
    .text C:\Program Files (x86)\internet explorer\iexplore.exe[3444] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074b82a62 5 bytes JMP 000000016b601893
    .text C:\Program Files (x86)\internet explorer\iexplore.exe[3444] C:\Windows\syswow64\USER32.dll!DialogBoxParamA 0000000074bacc1a 5 bytes JMP 000000016b7f8f51
    .text C:\Program Files (x86)\internet explorer\iexplore.exe[3444] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamA 0000000074bacf72 5 bytes JMP 000000016b7f901b
    .text C:\Program Files (x86)\internet explorer\iexplore.exe[3444] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA 0000000074bbfd61 5 bytes JMP 000000016b7f8ed8
    .text C:\Program Files (x86)\internet explorer\iexplore.exe[3444] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW 0000000074bbfe2d 5 bytes JMP 000000016b7f8e5f
    .text C:\Program Files (x86)\internet explorer\iexplore.exe[3444] C:\Windows\syswow64\USER32.dll!MessageBoxExA 0000000074bbfe66 5 bytes JMP 000000016b7f8dfb
    .text C:\Program Files (x86)\internet explorer\iexplore.exe[3444] C:\Windows\syswow64\USER32.dll!MessageBoxExW 0000000074bbfe8a 5 bytes JMP 000000016b7f8d97
    .text C:\Program Files (x86)\internet explorer\iexplore.exe[3444] C:\Windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect 00000000761f9404 5 bytes JMP 000000016b7f91d0
    .text C:\Program Files (x86)\internet explorer\iexplore.exe[3444] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000768e1401 2 bytes [8E, 76]
    .text C:\Program Files (x86)\internet explorer\iexplore.exe[3444] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000768e1419 2 bytes [8E, 76]
    .text C:\Program Files (x86)\internet explorer\iexplore.exe[3444] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000768e1431 2 bytes [8E, 76]
    .text C:\Program Files (x86)\internet explorer\iexplore.exe[3444] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000768e144a 2 bytes [8E, 76]
    .text ... * 9
    .text C:\Program Files (x86)\internet explorer\iexplore.exe[3444] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000768e14dd 2 bytes [8E, 76]
    .text C:\Program Files (x86)\internet explorer\iexplore.exe[3444] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000768e14f5 2 bytes [8E, 76]
    .text C:\Program Files (x86)\internet explorer\iexplore.exe[3444] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000768e150d 2 bytes [8E, 76]
    .text C:\Program Files (x86)\internet explorer\iexplore.exe[3444] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000768e1525 2 bytes [8E, 76]
    .text C:\Program Files (x86)\internet explorer\iexplore.exe[3444] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000768e153d 2 bytes [8E, 76]
    .text C:\Program Files (x86)\internet explorer\iexplore.exe[3444] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000768e1555 2 bytes [8E, 76]
    .text C:\Program Files (x86)\internet explorer\iexplore.exe[3444] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000768e156d 2 bytes [8E, 76]
    .text C:\Program Files (x86)\internet explorer\iexplore.exe[3444] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000768e1585 2 bytes [8E, 76]
    .text C:\Program Files (x86)\internet explorer\iexplore.exe[3444] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000768e159d 2 bytes [8E, 76]
    .text C:\Program Files (x86)\internet explorer\iexplore.exe[3444] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000768e15b5 2 bytes [8E, 76]
    .text C:\Program Files (x86)\internet explorer\iexplore.exe[3444] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000768e15cd 2 bytes [8E, 76]
    .text C:\Program Files (x86)\internet explorer\iexplore.exe[3444] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000768e16b2 2 bytes [8E, 76]
    .text C:\Program Files (x86)\internet explorer\iexplore.exe[3444] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000768e16bd 2 bytes [8E, 76]
    .text C:\Program Files (x86)\internet explorer\iexplore.exe[3444] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll!PropertySheetW 00000000715f7c30 5 bytes JMP 000000016b7f9080
    .text C:\Program Files (x86)\internet explorer\iexplore.exe[3444] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll!PropertySheet 0000000071697bb2 5 bytes JMP 000000016b7f9128
    .text C:\Program Files (x86)\internet explorer\iexplore.exe[3444] C:\Windows\syswow64\comdlg32.dll!PageSetupDlgW 0000000075f29a4c 5 bytes JMP 000000016b7f93c8
    .text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 000000007744260d 6 bytes JMP 000000016b6c8042
    .text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077452a93 6 bytes JMP 000000016b669805
    .text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\kernel32.dll!CreateThread 0000000075aa1ea8 5 bytes JMP 000000016b6675db
    .text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000074b68b9a 5 bytes JMP 000000016b6d03cf
    .text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\USER32.dll!CreateWindowExA 0000000074b6a5e6 5 bytes JMP 000000016b67363b
    .text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000074b72902 5 bytes JMP 000000016b64ddab
    .text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000074b73f54 5 bytes JMP 000000016b6a9eb4
    .text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000074b74858 5 bytes JMP 000000016b64ded5
    .text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamW 0000000074b795fa 5 bytes JMP 000000016b7f9390
    .text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamA 0000000074b7b1dd 5 bytes JMP 000000016b7f9358
    .text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\USER32.dll!EndDialog 0000000074b7c184 5 bytes JMP 000000016b7f9d26
    .text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000074b806b3 5 bytes JMP 000000016b6a25ac
    .text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\USER32.dll!CreateDialogParamW 0000000074b80a8f 5 bytes JMP 000000016b7f9320
    .text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\USER32.dll!IsDialogMessageW 0000000074b82174 5 bytes JMP 000000016b7f9a7a
    .text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamW 0000000074b82a3e 5 bytes JMP 000000016b7f8fb6
    .text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074b82a62 5 bytes JMP 000000016b601893
    .text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\USER32.dll!IsDialogMessage 0000000074b87051 5 bytes JMP 000000016b7f9a52
    .text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\USER32.dll!CreateDialogParamA 0000000074b8711b 5 bytes JMP 000000016b7f92e8
    .text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000074b8f006 5 bytes JMP 000000016b6c7fdf
    .text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000074b90efc 5 bytes JMP 000000016b6eed00
    .text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\USER32.dll!SendInput 0000000074b9195e 5 bytes JMP 000000016b7fa2e9
    .text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\USER32.dll!SetKeyboardState 0000000074b924db 5 bytes JMP 000000016b7fa341
    .text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000074ba9c8d 5 bytes JMP 000000016b7fa3c2
    .text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\USER32.dll!DialogBoxParamA 0000000074bacc1a 5 bytes JMP 000000016b7f8f51
    .text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamA 0000000074bacf72 5 bytes JMP 000000016b7f901b
    .text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA 0000000074bbfd61 5 bytes JMP 000000016b7f8ed8
    .text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW 0000000074bbfe2d 5 bytes JMP 000000016b7f8e5f
    .text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\USER32.dll!MessageBoxExA 0000000074bbfe66 5 bytes JMP 000000016b7f8dfb
    .text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\USER32.dll!MessageBoxExW 0000000074bbfe8a 5 bytes JMP 000000016b7f8d97
    .text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\USER32.dll!keybd_event 0000000074bc044f 5 bytes JMP 000000016b7fa2a6
    .text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\ole32.dll!OleLoadFromStream 0000000076725bf6 5 bytes JMP 000000016b7f9784
    .text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\OLEAUT32.dll!SysFreeString 0000000076193e59 5 bytes JMP 000000016b7f987c
    .text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\OLEAUT32.dll!VariantClear 0000000076193eae 5 bytes JMP 000000016b7f98fa
    .text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\OLEAUT32.dll!SysAllocStringByteLen 0000000076194731 5 bytes JMP 000000016b7f97ee
    .text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\OLEAUT32.dll!VariantChangeType 0000000076195dee 5 bytes JMP 000000016b7f989a
    .text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect 00000000761f9404 5 bytes JMP 000000016b7f91d0
    .text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000768e1401 2 bytes [8E, 76]
    .text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000768e1419 2 bytes [8E, 76]
    .text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000768e1431 2 bytes [8E, 76]
    .text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000768e144a 2 bytes [8E, 76]
    .text ... * 9
    .text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000768e14dd 2 bytes [8E, 76]
    .text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000768e14f5 2 bytes [8E, 76]
    .text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000768e150d 2 bytes [8E, 76]
    .text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000768e1525 2 bytes [8E, 76]
    .text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000768e153d 2 bytes [8E, 76]
    .text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000768e1555 2 bytes [8E, 76]
    .text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000768e156d 2 bytes [8E, 76]
    .text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000768e1585 2 bytes [8E, 76]
    .text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000768e159d 2 bytes [8E, 76]
    .text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000768e15b5 2 bytes [8E, 76]
    .text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000768e15cd 2 bytes [8E, 76]
    .text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000768e16b2 2 bytes [8E, 76]
    .text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000768e16bd 2 bytes [8E, 76]
    .text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll!PropertySheetW 00000000715f7c30 5 bytes JMP 000000016b7f9080
    .text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll!PropertySheet 0000000071697bb2 5 bytes JMP 000000016b7f9128
    .text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\comdlg32.dll!PageSetupDlgW 0000000075f29a4c 5 bytes JMP 000000016b7f93c8
    .text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\comdlg32.dll!PrintDlgA 0000000075f327be 5 bytes JMP 000000016b7f9538
    .text C:\Program Files (x86)\internet explorer\iexplore.exe[4172] C:\Windows\syswow64\comdlg32.dll!PrintDlgW 0000000075f340fc 5 bytes JMP 000000016b7f946c
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[1524] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000768e1401 2 bytes [8E, 76]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[1524] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000768e1419 2 bytes [8E, 76]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[1524] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000768e1431 2 bytes [8E, 76]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[1524] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000768e144a 2 bytes [8E, 76]
    .text ... * 9
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[1524] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000768e14dd 2 bytes [8E, 76]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[1524] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000768e14f5 2 bytes [8E, 76]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[1524] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000768e150d 2 bytes [8E, 76]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[1524] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000768e1525 2 bytes [8E, 76]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[1524] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000768e153d 2 bytes [8E, 76]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[1524] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000768e1555 2 bytes [8E, 76]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[1524] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000768e156d 2 bytes [8E, 76]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[1524] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000768e1585 2 bytes [8E, 76]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[1524] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000768e159d 2 bytes [8E, 76]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[1524] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000768e15b5 2 bytes [8E, 76]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[1524] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000768e15cd 2 bytes [8E, 76]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[1524] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000768e16b2 2 bytes [8E, 76]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[1524] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000768e16bd 2 bytes [8E, 76]
    .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3668] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000768e1401 2 bytes [8E, 76]
    .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3668] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000768e1419 2 bytes [8E, 76]
    .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3668] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000768e1431 2 bytes [8E, 76]
    .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3668] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000768e144a 2 bytes [8E, 76]
    .text ... * 9
    .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3668] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000768e14dd 2 bytes [8E, 76]
    .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3668] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000768e14f5 2 bytes [8E, 76]
    .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3668] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000768e150d 2 bytes [8E, 76]
    .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3668] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000768e1525 2 bytes [8E, 76]
    .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3668] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000768e153d 2 bytes [8E, 76]
    .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3668] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000768e1555 2 bytes [8E, 76]
    .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3668] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000768e156d 2 bytes [8E, 76]
    .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3668] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000768e1585 2 bytes [8E, 76]
    .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3668] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000768e159d 2 bytes [8E, 76]
    .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3668] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000768e15b5 2 bytes [8E, 76]
    .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3668] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000768e15cd 2 bytes [8E, 76]
    .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3668] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000768e16b2 2 bytes [8E, 76]
    .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3668] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000768e16bd 2 bytes [8E, 76]

    ---- Threads - GMER 2.0 ----

    Thread C:\Program Files\Dell\DellDock\DockLogin.exe [584:620] 00000000765a7587
    Thread C:\Program Files\Dell\DellDock\DockLogin.exe [584:2876] 0000000077462e3e
    Thread C:\Program Files\Dell\DellDock\DockLogin.exe [584:7412] 0000000077463e59
    Thread C:\Windows\SysWOW64\ntdll.dll [1948:1952] 0000000000101385
    Thread C:\Windows\SysWOW64\ntdll.dll [1948:1956] 00000000000fdc80
    Thread C:\Windows\SysWOW64\ntdll.dll [1948:2076] 00000000000fb3e0
    Thread C:\Windows\SysWOW64\ntdll.dll [1948:2080] 0000000000100657
    Thread C:\Windows\SysWOW64\ntdll.dll [1948:2108] 00000000000f87c0
    Thread C:\Windows\SysWOW64\ntdll.dll [1948:2112] 00000000000f89c0
    Thread C:\Windows\SysWOW64\ntdll.dll [1948:2116] 00000000000f8c20
    Thread C:\Windows\SysWOW64\ntdll.dll [1948:2120] 00000000000f8140
    Thread C:\Windows\SysWOW64\ntdll.dll [1948:3868] 00000000000fb380
    Thread C:\Windows\SysWOW64\ntdll.dll [1948:4076] 00000000000f8070
    Thread C:\Windows\SysWOW64\ntdll.dll [1948:3788] 00000000000f7fe0
    Thread C:\Windows\SysWOW64\ntdll.dll [1948:3860] 00000000000fc280
    Thread C:\Windows\SysWOW64\ntdll.dll [1948:3816] 00000000000f9d00
    Thread C:\Windows\SysWOW64\ntdll.dll [1948:3812] 0000000073bb25a1
    Thread C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [1224:2616] 00000000714726d0
    Thread C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [1224:4932] 00000000714726d0
    Thread C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [1224:2732] 00000000714726d0
    Thread C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [1224:2000] 00000000714726d0
    Thread C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [1224:3568] 00000000714726d0
    Thread C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [1224:1216] 00000000714726d0
    Thread C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [1224:2368] 00000000714726d0
    Thread C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [1224:3216] 00000000714726d0
    Thread C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [1224:976] 00000000714726d0
    Thread C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [1224:2724] 000007fef87b1ebc
    ---- Processes - GMER 2.0 ----

    Library ? (*** suspicious ***) @ C:\Windows\SysWOW64\ntdll.dll [1948] 0000000071920000
    Library ? (*** suspicious ***) @ C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [1224] 000007fefd680000
    Library ? (*** suspicious ***) @ C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe [3436] 0000000071130000

    ---- EOF - GMER 2.0 ----
     
  2. ejspin

    ejspin Thread Starter

    Joined:
    Jan 5, 2005
    Messages:
    89
    Bumping this up.
    Windows still freeze from time to time, I keep getting pop-up flashes of my McAfee security warning.
     
  3. ejspin

    ejspin Thread Starter

    Joined:
    Jan 5, 2005
    Messages:
    89
    Bumping this up again. Same symptoms. I've resorted to not using my infected PC until I get a little help, or knowledge of what is going on with it. Any suggestions would be greatly appreciated. Thanks
     
  4. ejspin

    ejspin Thread Starter

    Joined:
    Jan 5, 2005
    Messages:
    89
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1085763

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice