At some point in the last 2 months my 15 year old son downloaded a game to the "no games" laptop. When we attempted to use it recently, it was extremely slow and random audio began playing. It sounds like bits of radio, advertisements, news stories. Each bit is short, but plays back to back. When this occurs, the CPU usage climbs up to 100% despite no other programs open. My husband removed the game & associated files.
Before I found your website, I installed and ran Malwarebytes and it removed 3 files. I thought that had solved the problem, but it has returned. Internet Explorer also seems to be affected. The header (where the url and tabs show) looks like a film negative. The computer seems slower than normal...sluggish to respond to clicks and generally acting like a stubborn teen.
Thank you in advance for your help!
Charity
Here are the results from the scans listed in the forum instructions.
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16476 BrowserJavaVersion: 10.25.2
Run by Owner at 17:04:11 on 2013-09-13
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4056.1964 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe
C:\Windows\system32\wbem\wmiprvse.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Roxio\Roxio Burn\Roxio Burn.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_8_800_94_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uURLSearchHooks: {D8278076-BC68-4484-9233-6E7F1628B56C} - <orphaned>
dURLSearchHooks: {D8278076-BC68-4484-9233-6E7F1628B56C} - <orphaned>
mWinlogon: Userinit = userinit.exe,
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
mRun: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{A6183BCD-5741-4862-B27B-EDB00D11F94D} : DHCPNameServer = 192.168.1.254
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-BHO: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -
x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe
x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
x64-Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
x64-Run: [PrnStatusMX] C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2010-10-24 247216]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-9-19 55280]
R1 HssDRV6;Hotspot Shield Routing Driver 6;C:\Windows\System32\drivers\hssdrv6.sys [2012-10-10 41704]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 139616]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2009-9-19 648432]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2009-9-19 172704]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-7-18 366600]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2009-9-19 215552]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-9-28 395264]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [2010-9-3 227232]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-9-7 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-1-5 1255736]
.
=============== Created Last 30 ================
.
2013-09-13 20:30:14 76232 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E4E3B03D-7C76-4E85-8D58-07A42272F7F5}\offreg.dll
2013-09-13 19:56:17 -------- d-----w- C:\Users\Owner\AppData\Local\Comodo
2013-09-13 19:56:12 56072 ----a-w- C:\Windows\System32\certsentry.dll
2013-09-13 19:56:12 47368 ----a-w- C:\Windows\SysWow64\certsentry.dll
2013-09-13 19:56:02 -------- d-----w- C:\Program Files (x86)\Comodo
2013-09-13 19:55:57 -------- d-----w- C:\ProgramData\Comodo Downloader
2013-09-13 19:07:33 -------- d-----w- C:\Users\Owner\AppData\Roaming\Malwarebytes
2013-09-13 19:07:02 -------- d-----w- C:\ProgramData\Malwarebytes
2013-09-13 19:07:00 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-09-13 19:07:00 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-13 19:06:20 -------- d-----w- C:\Users\Owner\AppData\Local\Programs
2013-09-13 16:19:51 -------- d-----w- C:\Windows\System32\MpEngineStore
2013-09-13 01:30:22 9515512 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E4E3B03D-7C76-4E85-8D58-07A42272F7F5}\mpengine.dll
2013-09-12 00:56:58 9515512 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-09-09 21:05:33 965008 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DE7153D6-3631-4078-8B0A-9ED2D87DC603}\gapaengine.dll
2013-09-08 02:37:16 -------- d-----w- C:\Users\Owner\AppData\Local\Deployment
2013-09-08 02:37:16 -------- d-----w- C:\Users\Owner\AppData\Local\Apps
2013-09-08 01:31:03 -------- d-----w- C:\ProgramData\McAfee Security Scan
2013-09-08 01:30:58 -------- d-----w- C:\Program Files (x86)\McAfee Security Scan
2013-09-08 01:30:30 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-09-08 01:30:08 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-09-07 23:48:45 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2013-09-07 23:48:45 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2013-09-07 23:48:45 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2013-09-07 23:48:45 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2013-09-07 23:34:13 -------- d-----w- C:\Windows\System32\MRT
2013-09-07 23:13:10 -------- d-----w- C:\Windows\System32\SPReview
2013-09-07 23:12:13 -------- d-----w- C:\Windows\System32\EventProviders
2013-09-07 23:09:59 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-09-07 23:07:16 46080 ----a-w- C:\Windows\System32\atmlib.dll
2013-09-07 23:07:16 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2013-09-07 23:07:15 367616 ----a-w- C:\Windows\System32\atmfd.dll
2013-09-07 23:07:14 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2013-09-07 23:06:29 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2013-09-07 23:06:29 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2013-09-07 23:06:28 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2013-09-07 23:06:27 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2013-09-07 23:06:26 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2013-09-07 23:06:25 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2013-09-07 23:06:25 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2013-09-07 22:56:02 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2013-09-07 22:56:02 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2013-09-07 22:56:02 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2013-09-07 22:56:01 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2013-09-07 22:56:01 5120 ----a-w- C:\Windows\System32\wmi.dll
2013-09-07 22:44:00 48976 ----a-w- C:\Windows\System32\netfxperf.dll
2013-09-07 22:44:00 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2013-09-07 22:42:59 828416 ----a-w- C:\Windows\System32\MPSSVC.dll
2013-09-07 22:41:59 864256 ----a-w- C:\Program Files (x86)\Common Files\System\Ole DB\oledb32.dll
2013-09-07 22:40:59 828928 ----a-w- C:\Windows\SysWow64\fontext.dll
2013-09-07 22:39:59 94208 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadcf.dll
2013-09-07 22:35:54 529408 ----a-w- C:\Windows\System32\wbemcomn.dll
2013-09-07 21:52:20 1731920 ----a-w- C:\Windows\System32\ntdll.dll
2013-09-07 21:52:20 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-09-07 21:51:14 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2013-09-07 21:51:13 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-09-07 21:51:13 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2013-09-07 21:51:13 1159680 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-09-07 21:51:12 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-09-07 21:51:12 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-09-07 21:49:59 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-09-07 21:49:51 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-09-07 21:49:49 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-09-07 21:49:48 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-09-07 21:49:47 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2013-09-07 21:49:47 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2013-09-07 21:49:47 112640 ----a-w- C:\Windows\System32\smss.exe
2013-09-07 21:49:38 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-09-07 21:49:38 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-09-07 21:49:29 331776 ----a-w- C:\Windows\System32\oleacc.dll
2013-09-07 21:49:29 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2013-09-07 21:49:28 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2013-09-07 21:49:28 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2013-09-07 21:48:26 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2013-09-07 21:48:26 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
2013-09-07 21:48:19 67072 ----a-w- C:\Windows\splwow64.exe
2013-09-07 21:48:19 559104 ----a-w- C:\Windows\System32\spoolsv.exe
2013-09-07 21:47:20 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2013-09-07 21:47:19 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2013-09-07 21:45:59 44032 ----a-w- C:\Windows\System32\tsgqec.dll
2013-09-07 21:44:14 395776 ----a-w- C:\Windows\System32\webio.dll
2013-09-07 21:44:14 314880 ----a-w- C:\Windows\SysWow64\webio.dll
2013-09-07 21:42:49 800768 ----a-w- C:\Windows\System32\usp10.dll
2013-09-07 21:41:48 223752 ----a-w- C:\Windows\System32\drivers\fvevol.sys
2013-09-07 21:41:47 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
2013-09-07 21:41:47 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2013-09-07 21:41:46 956928 ----a-w- C:\Windows\System32\localspl.dll
2013-09-07 21:41:46 39424 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\winprint.dll
2013-09-07 21:21:14 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2013-09-03 22:06:11 -------- d-----w- C:\Users\Owner\AppData\Local\SWTORPerf
2013-09-03 22:00:09 4991496 ----a-w- C:\Windows\System32\D3DX9_38.dll
2013-09-03 22:00:09 3850760 ----a-w- C:\Windows\SysWow64\D3DX9_38.dll
2013-09-03 21:59:29 -------- d-----w- C:\Program Files (x86)\Common Files\BioWare
.
==================== Find3M ====================
.
2013-09-13 01:44:56 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-13 01:44:56 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-09-08 01:29:44 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-09-08 00:40:50 175616 ----a-w- C:\Windows\System32\msclmd.dll
2013-09-08 00:40:50 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2013-06-19 02:50:08 247216 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2013-06-19 02:50:08 139616 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
.
============= FINISH: 17:06:03.95 ===============
GMER 2.1.19163 - GMER - Rootkit Detector and Remover
Rootkit scan 2013-09-13 17:30:27
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST932032 rev.0003 298.09GB
Running: gmer.exe; Driver: C:\Users\Owner\AppData\Local\Temp\ugloapow.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560 fffff80002bab000 8 bytes [00, 00, DE, 00, 4E, 74, 66, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 576 fffff80002bab010 29 bytes [10, 70, D3, 09, 80, FA, FF, ...]
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\svchost.exe[1016] C:\Windows\system32\WININET.dll!HttpSendRequestW 0000000076d9d1e8 14 bytes {JMP QWORD [RIP+0x0]}
.text C:\Windows\system32\svchost.exe[1016] C:\Windows\system32\WININET.dll!HttpSendRequestA 0000000076e19dd0 14 bytes {JMP QWORD [RIP+0x0]}
.text C:\Windows\system32\svchost.exe[1016] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefef17490 9 bytes {JMP QWORD [RIP+0x0]}
.text C:\Windows\system32\svchost.exe[1016] C:\Windows\system32\ole32.dll!CoCreateInstance + 11 000007fefef1749b 3 bytes [00, 00, 00]
.text C:\Windows\system32\svchost.exe[1016] C:\Windows\system32\ole32.dll!CoGetClassObject 000007fefef22e18 14 bytes {JMP QWORD [RIP+0x0]}
.text C:\Windows\system32\svchost.exe[1016] C:\Windows\system32\ws2_32.dll!GetAddrInfoW + 1 000007feff1023c1 13 bytes {JMP QWORD [RIP+0x0]}
.text C:\Windows\system32\svchost.exe[1016] C:\Windows\system32\ws2_32.dll!GetAddrInfoExW 000007feff10c090 14 bytes {JMP QWORD [RIP+0x0]}
.text C:\Windows\system32\svchost.exe[1016] C:\Windows\system32\winmm.dll!waveOutOpen 000007fefa5f38d0 14 bytes {JMP QWORD [RIP+0x0]}
.text C:\Windows\system32\svchost.exe[1016] C:\Windows\system32\dsound.dll!DirectSoundCreate 0000000000b75a84 14 bytes {JMP QWORD [RIP+0x0]}
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6880] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000074fe2da4 5 bytes JMP 000000016dd69ebc
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6880] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamW 0000000074ffcbf3 5 bytes JMP 000000016deb913e
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6880] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074ffcfca 5 bytes JMP 000000016dcc1893
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6880] C:\Windows\syswow64\USER32.dll!DialogBoxParamA 000000007501cb0c 5 bytes JMP 000000016deb90d9
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6880] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamA 000000007501ce64 5 bytes JMP 000000016deb91a3
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6880] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA 000000007502fbd1 5 bytes JMP 000000016deb9060
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6880] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW 000000007502fc9d 5 bytes JMP 000000016deb8fe7
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6880] C:\Windows\syswow64\USER32.dll!MessageBoxExA 000000007502fcd6 5 bytes JMP 000000016deb8f83
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6880] C:\Windows\syswow64\USER32.dll!MessageBoxExW 000000007502fcfa 5 bytes JMP 000000016deb8f1f
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6880] C:\Windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect 00000000757593ec 5 bytes JMP 000000016deb9358
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6880] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074b01465 2 bytes [B0, 74]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6880] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074b014bb 2 bytes [B0, 74]
.text ... * 2
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6880] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheetW 00000000726b388e 5 bytes JMP 000000016deb9208
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6880] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheet 0000000072757922 5 bytes JMP 000000016deb92b0
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6880] C:\Windows\syswow64\comdlg32.dll!PageSetupDlgW 0000000075372694 5 bytes JMP 000000016deb9550
? C:\Windows\system32\mssprxy.dll [6880] entry point in ".rdata" section 0000000073f071e6
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5560] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 00000000772325fd 6 bytes JMP 000000016dd88042
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5560] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077242a63 6 bytes JMP 000000016dd2980d
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5560] C:\Windows\syswow64\kernel32.dll!CreateThread 00000000758b34b5 5 bytes JMP 000000016dd275e3
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5560] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000074fd8a29 5 bytes JMP 000000016dd903cf
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5560] C:\Windows\syswow64\USER32.dll!CreateWindowExA 0000000074fdd22e 5 bytes JMP 000000016dd33643
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5560] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000074fe291f 5 bytes JMP 000000016dd0dda7
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5560] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000074fe2da4 5 bytes JMP 000000016dd69ebc
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5560] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000074fe6285 5 bytes JMP 000000016dd87fdf
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5560] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000074fe7603 5 bytes JMP 000000016dd625b4
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5560] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamA 0000000074feb029 5 bytes JMP 000000016deb94e0
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5560] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamW 0000000074fec63e 5 bytes JMP 000000016deb9518
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5560] C:\Windows\syswow64\USER32.dll!IsDialogMessage 0000000074ff50ed 5 bytes JMP 000000016deb9bda
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5560] C:\Windows\syswow64\USER32.dll!CreateDialogParamA 0000000074ff5246 5 bytes JMP 000000016deb9470
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5560] C:\Windows\syswow64\USER32.dll!EndDialog 0000000074ffb99c 5 bytes JMP 000000016deb9eae
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5560] C:\Windows\syswow64\USER32.dll!IsDialogMessageW 0000000074ffc701 5 bytes JMP 000000016deb9c02
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5560] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamW 0000000074ffcbf3 5 bytes JMP 000000016deb913e
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5560] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074ffcfca 5 bytes JMP 000000016dcc1893
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5560] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000074ffeb96 5 bytes JMP 000000016dd0decd
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5560] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000074fff52b 5 bytes JMP 000000016ddaed00
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5560] C:\Windows\syswow64\USER32.dll!SendInput 0000000074ffff4a 5 bytes JMP 000000016deba471
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5560] C:\Windows\syswow64\USER32.dll!CreateDialogParamW 00000000750010dc 5 bytes JMP 000000016deb94a8
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5560] C:\Windows\syswow64\USER32.dll!SetKeyboardState 00000000750014b2 5 bytes JMP 000000016deba4c9
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5560] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000075019cfd 5 bytes JMP 000000016deba54a
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5560] C:\Windows\syswow64\USER32.dll!DialogBoxParamA 000000007501cb0c 5 bytes JMP 000000016deb90d9
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5560] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamA 000000007501ce64 5 bytes JMP 000000016deb91a3
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5560] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA 000000007502fbd1 5 bytes JMP 000000016deb9060
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5560] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW 000000007502fc9d 5 bytes JMP 000000016deb8fe7
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5560] C:\Windows\syswow64\USER32.dll!MessageBoxExA 000000007502fcd6 5 bytes JMP 000000016deb8f83
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5560] C:\Windows\syswow64\USER32.dll!MessageBoxExW 000000007502fcfa 5 bytes JMP 000000016deb8f1f
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5560] C:\Windows\syswow64\USER32.dll!keybd_event 00000000750302bf 5 bytes JMP 000000016deba42e
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5560] C:\Windows\syswow64\ole32.dll!OleLoadFromStream 00000000750d6143 5 bytes JMP 000000016deb990c
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5560] C:\Windows\syswow64\OLEAUT32.dll!SysFreeString 00000000756f3e59 5 bytes JMP 000000016deb9a04
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5560] C:\Windows\syswow64\OLEAUT32.dll!VariantClear 00000000756f3eae 5 bytes JMP 000000016deb9a82
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5560] C:\Windows\syswow64\OLEAUT32.dll!SysAllocStringByteLen 00000000756f4731 5 bytes JMP 000000016deb9976
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5560] C:\Windows\syswow64\OLEAUT32.dll!VariantChangeType 00000000756f5dee 5 bytes JMP 000000016deb9a22
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5560] C:\Windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect 00000000757593ec 5 bytes JMP 000000016deb9358
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5560] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074b01465 2 bytes [B0, 74]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5560] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074b014bb 2 bytes [B0, 74]
.text ... * 2
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5560] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheetW 00000000726b388e 5 bytes JMP 000000016deb9208
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5560] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheet 0000000072757922 5 bytes JMP 000000016deb92b0
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5560] C:\Windows\syswow64\comdlg32.dll!PrintDlgW 00000000753633a3 5 bytes JMP 000000016deb95f4
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5560] C:\Windows\syswow64\comdlg32.dll!PageSetupDlgW 0000000075372694 5 bytes JMP 000000016deb9550
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5560] C:\Windows\syswow64\comdlg32.dll!PrintDlgA 000000007537e8ff 5 bytes JMP 000000016deb96c0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_8_800_94_ActiveX.exe[5196] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074b01465 2 bytes [B0, 74]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_8_800_94_ActiveX.exe[5196] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074b014bb 2 bytes [B0, 74]
.text ... * 2
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6668] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 00000000772325fd 6 bytes JMP 000000016dd88042
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6668] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077242a63 6 bytes JMP 000000016dd2980d
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6668] C:\Windows\syswow64\kernel32.dll!CreateThread 00000000758b34b5 5 bytes JMP 000000016dd275e3
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6668] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000074fd8a29 5 bytes JMP 000000016dd903cf
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6668] C:\Windows\syswow64\USER32.dll!CreateWindowExA 0000000074fdd22e 5 bytes JMP 000000016dd33643
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6668] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000074fe291f 5 bytes JMP 000000016dd0dda7
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6668] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000074fe2da4 5 bytes JMP 000000016dd69ebc
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6668] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000074fe6285 5 bytes JMP 000000016dd87fdf
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6668] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000074fe7603 5 bytes JMP 000000016dd625b4
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6668] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamA 0000000074feb029 5 bytes JMP 000000016deb94e0
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6668] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamW 0000000074fec63e 5 bytes JMP 000000016deb9518
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6668] C:\Windows\syswow64\USER32.dll!IsDialogMessage 0000000074ff50ed 5 bytes JMP 000000016deb9bda
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6668] C:\Windows\syswow64\USER32.dll!CreateDialogParamA 0000000074ff5246 5 bytes JMP 000000016deb9470
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6668] C:\Windows\syswow64\USER32.dll!EndDialog 0000000074ffb99c 5 bytes JMP 000000016deb9eae
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6668] C:\Windows\syswow64\USER32.dll!IsDialogMessageW 0000000074ffc701 5 bytes JMP 000000016deb9c02
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6668] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamW 0000000074ffcbf3 5 bytes JMP 000000016deb913e
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6668] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074ffcfca 5 bytes JMP 000000016dcc1893
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6668] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000074ffeb96 5 bytes JMP 000000016dd0decd
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6668] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000074fff52b 5 bytes JMP 000000016ddaed00
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6668] C:\Windows\syswow64\USER32.dll!SendInput 0000000074ffff4a 5 bytes JMP 000000016deba471
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6668] C:\Windows\syswow64\USER32.dll!CreateDialogParamW 00000000750010dc 5 bytes JMP 000000016deb94a8
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6668] C:\Windows\syswow64\USER32.dll!SetKeyboardState 00000000750014b2 5 bytes JMP 000000016deba4c9
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6668] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000075019cfd 5 bytes JMP 000000016deba54a
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6668] C:\Windows\syswow64\USER32.dll!DialogBoxParamA 000000007501cb0c 5 bytes JMP 000000016deb90d9
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6668] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamA 000000007501ce64 5 bytes JMP 000000016deb91a3
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6668] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA 000000007502fbd1 5 bytes JMP 000000016deb9060
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6668] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW 000000007502fc9d 5 bytes JMP 000000016deb8fe7
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6668] C:\Windows\syswow64\USER32.dll!MessageBoxExA 000000007502fcd6 5 bytes JMP 000000016deb8f83
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6668] C:\Windows\syswow64\USER32.dll!MessageBoxExW 000000007502fcfa 5 bytes JMP 000000016deb8f1f
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6668] C:\Windows\syswow64\USER32.dll!keybd_event 00000000750302bf 5 bytes JMP 000000016deba42e
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6668] C:\Windows\syswow64\ole32.dll!OleLoadFromStream 00000000750d6143 5 bytes JMP 000000016deb990c
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6668] C:\Windows\syswow64\OLEAUT32.dll!SysFreeString 00000000756f3e59 5 bytes JMP 000000016deb9a04
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6668] C:\Windows\syswow64\OLEAUT32.dll!VariantClear 00000000756f3eae 5 bytes JMP 000000016deb9a82
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6668] C:\Windows\syswow64\OLEAUT32.dll!SysAllocStringByteLen 00000000756f4731 5 bytes JMP 000000016deb9976
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6668] C:\Windows\syswow64\OLEAUT32.dll!VariantChangeType 00000000756f5dee 5 bytes JMP 000000016deb9a22
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6668] C:\Windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect 00000000757593ec 5 bytes JMP 000000016deb9358
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6668] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074b01465 2 bytes [B0, 74]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6668] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074b014bb 2 bytes [B0, 74]
.text ... * 2
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6668] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheetW 00000000726b388e 5 bytes JMP 000000016deb9208
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6668] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheet 0000000072757922 5 bytes JMP 000000016deb92b0
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6668] C:\Windows\syswow64\comdlg32.dll!PrintDlgW 00000000753633a3 5 bytes JMP 000000016deb95f4
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6668] C:\Windows\syswow64\comdlg32.dll!PageSetupDlgW 0000000075372694 5 bytes JMP 000000016deb9550
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6668] C:\Windows\syswow64\comdlg32.dll!PrintDlgA 000000007537e8ff 5 bytes JMP 000000016deb96c0
---- EOF - GMER 2.1 ----
Before I found your website, I installed and ran Malwarebytes and it removed 3 files. I thought that had solved the problem, but it has returned. Internet Explorer also seems to be affected. The header (where the url and tabs show) looks like a film negative. The computer seems slower than normal...sluggish to respond to clicks and generally acting like a stubborn teen.
Thank you in advance for your help!
Charity
Here are the results from the scans listed in the forum instructions.
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16476 BrowserJavaVersion: 10.25.2
Run by Owner at 17:04:11 on 2013-09-13
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4056.1964 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe
C:\Windows\system32\wbem\wmiprvse.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Roxio\Roxio Burn\Roxio Burn.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_8_800_94_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uURLSearchHooks: {D8278076-BC68-4484-9233-6E7F1628B56C} - <orphaned>
dURLSearchHooks: {D8278076-BC68-4484-9233-6E7F1628B56C} - <orphaned>
mWinlogon: Userinit = userinit.exe,
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
mRun: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{A6183BCD-5741-4862-B27B-EDB00D11F94D} : DHCPNameServer = 192.168.1.254
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-BHO: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -
x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe
x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
x64-Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
x64-Run: [PrnStatusMX] C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2010-10-24 247216]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-9-19 55280]
R1 HssDRV6;Hotspot Shield Routing Driver 6;C:\Windows\System32\drivers\hssdrv6.sys [2012-10-10 41704]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 139616]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2009-9-19 648432]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2009-9-19 172704]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-7-18 366600]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2009-9-19 215552]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-9-28 395264]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [2010-9-3 227232]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-9-7 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-1-5 1255736]
.
=============== Created Last 30 ================
.
2013-09-13 20:30:14 76232 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E4E3B03D-7C76-4E85-8D58-07A42272F7F5}\offreg.dll
2013-09-13 19:56:17 -------- d-----w- C:\Users\Owner\AppData\Local\Comodo
2013-09-13 19:56:12 56072 ----a-w- C:\Windows\System32\certsentry.dll
2013-09-13 19:56:12 47368 ----a-w- C:\Windows\SysWow64\certsentry.dll
2013-09-13 19:56:02 -------- d-----w- C:\Program Files (x86)\Comodo
2013-09-13 19:55:57 -------- d-----w- C:\ProgramData\Comodo Downloader
2013-09-13 19:07:33 -------- d-----w- C:\Users\Owner\AppData\Roaming\Malwarebytes
2013-09-13 19:07:02 -------- d-----w- C:\ProgramData\Malwarebytes
2013-09-13 19:07:00 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-09-13 19:07:00 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-13 19:06:20 -------- d-----w- C:\Users\Owner\AppData\Local\Programs
2013-09-13 16:19:51 -------- d-----w- C:\Windows\System32\MpEngineStore
2013-09-13 01:30:22 9515512 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E4E3B03D-7C76-4E85-8D58-07A42272F7F5}\mpengine.dll
2013-09-12 00:56:58 9515512 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-09-09 21:05:33 965008 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DE7153D6-3631-4078-8B0A-9ED2D87DC603}\gapaengine.dll
2013-09-08 02:37:16 -------- d-----w- C:\Users\Owner\AppData\Local\Deployment
2013-09-08 02:37:16 -------- d-----w- C:\Users\Owner\AppData\Local\Apps
2013-09-08 01:31:03 -------- d-----w- C:\ProgramData\McAfee Security Scan
2013-09-08 01:30:58 -------- d-----w- C:\Program Files (x86)\McAfee Security Scan
2013-09-08 01:30:30 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-09-08 01:30:08 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-09-07 23:48:45 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2013-09-07 23:48:45 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2013-09-07 23:48:45 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2013-09-07 23:48:45 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2013-09-07 23:34:13 -------- d-----w- C:\Windows\System32\MRT
2013-09-07 23:13:10 -------- d-----w- C:\Windows\System32\SPReview
2013-09-07 23:12:13 -------- d-----w- C:\Windows\System32\EventProviders
2013-09-07 23:09:59 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-09-07 23:07:16 46080 ----a-w- C:\Windows\System32\atmlib.dll
2013-09-07 23:07:16 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2013-09-07 23:07:15 367616 ----a-w- C:\Windows\System32\atmfd.dll
2013-09-07 23:07:14 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2013-09-07 23:06:29 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2013-09-07 23:06:29 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2013-09-07 23:06:28 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2013-09-07 23:06:27 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2013-09-07 23:06:26 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2013-09-07 23:06:25 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2013-09-07 23:06:25 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2013-09-07 22:56:02 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2013-09-07 22:56:02 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2013-09-07 22:56:02 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2013-09-07 22:56:01 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2013-09-07 22:56:01 5120 ----a-w- C:\Windows\System32\wmi.dll
2013-09-07 22:44:00 48976 ----a-w- C:\Windows\System32\netfxperf.dll
2013-09-07 22:44:00 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2013-09-07 22:42:59 828416 ----a-w- C:\Windows\System32\MPSSVC.dll
2013-09-07 22:41:59 864256 ----a-w- C:\Program Files (x86)\Common Files\System\Ole DB\oledb32.dll
2013-09-07 22:40:59 828928 ----a-w- C:\Windows\SysWow64\fontext.dll
2013-09-07 22:39:59 94208 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadcf.dll
2013-09-07 22:35:54 529408 ----a-w- C:\Windows\System32\wbemcomn.dll
2013-09-07 21:52:20 1731920 ----a-w- C:\Windows\System32\ntdll.dll
2013-09-07 21:52:20 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-09-07 21:51:14 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2013-09-07 21:51:13 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-09-07 21:51:13 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2013-09-07 21:51:13 1159680 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-09-07 21:51:12 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-09-07 21:51:12 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-09-07 21:49:59 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-09-07 21:49:51 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-09-07 21:49:49 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-09-07 21:49:48 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-09-07 21:49:47 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2013-09-07 21:49:47 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2013-09-07 21:49:47 112640 ----a-w- C:\Windows\System32\smss.exe
2013-09-07 21:49:38 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-09-07 21:49:38 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-09-07 21:49:29 331776 ----a-w- C:\Windows\System32\oleacc.dll
2013-09-07 21:49:29 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2013-09-07 21:49:28 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2013-09-07 21:49:28 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2013-09-07 21:48:26 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2013-09-07 21:48:26 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
2013-09-07 21:48:19 67072 ----a-w- C:\Windows\splwow64.exe
2013-09-07 21:48:19 559104 ----a-w- C:\Windows\System32\spoolsv.exe
2013-09-07 21:47:20 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2013-09-07 21:47:19 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2013-09-07 21:45:59 44032 ----a-w- C:\Windows\System32\tsgqec.dll
2013-09-07 21:44:14 395776 ----a-w- C:\Windows\System32\webio.dll
2013-09-07 21:44:14 314880 ----a-w- C:\Windows\SysWow64\webio.dll
2013-09-07 21:42:49 800768 ----a-w- C:\Windows\System32\usp10.dll
2013-09-07 21:41:48 223752 ----a-w- C:\Windows\System32\drivers\fvevol.sys
2013-09-07 21:41:47 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
2013-09-07 21:41:47 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2013-09-07 21:41:46 956928 ----a-w- C:\Windows\System32\localspl.dll
2013-09-07 21:41:46 39424 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\winprint.dll
2013-09-07 21:21:14 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2013-09-03 22:06:11 -------- d-----w- C:\Users\Owner\AppData\Local\SWTORPerf
2013-09-03 22:00:09 4991496 ----a-w- C:\Windows\System32\D3DX9_38.dll
2013-09-03 22:00:09 3850760 ----a-w- C:\Windows\SysWow64\D3DX9_38.dll
2013-09-03 21:59:29 -------- d-----w- C:\Program Files (x86)\Common Files\BioWare
.
==================== Find3M ====================
.
2013-09-13 01:44:56 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-13 01:44:56 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-09-08 01:29:44 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-09-08 00:40:50 175616 ----a-w- C:\Windows\System32\msclmd.dll
2013-09-08 00:40:50 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2013-06-19 02:50:08 247216 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2013-06-19 02:50:08 139616 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
.
============= FINISH: 17:06:03.95 ===============
GMER 2.1.19163 - GMER - Rootkit Detector and Remover
Rootkit scan 2013-09-13 17:30:27
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST932032 rev.0003 298.09GB
Running: gmer.exe; Driver: C:\Users\Owner\AppData\Local\Temp\ugloapow.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560 fffff80002bab000 8 bytes [00, 00, DE, 00, 4E, 74, 66, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 576 fffff80002bab010 29 bytes [10, 70, D3, 09, 80, FA, FF, ...]
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\svchost.exe[1016] C:\Windows\system32\WININET.dll!HttpSendRequestW 0000000076d9d1e8 14 bytes {JMP QWORD [RIP+0x0]}
.text C:\Windows\system32\svchost.exe[1016] C:\Windows\system32\WININET.dll!HttpSendRequestA 0000000076e19dd0 14 bytes {JMP QWORD [RIP+0x0]}
.text C:\Windows\system32\svchost.exe[1016] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefef17490 9 bytes {JMP QWORD [RIP+0x0]}
.text C:\Windows\system32\svchost.exe[1016] C:\Windows\system32\ole32.dll!CoCreateInstance + 11 000007fefef1749b 3 bytes [00, 00, 00]
.text C:\Windows\system32\svchost.exe[1016] C:\Windows\system32\ole32.dll!CoGetClassObject 000007fefef22e18 14 bytes {JMP QWORD [RIP+0x0]}
.text C:\Windows\system32\svchost.exe[1016] C:\Windows\system32\ws2_32.dll!GetAddrInfoW + 1 000007feff1023c1 13 bytes {JMP QWORD [RIP+0x0]}
.text C:\Windows\system32\svchost.exe[1016] C:\Windows\system32\ws2_32.dll!GetAddrInfoExW 000007feff10c090 14 bytes {JMP QWORD [RIP+0x0]}
.text C:\Windows\system32\svchost.exe[1016] C:\Windows\system32\winmm.dll!waveOutOpen 000007fefa5f38d0 14 bytes {JMP QWORD [RIP+0x0]}
.text C:\Windows\system32\svchost.exe[1016] C:\Windows\system32\dsound.dll!DirectSoundCreate 0000000000b75a84 14 bytes {JMP QWORD [RIP+0x0]}
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6880] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000074fe2da4 5 bytes JMP 000000016dd69ebc
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6880] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamW 0000000074ffcbf3 5 bytes JMP 000000016deb913e
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6880] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074ffcfca 5 bytes JMP 000000016dcc1893
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6880] C:\Windows\syswow64\USER32.dll!DialogBoxParamA 000000007501cb0c 5 bytes JMP 000000016deb90d9
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6880] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamA 000000007501ce64 5 bytes JMP 000000016deb91a3
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6880] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA 000000007502fbd1 5 bytes JMP 000000016deb9060
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6880] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW 000000007502fc9d 5 bytes JMP 000000016deb8fe7
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6880] C:\Windows\syswow64\USER32.dll!MessageBoxExA 000000007502fcd6 5 bytes JMP 000000016deb8f83
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6880] C:\Windows\syswow64\USER32.dll!MessageBoxExW 000000007502fcfa 5 bytes JMP 000000016deb8f1f
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6880] C:\Windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect 00000000757593ec 5 bytes JMP 000000016deb9358
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6880] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074b01465 2 bytes [B0, 74]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6880] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074b014bb 2 bytes [B0, 74]
.text ... * 2
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6880] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheetW 00000000726b388e 5 bytes JMP 000000016deb9208
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6880] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheet 0000000072757922 5 bytes JMP 000000016deb92b0
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6880] C:\Windows\syswow64\comdlg32.dll!PageSetupDlgW 0000000075372694 5 bytes JMP 000000016deb9550
? C:\Windows\system32\mssprxy.dll [6880] entry point in ".rdata" section 0000000073f071e6
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5560] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 00000000772325fd 6 bytes JMP 000000016dd88042
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5560] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077242a63 6 bytes JMP 000000016dd2980d
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5560] C:\Windows\syswow64\kernel32.dll!CreateThread 00000000758b34b5 5 bytes JMP 000000016dd275e3
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5560] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000074fd8a29 5 bytes JMP 000000016dd903cf
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5560] C:\Windows\syswow64\USER32.dll!CreateWindowExA 0000000074fdd22e 5 bytes JMP 000000016dd33643
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5560] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000074fe291f 5 bytes JMP 000000016dd0dda7
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5560] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000074fe2da4 5 bytes JMP 000000016dd69ebc
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5560] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000074fe6285 5 bytes JMP 000000016dd87fdf
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5560] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000074fe7603 5 bytes JMP 000000016dd625b4
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5560] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamA 0000000074feb029 5 bytes JMP 000000016deb94e0
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5560] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamW 0000000074fec63e 5 bytes JMP 000000016deb9518
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5560] C:\Windows\syswow64\USER32.dll!IsDialogMessage 0000000074ff50ed 5 bytes JMP 000000016deb9bda
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5560] C:\Windows\syswow64\USER32.dll!CreateDialogParamA 0000000074ff5246 5 bytes JMP 000000016deb9470
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5560] C:\Windows\syswow64\USER32.dll!EndDialog 0000000074ffb99c 5 bytes JMP 000000016deb9eae
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5560] C:\Windows\syswow64\USER32.dll!IsDialogMessageW 0000000074ffc701 5 bytes JMP 000000016deb9c02
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5560] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamW 0000000074ffcbf3 5 bytes JMP 000000016deb913e
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5560] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074ffcfca 5 bytes JMP 000000016dcc1893
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5560] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000074ffeb96 5 bytes JMP 000000016dd0decd
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5560] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000074fff52b 5 bytes JMP 000000016ddaed00
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5560] C:\Windows\syswow64\USER32.dll!SendInput 0000000074ffff4a 5 bytes JMP 000000016deba471
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5560] C:\Windows\syswow64\USER32.dll!CreateDialogParamW 00000000750010dc 5 bytes JMP 000000016deb94a8
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5560] C:\Windows\syswow64\USER32.dll!SetKeyboardState 00000000750014b2 5 bytes JMP 000000016deba4c9
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5560] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000075019cfd 5 bytes JMP 000000016deba54a
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5560] C:\Windows\syswow64\USER32.dll!DialogBoxParamA 000000007501cb0c 5 bytes JMP 000000016deb90d9
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5560] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamA 000000007501ce64 5 bytes JMP 000000016deb91a3
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5560] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA 000000007502fbd1 5 bytes JMP 000000016deb9060
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5560] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW 000000007502fc9d 5 bytes JMP 000000016deb8fe7
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5560] C:\Windows\syswow64\USER32.dll!MessageBoxExA 000000007502fcd6 5 bytes JMP 000000016deb8f83
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5560] C:\Windows\syswow64\USER32.dll!MessageBoxExW 000000007502fcfa 5 bytes JMP 000000016deb8f1f
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5560] C:\Windows\syswow64\USER32.dll!keybd_event 00000000750302bf 5 bytes JMP 000000016deba42e
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5560] C:\Windows\syswow64\ole32.dll!OleLoadFromStream 00000000750d6143 5 bytes JMP 000000016deb990c
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5560] C:\Windows\syswow64\OLEAUT32.dll!SysFreeString 00000000756f3e59 5 bytes JMP 000000016deb9a04
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5560] C:\Windows\syswow64\OLEAUT32.dll!VariantClear 00000000756f3eae 5 bytes JMP 000000016deb9a82
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5560] C:\Windows\syswow64\OLEAUT32.dll!SysAllocStringByteLen 00000000756f4731 5 bytes JMP 000000016deb9976
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5560] C:\Windows\syswow64\OLEAUT32.dll!VariantChangeType 00000000756f5dee 5 bytes JMP 000000016deb9a22
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5560] C:\Windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect 00000000757593ec 5 bytes JMP 000000016deb9358
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5560] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074b01465 2 bytes [B0, 74]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5560] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074b014bb 2 bytes [B0, 74]
.text ... * 2
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5560] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheetW 00000000726b388e 5 bytes JMP 000000016deb9208
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5560] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheet 0000000072757922 5 bytes JMP 000000016deb92b0
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5560] C:\Windows\syswow64\comdlg32.dll!PrintDlgW 00000000753633a3 5 bytes JMP 000000016deb95f4
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5560] C:\Windows\syswow64\comdlg32.dll!PageSetupDlgW 0000000075372694 5 bytes JMP 000000016deb9550
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5560] C:\Windows\syswow64\comdlg32.dll!PrintDlgA 000000007537e8ff 5 bytes JMP 000000016deb96c0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_8_800_94_ActiveX.exe[5196] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074b01465 2 bytes [B0, 74]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_8_800_94_ActiveX.exe[5196] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074b014bb 2 bytes [B0, 74]
.text ... * 2
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6668] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 00000000772325fd 6 bytes JMP 000000016dd88042
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6668] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077242a63 6 bytes JMP 000000016dd2980d
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6668] C:\Windows\syswow64\kernel32.dll!CreateThread 00000000758b34b5 5 bytes JMP 000000016dd275e3
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6668] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000074fd8a29 5 bytes JMP 000000016dd903cf
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6668] C:\Windows\syswow64\USER32.dll!CreateWindowExA 0000000074fdd22e 5 bytes JMP 000000016dd33643
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6668] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000074fe291f 5 bytes JMP 000000016dd0dda7
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6668] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000074fe2da4 5 bytes JMP 000000016dd69ebc
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6668] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000074fe6285 5 bytes JMP 000000016dd87fdf
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6668] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000074fe7603 5 bytes JMP 000000016dd625b4
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6668] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamA 0000000074feb029 5 bytes JMP 000000016deb94e0
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6668] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamW 0000000074fec63e 5 bytes JMP 000000016deb9518
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6668] C:\Windows\syswow64\USER32.dll!IsDialogMessage 0000000074ff50ed 5 bytes JMP 000000016deb9bda
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6668] C:\Windows\syswow64\USER32.dll!CreateDialogParamA 0000000074ff5246 5 bytes JMP 000000016deb9470
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6668] C:\Windows\syswow64\USER32.dll!EndDialog 0000000074ffb99c 5 bytes JMP 000000016deb9eae
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6668] C:\Windows\syswow64\USER32.dll!IsDialogMessageW 0000000074ffc701 5 bytes JMP 000000016deb9c02
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6668] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamW 0000000074ffcbf3 5 bytes JMP 000000016deb913e
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6668] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074ffcfca 5 bytes JMP 000000016dcc1893
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6668] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000074ffeb96 5 bytes JMP 000000016dd0decd
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6668] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000074fff52b 5 bytes JMP 000000016ddaed00
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6668] C:\Windows\syswow64\USER32.dll!SendInput 0000000074ffff4a 5 bytes JMP 000000016deba471
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6668] C:\Windows\syswow64\USER32.dll!CreateDialogParamW 00000000750010dc 5 bytes JMP 000000016deb94a8
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6668] C:\Windows\syswow64\USER32.dll!SetKeyboardState 00000000750014b2 5 bytes JMP 000000016deba4c9
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6668] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000075019cfd 5 bytes JMP 000000016deba54a
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6668] C:\Windows\syswow64\USER32.dll!DialogBoxParamA 000000007501cb0c 5 bytes JMP 000000016deb90d9
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6668] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamA 000000007501ce64 5 bytes JMP 000000016deb91a3
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6668] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA 000000007502fbd1 5 bytes JMP 000000016deb9060
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6668] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW 000000007502fc9d 5 bytes JMP 000000016deb8fe7
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6668] C:\Windows\syswow64\USER32.dll!MessageBoxExA 000000007502fcd6 5 bytes JMP 000000016deb8f83
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6668] C:\Windows\syswow64\USER32.dll!MessageBoxExW 000000007502fcfa 5 bytes JMP 000000016deb8f1f
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6668] C:\Windows\syswow64\USER32.dll!keybd_event 00000000750302bf 5 bytes JMP 000000016deba42e
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6668] C:\Windows\syswow64\ole32.dll!OleLoadFromStream 00000000750d6143 5 bytes JMP 000000016deb990c
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6668] C:\Windows\syswow64\OLEAUT32.dll!SysFreeString 00000000756f3e59 5 bytes JMP 000000016deb9a04
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6668] C:\Windows\syswow64\OLEAUT32.dll!VariantClear 00000000756f3eae 5 bytes JMP 000000016deb9a82
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6668] C:\Windows\syswow64\OLEAUT32.dll!SysAllocStringByteLen 00000000756f4731 5 bytes JMP 000000016deb9976
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6668] C:\Windows\syswow64\OLEAUT32.dll!VariantChangeType 00000000756f5dee 5 bytes JMP 000000016deb9a22
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6668] C:\Windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect 00000000757593ec 5 bytes JMP 000000016deb9358
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6668] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074b01465 2 bytes [B0, 74]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6668] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074b014bb 2 bytes [B0, 74]
.text ... * 2
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6668] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheetW 00000000726b388e 5 bytes JMP 000000016deb9208
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6668] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheet 0000000072757922 5 bytes JMP 000000016deb92b0
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6668] C:\Windows\syswow64\comdlg32.dll!PrintDlgW 00000000753633a3 5 bytes JMP 000000016deb95f4
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6668] C:\Windows\syswow64\comdlg32.dll!PageSetupDlgW 0000000075372694 5 bytes JMP 000000016deb9550
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6668] C:\Windows\syswow64\comdlg32.dll!PrintDlgA 000000007537e8ff 5 bytes JMP 000000016deb96c0
---- EOF - GMER 2.1 ----