Hi,
I recently (half a year ago) reinstalled my windows due to virus/malware issues and it ran very well for a while until recently. I realized a substantial drop in performance when playing video games/running multiple programs and windows/opening large files/browsing many tabs. I therefore ran a previously used benchmarking software (novabench) and got half the total point value as I would when the computer ran well. It used to be between 950-1100 points now a bench done 10 minutes ago is more than half of that:
TOTAL SCORE: 472
9/13/2013 4:17:37 PM
Microsoft Windows 7 Ultimate
Intel Core i7 Q 820 1.73GHz @ 1730 MHz
Graphics Card: ATI Mobility Radeon HD 5800 Series
8181 MB System RAM (Score: 150)
- RAM Speed: 2797 MB/s
CPU Tests (Score: 203)
- Floating Point Operations/Second: 86006272
- Integer Operations/Second: 191476640
- MD5 Hashes Generated/Second: 245846
Graphics Tests (Score: 102)
- 3D Frames Per Second: 319
Hardware Tests (Score: 17)
- Primary Partition Capacity: 238 GB
- Drive Write Speed: 40 MB/s
I followed the instructions on the intro post so below please find all the logs from the programs as directed by that post:
HIJACK THIS LOG:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:22:50 PM, on 9/13/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16686)
Boot mode: Normal
Running processes:
C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe
C:\Program Files (x86)\Livedrive\Livedrive.exe
C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Alienware\Command Center\AlienSense\FATrayAlert.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\Alienware\Command Center\AlienFXHook32Mngr.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE
C:\PROGRA~2\MICROS~1\Office12\WINWORD.EXE
C:\Users\Kacper\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Users\Kacper\Desktop\Techguy 9-13-13\HijackThis(1).exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: HelloWorldBHO - {7825CFB6-490A-436B-9F26-4A7B5CFC01A9} - (no file)
O2 - BHO: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: SSOIEAddonBHO - {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files\Alienware\Command Center\AlienSense\FAIESSO.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [FATrayAlert] C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe
O4 - HKLM\..\Run: [OSD_LAUNCH] c:\Program Files (x86)\OSD\Launch_OSD.exe
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Kacper\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Livedrive] "C:\Program Files (x86)\Livedrive\Livedrive.exe" /setup
O8 - Extra context menu item: Clip Image - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4
O8 - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3
O8 - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1
O8 - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: FastAccess - C:\Program Files\Alienware\Command Center\AlienSense\FALogNot.dll
O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
O22 - SharedTaskScheduler: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ec 0230c23ac63514\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Alienware Fusion Service (AlienFusionService) - Alienware - C:\Program Files\Alienware\Command Center\AlienFusionService.exe
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: FAService - Sensible Vision - C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HappyOSD - Unknown owner - C:\Program Files (x86)\OSD\OSD_Service.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: FF Install Filter Service (InstallFilterService) - Unknown owner - C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Livedrive VSS Service (LivedriveVSSService) - Unknown owner - C:\Program Files (x86)\Livedrive\VSSService.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NIHardwareService - Native Instruments GmbH - C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files (x86)\HMA! Pro VPN\bin\openvpnserv.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ec 0230c23ac63514\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
--
End of file - 12201 bytes
DDS:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16686 BrowserJavaVersion: 10.25.2
Run by Kacper at 16:24:42 on 2013-09-13
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8180.5222 [GMT -4:00]
.
AV: ESET Smart Security 6.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET Smart Security 6.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ec 0230c23ac63514\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ec 0230c23ac63514\AESTSr64.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files (x86)\Livedrive\Livedrive.exe
C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Alienware\Command Center\AlienSense\FATrayAlert.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe
C:\Program Files (x86)\OSD\OSD_Service.exe
C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe
C:\Program Files (x86)\Livedrive\VSSService.exe
C:\Program Files (x86)\OSD\OSD.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Alienware\Command Center\AlienFXHook32Mngr.exe
C:\Program Files\Alienware\Command Center\AlienFXHook64Mngr.exe
C:\Windows\system32\UI0Detect.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE
C:\Windows\splwow64.exe
C:\PROGRA~2\MICROS~1\Office12\WINWORD.EXE
C:\Users\Kacper\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mWinlogon: Userinit = userinit.exe,
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: {7825CFB6-490A-436B-9F26-4A7B5CFC01A9} - <orphaned>
BHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: SSOIEAddonBHO Class: {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files\Alienware\Command Center\AlienSense\FAIESSO.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Google Update] "C:\Users\Kacper\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Livedrive] "C:\Program Files (x86)\Livedrive\Livedrive.exe" /setup
mRun: [FATrayAlert] C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe
mRun: [FAStartup] <no file>
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Clip Image - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4
IE: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3
IE: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1
IE: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{1DC3B455-2961-4C47-A1DE-19CF725CF4E0} : DHCPNameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{1DC3B455-2961-4C47-A1DE-19CF725CF4E0}\4554851435 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{1DC3B455-2961-4C47-A1DE-19CF725CF4E0}\7416C6C656279702241627 : DHCPNameServer = 68.237.161.12 71.250.0.12
TCP: Interfaces\{1DC3B455-2961-4C47-A1DE-19CF725CF4E0}\75962756C65637370313 : DHCPNameServer = 192.168.254.254
TCP: Interfaces\{1DC3B455-2961-4C47-A1DE-19CF725CF4E0}\D494E49435452595F5F464F535F455E444 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{1DC3B455-2961-4C47-A1DE-19CF725CF4E0}\D494E49435452595F5F464F535F455E444D25374 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{4941DF69-E8ED-4412-B038-2D0219E37D90} : DHCPNameServer = 8.8.8.8 8.8.4.4
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Notify: FastAccess - C:\Program Files\Alienware\Command Center\AlienSense\FALogNot.dll
SSODL: WebCheck - <orphaned>
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
STS: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
LSA: Notification Packages = scecli FAPassSync
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: BrowserHelper Class: {EDF48A39-1442-463F-9F4E-F376A78D034A} - C:\Program Files (x86)\Livedrive\ExplorerExtensions.dll
x64-Run: [AlienFX Controller] "C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe"
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe
x64-Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: WB - C:\Program Files (x86)\Stardock\MyColors\fast64.dll
x64-SSODL: WebCheck - <orphaned>
x64-SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dll
x64-STS: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Kacper\AppData\Roaming\Mozilla\Firefox\Profiles\coibz5yc.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&q=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Nitro\Reader 3\npdf.dll
FF - plugin: C:\Program Files (x86)\Nitro\Reader 3\npnitroie.dll
FF - plugin: C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll
FF - plugin: C:\Users\Kacper\AppData\Local\Citrix\Plugins\104\npappdetector.dll
FF - plugin: C:\Users\Kacper\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Users\Kacper\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Kacper\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\Kacper\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: !HIDDEN! 2013-01-23 21:05; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=5434d54c00000000000000ffa4f609f2&q=
FF - user.js: extensions.BabylonToolbar.id - 5434d54c00000000000000ffa4f609f2
FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
FF - user.js: extensions.BabylonToolbar.instlDay - 15732
FF - user.js: extensions.BabylonToolbar.vrsn - 1.8.7.2
FF - user.js: extensions.BabylonToolbar.vrsni - 1.8.7.2
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.8.7.26:09:12
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar_i.excTlbr - false
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=117023
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar.autoRvrt - false
FF - user.js: extensions.BabylonToolbar.rvrt - false
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6R8SAN98hG&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 5434d54c00000000000000ffa4f609f2
FF - user.js: extensions.incredibar_i.instlDay - 15732
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.146:10:35
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6R8SAN98hG
FF - user.js: extensions.incredibar_i.upn2n - 92825818710151216
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10643
FF - user.js: extensions.incredibar_i.ppd - 1
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);user_pref('extensions.blocklist.enabled', false);
============= SERVICES / DRIVERS ===============
.
R0 epfwwfp;epfwwfp;C:\Windows\System32\drivers\epfwwfp.sys [2012-11-23 57904]
R0 stdflt;Disk Filter Driver for Accelerometer;C:\Windows\System32\drivers\stdflt.sys [2013-1-7 19504]
R1 CbFs;CbFs;C:\Windows\System32\drivers\cbfs.sys [2013-1-24 191960]
R1 cbfs3;cbfs3;C:\Windows\System32\drivers\cbfs3.sys [2013-1-24 352008]
R1 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2012-10-23 211344]
R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\Windows\System32\drivers\EpfwLWF.sys [2012-10-23 59440]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_ne utral_ec0230c23ac63514\AESTSr64.exe [2013-1-6 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-12-2 240640]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2012-11-26 1329304]
R2 FAService;FAService;C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe [2010-4-4 2409800]
R2 HappyOSD;HappyOSD;C:\Program Files (x86)\OSD\OSD_Service.exe [2009-12-29 16384]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-1-6 13336]
R2 InstallFilterService;FF Install Filter Service;C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [2013-1-7 59904]
R2 LivedriveVSSService;Livedrive VSS Service;C:\Program Files (x86)\Livedrive\VSSService.exe [2013-7-29 210584]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-1-17 418376]
R2 NIHardwareService;NIHardwareService;C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2013-1-17 6383920]
R2 rimspci;rimspci;C:\Windows\System32\drivers\rimspe64.sys [2013-1-7 60416]
R2 risdpcie;risdpcie;C:\Windows\System32\drivers\risdpe64.sys [2013-1-7 80896]
R2 rixdpcie;rixdpcie;C:\Windows\System32\drivers\rixdpe64.sys [2013-1-7 55808]
R3 Acceler;Accelerometer Service;C:\Windows\System32\drivers\Acceler.sys [2013-1-7 25136]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-5-14 96896]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;C:\Windows\System32\drivers\e1k62x64.sys [2013-1-6 294064]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-1-17 25928]
S2 AlienFusionService;Alienware Fusion Service;C:\Program Files\Alienware\Command Center\AlienFusionService.exe [2010-5-21 14648]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-1-17 701512]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-3 162408]
S3 a2djavs;Audio 2 DJ WDM Audio;C:\Windows\System32\drivers\a2djavs.sys [2012-2-22 358480]
S3 a2djusb_svc;Audio 2 DJ;C:\Windows\System32\drivers\a2djusb.sys [2012-2-22 96336]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-2-18 102368]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 FACAP;facap, FastAccess Video Capture;C:\Windows\System32\drivers\facap.sys [2008-9-24 238848]
S3 FsUsbExDisk;FsUsbExDisk;C:\Windows\SysWOW64\FsUsbExDisk.Sys [2013-2-20 37344]
S3 ManyCam;ManyCam Virtual Webcam;C:\Windows\System32\drivers\mcvidrv_x64.sys [2013-1-27 44928]
S3 mcaudrv_simple;ManyCam Virtual Microphone;C:\Windows\System32\drivers\mcaudrv_x64.sys [2012-10-10 29696]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-1-17 19456]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-2-18 203104]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2010-11-21 88960]
S3 ta10avs;Traktor Audio 10 WDM Audio;C:\Windows\System32\drivers\ta10avs.sys [2012-2-22 358480]
S3 ta10usb_svc;Traktor Audio 10;C:\Windows\System32\drivers\ta10usb.sys [2012-2-22 80464]
S3 ta2avs;Traktor Audio 2 WDM Audio;C:\Windows\System32\drivers\ta2avs.sys [2012-2-22 358480]
S3 ta2usb_svc;Traktor Audio 2;C:\Windows\System32\drivers\ta2usb.sys [2012-2-22 79952]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2013-1-17 29696]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-1-17 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-1-17 30208]
S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2010-11-21 117248]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-1-7 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S4 NitroReaderDriverReadSpool3;NitroPDFReaderDriverCreatorReadSpool3;C:\Progra m Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [2012-10-30 230416]
.
=============== Created Last 30 ================
.
2013-09-13 13:45:21 9515512 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{052D1467-5F9A-4B47-98BF-799A17B9B233}\mpengine.dll
2013-09-09 19:47:23 -------- d-----w- C:\Output Files
2013-09-09 19:42:44 -------- d-----w- C:\Windows\SysWow64\tempdir
2013-09-09 19:42:18 -------- d-----w- C:\Windows\SysWow64\tool
2013-09-09 19:42:11 -------- d-----w- C:\Program Files (x86)\Word Powerpoint to Flash Converter 3000
.
==================== Find3M ====================
.
2013-09-11 14:45:20 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-11 14:45:20 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-08-10 05:22:18 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-08-10 05:20:59 3959296 ----a-w- C:\Windows\System32\jscript9.dll
2013-08-10 05:20:55 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-08-10 05:20:55 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-08-10 03:59:10 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-08-10 03:58:09 2876928 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-08-10 03:58:06 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-08-10 03:58:06 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-08-10 03:17:38 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-08-10 03:07:50 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-08-10 02:27:59 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-08-10 02:17:19 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-08-08 01:20:43 3155456 ----a-w- C:\Windows\System32\win32k.sys
2013-08-05 02:25:45 155584 ----a-w- C:\Windows\System32\drivers\ataport.sys
2013-08-02 02:23:53 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-08-02 02:15:44 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2013-08-02 02:15:03 362496 ----a-w- C:\Windows\System32\wow64win.dll
2013-08-02 02:15:03 243712 ----a-w- C:\Windows\System32\wow64.dll
2013-08-02 02:15:03 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2013-08-02 02:14:57 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-08-02 02:14:11 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2013-08-02 02:13:34 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2013-08-02 01:59:30 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-02 01:59:30 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-08-02 01:51:23 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-08-02 01:50:42 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-08-02 01:50:42 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2013-08-02 01:09:17 338432 ----a-w- C:\Windows\System32\conhost.exe
2013-08-02 00:59:09 112640 ----a-w- C:\Windows\System32\smss.exe
2013-08-02 00:45:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-08-02 00:45:36 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-08-02 00:45:35 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-08-02 00:45:34 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-08-02 00:43:05 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43:05 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43:05 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43:05 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-19 01:58:42 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-07-19 01:41:01 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-07-17 16:25:22 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-17 16:25:15 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-07-17 16:25:15 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-07-09 05:52:52 224256 ----a-w- C:\Windows\System32\wintrust.dll
2013-07-09 05:51:16 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll
2013-07-09 05:46:20 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-07-09 05:46:20 1472512 ----a-w- C:\Windows\System32\crypt32.dll
2013-07-09 05:46:20 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-07-09 04:52:33 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2013-07-09 04:52:10 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll
2013-07-09 04:46:31 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-07-09 04:46:31 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-07-09 04:46:31 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-07-06 06:03:53 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys
.
============= FINISH: 16:25:18.12 ===============
Attach:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 1/6/2013 9:51:36 PM
System Uptime: 9/13/2013 9:37:22 AM (7 hours ago)
.
Motherboard: Alienware | |
Processor: Intel(R) Core(TM) i7 CPU Q 820 @ 1.73GHz | CPU 1 | 1730/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 238 GiB total, 42.673 GiB free.
D: is FIXED (NTFS) - 238 GiB total, 34.545 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: HP LaserJet M3035 MFP
Device ID: ROOT\MULTIFUNCTION\0001
Manufacturer: Hewlett-Packard
Name: HP LaserJet M3035 MFP
PNP Device ID: ROOT\MULTIFUNCTION\0001
Service:
.
Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: facap, FastAccess Video Capture
Device ID: ROOT\IMAGE\0000
Manufacturer: Sensible Vision
Name: facap, FastAccess Video Capture
PNP Device ID: ROOT\IMAGE\0000
Service: FACAP
.
==== System Restore Points ===================
.
RP140: 9/3/2013 10:56:21 AM - Windows Update
RP141: 9/11/2013 3:10:29 PM - Windows Update
RP142: 9/11/2013 5:58:35 PM - Windows Update
RP143: 9/12/2013 7:02:42 PM - Windows Update
.
==== Installed Programs ======================
.
µTorrent
64 Bit HP CIO Components Installer
7-Zip 9.20
7-Zip 9.20 (x64 edition)
Accelerometer
Adobe AIR
Adobe Community Help
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Illustrator CS5.1
Adobe Reader XI (11.0.04) MUI
Akamai NetSession Interface
AMD Accelerated Video Transcoding
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
AMD Media Foundation Decoders
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVS Screen Capture version 2.0.2
AVS Update Manager 1.0
AVS Video Editor 6
AVS Video Recorder 2.5
AVS4YOU Software Navigator 1.4
BOINC
Bonjour
BufferChm
C309n-s
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Celestia 1.6.1
Citrix Online Launcher
Command Center
Destinations
DeviceDiscovery
DLLs
ESET Smart Security
Evernote v. 4.6.6
Express Zip
Far Cry 3
Fax
FileZilla Server
G-Force
Google Chrome
Google Drive
Google Talk Plugin
Google Update Helper
GoToMeeting 5.5.0.1132
GPBaseService2
Haihaisoft Universal Player
HMA! Pro VPN 2.7.1.7
Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
HP Customer Participation Program 14.0
HP Imaging Device Functions 14.0
HP Officejet Pro 8600 Basic Device Software
HP Officejet Pro 8600 Help
HP Officejet Pro 8600 Product Improvement Study
HP Photo Creations
HP Photosmart Prem-Web C309n-s All-in-One Driver Software 14.0 Rel. 6
HP Smart Web Printing 4.60
HP Solution Center 14.0
HP Update
HPDiagnosticAlert
HPPhotoGadget
HPProductAssistant
HPSSupply
I.R.I.S. OCR
IDT Audio
Intel(R) Control Center
Intel(R) Network Connections 14.8.43.0
Intel(R) Rapid Storage Technology
IrfanView (remove only)
ITECIR
iTunes
Java 7 Update 25
Java Auto Updater
Kyocera Product Library
Livedrive
Malwarebytes Anti-Malware version 1.75.0.1300
MarketResearch
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Mozilla Firefox 23.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Native Instruments Audio 2 DJ Driver
Native Instruments Audio 4 DJ Driver
Native Instruments Audio 8 DJ Driver
Native Instruments Controller Editor
Native Instruments Service Center
Native Instruments Traktor 2
Native Instruments Traktor Audio 10 Driver
Native Instruments Traktor Audio 2 Driver
Native Instruments Traktor Audio 6 Driver
Native Instruments Traktor Kontrol F1 Driver
Native Instruments Traktor Kontrol S2 Driver
Native Instruments Traktor Kontrol S4 Driver
Native Instruments Traktor Kontrol X1 Driver
Native Instruments Traktor Kontrol Z2 Driver
Network64
Nitro Reader 3
NovaBench 3.0.4
OSD Setup
PDF Settings CS5
Pixillion Image Converter
PrimoPDF -- brought to you by Nitro PDF Software
Prism Video File Converter
PS_AIO_06_C309n-s_SW_Min
PunkBuster Services
QuickTime
QuickTransfer
RICOH Media Driver ver.2.07.01.00
Samsung Kies
SAMSUNG USB Driver for Mobile Phones
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760588) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760823) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2760583) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2767773) 32-Bit Edition
Shop for HP Supplies
SketchUp 8
Skype Click to Call
Skype 6.5
SmartWebPrinting
SolutionCenter
Spotify
Status
Switch Sound File Converter
Synaptics Pointing Device Driver
TmNationsForever
Toolbox
TrayApp
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Uplay
WavePad Sound Editor
WebReg
Windows 7 USB/DVD Download Tool
Wondershare Photo Recovery (build 3.0.3)
Word Powerpoint to Flash Converter 3000 7.4
.
==== Event Viewer Messages From Past Week ========
.
9/13/2013 9:38:18 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Alienware Fusion Service service to connect.
9/13/2013 9:38:18 AM, Error: Service Control Manager [7000] - The Alienware Fusion Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/11/2013 5:50:57 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMScheduler service.
9/10/2013 6:42:49 PM, Error: Service Control Manager [7023] - The Peer Name Resolution Protocol service terminated with the following error: %%-2140993535
9/10/2013 6:42:49 PM, Error: Service Control Manager [7001] - The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: %%-2140993535
9/10/2013 6:42:49 PM, Error: Microsoft-Windows-PNRPSvc [102] - The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.
.
==== End Of File ===========================
GMER:
GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-09-13 16:42:07
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2 SAMSUNG_ rev.VBM2 238.47GB
Running: 1htm0dc3.exe; Driver: C:\Users\Kacper\AppData\Local\Temp\ufdiipoc.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 544 fffff800031b0000 45 bytes [6B, 87, 08, 38, 76, C1, 48, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 591 fffff800031b002f 16 bytes [00, 00, 00, 00, 00, 00, 00, ...]
---- User code sections - GMER 2.1 ----
.text C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe[496] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075141465 2 bytes [14, 75]
.text C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe[496] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000751414bb 2 bytes [14, 75]
.text ... * 2
.text C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe[496] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 35 0000000072b611a8 2 bytes [B6, 72]
.text C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe[496] C:\Windows\SysWOW64\ksuser.dll!KsCreateAllocator + 21 0000000072b613a8 2 bytes [B6, 72]
.text C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe[496] C:\Windows\SysWOW64\ksuser.dll!KsCreateClock + 21 0000000072b61422 2 bytes [B6, 72]
.text C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe[496] C:\Windows\SysWOW64\ksuser.dll!KsCreateTopologyNode + 19 0000000072b61498 2 bytes [B6, 72]
.text C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe[496] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 195 0000000072981b41 2 bytes [98, 72]
.text C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe[496] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 362 0000000072981be8 2 bytes [98, 72]
.text C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe[496] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 418 0000000072981c20 2 bytes [98, 72]
.text C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe[496] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 596 0000000072981cd2 2 bytes [98, 72]
.text C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe[496] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 628 0000000072981cf2 2 bytes [98, 72]
.text C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe[2748] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075141465 2 bytes [14, 75]
.text C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe[2748] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000751414bb 2 bytes [14, 75]
.text ... * 2
.text C:\Program Files\Alienware\Command Center\AlienSense\FATrayAlert.exe[1968] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075141465 2 bytes [14, 75]
.text C:\Program Files\Alienware\Command Center\AlienSense\FATrayAlert.exe[1968] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000751414bb 2 bytes [14, 75]
.text ... * 2
.text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[2212] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000075258769 4 bytes [C2, 04, 00, 00]
.text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[2212] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000075141465 2 bytes [14, 75]
.text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[2212] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000751414bb 2 bytes [14, 75]
.text ... * 2
.text C:\Program Files (x86)\OSD\OSD.exe[3200] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000075141465 2 bytes [14, 75]
.text C:\Program Files (x86)\OSD\OSD.exe[3200] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000751414bb 2 bytes [14, 75]
.text ... * 2
.text C:\Windows\SysWOW64\PnkBstrA.exe[3472] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 00000000749b1a22 2 bytes [9B, 74]
.text C:\Windows\SysWOW64\PnkBstrA.exe[3472] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 00000000749b1ad0 2 bytes [9B, 74]
.text C:\Windows\SysWOW64\PnkBstrA.exe[3472] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 00000000749b1b08 2 bytes [9B, 74]
.text C:\Windows\SysWOW64\PnkBstrA.exe[3472] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 00000000749b1bba 2 bytes [9B, 74]
.text C:\Windows\SysWOW64\PnkBstrA.exe[3472] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 00000000749b1bda 2 bytes [9B, 74]
.text C:\Windows\SysWOW64\PnkBstrA.exe[3472] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075141465 2 bytes [14, 75]
.text C:\Windows\SysWOW64\PnkBstrA.exe[3472] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000751414bb 2 bytes [14, 75]
.text ... * 2
.text C:\Program Files\Alienware\Command Center\AlienFXHook32Mngr.exe[4200] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075141465 2 bytes [14, 75]
.text C:\Program Files\Alienware\Command Center\AlienFXHook32Mngr.exe[4200] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000751414bb 2 bytes [14, 75]
.text ... * 2
.text C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE[5328] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000075258769 5 bytes JMP 000000015e7253fc
.text C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE[5328] C:\Windows\syswow64\ole32.dll!OleLoadFromStream 0000000074fe6143 5 bytes JMP 000000015f1ef68e
.text C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE[5328] C:\Windows\syswow64\OLEAUT32.dll!SysFreeString 0000000075e13e59 5 bytes JMP 000000015e7510b7
.text C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE[5328] C:\Windows\syswow64\OLEAUT32.dll!VariantClear 0000000075e13eae 5 bytes JMP 000000015e75b0be
.text C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE[5328] C:\Windows\syswow64\OLEAUT32.dll!SysAllocStringByteLen 0000000075e14731 5 bytes JMP 000000015e78b5dc
.text C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE[5328] C:\Windows\syswow64\OLEAUT32.dll!VariantChangeType 0000000075e15dee 5 bytes JMP 000000015e78c50f
.text C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE[5328] C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\OGL.DLL!GdipDeleteGraphics + 571 0000000062b50b54 4 bytes [4A, BD, F6, 96]
.text C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE[5328] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075141465 2 bytes [14, 75]
.text C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE[5328] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000751414bb 2 bytes [14, 75]
.text ... * 2
.text C:\PROGRA~2\MICROS~1\Office12\WINWORD.EXE[6676] C:\PROGRA~2\MICROS~1\Office12\WINWORD.EXE!wdGetApplicationObject + 166 000000002fd21afc 2 bytes [D2, 2F]
.text C:\PROGRA~2\MICROS~1\Office12\WINWORD.EXE[6676] C:\PROGRA~2\MICROS~1\Office12\WINWORD.EXE!wdGetApplicationObject + 253 000000002fd21b53 2 bytes [D2, 2F]
.text C:\PROGRA~2\MICROS~1\Office12\WINWORD.EXE[6676] C:\PROGRA~2\MICROS~1\Office12\WINWORD.EXE!wdGetApplicationObject + 320 000000002fd21b96 2 bytes [D2, 2F]
.text C:\PROGRA~2\MICROS~1\Office12\WINWORD.EXE[6676] C:\PROGRA~2\MICROS~1\Office12\WINWORD.EXE!wdGetApplicationObject + 390 000000002fd21bdc 2 bytes [D2, 2F]
.text C:\PROGRA~2\MICROS~1\Office12\WINWORD.EXE[6676] C:\PROGRA~2\MICROS~1\Office12\WINWORD.EXE!wdGetApplicationObject + 738 000000002fd21d38 2 bytes [D2, 2F]
.text C:\PROGRA~2\MICROS~1\Office12\WINWORD.EXE[6676] C:\PROGRA~2\MICROS~1\Office12\WINWORD.EXE!wdGetApplicationObject + 937 000000002fd21dff 2 bytes [D2, 2F]
.text C:\PROGRA~2\MICROS~1\Office12\WINWORD.EXE[6676] C:\PROGRA~2\MICROS~1\Office12\WINWORD.EXE!wdGetApplicationObject + 958 000000002fd21e14 2 bytes [D2, 2F]
.text C:\PROGRA~2\MICROS~1\Office12\WINWORD.EXE[6676] C:\PROGRA~2\MICROS~1\Office12\WINWORD.EXE!wdGetApplicationObject + 970 000000002fd21e20 2 bytes [D2, 2F]
.text C:\PROGRA~2\MICROS~1\Office12\WINWORD.EXE[6676] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000075258769 5 bytes JMP 000000015e7253fc
.text C:\PROGRA~2\MICROS~1\Office12\WINWORD.EXE[6676] C:\Windows\syswow64\ole32.dll!OleLoadFromStream 0000000074fe6143 5 bytes JMP 000000015f1ef68e
.text C:\PROGRA~2\MICROS~1\Office12\WINWORD.EXE[6676] C:\Windows\syswow64\OLEAUT32.dll!SysFreeString 0000000075e13e59 5 bytes JMP 000000015e7510b7
.text C:\PROGRA~2\MICROS~1\Office12\WINWORD.EXE[6676] C:\Windows\syswow64\OLEAUT32.dll!VariantClear 0000000075e13eae 5 bytes JMP 000000015e75b0be
.text C:\PROGRA~2\MICROS~1\Office12\WINWORD.EXE[6676] C:\Windows\syswow64\OLEAUT32.dll!SysAllocStringByteLen 0000000075e14731 5 bytes JMP 000000015e78b5dc
.text C:\PROGRA~2\MICROS~1\Office12\WINWORD.EXE[6676] C:\Windows\syswow64\OLEAUT32.dll!VariantChangeType 0000000075e15dee 5 bytes JMP 000000015e78c50f
.text C:\PROGRA~2\MICROS~1\Office12\WINWORD.EXE[6676] C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\OGL.DLL!GdipDeleteGraphics + 571 0000000062b50b54 4 bytes [06, C9, 1C, 51]
.text C:\Users\Kacper\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe[6828] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075141465 2 bytes [14, 75]
.text C:\Users\Kacper\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe[6828] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000751414bb 2 bytes [14, 75]
.text ... * 2
---- EOF - GMER 2.1 ----
Thanks upfront!
-Kacper
I recently (half a year ago) reinstalled my windows due to virus/malware issues and it ran very well for a while until recently. I realized a substantial drop in performance when playing video games/running multiple programs and windows/opening large files/browsing many tabs. I therefore ran a previously used benchmarking software (novabench) and got half the total point value as I would when the computer ran well. It used to be between 950-1100 points now a bench done 10 minutes ago is more than half of that:
TOTAL SCORE: 472
9/13/2013 4:17:37 PM
Microsoft Windows 7 Ultimate
Intel Core i7 Q 820 1.73GHz @ 1730 MHz
Graphics Card: ATI Mobility Radeon HD 5800 Series
8181 MB System RAM (Score: 150)
- RAM Speed: 2797 MB/s
CPU Tests (Score: 203)
- Floating Point Operations/Second: 86006272
- Integer Operations/Second: 191476640
- MD5 Hashes Generated/Second: 245846
Graphics Tests (Score: 102)
- 3D Frames Per Second: 319
Hardware Tests (Score: 17)
- Primary Partition Capacity: 238 GB
- Drive Write Speed: 40 MB/s
I followed the instructions on the intro post so below please find all the logs from the programs as directed by that post:
HIJACK THIS LOG:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:22:50 PM, on 9/13/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16686)
Boot mode: Normal
Running processes:
C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe
C:\Program Files (x86)\Livedrive\Livedrive.exe
C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Alienware\Command Center\AlienSense\FATrayAlert.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\Alienware\Command Center\AlienFXHook32Mngr.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE
C:\PROGRA~2\MICROS~1\Office12\WINWORD.EXE
C:\Users\Kacper\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Users\Kacper\Desktop\Techguy 9-13-13\HijackThis(1).exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: HelloWorldBHO - {7825CFB6-490A-436B-9F26-4A7B5CFC01A9} - (no file)
O2 - BHO: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: SSOIEAddonBHO - {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files\Alienware\Command Center\AlienSense\FAIESSO.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [FATrayAlert] C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe
O4 - HKLM\..\Run: [OSD_LAUNCH] c:\Program Files (x86)\OSD\Launch_OSD.exe
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Kacper\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Livedrive] "C:\Program Files (x86)\Livedrive\Livedrive.exe" /setup
O8 - Extra context menu item: Clip Image - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4
O8 - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3
O8 - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1
O8 - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: FastAccess - C:\Program Files\Alienware\Command Center\AlienSense\FALogNot.dll
O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
O22 - SharedTaskScheduler: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ec 0230c23ac63514\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Alienware Fusion Service (AlienFusionService) - Alienware - C:\Program Files\Alienware\Command Center\AlienFusionService.exe
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: FAService - Sensible Vision - C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HappyOSD - Unknown owner - C:\Program Files (x86)\OSD\OSD_Service.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: FF Install Filter Service (InstallFilterService) - Unknown owner - C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Livedrive VSS Service (LivedriveVSSService) - Unknown owner - C:\Program Files (x86)\Livedrive\VSSService.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NIHardwareService - Native Instruments GmbH - C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files (x86)\HMA! Pro VPN\bin\openvpnserv.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ec 0230c23ac63514\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
--
End of file - 12201 bytes
DDS:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16686 BrowserJavaVersion: 10.25.2
Run by Kacper at 16:24:42 on 2013-09-13
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8180.5222 [GMT -4:00]
.
AV: ESET Smart Security 6.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET Smart Security 6.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ec 0230c23ac63514\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ec 0230c23ac63514\AESTSr64.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files (x86)\Livedrive\Livedrive.exe
C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Alienware\Command Center\AlienSense\FATrayAlert.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe
C:\Program Files (x86)\OSD\OSD_Service.exe
C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe
C:\Program Files (x86)\Livedrive\VSSService.exe
C:\Program Files (x86)\OSD\OSD.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Alienware\Command Center\AlienFXHook32Mngr.exe
C:\Program Files\Alienware\Command Center\AlienFXHook64Mngr.exe
C:\Windows\system32\UI0Detect.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE
C:\Windows\splwow64.exe
C:\PROGRA~2\MICROS~1\Office12\WINWORD.EXE
C:\Users\Kacper\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mWinlogon: Userinit = userinit.exe,
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: {7825CFB6-490A-436B-9F26-4A7B5CFC01A9} - <orphaned>
BHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: SSOIEAddonBHO Class: {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files\Alienware\Command Center\AlienSense\FAIESSO.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Google Update] "C:\Users\Kacper\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Livedrive] "C:\Program Files (x86)\Livedrive\Livedrive.exe" /setup
mRun: [FATrayAlert] C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe
mRun: [FAStartup] <no file>
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Clip Image - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4
IE: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3
IE: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1
IE: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{1DC3B455-2961-4C47-A1DE-19CF725CF4E0} : DHCPNameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{1DC3B455-2961-4C47-A1DE-19CF725CF4E0}\4554851435 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{1DC3B455-2961-4C47-A1DE-19CF725CF4E0}\7416C6C656279702241627 : DHCPNameServer = 68.237.161.12 71.250.0.12
TCP: Interfaces\{1DC3B455-2961-4C47-A1DE-19CF725CF4E0}\75962756C65637370313 : DHCPNameServer = 192.168.254.254
TCP: Interfaces\{1DC3B455-2961-4C47-A1DE-19CF725CF4E0}\D494E49435452595F5F464F535F455E444 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{1DC3B455-2961-4C47-A1DE-19CF725CF4E0}\D494E49435452595F5F464F535F455E444D25374 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{4941DF69-E8ED-4412-B038-2D0219E37D90} : DHCPNameServer = 8.8.8.8 8.8.4.4
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Notify: FastAccess - C:\Program Files\Alienware\Command Center\AlienSense\FALogNot.dll
SSODL: WebCheck - <orphaned>
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
STS: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
LSA: Notification Packages = scecli FAPassSync
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: BrowserHelper Class: {EDF48A39-1442-463F-9F4E-F376A78D034A} - C:\Program Files (x86)\Livedrive\ExplorerExtensions.dll
x64-Run: [AlienFX Controller] "C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe"
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe
x64-Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: WB - C:\Program Files (x86)\Stardock\MyColors\fast64.dll
x64-SSODL: WebCheck - <orphaned>
x64-SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dll
x64-STS: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Kacper\AppData\Roaming\Mozilla\Firefox\Profiles\coibz5yc.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&q=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Nitro\Reader 3\npdf.dll
FF - plugin: C:\Program Files (x86)\Nitro\Reader 3\npnitroie.dll
FF - plugin: C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll
FF - plugin: C:\Users\Kacper\AppData\Local\Citrix\Plugins\104\npappdetector.dll
FF - plugin: C:\Users\Kacper\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Users\Kacper\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Kacper\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\Kacper\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: !HIDDEN! 2013-01-23 21:05; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=5434d54c00000000000000ffa4f609f2&q=
FF - user.js: extensions.BabylonToolbar.id - 5434d54c00000000000000ffa4f609f2
FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
FF - user.js: extensions.BabylonToolbar.instlDay - 15732
FF - user.js: extensions.BabylonToolbar.vrsn - 1.8.7.2
FF - user.js: extensions.BabylonToolbar.vrsni - 1.8.7.2
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.8.7.26:09:12
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar_i.excTlbr - false
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=117023
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar.autoRvrt - false
FF - user.js: extensions.BabylonToolbar.rvrt - false
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6R8SAN98hG&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 5434d54c00000000000000ffa4f609f2
FF - user.js: extensions.incredibar_i.instlDay - 15732
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.146:10:35
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6R8SAN98hG
FF - user.js: extensions.incredibar_i.upn2n - 92825818710151216
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10643
FF - user.js: extensions.incredibar_i.ppd - 1
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);user_pref('extensions.blocklist.enabled', false);
============= SERVICES / DRIVERS ===============
.
R0 epfwwfp;epfwwfp;C:\Windows\System32\drivers\epfwwfp.sys [2012-11-23 57904]
R0 stdflt;Disk Filter Driver for Accelerometer;C:\Windows\System32\drivers\stdflt.sys [2013-1-7 19504]
R1 CbFs;CbFs;C:\Windows\System32\drivers\cbfs.sys [2013-1-24 191960]
R1 cbfs3;cbfs3;C:\Windows\System32\drivers\cbfs3.sys [2013-1-24 352008]
R1 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2012-10-23 211344]
R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\Windows\System32\drivers\EpfwLWF.sys [2012-10-23 59440]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_ne utral_ec0230c23ac63514\AESTSr64.exe [2013-1-6 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-12-2 240640]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2012-11-26 1329304]
R2 FAService;FAService;C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe [2010-4-4 2409800]
R2 HappyOSD;HappyOSD;C:\Program Files (x86)\OSD\OSD_Service.exe [2009-12-29 16384]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-1-6 13336]
R2 InstallFilterService;FF Install Filter Service;C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [2013-1-7 59904]
R2 LivedriveVSSService;Livedrive VSS Service;C:\Program Files (x86)\Livedrive\VSSService.exe [2013-7-29 210584]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-1-17 418376]
R2 NIHardwareService;NIHardwareService;C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2013-1-17 6383920]
R2 rimspci;rimspci;C:\Windows\System32\drivers\rimspe64.sys [2013-1-7 60416]
R2 risdpcie;risdpcie;C:\Windows\System32\drivers\risdpe64.sys [2013-1-7 80896]
R2 rixdpcie;rixdpcie;C:\Windows\System32\drivers\rixdpe64.sys [2013-1-7 55808]
R3 Acceler;Accelerometer Service;C:\Windows\System32\drivers\Acceler.sys [2013-1-7 25136]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-5-14 96896]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;C:\Windows\System32\drivers\e1k62x64.sys [2013-1-6 294064]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-1-17 25928]
S2 AlienFusionService;Alienware Fusion Service;C:\Program Files\Alienware\Command Center\AlienFusionService.exe [2010-5-21 14648]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-1-17 701512]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-3 162408]
S3 a2djavs;Audio 2 DJ WDM Audio;C:\Windows\System32\drivers\a2djavs.sys [2012-2-22 358480]
S3 a2djusb_svc;Audio 2 DJ;C:\Windows\System32\drivers\a2djusb.sys [2012-2-22 96336]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-2-18 102368]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 FACAP;facap, FastAccess Video Capture;C:\Windows\System32\drivers\facap.sys [2008-9-24 238848]
S3 FsUsbExDisk;FsUsbExDisk;C:\Windows\SysWOW64\FsUsbExDisk.Sys [2013-2-20 37344]
S3 ManyCam;ManyCam Virtual Webcam;C:\Windows\System32\drivers\mcvidrv_x64.sys [2013-1-27 44928]
S3 mcaudrv_simple;ManyCam Virtual Microphone;C:\Windows\System32\drivers\mcaudrv_x64.sys [2012-10-10 29696]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-1-17 19456]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-2-18 203104]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2010-11-21 88960]
S3 ta10avs;Traktor Audio 10 WDM Audio;C:\Windows\System32\drivers\ta10avs.sys [2012-2-22 358480]
S3 ta10usb_svc;Traktor Audio 10;C:\Windows\System32\drivers\ta10usb.sys [2012-2-22 80464]
S3 ta2avs;Traktor Audio 2 WDM Audio;C:\Windows\System32\drivers\ta2avs.sys [2012-2-22 358480]
S3 ta2usb_svc;Traktor Audio 2;C:\Windows\System32\drivers\ta2usb.sys [2012-2-22 79952]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2013-1-17 29696]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-1-17 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-1-17 30208]
S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2010-11-21 117248]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-1-7 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S4 NitroReaderDriverReadSpool3;NitroPDFReaderDriverCreatorReadSpool3;C:\Progra m Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [2012-10-30 230416]
.
=============== Created Last 30 ================
.
2013-09-13 13:45:21 9515512 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{052D1467-5F9A-4B47-98BF-799A17B9B233}\mpengine.dll
2013-09-09 19:47:23 -------- d-----w- C:\Output Files
2013-09-09 19:42:44 -------- d-----w- C:\Windows\SysWow64\tempdir
2013-09-09 19:42:18 -------- d-----w- C:\Windows\SysWow64\tool
2013-09-09 19:42:11 -------- d-----w- C:\Program Files (x86)\Word Powerpoint to Flash Converter 3000
.
==================== Find3M ====================
.
2013-09-11 14:45:20 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-11 14:45:20 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-08-10 05:22:18 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-08-10 05:20:59 3959296 ----a-w- C:\Windows\System32\jscript9.dll
2013-08-10 05:20:55 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-08-10 05:20:55 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-08-10 03:59:10 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-08-10 03:58:09 2876928 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-08-10 03:58:06 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-08-10 03:58:06 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-08-10 03:17:38 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-08-10 03:07:50 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-08-10 02:27:59 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-08-10 02:17:19 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-08-08 01:20:43 3155456 ----a-w- C:\Windows\System32\win32k.sys
2013-08-05 02:25:45 155584 ----a-w- C:\Windows\System32\drivers\ataport.sys
2013-08-02 02:23:53 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-08-02 02:15:44 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2013-08-02 02:15:03 362496 ----a-w- C:\Windows\System32\wow64win.dll
2013-08-02 02:15:03 243712 ----a-w- C:\Windows\System32\wow64.dll
2013-08-02 02:15:03 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2013-08-02 02:14:57 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-08-02 02:14:11 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2013-08-02 02:13:34 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2013-08-02 01:59:30 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-02 01:59:30 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-08-02 01:51:23 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-08-02 01:50:42 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-08-02 01:50:42 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2013-08-02 01:09:17 338432 ----a-w- C:\Windows\System32\conhost.exe
2013-08-02 00:59:09 112640 ----a-w- C:\Windows\System32\smss.exe
2013-08-02 00:45:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-08-02 00:45:36 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-08-02 00:45:35 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-08-02 00:45:34 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-08-02 00:43:05 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43:05 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43:05 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43:05 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-19 01:58:42 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-07-19 01:41:01 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-07-17 16:25:22 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-17 16:25:15 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-07-17 16:25:15 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-07-09 05:52:52 224256 ----a-w- C:\Windows\System32\wintrust.dll
2013-07-09 05:51:16 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll
2013-07-09 05:46:20 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-07-09 05:46:20 1472512 ----a-w- C:\Windows\System32\crypt32.dll
2013-07-09 05:46:20 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-07-09 04:52:33 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2013-07-09 04:52:10 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll
2013-07-09 04:46:31 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-07-09 04:46:31 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-07-09 04:46:31 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-07-06 06:03:53 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys
.
============= FINISH: 16:25:18.12 ===============
Attach:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 1/6/2013 9:51:36 PM
System Uptime: 9/13/2013 9:37:22 AM (7 hours ago)
.
Motherboard: Alienware | |
Processor: Intel(R) Core(TM) i7 CPU Q 820 @ 1.73GHz | CPU 1 | 1730/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 238 GiB total, 42.673 GiB free.
D: is FIXED (NTFS) - 238 GiB total, 34.545 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: HP LaserJet M3035 MFP
Device ID: ROOT\MULTIFUNCTION\0001
Manufacturer: Hewlett-Packard
Name: HP LaserJet M3035 MFP
PNP Device ID: ROOT\MULTIFUNCTION\0001
Service:
.
Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: facap, FastAccess Video Capture
Device ID: ROOT\IMAGE\0000
Manufacturer: Sensible Vision
Name: facap, FastAccess Video Capture
PNP Device ID: ROOT\IMAGE\0000
Service: FACAP
.
==== System Restore Points ===================
.
RP140: 9/3/2013 10:56:21 AM - Windows Update
RP141: 9/11/2013 3:10:29 PM - Windows Update
RP142: 9/11/2013 5:58:35 PM - Windows Update
RP143: 9/12/2013 7:02:42 PM - Windows Update
.
==== Installed Programs ======================
.
µTorrent
64 Bit HP CIO Components Installer
7-Zip 9.20
7-Zip 9.20 (x64 edition)
Accelerometer
Adobe AIR
Adobe Community Help
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Illustrator CS5.1
Adobe Reader XI (11.0.04) MUI
Akamai NetSession Interface
AMD Accelerated Video Transcoding
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
AMD Media Foundation Decoders
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVS Screen Capture version 2.0.2
AVS Update Manager 1.0
AVS Video Editor 6
AVS Video Recorder 2.5
AVS4YOU Software Navigator 1.4
BOINC
Bonjour
BufferChm
C309n-s
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Celestia 1.6.1
Citrix Online Launcher
Command Center
Destinations
DeviceDiscovery
DLLs
ESET Smart Security
Evernote v. 4.6.6
Express Zip
Far Cry 3
Fax
FileZilla Server
G-Force
Google Chrome
Google Drive
Google Talk Plugin
Google Update Helper
GoToMeeting 5.5.0.1132
GPBaseService2
Haihaisoft Universal Player
HMA! Pro VPN 2.7.1.7
Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
HP Customer Participation Program 14.0
HP Imaging Device Functions 14.0
HP Officejet Pro 8600 Basic Device Software
HP Officejet Pro 8600 Help
HP Officejet Pro 8600 Product Improvement Study
HP Photo Creations
HP Photosmart Prem-Web C309n-s All-in-One Driver Software 14.0 Rel. 6
HP Smart Web Printing 4.60
HP Solution Center 14.0
HP Update
HPDiagnosticAlert
HPPhotoGadget
HPProductAssistant
HPSSupply
I.R.I.S. OCR
IDT Audio
Intel(R) Control Center
Intel(R) Network Connections 14.8.43.0
Intel(R) Rapid Storage Technology
IrfanView (remove only)
ITECIR
iTunes
Java 7 Update 25
Java Auto Updater
Kyocera Product Library
Livedrive
Malwarebytes Anti-Malware version 1.75.0.1300
MarketResearch
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Mozilla Firefox 23.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Native Instruments Audio 2 DJ Driver
Native Instruments Audio 4 DJ Driver
Native Instruments Audio 8 DJ Driver
Native Instruments Controller Editor
Native Instruments Service Center
Native Instruments Traktor 2
Native Instruments Traktor Audio 10 Driver
Native Instruments Traktor Audio 2 Driver
Native Instruments Traktor Audio 6 Driver
Native Instruments Traktor Kontrol F1 Driver
Native Instruments Traktor Kontrol S2 Driver
Native Instruments Traktor Kontrol S4 Driver
Native Instruments Traktor Kontrol X1 Driver
Native Instruments Traktor Kontrol Z2 Driver
Network64
Nitro Reader 3
NovaBench 3.0.4
OSD Setup
PDF Settings CS5
Pixillion Image Converter
PrimoPDF -- brought to you by Nitro PDF Software
Prism Video File Converter
PS_AIO_06_C309n-s_SW_Min
PunkBuster Services
QuickTime
QuickTransfer
RICOH Media Driver ver.2.07.01.00
Samsung Kies
SAMSUNG USB Driver for Mobile Phones
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760588) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760823) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2760583) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2767773) 32-Bit Edition
Shop for HP Supplies
SketchUp 8
Skype Click to Call
Skype 6.5
SmartWebPrinting
SolutionCenter
Spotify
Status
Switch Sound File Converter
Synaptics Pointing Device Driver
TmNationsForever
Toolbox
TrayApp
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Uplay
WavePad Sound Editor
WebReg
Windows 7 USB/DVD Download Tool
Wondershare Photo Recovery (build 3.0.3)
Word Powerpoint to Flash Converter 3000 7.4
.
==== Event Viewer Messages From Past Week ========
.
9/13/2013 9:38:18 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Alienware Fusion Service service to connect.
9/13/2013 9:38:18 AM, Error: Service Control Manager [7000] - The Alienware Fusion Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/11/2013 5:50:57 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMScheduler service.
9/10/2013 6:42:49 PM, Error: Service Control Manager [7023] - The Peer Name Resolution Protocol service terminated with the following error: %%-2140993535
9/10/2013 6:42:49 PM, Error: Service Control Manager [7001] - The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: %%-2140993535
9/10/2013 6:42:49 PM, Error: Microsoft-Windows-PNRPSvc [102] - The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.
.
==== End Of File ===========================
GMER:
GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-09-13 16:42:07
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2 SAMSUNG_ rev.VBM2 238.47GB
Running: 1htm0dc3.exe; Driver: C:\Users\Kacper\AppData\Local\Temp\ufdiipoc.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 544 fffff800031b0000 45 bytes [6B, 87, 08, 38, 76, C1, 48, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 591 fffff800031b002f 16 bytes [00, 00, 00, 00, 00, 00, 00, ...]
---- User code sections - GMER 2.1 ----
.text C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe[496] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075141465 2 bytes [14, 75]
.text C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe[496] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000751414bb 2 bytes [14, 75]
.text ... * 2
.text C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe[496] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 35 0000000072b611a8 2 bytes [B6, 72]
.text C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe[496] C:\Windows\SysWOW64\ksuser.dll!KsCreateAllocator + 21 0000000072b613a8 2 bytes [B6, 72]
.text C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe[496] C:\Windows\SysWOW64\ksuser.dll!KsCreateClock + 21 0000000072b61422 2 bytes [B6, 72]
.text C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe[496] C:\Windows\SysWOW64\ksuser.dll!KsCreateTopologyNode + 19 0000000072b61498 2 bytes [B6, 72]
.text C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe[496] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 195 0000000072981b41 2 bytes [98, 72]
.text C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe[496] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 362 0000000072981be8 2 bytes [98, 72]
.text C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe[496] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 418 0000000072981c20 2 bytes [98, 72]
.text C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe[496] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 596 0000000072981cd2 2 bytes [98, 72]
.text C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe[496] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 628 0000000072981cf2 2 bytes [98, 72]
.text C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe[2748] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075141465 2 bytes [14, 75]
.text C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe[2748] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000751414bb 2 bytes [14, 75]
.text ... * 2
.text C:\Program Files\Alienware\Command Center\AlienSense\FATrayAlert.exe[1968] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075141465 2 bytes [14, 75]
.text C:\Program Files\Alienware\Command Center\AlienSense\FATrayAlert.exe[1968] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000751414bb 2 bytes [14, 75]
.text ... * 2
.text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[2212] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000075258769 4 bytes [C2, 04, 00, 00]
.text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[2212] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000075141465 2 bytes [14, 75]
.text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[2212] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000751414bb 2 bytes [14, 75]
.text ... * 2
.text C:\Program Files (x86)\OSD\OSD.exe[3200] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000075141465 2 bytes [14, 75]
.text C:\Program Files (x86)\OSD\OSD.exe[3200] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000751414bb 2 bytes [14, 75]
.text ... * 2
.text C:\Windows\SysWOW64\PnkBstrA.exe[3472] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 00000000749b1a22 2 bytes [9B, 74]
.text C:\Windows\SysWOW64\PnkBstrA.exe[3472] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 00000000749b1ad0 2 bytes [9B, 74]
.text C:\Windows\SysWOW64\PnkBstrA.exe[3472] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 00000000749b1b08 2 bytes [9B, 74]
.text C:\Windows\SysWOW64\PnkBstrA.exe[3472] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 00000000749b1bba 2 bytes [9B, 74]
.text C:\Windows\SysWOW64\PnkBstrA.exe[3472] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 00000000749b1bda 2 bytes [9B, 74]
.text C:\Windows\SysWOW64\PnkBstrA.exe[3472] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075141465 2 bytes [14, 75]
.text C:\Windows\SysWOW64\PnkBstrA.exe[3472] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000751414bb 2 bytes [14, 75]
.text ... * 2
.text C:\Program Files\Alienware\Command Center\AlienFXHook32Mngr.exe[4200] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075141465 2 bytes [14, 75]
.text C:\Program Files\Alienware\Command Center\AlienFXHook32Mngr.exe[4200] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000751414bb 2 bytes [14, 75]
.text ... * 2
.text C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE[5328] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000075258769 5 bytes JMP 000000015e7253fc
.text C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE[5328] C:\Windows\syswow64\ole32.dll!OleLoadFromStream 0000000074fe6143 5 bytes JMP 000000015f1ef68e
.text C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE[5328] C:\Windows\syswow64\OLEAUT32.dll!SysFreeString 0000000075e13e59 5 bytes JMP 000000015e7510b7
.text C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE[5328] C:\Windows\syswow64\OLEAUT32.dll!VariantClear 0000000075e13eae 5 bytes JMP 000000015e75b0be
.text C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE[5328] C:\Windows\syswow64\OLEAUT32.dll!SysAllocStringByteLen 0000000075e14731 5 bytes JMP 000000015e78b5dc
.text C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE[5328] C:\Windows\syswow64\OLEAUT32.dll!VariantChangeType 0000000075e15dee 5 bytes JMP 000000015e78c50f
.text C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE[5328] C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\OGL.DLL!GdipDeleteGraphics + 571 0000000062b50b54 4 bytes [4A, BD, F6, 96]
.text C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE[5328] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075141465 2 bytes [14, 75]
.text C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE[5328] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000751414bb 2 bytes [14, 75]
.text ... * 2
.text C:\PROGRA~2\MICROS~1\Office12\WINWORD.EXE[6676] C:\PROGRA~2\MICROS~1\Office12\WINWORD.EXE!wdGetApplicationObject + 166 000000002fd21afc 2 bytes [D2, 2F]
.text C:\PROGRA~2\MICROS~1\Office12\WINWORD.EXE[6676] C:\PROGRA~2\MICROS~1\Office12\WINWORD.EXE!wdGetApplicationObject + 253 000000002fd21b53 2 bytes [D2, 2F]
.text C:\PROGRA~2\MICROS~1\Office12\WINWORD.EXE[6676] C:\PROGRA~2\MICROS~1\Office12\WINWORD.EXE!wdGetApplicationObject + 320 000000002fd21b96 2 bytes [D2, 2F]
.text C:\PROGRA~2\MICROS~1\Office12\WINWORD.EXE[6676] C:\PROGRA~2\MICROS~1\Office12\WINWORD.EXE!wdGetApplicationObject + 390 000000002fd21bdc 2 bytes [D2, 2F]
.text C:\PROGRA~2\MICROS~1\Office12\WINWORD.EXE[6676] C:\PROGRA~2\MICROS~1\Office12\WINWORD.EXE!wdGetApplicationObject + 738 000000002fd21d38 2 bytes [D2, 2F]
.text C:\PROGRA~2\MICROS~1\Office12\WINWORD.EXE[6676] C:\PROGRA~2\MICROS~1\Office12\WINWORD.EXE!wdGetApplicationObject + 937 000000002fd21dff 2 bytes [D2, 2F]
.text C:\PROGRA~2\MICROS~1\Office12\WINWORD.EXE[6676] C:\PROGRA~2\MICROS~1\Office12\WINWORD.EXE!wdGetApplicationObject + 958 000000002fd21e14 2 bytes [D2, 2F]
.text C:\PROGRA~2\MICROS~1\Office12\WINWORD.EXE[6676] C:\PROGRA~2\MICROS~1\Office12\WINWORD.EXE!wdGetApplicationObject + 970 000000002fd21e20 2 bytes [D2, 2F]
.text C:\PROGRA~2\MICROS~1\Office12\WINWORD.EXE[6676] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000075258769 5 bytes JMP 000000015e7253fc
.text C:\PROGRA~2\MICROS~1\Office12\WINWORD.EXE[6676] C:\Windows\syswow64\ole32.dll!OleLoadFromStream 0000000074fe6143 5 bytes JMP 000000015f1ef68e
.text C:\PROGRA~2\MICROS~1\Office12\WINWORD.EXE[6676] C:\Windows\syswow64\OLEAUT32.dll!SysFreeString 0000000075e13e59 5 bytes JMP 000000015e7510b7
.text C:\PROGRA~2\MICROS~1\Office12\WINWORD.EXE[6676] C:\Windows\syswow64\OLEAUT32.dll!VariantClear 0000000075e13eae 5 bytes JMP 000000015e75b0be
.text C:\PROGRA~2\MICROS~1\Office12\WINWORD.EXE[6676] C:\Windows\syswow64\OLEAUT32.dll!SysAllocStringByteLen 0000000075e14731 5 bytes JMP 000000015e78b5dc
.text C:\PROGRA~2\MICROS~1\Office12\WINWORD.EXE[6676] C:\Windows\syswow64\OLEAUT32.dll!VariantChangeType 0000000075e15dee 5 bytes JMP 000000015e78c50f
.text C:\PROGRA~2\MICROS~1\Office12\WINWORD.EXE[6676] C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\OGL.DLL!GdipDeleteGraphics + 571 0000000062b50b54 4 bytes [06, C9, 1C, 51]
.text C:\Users\Kacper\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe[6828] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075141465 2 bytes [14, 75]
.text C:\Users\Kacper\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe[6828] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000751414bb 2 bytes [14, 75]
.text ... * 2
---- EOF - GMER 2.1 ----
Thanks upfront!
-Kacper