Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Solved: google redirects me to adultfriendfinder, groupon and other spamsites


(!)

govert's Avatar
govert govert is offline
Computer Specs
Member with 12 posts.
THREAD STARTER
 
Join Date: Nov 2011
Location: amsterdam
Experience: Beginner
04-Nov-2011, 11:49 AM #1
Unhappy google redirects me to adultfriendfinder, groupon and other spamsites
Hello,
my problem is that google redirect me to al different websites like adultvriendfinder(963192150), groupon, planet49, night-no and many more. sometimes they get blokked with anti-malware but more often not.
i've also had a problem with GMER scanning. it crashed the computer twice.
can anybody help me please,
govert


Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 32 bit
Processor: Intel(R) Atom(TM) CPU N550 @ 1.50GHz, x64 Family 6 Model 28 Stepping 10
Processor Count: 4
RAM: 2035 Mb
Graphics Card: Intel(R) Graphics Media Accelerator 3150, 256 Mb
Hard Drives: C: Total - 238372 MB, Free - 176959 MB;
Motherboard: Dell Inc., Inspiron 1090
Antivirus: Microsoft Security Essentials, Updated and Enabled

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:22:30, on 3-11-2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\STMicroelectronics\Accelerometer-Magnetometer\PopUp_DM.exe
C:\Program Files\TeamViewer\Version6\TeamViewer.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Squeezebox\SqueezeTray.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\srspremiumpanel.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\BTGUARD\uTorrent.exe
C:\Program Files\Common Files\microsoft shared\virtualization handler\cvh.exe
C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
C:\Windows\system32\Macromed\Flash\FlashUtil11c_ActiveX.exe
C:\BTGUARD\myentunnel.exe
C:\BTGUARD\plink.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\DllHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://nu.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Dell Magneto Popup] C:\Program Files\STMicroelectronics\Accelerometer-Magnetometer\PopUp_DM.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [CnxtCoInstallerDefer] C:\Program Files\CONEXANT\PREINSTALL\SETUP4E993818342\setup.exe -REBOOTED_FROM_NO_ENUM_INSTALL_METHOD=2 -S2 -S3
O4 - HKLM\..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [hkmu] rundll32 "C:\Users\user\AppData\Roaming\license3.dll",Zjutj
O4 - HKCU\..\Run: [Spotify] "C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KSXP1IIZ\Spotify Installer.exe" /uri spotify:autostart
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: BTGuard Updates.lnk = C:\BTGUARD\settings.exe
O4 - Global Startup: Systeempictogram van Squeezebox Server.lnk = C:\Program Files\Squeezebox\SqueezeTray.exe
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite....x/qtplugin.cab
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - http://support.euro.dell.com/systemp.../SysProExe.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: leaf - {3C4A8A13-029E-430D-B8C1-46E834D20B31} - mscoree.dll (file missing)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @C:\Windows\system32\CxAudMsg32.exe,-100 (CxAudMsg) - Conexant Systems Inc. - C:\Windows\system32\CxAudMsg32.exe
O23 - Service: @C:\Windows\system32\CxUSBDock32.exe,-100 (CxUSBDock) - Conexant Systems Inc. - C:\Windows\system32\CxUSBDock32.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SpyHunter 4 Service - Enigma Software Group USA, LLC. - C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
--
End of file - 8618 bytes


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by user at 20:25:14 on 2011-11-03
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.2036.832 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\CxAudMsg32.exe
C:\Windows\system32\CxUSBDock32.exe
C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\STMicroelectronics\Accelerometer-Magnetometer\PopUp_DM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\TeamViewer\Version6\TeamViewer.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Squeezebox\SqueezeTray.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\srspremiumpanel.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\SearchIndexer.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\BTGUARD\uTorrent.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Common Files\microsoft shared\virtualization handler\cvh.exe
C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\Macromed\Flash\FlashUtil11c_ActiveX.exe
C:\BTGUARD\myentunnel.exe
C:\BTGUARD\plink.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://nu.nl/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [hkmu] rundll32 "c:\users\user\appdata\roaming\license3.dll",Zjutj
uRun: [Spotify] "c:\users\user\appdata\local\microsoft\windows\temporary internet files\content.ie5\ksxp1iiz\Spotify Installer.exe" /uri spotify:autostart
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [QuickSet] c:\program files\dell\quickset\QuickSet.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [Dell Magneto Popup] c:\program files\stmicroelectronics\accelerometer-magnetometer\PopUp_DM.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [CnxtCoInstallerDefer] c:\program files\conexant\preinstall\setup4e993818342\setup.exe -REBOOTED_FROM_NO_ENUM_INSTALL_METHOD=2 -S2 -S3
mRun: [SmartAudio] c:\program files\conexant\saii\SAIICpl.exe /t
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\users\user\appdata\roaming\micros~1\windows\startm~1\programs\startup\bt guar~1.lnk - c:\btguard\settings.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\systee~1.lnk - c:\program files\squeezebox\SqueezeTray.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxp://support.euro.dell.com/systemprofiler/SysProExe.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{45CAF88F-358E-4D78-81CF-DC7A283083A0} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{45CAF88F-358E-4D78-81CF-DC7A283083A0}\26167656C637265616E637 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{45CAF88F-358E-4D78-81CF-DC7A283083A0}\27F65747562747A656 : DhcpNameServer = 192.168.1.1
Handler: leaf - {3c4a8a13-029e-430d-b8c1-46e834d20b31} - c:\windows\system32\mscoree.dll
Notify: igfxcui - igfxdev.dll
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R1 MpKslc1f3797e;MpKslc1f3797e;c:\programdata\microsoft\microsoft antimalware\definition updates\{bffad0cc-fa23-4af3-ac8a-f8f5f0ec4d7f}\MpKslc1f3797e.sys [2011-11-3 28752]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2010-10-20 821664]
R2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg32.exe [2011-10-15 190592]
R2 CxUSBDock;Conexant USB Audio Dock Service;c:\windows\system32\CxUSBDock32.exe [2011-10-15 123008]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-10-28 366152]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-10-28 1153368]
R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2010-9-14 508264]
R2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\enigma~1\spyhun~1\SH4SER~1.EXE [2011-10-10 736672]
R2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2011-7-5 2337144]
R3 acpials;ALS-sensorfilter;c:\windows\system32\drivers\acpials.sys [2009-7-14 7680]
R3 esgiguard;esgiguard;c:\program files\enigma software group\spyhunter\esgiguard.sys [2011-5-6 13904]
R3 Fwleaf;NETGEAR Firewall Driver;c:\windows\system32\drivers\fwleaf.sys [2011-10-23 22848]
R3 leafnets;Leaf Networks Adapter;c:\windows\system32\drivers\leafnets.sys [2011-5-26 55296]
R3 LSM303DLH;STMicroelectronicsÖ 3-Axis Accelerometer/Magnetometer;c:\windows\system32\drivers\LSM303DLH.sys [2011-2-1 28272]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-10-28 22216]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2010-9-14 577384]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2010-9-14 194408]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2010-9-14 21864]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2010-9-14 19304]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2010-9-14 219496]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Updateservice (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-5-26 136176]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2011-10-22 84832]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-6-13 54632]
S3 fsssvc;De service Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 gupdatem;Google Update-service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-5-26 136176]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-23 52224]
S3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\wat\WatAdminSvc.exe [2011-5-29 1343400]
.
=============== Created Last 30 ================
.
2011-11-03 05:04:55 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{bffad0cc-fa23-4af3-ac8a-f8f5f0ec4d7f}\MpKslc1f3797e.sys
2011-11-03 05:04:51 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{bffad0cc-fa23-4af3-ac8a-f8f5f0ec4d7f}\offreg.dll
2011-11-02 14:45:36 6668624 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{bffad0cc-fa23-4af3-ac8a-f8f5f0ec4d7f}\mpengine.dll
2011-10-30 12:03:09 110080 ----a-r- c:\users\user\appdata\roaming\microsoft\installer\{1c7cc8e2-cfcf-41e6-a863-7c7a45ce8a78}\IconF7A21AF7.exe
2011-10-30 12:03:09 110080 ----a-r- c:\users\user\appdata\roaming\microsoft\installer\{1c7cc8e2-cfcf-41e6-a863-7c7a45ce8a78}\IconD7F16134.exe
2011-10-30 12:03:09 110080 ----a-r- c:\users\user\appdata\roaming\microsoft\installer\{1c7cc8e2-cfcf-41e6-a863-7c7a45ce8a78}\IconCF33A0CE.exe
2011-10-30 12:03:06 -------- d-----w- C:\sh4ldr
2011-10-30 12:03:05 -------- d-----w- c:\program files\Enigma Software Group
2011-10-30 11:59:54 -------- d-----w- c:\windows\1C7CC8E2CFCF41E6A8637C7A45CE8A78.TMP
2011-10-30 11:59:48 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2011-10-30 08:23:18 388096 ----a-r- c:\users\user\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-10-30 08:23:15 -------- d-----w- c:\program files\Trend Micro
2011-10-28 18:15:51 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-10-28 18:15:51 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-10-28 14:50:21 -------- d-----w- c:\users\user\appdata\roaming\Malwarebytes
2011-10-28 14:50:05 -------- d-----w- c:\programdata\Malwarebytes
2011-10-28 14:49:59 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-28 14:49:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-23 18:51:51 -------- d-----w- c:\users\user\appdata\local\ReadyNASRemote
2011-10-23 18:49:31 22848 ----a-w- c:\windows\system32\drivers\fwleaf.sys
2011-10-23 14:03:26 -------- d-----w- C:\updates
2011-10-23 13:59:44 -------- d-----w- c:\programdata\Squeezebox
2011-10-23 13:59:44 -------- d-----w- c:\program files\Squeezebox
2011-10-22 16:42:06 -------- d-----w- c:\program files\Makayama Interactive
2011-10-22 07:42:41 -------- d-----w- c:\program files\FreeTime
2011-10-22 07:17:17 -------- d-----w- C:\OUT_MEDIA_FILES
2011-10-22 07:17:03 84832 ----a-w- c:\windows\system32\drivers\ASPI32.SYS
2011-10-22 07:17:03 45056 ----a-w- c:\windows\system32\WNASPI32.DLL
2011-10-21 20:29:16 -------- d-----w- c:\users\user\appdata\roaming\Spotify
2011-10-21 20:29:16 -------- d-----w- c:\users\user\appdata\local\Spotify
2011-10-21 19:27:48 -------- d-----w- c:\program files\NETGEAR ReadyNAS
2011-10-20 15:43:59 805376 ----a-w- c:\windows\system32\FntCache.dll
2011-10-20 15:43:58 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-10-20 15:43:58 1076736 ----a-w- c:\windows\system32\DWrite.dll
2011-10-15 07:06:57 -------- d-----w- c:\users\user\appdata\local\SRS Labs
2011-10-15 07:06:50 -------- d-----w- c:\program files\SRS Labs
2011-10-15 07:06:26 123008 ------w- c:\windows\system32\CxUSBDock32.exe
2011-10-15 07:06:19 190592 ------w- c:\windows\system32\CxAudMsg32.exe
2011-10-15 07:05:55 -------- d-----w- c:\windows\system32\SRSLabs
2011-10-15 07:04:06 330368 ----a-w- c:\windows\system32\UCI32A63.dll
2011-10-15 07:04:03 521344 ----a-w- c:\windows\system32\drivers\CHDRT32.sys
2011-10-15 07:04:03 1743488 ----a-w- c:\windows\system32\CX32PP25.dll
2011-10-13 03:52:16 75776 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-13 03:52:16 465408 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-13 03:52:13 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-13 03:52:13 233472 ----a-w- c:\windows\system32\oleacc.dll
2011-10-13 03:52:03 2334720 ----a-w- c:\windows\system32\win32k.sys
2011-10-12 06:48:48 439632 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\nisbackup\gapaengine.dll
2011-10-12 06:48:40 703824 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{59de3282-6afa-4e53-94f7-e40e02388f6a}\gapaengine.dll
2011-10-10 18:11:58 -------- d-----w- c:\programdata\ArcSoft
2011-10-10 18:10:54 -------- d-----w- c:\users\user\appdata\local\Downloaded Installations
2011-10-10 18:02:37 -------- d-----w- c:\users\user\appdata\local\Powercinema
2011-10-10 17:43:35 841280 ----a-w- c:\windows\system32\PhotoStageScrSaver.scr
2011-10-10 17:39:10 -------- d-----w- c:\users\user\appdata\local\ArcSoft
2011-10-10 17:37:55 -------- d-----w- c:\users\user\appdata\local\Dell
2011-10-10 17:35:33 -------- d-----w- c:\programdata\install_clap
2011-10-10 11:48:35 -------- d-----w- c:\program files\CONEXANT
2011-10-09 19:06:27 48648 ----a-w- c:\programdata\microsoft\ehome\packages\mceclientux\updateablemarkup-2\Markup.dll
.
==================== Find3M ====================
.
2011-10-10 06:33:32 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-01 02:35:59 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-09-01 02:28:15 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-09-01 02:22:54 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-08-23 08:54:12 61952 --sha-r- c:\users\user\appdata\roaming\license3.dll
.
============= FINISH: 20:27:48,91 ===============



Catchme file:

disk not found C:\
please note that you need administrator rights to perform deep scan
govert's Avatar
govert govert is offline
Computer Specs
Member with 12 posts.
THREAD STARTER
 
Join Date: Nov 2011
Location: amsterdam
Experience: Beginner
07-Nov-2011, 08:30 AM #2
bump
bump
Larusso's Avatar
Larusso Larusso is offline Larusso is authorized to help remove malware.
Malware Removal Specialist with 808 posts.
 
Join Date: Aug 2011
Location: Austria
Experience: learning every day
07-Nov-2011, 10:41 AM #3
Hi and welcome to TSG.

I am reviewing your logs and will respond with a reply as soon as I can.

Please note that all my replies are reviewed by a qualified Analyst before I post. This ensures that you will continue to receive quality expert assistance.

Thank you for your patience.
Larusso's Avatar
Larusso Larusso is offline Larusso is authorized to help remove malware.
Malware Removal Specialist with 808 posts.
 
Join Date: Aug 2011
Location: Austria
Experience: learning every day
07-Nov-2011, 03:20 PM #4
Hy
my name is Daniel and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.
  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, I will have to unsubscribe from this thread and move on to assist someone else.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.



Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.exe and save it to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Cure. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt

Please post the contents of that log in your next reply.



Please launch DDS
  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt
  • Save both reports to your desktop and post both in your next reply



Please post in your next reply
TDSSKIller Log
dds.txt
attach.txt
govert's Avatar
govert govert is offline
Computer Specs
Member with 12 posts.
THREAD STARTER
 
Join Date: Nov 2011
Location: amsterdam
Experience: Beginner
09-Nov-2011, 07:46 AM #5
tds dds attach
Hello Daniel,
thank you for helping me.
here are the file
with kind regards,
govert

13:24:26.0634 3760 TDSS rootkit removing tool 2.6.16.0 Nov 7 2011 16:26:51
13:24:27.0211 3760 ============================================================
13:24:27.0211 3760 Current date / time: 2011/11/09 13:24:27.0211
13:24:27.0211 3760 SystemInfo:
13:24:27.0211 3760
13:24:27.0211 3760 OS Version: 6.1.7601 ServicePack: 1.0
13:24:27.0211 3760 Product type: Workstation
13:24:27.0211 3760 ComputerName: USER-PC
13:24:27.0211 3760 UserName: user
13:24:27.0211 3760 Windows directory: C:\Windows
13:24:27.0211 3760 System windows directory: C:\Windows
13:24:27.0211 3760 Processor architecture: Intel x86
13:24:27.0211 3760 Number of processors: 4
13:24:27.0211 3760 Page size: 0x1000
13:24:27.0211 3760 Boot type: Normal boot
13:24:27.0211 3760 ============================================================
13:24:40.0612 3760 Initialize success
13:24:46.0337 1100 ============================================================
13:24:46.0337 1100 Scan started
13:24:46.0337 1100 Mode: Manual;
13:24:46.0337 1100 ============================================================
13:24:48.0896 1100 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
13:24:48.0896 1100 1394ohci - ok
13:24:49.0036 1100 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
13:24:49.0036 1100 ACPI - ok
13:24:49.0114 1100 acpials (79d6b28027c398b728ce7cd0570248b0) C:\Windows\system32\DRIVERS\acpials.sys
13:24:49.0130 1100 acpials - ok
13:24:49.0239 1100 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
13:24:49.0270 1100 AcpiPmi - ok
13:24:49.0473 1100 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
13:24:49.0473 1100 adp94xx - ok
13:24:49.0863 1100 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
13:24:49.0878 1100 adpahci - ok
13:24:50.0097 1100 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
13:24:50.0112 1100 adpu320 - ok
13:24:50.0253 1100 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
13:24:50.0253 1100 AFD - ok
13:24:50.0378 1100 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
13:24:50.0409 1100 agp440 - ok
13:24:50.0471 1100 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
13:24:50.0487 1100 aic78xx - ok
13:24:50.0721 1100 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
13:24:50.0736 1100 aliide - ok
13:24:51.0033 1100 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
13:24:51.0033 1100 amdagp - ok
13:24:51.0095 1100 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
13:24:51.0095 1100 amdide - ok
13:24:51.0220 1100 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
13:24:51.0220 1100 AmdK8 - ok
13:24:51.0438 1100 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
13:24:51.0454 1100 AmdPPM - ok
13:24:51.0766 1100 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
13:24:51.0766 1100 amdsata - ok
13:24:52.0000 1100 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
13:24:52.0000 1100 amdsbs - ok
13:24:52.0140 1100 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
13:24:52.0140 1100 amdxata - ok
13:24:52.0406 1100 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
13:24:52.0437 1100 AppID - ok
13:24:52.0608 1100 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
13:24:52.0624 1100 arc - ok
13:24:52.0827 1100 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
13:24:52.0842 1100 arcsas - ok
13:24:52.0967 1100 ASPI (e54e27976e2c5a6465d44c10b1d87ac0) C:\Windows\System32\DRIVERS\ASPI32.sys
13:24:53.0030 1100 ASPI - ok
13:24:53.0264 1100 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
13:24:53.0279 1100 AsyncMac - ok
13:24:53.0420 1100 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
13:24:53.0420 1100 atapi - ok
13:24:53.0591 1100 athr (30a3f6ec0aa3470f71f52255d9e9c681) C:\Windows\system32\DRIVERS\athr.sys
13:24:53.0654 1100 athr - ok
13:24:54.0106 1100 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
13:24:54.0137 1100 b06bdrv - ok
13:24:54.0215 1100 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
13:24:54.0215 1100 b57nd60x - ok
13:24:54.0340 1100 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
13:24:54.0356 1100 Beep - ok
13:24:54.0543 1100 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
13:24:54.0574 1100 blbdrive - ok
13:24:54.0761 1100 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
13:24:54.0792 1100 bowser - ok
13:24:54.0995 1100 BRCMDECO (a829cae879189857448f0e05c982f592) C:\Windows\system32\DRIVERS\BRCMHD32.sys
13:24:54.0995 1100 BRCMDECO - ok
13:24:55.0104 1100 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:24:55.0151 1100 BrFiltLo - ok
13:24:55.0229 1100 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:24:55.0229 1100 BrFiltUp - ok
13:24:55.0354 1100 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
13:24:55.0354 1100 Brserid - ok
13:24:55.0416 1100 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
13:24:55.0416 1100 BrSerWdm - ok
13:24:55.0448 1100 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
13:24:55.0448 1100 BrUsbMdm - ok
13:24:55.0479 1100 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
13:24:55.0479 1100 BrUsbSer - ok
13:24:55.0588 1100 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
13:24:55.0588 1100 BTHMODEM - ok
13:24:55.0744 1100 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\System32\Drivers\BTHport.sys
13:24:55.0760 1100 BTHPORT - ok
13:24:55.0900 1100 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\System32\Drivers\BTHUSB.sys
13:24:55.0900 1100 BTHUSB - ok
13:24:56.0150 1100 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
13:24:56.0165 1100 cdfs - ok
13:24:56.0368 1100 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
13:24:56.0384 1100 cdrom - ok
13:24:56.0571 1100 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
13:24:56.0571 1100 circlass - ok
13:24:56.0742 1100 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
13:24:56.0758 1100 CLFS - ok
13:24:56.0898 1100 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
13:24:56.0914 1100 CmBatt - ok
13:24:57.0132 1100 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
13:24:57.0164 1100 cmdide - ok
13:24:57.0522 1100 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
13:24:57.0554 1100 CNG - ok
13:24:57.0959 1100 CnxtHdAudService (a08d9a4eb4f9d2faa1d4e10bc91b695c) C:\Windows\system32\drivers\CHDRT32.sys
13:24:57.0975 1100 CnxtHdAudService - ok
13:24:58.0100 1100 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
13:24:58.0115 1100 Compbatt - ok
13:24:58.0271 1100 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
13:24:58.0287 1100 CompositeBus - ok
13:24:58.0521 1100 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
13:24:58.0536 1100 crcdisk - ok
13:24:58.0958 1100 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
13:24:58.0973 1100 DfsC - ok
13:24:59.0051 1100 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
13:24:59.0067 1100 discache - ok
13:24:59.0145 1100 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
13:24:59.0145 1100 Disk - ok
13:24:59.0270 1100 Dot4 (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys
13:24:59.0301 1100 Dot4 - ok
13:24:59.0504 1100 Dot4Print (caefd09b6a6249c53a67d55a9a9fcabf) C:\Windows\system32\drivers\Dot4Prt.sys
13:24:59.0535 1100 Dot4Print - ok
13:24:59.0660 1100 dot4usb (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys
13:24:59.0660 1100 dot4usb - ok
13:24:59.0894 1100 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
13:24:59.0909 1100 drmkaud - ok
13:25:00.0065 1100 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
13:25:00.0096 1100 DXGKrnl - ok
13:25:00.0533 1100 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
13:25:00.0674 1100 ebdrv - ok
13:25:00.0908 1100 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
13:25:00.0923 1100 elxstor - ok
13:25:00.0970 1100 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
13:25:00.0986 1100 ErrDev - ok
13:25:01.0079 1100 esgiguard (2407b8164e966755bc6a4242fc9de31e) C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys
13:25:01.0126 1100 esgiguard - ok
13:25:01.0391 1100 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
13:25:01.0454 1100 exfat - ok
13:25:01.0516 1100 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
13:25:01.0532 1100 fastfat - ok
13:25:01.0812 1100 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
13:25:01.0812 1100 fdc - ok
13:25:02.0062 1100 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
13:25:02.0062 1100 FileInfo - ok
13:25:02.0327 1100 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
13:25:02.0343 1100 Filetrace - ok
13:25:02.0468 1100 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
13:25:02.0499 1100 flpydisk - ok
13:25:02.0748 1100 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
13:25:02.0764 1100 FltMgr - ok
13:25:02.0842 1100 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
13:25:02.0858 1100 FsDepends - ok
13:25:02.0998 1100 fssfltr (491e9d9a26a745f6ae7d570849f4bd87) C:\Windows\system32\DRIVERS\fssfltr.sys
13:25:02.0998 1100 fssfltr - ok
13:25:03.0216 1100 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
13:25:03.0232 1100 Fs_Rec - ok
13:25:03.0513 1100 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
13:25:03.0513 1100 fvevol - ok
13:25:03.0622 1100 Fwleaf (a6626a44df9a94fedafbcc984a9fb173) C:\Windows\system32\DRIVERS\fwleaf.sys
13:25:03.0653 1100 Fwleaf - ok
13:25:03.0825 1100 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
13:25:03.0840 1100 gagp30kx - ok
13:25:03.0965 1100 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
13:25:03.0965 1100 hcw85cir - ok
13:25:04.0074 1100 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
13:25:04.0090 1100 HdAudAddService - ok
13:25:04.0308 1100 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
13:25:04.0324 1100 HDAudBus - ok
13:25:04.0371 1100 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
13:25:04.0371 1100 HidBatt - ok
13:25:04.0402 1100 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
13:25:04.0418 1100 HidBth - ok
13:25:04.0574 1100 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
13:25:04.0574 1100 HidIr - ok
13:25:04.0839 1100 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
13:25:04.0839 1100 HidUsb - ok
13:25:04.0932 1100 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
13:25:04.0932 1100 HpSAMD - ok
13:25:05.0260 1100 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
13:25:05.0276 1100 HTTP - ok
13:25:05.0619 1100 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
13:25:05.0619 1100 hwpolicy - ok
13:25:05.0775 1100 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
13:25:05.0790 1100 i8042prt - ok
13:25:06.0087 1100 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
13:25:06.0118 1100 iaStorV - ok
13:25:06.0492 1100 igfx (9f1a6c47834b63c6cd901fc75f0178f2) C:\Windows\system32\DRIVERS\igdkmd32.sys
13:25:06.0711 1100 igfx - ok
13:25:06.0882 1100 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
13:25:06.0882 1100 iirsp - ok
13:25:07.0132 1100 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
13:25:07.0148 1100 intelide - ok
13:25:07.0413 1100 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
13:25:07.0413 1100 intelppm - ok
13:25:07.0506 1100 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:25:07.0522 1100 IpFilterDriver - ok
13:25:07.0740 1100 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
13:25:07.0756 1100 IPMIDRV - ok
13:25:07.0912 1100 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
13:25:07.0928 1100 IPNAT - ok
13:25:08.0146 1100 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
13:25:08.0162 1100 IRENUM - ok
13:25:08.0302 1100 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
13:25:08.0318 1100 isapnp - ok
13:25:08.0380 1100 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
13:25:08.0396 1100 iScsiPrt - ok
13:25:08.0520 1100 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
13:25:08.0536 1100 kbdclass - ok
13:25:08.0630 1100 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
13:25:08.0645 1100 kbdhid - ok
13:25:08.0910 1100 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
13:25:08.0926 1100 KSecDD - ok
13:25:09.0035 1100 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
13:25:09.0051 1100 KSecPkg - ok
13:25:09.0332 1100 leafnets (51674c5c2eeff3d155edab0f5ef9a4d2) C:\Windows\system32\DRIVERS\leafnets.sys
13:25:09.0472 1100 leafnets - ok
13:25:09.0628 1100 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
13:25:09.0644 1100 lltdio - ok
13:25:09.0862 1100 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
13:25:09.0878 1100 LSI_FC - ok
13:25:10.0080 1100 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
13:25:10.0080 1100 LSI_SAS - ok
13:25:10.0236 1100 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:25:10.0252 1100 LSI_SAS2 - ok
13:25:10.0361 1100 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:25:10.0377 1100 LSI_SCSI - ok
13:25:10.0548 1100 LSM303DLH (558c83bcfb81950d91a607997d177288) C:\Windows\system32\DRIVERS\LSM303DLH.sys
13:25:10.0548 1100 LSM303DLH - ok
13:25:10.0907 1100 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
13:25:11.0734 1100 luafv - ok
13:25:12.0218 1100 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\Windows\system32\drivers\mbam.sys
13:25:12.0233 1100 MBAMProtector - ok
13:25:12.0358 1100 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
13:25:12.0374 1100 megasas - ok
13:25:12.0592 1100 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
13:25:12.0608 1100 MegaSR - ok
13:25:12.0966 1100 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
13:25:12.0982 1100 Modem - ok
13:25:13.0247 1100 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
13:25:13.0263 1100 monitor - ok
13:25:13.0481 1100 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
13:25:13.0481 1100 mouclass - ok
13:25:13.0715 1100 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
13:25:13.0731 1100 mouhid - ok
13:25:13.0965 1100 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
13:25:13.0965 1100 mountmgr - ok
13:25:14.0214 1100 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
13:25:14.0230 1100 MpFilter - ok
13:25:14.0370 1100 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
13:25:14.0386 1100 mpio - ok
13:25:14.0526 1100 MpKsl0a841fb9 - ok
13:25:14.0651 1100 MpKsl30f9ebb3 - ok
13:25:14.0698 1100 MpKsl39b88671 - ok
13:25:14.0729 1100 MpKsl3a3d43fa - ok
13:25:14.0745 1100 MpKsl449f1697 - ok
13:25:14.0776 1100 MpKsl55197cb9 - ok
13:25:14.0932 1100 MpKsl66a2a486 - ok
13:25:14.0994 1100 MpKsl7b619c06 - ok
13:25:15.0026 1100 MpKsl8b0c9026 - ok
13:25:15.0057 1100 MpKslaa30d8be - ok
13:25:15.0088 1100 MpKslb61aabd5 - ok
13:25:15.0150 1100 MpKslbac233d7 - ok
13:25:15.0166 1100 MpKslbdfb7049 - ok
13:25:15.0197 1100 MpKslbf689fea - ok
13:25:15.0260 1100 MpKslc1f3797e - ok
13:25:15.0353 1100 MpKslce789fd5 (5f53edfead46fa7adb78eee9ecce8fdf) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{339E4555-520C-4D3A-B1B3-B4C5E8ACFB73}\MpKslce789fd5.sys
13:25:15.0369 1100 MpKslce789fd5 - ok
13:25:15.0416 1100 MpKsld0115633 - ok
13:25:15.0462 1100 MpKsld8f64202 - ok
13:25:15.0494 1100 MpKslecbb81fc - ok
13:25:15.0556 1100 MpKslf85a474e - ok
13:25:15.0743 1100 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
13:25:15.0743 1100 MpNWMon - ok
13:25:15.0868 1100 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
13:25:15.0899 1100 mpsdrv - ok
13:25:16.0133 1100 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
13:25:16.0149 1100 MRxDAV - ok
13:25:16.0274 1100 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:25:16.0289 1100 mrxsmb - ok
13:25:16.0508 1100 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:25:16.0539 1100 mrxsmb10 - ok
13:25:16.0726 1100 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:25:16.0742 1100 mrxsmb20 - ok
13:25:17.0069 1100 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
13:25:17.0100 1100 msahci - ok
13:25:17.0553 1100 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
13:25:17.0568 1100 msdsm - ok
13:25:17.0927 1100 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
13:25:17.0943 1100 Msfs - ok
13:25:18.0224 1100 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
13:25:18.0255 1100 mshidkmdf - ok
13:25:18.0395 1100 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
13:25:18.0395 1100 msisadrv - ok
13:25:18.0754 1100 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
13:25:18.0770 1100 MSKSSRV - ok
13:25:18.0910 1100 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
13:25:18.0926 1100 MSPCLOCK - ok
13:25:18.0972 1100 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
13:25:18.0972 1100 MSPQM - ok
13:25:19.0035 1100 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
13:25:19.0050 1100 MsRPC - ok
13:25:19.0175 1100 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
13:25:19.0206 1100 mssmbios - ok
13:25:19.0503 1100 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
13:25:19.0518 1100 MSTEE - ok
13:25:19.0846 1100 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
13:25:19.0877 1100 MTConfig - ok
13:25:20.0111 1100 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
13:25:20.0127 1100 Mup - ok
13:25:20.0423 1100 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
13:25:20.0439 1100 NativeWifiP - ok
13:25:20.0907 1100 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
13:25:20.0938 1100 NDIS - ok
13:25:21.0094 1100 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
13:25:21.0094 1100 NdisCap - ok
13:25:21.0172 1100 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
13:25:21.0172 1100 NdisTapi - ok
13:25:21.0281 1100 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
13:25:21.0281 1100 Ndisuio - ok
13:25:21.0671 1100 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
13:25:21.0687 1100 NdisWan - ok
13:25:22.0014 1100 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
13:25:22.0046 1100 NDProxy - ok
13:25:22.0311 1100 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
13:25:22.0311 1100 NetBIOS - ok
13:25:22.0545 1100 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
13:25:22.0560 1100 NetBT - ok
13:25:22.0779 1100 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
13:25:22.0779 1100 nfrd960 - ok
13:25:22.0872 1100 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
13:25:22.0904 1100 NisDrv - ok
13:25:23.0106 1100 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
13:25:23.0122 1100 Npfs - ok
13:25:23.0356 1100 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
13:25:23.0387 1100 nsiproxy - ok
13:25:23.0528 1100 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
13:25:23.0559 1100 Ntfs - ok
13:25:23.0808 1100 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
13:25:23.0824 1100 Null - ok
13:25:24.0120 1100 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
13:25:24.0136 1100 nvraid - ok
13:25:24.0198 1100 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
13:25:24.0198 1100 nvstor - ok
13:25:24.0308 1100 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
13:25:24.0308 1100 nv_agp - ok
13:25:24.0588 1100 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
13:25:24.0620 1100 ohci1394 - ok
13:25:24.0854 1100 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
13:25:24.0885 1100 Parport - ok
13:25:24.0963 1100 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
13:25:24.0963 1100 partmgr - ok
13:25:25.0010 1100 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
13:25:25.0010 1100 Parvdm - ok
13:25:25.0290 1100 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
13:25:25.0306 1100 pci - ok
13:25:25.0400 1100 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
13:25:25.0415 1100 pciide - ok
13:25:25.0556 1100 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
13:25:25.0556 1100 pcmcia - ok
13:25:25.0680 1100 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
13:25:25.0680 1100 pcw - ok
13:25:25.0868 1100 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
13:25:25.0883 1100 PEAUTH - ok
13:25:26.0195 1100 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
13:25:26.0211 1100 PptpMiniport - ok
13:25:26.0273 1100 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
13:25:26.0273 1100 Processor - ok
13:25:26.0429 1100 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
13:25:26.0445 1100 Psched - ok
13:25:26.0616 1100 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
13:25:26.0648 1100 ql2300 - ok
13:25:26.0882 1100 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
13:25:26.0882 1100 ql40xx - ok
13:25:27.0240 1100 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
13:25:27.0256 1100 QWAVEdrv - ok
13:25:27.0490 1100 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
13:25:27.0490 1100 RasAcd - ok
13:25:28.0005 1100 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
13:25:28.0036 1100 RasAgileVpn - ok
13:25:28.0239 1100 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:25:28.0239 1100 Rasl2tp - ok
13:25:28.0442 1100 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
13:25:28.0442 1100 RasPppoe - ok
13:25:28.0520 1100 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
13:25:28.0535 1100 RasSstp - ok
13:25:28.0894 1100 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
13:25:28.0910 1100 rdbss - ok
13:25:29.0144 1100 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
13:25:29.0159 1100 rdpbus - ok
13:25:29.0596 1100 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:25:29.0612 1100 RDPCDD - ok
13:25:30.0126 1100 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
13:25:30.0142 1100 RDPENCDD - ok
13:25:30.0407 1100 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
13:25:30.0407 1100 RDPREFMP - ok
13:25:30.0813 1100 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
13:25:30.0844 1100 RDPWD - ok
13:25:31.0156 1100 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
13:25:31.0172 1100 rdyboost - ok
13:25:31.0608 1100 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
13:25:31.0640 1100 rspndr - ok
13:25:31.0936 1100 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
13:25:31.0952 1100 SASDIFSV - ok
13:25:32.0108 1100 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
13:25:32.0108 1100 SASKUTIL - ok
13:25:32.0420 1100 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
13:25:32.0435 1100 sbp2port - ok
13:25:32.0669 1100 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
13:25:32.0700 1100 scfilter - ok
13:25:32.0919 1100 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
13:25:32.0934 1100 secdrv - ok
13:25:33.0122 1100 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
13:25:33.0122 1100 Serenum - ok
13:25:33.0184 1100 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
13:25:33.0200 1100 Serial - ok
13:25:33.0340 1100 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
13:25:33.0356 1100 sermouse - ok
13:25:33.0527 1100 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
13:25:33.0558 1100 sffdisk - ok
13:25:33.0902 1100 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
13:25:33.0917 1100 sffp_mmc - ok
13:25:34.0276 1100 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
13:25:34.0292 1100 sffp_sd - ok
13:25:34.0604 1100 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
13:25:34.0604 1100 sfloppy - ok
13:25:34.0838 1100 Sftfs (8f00cc8cacf83dce5b35079f615b0f12) C:\Windows\system32\DRIVERS\Sftfslh.sys
13:25:34.0853 1100 Sftfs - ok
13:25:34.0962 1100 Sftplay (afdb934586c4c8b2be39ae7eea6f52be) C:\Windows\system32\DRIVERS\Sftplaylh.sys
13:25:34.0978 1100 Sftplay - ok
13:25:35.0072 1100 Sftredir (6b1865d82e0290729ed7496c24275592) C:\Windows\system32\DRIVERS\Sftredirlh.sys
13:25:35.0087 1100 Sftredir - ok
13:25:35.0352 1100 Sftvol (621eccb1265a01ce2bdf6f2c5e727e2b) C:\Windows\system32\DRIVERS\Sftvollh.sys
13:25:35.0352 1100 Sftvol - ok
13:25:35.0477 1100 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
13:25:35.0508 1100 sisagp - ok
13:25:35.0774 1100 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:25:35.0774 1100 SiSRaid2 - ok
13:25:35.0836 1100 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
13:25:35.0836 1100 SiSRaid4 - ok
13:25:35.0914 1100 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
13:25:35.0914 1100 Smb - ok
13:25:36.0148 1100 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
13:25:36.0148 1100 spldr - ok
13:25:36.0257 1100 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
13:25:36.0273 1100 srv - ok
13:25:36.0444 1100 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
13:25:36.0444 1100 srv2 - ok
13:25:36.0632 1100 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
13:25:36.0632 1100 srvnet - ok
13:25:36.0850 1100 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
13:25:36.0850 1100 stexstor - ok
13:25:36.0990 1100 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
13:25:37.0006 1100 swenum - ok
13:25:37.0224 1100 SynTP (957539e35bcd76d4ef08df5136c6d382) C:\Windows\system32\DRIVERS\SynTP.sys
13:25:37.0271 1100 SynTP - ok
13:25:37.0443 1100 Tcpip (04e4a7d53a7ace02e8c55b17a498f631) C:\Windows\system32\drivers\tcpip.sys
13:25:37.0490 1100 Tcpip - ok
13:25:37.0583 1100 TCPIP6 (04e4a7d53a7ace02e8c55b17a498f631) C:\Windows\system32\DRIVERS\tcpip.sys
13:25:37.0599 1100 TCPIP6 - ok
13:25:37.0708 1100 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
13:25:37.0724 1100 tcpipreg - ok
13:25:37.0817 1100 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
13:25:37.0817 1100 TDPIPE - ok
13:25:37.0864 1100 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
13:25:37.0864 1100 TDTCP - ok
13:25:37.0926 1100 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
13:25:37.0942 1100 tdx - ok
13:25:38.0082 1100 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
13:25:38.0082 1100 TermDD - ok
13:25:38.0254 1100 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:25:38.0270 1100 tssecsrv - ok
13:25:38.0519 1100 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
13:25:38.0535 1100 TsUsbFlt - ok
13:25:39.0096 1100 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
13:25:39.0112 1100 tunnel - ok
13:25:39.0206 1100 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
13:25:39.0221 1100 uagp35 - ok
13:25:39.0299 1100 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
13:25:39.0299 1100 udfs - ok
13:25:39.0642 1100 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
13:25:39.0674 1100 uliagpkx - ok
13:25:39.0892 1100 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
13:25:39.0923 1100 umbus - ok
13:25:40.0001 1100 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
13:25:40.0032 1100 UmPass - ok
13:25:40.0173 1100 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
13:25:40.0173 1100 usbccgp - ok
13:25:40.0454 1100 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
13:25:40.0454 1100 usbcir - ok
13:25:40.0516 1100 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
13:25:40.0532 1100 usbehci - ok
13:25:40.0734 1100 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
13:25:40.0766 1100 usbhub - ok
13:25:40.0828 1100 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
13:25:40.0828 1100 usbohci - ok
13:25:41.0109 1100 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
13:25:41.0109 1100 usbprint - ok
13:25:41.0296 1100 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
13:25:41.0296 1100 usbscan - ok
13:25:41.0436 1100 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:25:41.0483 1100 USBSTOR - ok
13:25:41.0702 1100 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
13:25:41.0702 1100 usbuhci - ok
13:25:41.0982 1100 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
13:25:41.0982 1100 usbvideo - ok
13:25:42.0201 1100 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
13:25:42.0216 1100 vdrvroot - ok
13:25:42.0450 1100 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
13:25:42.0466 1100 vga - ok
13:25:42.0731 1100 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
13:25:42.0747 1100 VgaSave - ok
13:25:42.0825 1100 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
13:25:42.0825 1100 vhdmp - ok
13:25:42.0981 1100 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
13:25:42.0996 1100 viaagp - ok
13:25:43.0215 1100 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
13:25:43.0230 1100 ViaC7 - ok
13:25:43.0293 1100 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
13:25:43.0308 1100 viaide - ok
13:25:43.0340 1100 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
13:25:43.0340 1100 volmgr - ok
13:25:43.0386 1100 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
13:25:43.0402 1100 volmgrx - ok
13:25:43.0511 1100 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
13:25:43.0527 1100 volsnap - ok
13:25:43.0886 1100 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
13:25:43.0948 1100 vsmraid - ok
13:25:44.0073 1100 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
13:25:44.0088 1100 vwifibus - ok
13:25:44.0182 1100 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
13:25:44.0198 1100 vwififlt - ok
13:25:44.0541 1100 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
13:25:44.0556 1100 vwifimp - ok
13:25:44.0712 1100 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
13:25:44.0728 1100 WacomPen - ok
13:25:44.0853 1100 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
13:25:44.0868 1100 WANARP - ok
13:25:44.0868 1100 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
13:25:44.0868 1100 Wanarpv6 - ok
13:25:45.0274 1100 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
13:25:45.0290 1100 Wd - ok
13:25:45.0383 1100 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
13:25:45.0399 1100 Wdf01000 - ok
13:25:45.0617 1100 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
13:25:45.0633 1100 WfpLwf - ok
13:25:45.0773 1100 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
13:25:45.0789 1100 WIMMount - ok
13:25:45.0992 1100 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
13:25:46.0007 1100 WinUsb - ok
13:25:46.0163 1100 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
13:25:46.0163 1100 WmiAcpi - ok
13:25:46.0288 1100 WPRO_41_1742 - ok
13:25:46.0475 1100 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
13:25:46.0475 1100 ws2ifsl - ok
13:25:46.0678 1100 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
13:25:46.0694 1100 WudfPf - ok
13:25:46.0990 1100 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:25:47.0006 1100 WUDFRd - ok
13:25:47.0162 1100 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
13:25:47.0208 1100 \Device\Harddisk0\DR0 - ok
13:25:47.0224 1100 Boot (0x1200) (2f6b453fd8878e592ff6cc944d333f05) \Device\Harddisk0\DR0\Partition0
13:25:47.0224 1100 \Device\Harddisk0\DR0\Partition0 - ok
13:25:47.0271 1100 Boot (0x1200) (33b5c2aa04efb25e878e44326ff0ef0d) \Device\Harddisk0\DR0\Partition1
13:25:47.0302 1100 \Device\Harddisk0\DR0\Partition1 - ok
13:25:47.0302 1100 ============================================================
13:25:47.0302 1100 Scan finished
13:25:47.0302 1100 ============================================================
13:25:47.0333 0124 Detected object count: 0
13:25:47.0333 0124 Actual detected object count: 0
13:28:26.0442 1764 Deinitialize success



.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by user at 13:36:06 on 2011-11-09
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.2036.891 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\CxAudMsg32.exe
C:\Windows\system32\CxUSBDock32.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\Dwm.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\Explorer.EXE
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\STMicroelectronics\Accelerometer-Magnetometer\PopUp_DM.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\TeamViewer\Version6\TeamViewer.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Squeezebox\SqueezeTray.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\srspremiumpanel.exe
C:\Windows\system32\SearchIndexer.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\Macromed\Flash\FlashUtil11c_ActiveX.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://nu.nl/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [hkmu] rundll32 "c:\users\user\appdata\roaming\license3.dll",Zjutj
uRun: [Spotify] "c:\users\user\appdata\local\microsoft\windows\temporary internet files\content.ie5\ksxp1iiz\Spotify Installer.exe" /uri spotify:autostart
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [QuickSet] c:\program files\dell\quickset\QuickSet.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [Dell Magneto Popup] c:\program files\stmicroelectronics\accelerometer-magnetometer\PopUp_DM.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [CnxtCoInstallerDefer] c:\program files\conexant\preinstall\setup4e993818342\setup.exe -REBOOTED_FROM_NO_ENUM_INSTALL_METHOD=2 -S2 -S3
mRun: [SmartAudio] c:\program files\conexant\saii\SAIICpl.exe /t
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\users\user\appdata\roaming\micros~1\windows\startm~1\programs\startup\bt guar~1.lnk - c:\btguard\settings.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\systee~1.lnk - c:\program files\squeezebox\SqueezeTray.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxp://support.euro.dell.com/systemprofiler/SysProExe.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{45CAF88F-358E-4D78-81CF-DC7A283083A0} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{45CAF88F-358E-4D78-81CF-DC7A283083A0}\26167656C637265616E637 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{45CAF88F-358E-4D78-81CF-DC7A283083A0}\27F65747562747A656 : DhcpNameServer = 192.168.1.1
Handler: leaf - {3c4a8a13-029e-430d-b8c1-46e834d20b31} - c:\windows\system32\mscoree.dll
Notify: igfxcui - igfxdev.dll
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R1 MpKslce789fd5;MpKslce789fd5;c:\programdata\microsoft\microsoft antimalware\definition updates\{339e4555-520c-4d3a-b1b3-b4c5e8acfb73}\MpKslce789fd5.sys [2011-11-9 28752]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2010-10-20 821664]
R2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg32.exe [2011-10-15 190592]
R2 CxUSBDock;Conexant USB Audio Dock Service;c:\windows\system32\CxUSBDock32.exe [2011-10-15 123008]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-10-28 366152]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-10-28 1153368]
R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2010-9-14 508264]
R2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\enigma~1\spyhun~1\SH4SER~1.EXE [2011-10-10 736672]
R2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2011-7-5 2337144]
R3 acpials;ALS-sensorfilter;c:\windows\system32\drivers\acpials.sys [2009-7-14 7680]
R3 Fwleaf;NETGEAR Firewall Driver;c:\windows\system32\drivers\fwleaf.sys [2011-10-23 22848]
R3 leafnets;Leaf Networks Adapter;c:\windows\system32\drivers\leafnets.sys [2011-5-26 55296]
R3 LSM303DLH;STMicroelectronicsÖ 3-Axis Accelerometer/Magnetometer;c:\windows\system32\drivers\LSM303DLH.sys [2011-2-1 28272]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-10-28 22216]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2010-9-14 577384]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2010-9-14 194408]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2010-9-14 21864]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2010-9-14 19304]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2010-9-14 219496]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Updateservice (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-5-26 136176]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2011-10-22 84832]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 esgiguard;esgiguard;c:\program files\enigma software group\spyhunter\esgiguard.sys [2011-5-6 13904]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-6-13 54632]
S3 fsssvc;De service Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 gupdatem;Google Update-service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-5-26 136176]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-23 52224]
S3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\wat\WatAdminSvc.exe [2011-5-29 1343400]
.
=============== Created Last 30 ================
.
2011-11-09 12:23:39 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{339e4555-520c-4d3a-b1b3-b4c5e8acfb73}\MpKslce789fd5.sys
2011-11-09 12:23:33 6668624 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2011-11-09 12:23:04 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{339e4555-520c-4d3a-b1b3-b4c5e8acfb73}\offreg.dll
2011-11-09 12:22:57 6668624 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{339e4555-520c-4d3a-b1b3-b4c5e8acfb73}\mpengine.dll
2011-10-30 12:03:09 110080 ----a-r- c:\users\user\appdata\roaming\microsoft\installer\{1c7cc8e2-cfcf-41e6-a863-7c7a45ce8a78}\IconF7A21AF7.exe
2011-10-30 12:03:09 110080 ----a-r- c:\users\user\appdata\roaming\microsoft\installer\{1c7cc8e2-cfcf-41e6-a863-7c7a45ce8a78}\IconD7F16134.exe
2011-10-30 12:03:09 110080 ----a-r- c:\users\user\appdata\roaming\microsoft\installer\{1c7cc8e2-cfcf-41e6-a863-7c7a45ce8a78}\IconCF33A0CE.exe
2011-10-30 12:03:06 -------- d-----w- C:\sh4ldr
2011-10-30 12:03:05 -------- d-----w- c:\program files\Enigma Software Group
2011-10-30 11:59:54 -------- d-----w- c:\windows\1C7CC8E2CFCF41E6A8637C7A45CE8A78.TMP
2011-10-30 11:59:48 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2011-10-30 08:23:18 388096 ----a-r- c:\users\user\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-10-30 08:23:15 -------- d-----w- c:\program files\Trend Micro
2011-10-28 18:15:51 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-10-28 18:15:51 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-10-28 14:50:21 -------- d-----w- c:\users\user\appdata\roaming\Malwarebytes
2011-10-28 14:50:05 -------- d-----w- c:\programdata\Malwarebytes
2011-10-28 14:49:59 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-28 14:49:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-23 18:51:51 -------- d-----w- c:\users\user\appdata\local\ReadyNASRemote
2011-10-23 18:49:31 22848 ----a-w- c:\windows\system32\drivers\fwleaf.sys
2011-10-23 14:03:26 -------- d-----w- C:\updates
2011-10-23 13:59:44 -------- d-----w- c:\programdata\Squeezebox
2011-10-23 13:59:44 -------- d-----w- c:\program files\Squeezebox
2011-10-22 16:42:06 -------- d-----w- c:\program files\Makayama Interactive
2011-10-22 07:42:41 -------- d-----w- c:\program files\FreeTime
2011-10-22 07:17:17 -------- d-----w- C:\OUT_MEDIA_FILES
2011-10-22 07:17:03 84832 ----a-w- c:\windows\system32\drivers\ASPI32.SYS
2011-10-22 07:17:03 45056 ----a-w- c:\windows\system32\WNASPI32.DLL
2011-10-21 20:29:16 -------- d-----w- c:\users\user\appdata\roaming\Spotify
2011-10-21 20:29:16 -------- d-----w- c:\users\user\appdata\local\Spotify
2011-10-21 19:27:48 -------- d-----w- c:\program files\NETGEAR ReadyNAS
2011-10-20 15:43:59 805376 ----a-w- c:\windows\system32\FntCache.dll
2011-10-20 15:43:58 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-10-20 15:43:58 1076736 ----a-w- c:\windows\system32\DWrite.dll
2011-10-15 07:06:57 -------- d-----w- c:\users\user\appdata\local\SRS Labs
2011-10-15 07:06:50 -------- d-----w- c:\program files\SRS Labs
2011-10-15 07:06:26 123008 ------w- c:\windows\system32\CxUSBDock32.exe
2011-10-15 07:06:19 190592 ------w- c:\windows\system32\CxAudMsg32.exe
2011-10-15 07:05:55 -------- d-----w- c:\windows\system32\SRSLabs
2011-10-15 07:04:06 330368 ----a-w- c:\windows\system32\UCI32A63.dll
2011-10-15 07:04:03 521344 ----a-w- c:\windows\system32\drivers\CHDRT32.sys
2011-10-15 07:04:03 1743488 ----a-w- c:\windows\system32\CX32PP25.dll
2011-10-13 03:52:16 75776 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-13 03:52:16 465408 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-13 03:52:13 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-13 03:52:13 233472 ----a-w- c:\windows\system32\oleacc.dll
2011-10-13 03:52:03 2334720 ----a-w- c:\windows\system32\win32k.sys
2011-10-12 06:48:48 439632 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\nisbackup\gapaengine.dll
2011-10-12 06:48:40 703824 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{59de3282-6afa-4e53-94f7-e40e02388f6a}\gapaengine.dll
2011-10-10 18:11:58 -------- d-----w- c:\programdata\ArcSoft
2011-10-10 18:10:54 -------- d-----w- c:\users\user\appdata\local\Downloaded Installations
2011-10-10 18:02:37 -------- d-----w- c:\users\user\appdata\local\Powercinema
2011-10-10 17:43:35 841280 ----a-w- c:\windows\system32\PhotoStageScrSaver.scr
2011-10-10 17:39:10 -------- d-----w- c:\users\user\appdata\local\ArcSoft
2011-10-10 17:37:55 -------- d-----w- c:\users\user\appdata\local\Dell
2011-10-10 17:35:33 -------- d-----w- c:\programdata\install_clap
.
==================== Find3M ====================
.
2011-10-10 06:33:32 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-01 02:35:59 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-09-01 02:28:15 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-09-01 02:22:54 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-08-23 08:54:12 61952 --sha-r- c:\users\user\appdata\roaming\license3.dll
.
============= FINISH: 13:38:03,28 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 24-5-2011 16:50:08
System Uptime: 9-11-2011 13:10:43 (0 hours ago)
.
Motherboard: Dell Inc. | | Inspiron 1090
Processor: Intel(R) Atom(TM) CPU N550 @ 1.50GHz | CPU | 990/667mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 233 GiB total, 174,633 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl30f9ebb3
Device ID: ROOT\LEGACY_MPKSL30F9EBB3\0000
Manufacturer:
Name: MpKsl30f9ebb3
PNP Device ID: ROOT\LEGACY_MPKSL30F9EBB3\0000
Service: MpKsl30f9ebb3
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsld0115633
Device ID: ROOT\LEGACY_MPKSLD0115633\0000
Manufacturer:
Name: MpKsld0115633
PNP Device ID: ROOT\LEGACY_MPKSLD0115633\0000
Service: MpKsld0115633
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl39b88671
Device ID: ROOT\LEGACY_MPKSL39B88671\0000
Manufacturer:
Name: MpKsl39b88671
PNP Device ID: ROOT\LEGACY_MPKSL39B88671\0000
Service: MpKsl39b88671
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsld8f64202
Device ID: ROOT\LEGACY_MPKSLD8F64202\0000
Manufacturer:
Name: MpKsld8f64202
PNP Device ID: ROOT\LEGACY_MPKSLD8F64202\0000
Service: MpKsld8f64202
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl3a3d43fa
Device ID: ROOT\LEGACY_MPKSL3A3D43FA\0000
Manufacturer:
Name: MpKsl3a3d43fa
PNP Device ID: ROOT\LEGACY_MPKSL3A3D43FA\0000
Service: MpKsl3a3d43fa
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl449f1697
Device ID: ROOT\LEGACY_MPKSL449F1697\0000
Manufacturer:
Name: MpKsl449f1697
PNP Device ID: ROOT\LEGACY_MPKSL449F1697\0000
Service: MpKsl449f1697
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl55197cb9
Device ID: ROOT\LEGACY_MPKSL55197CB9\0000
Manufacturer:
Name: MpKsl55197cb9
PNP Device ID: ROOT\LEGACY_MPKSL55197CB9\0000
Service: MpKsl55197cb9
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKslecbb81fc
Device ID: ROOT\LEGACY_MPKSLECBB81FC\0000
Manufacturer:
Name: MpKslecbb81fc
PNP Device ID: ROOT\LEGACY_MPKSLECBB81FC\0000
Service: MpKslecbb81fc
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl66a2a486
Device ID: ROOT\LEGACY_MPKSL66A2A486\0000
Manufacturer:
Name: MpKsl66a2a486
PNP Device ID: ROOT\LEGACY_MPKSL66A2A486\0000
Service: MpKsl66a2a486
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKslf85a474e
Device ID: ROOT\LEGACY_MPKSLF85A474E\0000
Manufacturer:
Name: MpKslf85a474e
PNP Device ID: ROOT\LEGACY_MPKSLF85A474E\0000
Service: MpKslf85a474e
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl7b619c06
Device ID: ROOT\LEGACY_MPKSL7B619C06\0000
Manufacturer:
Name: MpKsl7b619c06
PNP Device ID: ROOT\LEGACY_MPKSL7B619C06\0000
Service: MpKsl7b619c06
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl8b0c9026
Device ID: ROOT\LEGACY_MPKSL8B0C9026\0000
Manufacturer:
Name: MpKsl8b0c9026
PNP Device ID: ROOT\LEGACY_MPKSL8B0C9026\0000
Service: MpKsl8b0c9026
.
Class GUID: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Description: Generic Bluetooth Adapter
Device ID: USB\VID_0CF3&PID_3002\5&3A195F82&0&2
Manufacturer: GenericAdapter
Name: Generic Bluetooth Adapter
PNP Device ID: USB\VID_0CF3&PID_3002\5&3A195F82&0&2
Service: BTHUSB
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKslaa30d8be
Device ID: ROOT\LEGACY_MPKSLAA30D8BE\0000
Manufacturer:
Name: MpKslaa30d8be
PNP Device ID: ROOT\LEGACY_MPKSLAA30D8BE\0000
Service: MpKslaa30d8be
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKslb61aabd5
Device ID: ROOT\LEGACY_MPKSLB61AABD5\0000
Manufacturer:
Name: MpKslb61aabd5
PNP Device ID: ROOT\LEGACY_MPKSLB61AABD5\0000
Service: MpKslb61aabd5
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKslbac233d7
Device ID: ROOT\LEGACY_MPKSLBAC233D7\0000
Manufacturer:
Name: MpKslbac233d7
PNP Device ID: ROOT\LEGACY_MPKSLBAC233D7\0000
Service: MpKslbac233d7
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKslbdfb7049
Device ID: ROOT\LEGACY_MPKSLBDFB7049\0000
Manufacturer:
Name: MpKslbdfb7049
PNP Device ID: ROOT\LEGACY_MPKSLBDFB7049\0000
Service: MpKslbdfb7049
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl0a841fb9
Device ID: ROOT\LEGACY_MPKSL0A841FB9\0000
Manufacturer:
Name: MpKsl0a841fb9
PNP Device ID: ROOT\LEGACY_MPKSL0A841FB9\0000
Service: MpKsl0a841fb9
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Teredo Tunneling-adapter
Device ID: ROOT\*TEREDO\0000
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TEREDO\0000
Service: tunnel
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKslbf689fea
Device ID: ROOT\LEGACY_MPKSLBF689FEA\0000
Manufacturer:
Name: MpKslbf689fea
PNP Device ID: ROOT\LEGACY_MPKSLBF689FEA\0000
Service: MpKslbf689fea
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKslc1f3797e
Device ID: ROOT\LEGACY_MPKSLC1F3797E\0000
Manufacturer:
Name: MpKslc1f3797e
PNP Device ID: ROOT\LEGACY_MPKSLC1F3797E\0000
Service: MpKslc1f3797e
.
==== System Restore Points ===================
.
RP140: 20-10-2011 22:59:55 - Windows Update
RP141: 23-10-2011 16:01:41 - Microsoft Visual C++ 2005 Redistributable is ge´nstalleerd
RP142: 23-10-2011 20:49:36 - Installatie van apparaatstuurprogramma: NETGEAR Network Service
RP143: 25-10-2011 7:54:27 - Windows Update
RP144: 28-10-2011 16:15:27 - Windows Update
RP145: 30-10-2011 9:22:00 - Installed HiJackThis
RP146: 30-10-2011 13:01:32 - Installed SpyHunter
RP147: 30-10-2011 18:06:56 - Removed SpyHunter
RP148: 1-11-2011 13:58:59 - Windows Update
RP149: 5-11-2011 8:29:56 - Windows Update
RP150: 9-11-2011 13:21:53 - Windows Update
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
Accelerometer-Magnetometer
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.1) - Nederlands
BTGuard 2.3
CCleaner
CDBurnerXP
Conexant HD Audio
Corel Graphics - Windows Shell Extension
CorelDRAW Graphics Suite X5
CorelDRAW Graphics Suite X5 - Capture
CorelDRAW Graphics Suite X5 - Common
CorelDRAW Graphics Suite X5 - Connect
CorelDRAW Graphics Suite X5 - Custom Data
CorelDRAW Graphics Suite X5 - Draw
CorelDRAW Graphics Suite X5 - EN
CorelDRAW Graphics Suite X5 - Filters
CorelDRAW Graphics Suite X5 - FontNav
CorelDRAW Graphics Suite X5 - IPM
CorelDRAW Graphics Suite X5 - PHOTO-PAINT
CorelDRAW Graphics Suite X5 - Photozoom Plugin
CorelDRAW Graphics Suite X5 - Redist
CorelDRAW Graphics Suite X5 - Setup Files
CorelDRAW Graphics Suite X5 - VBA
CorelDRAW Graphics Suite X5 - VideoBrowser
CorelDRAW Graphics Suite X5 - VSTA
CorelDRAW Graphics Suite X5 - WT
CorelDRAW(R) Graphics Suite X5
CyberLink YouPaint
Dell Driver Download Manager
Dell MusicStage
Dell PhotoStage
Dell Support Center
Dell VideoStage
FormatFactory 2.70
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Hema Fotoalbum
HiJackThis
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
HP Photosmart B109a-m All-in-One Driver 14.0 Rel. 6
Intel(R) Graphics Media Accelerator Driver
Java Auto Updater
Java(TM) 6 Update 26
Junk Mail filter update
K-Lite Codec Pack 5.2.0 (Full)
Kinderopvangtoeslag 2011
Logitech Harmony Remote Software 7
Malwarebytes' Anti-Malware versie 1.51.2.1300
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile NLD Language Pack
Microsoft Antimalware
Microsoft Antimalware Service NL-NL Language Pack
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office Home and Student 2010 - Nederlands
Microsoft Office Klik-en-Klaar 2010
Microsoft Search Enhancement Pack
Microsoft Security Client
Microsoft Security Client NL-NL Language Pack
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Touch Pack for Windows 7
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual Studio Tools for Applications 2.0 - ENU
Microsoft Visual Studio Tools for Applications 2.0 Runtime
Microsoft XNA Framework Redistributable 3.0
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
PS_AIO_06_B109a-m_SW_Min
QuickSet32
RAIDar 4.3.3
ReadyNAS Remote
Remote Control USB Driver
Revo Uninstaller 1.92
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD (KB2478663)
Security Update for Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD (KB2518870)
Spybot - Search & Destroy
SpyHunter
Squeezebox Server 7.6.1
StickyNotes
SUPERAntiSpyware
Synaptics Pointing Device Driver
Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD
TeamViewer 6
Toolbox
TweetDeck
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Video DVD Maker v3.32.0.80
Visual Basic for Applications (R) Core
Visual Basic for Applications (R) Core - English
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Toolbar
Windows Live Writer
.
==== End Of File ===========================
Larusso's Avatar
Larusso Larusso is offline Larusso is authorized to help remove malware.
Malware Removal Specialist with 808 posts.
 
Join Date: Aug 2011
Location: Austria
Experience: learning every day
09-Nov-2011, 04:19 PM #6
Well done
TDSSKiller appears clean so there is a good chance that no rootkits are present.


While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes interfere our fixes
Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your logs are clean.
  • Open Spybot Search & Destroy.
  • In the Mode menu click "Advanced mode" if not already selected.
  • Choose "Yes" at the Warning prompt.
  • Expand the "Tools" menu.
  • Click "Resident".
  • Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
  • In the File menu click "Exit" to exit Spybot Search & Destroy.



Please download and scan with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

Note: Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
You can use this thread as a guide.

Please include the C:\ComboFix.txt in your next reply for further review.



Please post in your next reply
Combofix.txt
How is your system behaving now ?
govert's Avatar
govert govert is offline
Computer Specs
Member with 12 posts.
THREAD STARTER
 
Join Date: Nov 2011
Location: amsterdam
Experience: Beginner
10-Nov-2011, 12:12 AM #7
Good Morning,
System is doing fine, maybe a little slower.
I had the problem that I couldn't enter microsoft security essentials, so i've uninstalled it.
I also have a problem entering my server, but that happens on both my computers, so i think it's a router or server problem.
regards,
govert


ComboFix 11-11-09.02 - user 09-11-2011 23:15:12.1.4 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.2036.1048 [GMT 1:00]
Gestart vanuit: c:\users\user\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\{001D130B-A2BA-4325-84CA-FC95136D4ABD}.xps
c:\users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\{05E42E67-A84B-4A3C-88D0-507819716C2A}.xps
c:\users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\{4630D026-2983-452F-BFEF-CBD542478781}.xps
c:\users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\{9DB5666C-56CF-4895-AA8E-8B60057F8816}.xps
c:\users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\{C9567803-447C-4BEC-94DC-61F493219990}.xps
c:\users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\{CD56FCBF-5A74-487C-8061-631406B83CB8}.xps
c:\users\user\AppData\Local\Temp\pdk-user-1720\20252d6e001ae3774b425e81ba09b666\Fcntl.dll
c:\users\user\AppData\Local\Temp\pdk-user-1720\2076671ee5d0a5323570c92c74abac6f\Process.dll
c:\users\user\AppData\Local\Temp\pdk-user-1720\23ae7fb85999872530b5a5d4d67a4f44\Registry.dll
c:\users\user\AppData\Local\Temp\pdk-user-1720\23fe5d76b9491fa255db2281ac7687d5\Service.dll
c:\users\user\AppData\Local\Temp\pdk-user-1720\2d2847f7dd2a1fddd0fdb79d9d64ba93\List.dll
c:\users\user\AppData\Local\Temp\pdk-user-1720\6a834a555edd63cb8706466e7c1666f2\Hostname.dll
c:\users\user\AppData\Local\Temp\pdk-user-1720\7020d50af327e3fc94b98242c307fc81\Cwd.dll
c:\users\user\AppData\Local\Temp\pdk-user-1720\7dd16cc839f33995d1a58e2773aa29b8\WinError.dll
c:\users\user\AppData\Local\Temp\pdk-user-1720\855297e7b4b860331fdbdd53426f5e15\Dumper.dll
c:\users\user\AppData\Local\Temp\pdk-user-1720\86351894c58e4804ca004825fea78bbb\Encode.dll
c:\users\user\AppData\Local\Temp\pdk-user-1720\a7c0cce4e1ac2c1f6d3e71bbe3c9bdd3\Socket.dll
c:\users\user\AppData\Local\Temp\pdk-user-1720\b7b4505cb0a127c242f14d779e410e03\POSIX.dll
c:\users\user\AppData\Local\Temp\pdk-user-1720\c3da4aa4c02db51c7f94d5eaf2438023\OLE.dll
c:\users\user\AppData\Local\Temp\pdk-user-1720\f48694173221cfa9bad4275e2389b498\Win32.dll
c:\users\user\AppData\Local\Temp\pdk-user-1720\perl510.dll
c:\users\user\AppData\Roaming\license3.dll
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-10-09 to 2011-11-09 ))))))))))))))))))))))))))))))
.
.
2011-11-09 22:29 . 2011-11-09 22:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-30 12:03 . 2011-10-30 12:03 110080 ----a-r- c:\users\user\AppData\Roaming\Microsoft\Installer\{1C7CC8E2-CFCF-41E6-A863-7C7A45CE8A78}\IconF7A21AF7.exe
2011-10-30 12:03 . 2011-10-30 12:03 110080 ----a-r- c:\users\user\AppData\Roaming\Microsoft\Installer\{1C7CC8E2-CFCF-41E6-A863-7C7A45CE8A78}\IconD7F16134.exe
2011-10-30 12:03 . 2011-10-30 12:03 110080 ----a-r- c:\users\user\AppData\Roaming\Microsoft\Installer\{1C7CC8E2-CFCF-41E6-A863-7C7A45CE8A78}\IconCF33A0CE.exe
2011-10-30 12:03 . 2011-10-30 12:03 -------- d-----w- C:\sh4ldr
2011-10-30 12:03 . 2011-10-30 12:03 -------- d-----w- c:\program files\Enigma Software Group
2011-10-30 11:59 . 2011-10-30 12:03 -------- d-----w- c:\windows\1C7CC8E2CFCF41E6A8637C7A45CE8A78.TMP
2011-10-30 11:59 . 2011-10-30 11:59 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2011-10-30 08:23 . 2011-10-30 08:23 388096 ----a-r- c:\users\user\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-10-30 08:23 . 2011-10-30 08:23 -------- d-----w- c:\program files\Trend Micro
2011-10-28 18:15 . 2011-10-28 19:30 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-10-28 18:15 . 2011-10-28 18:26 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-10-28 14:50 . 2011-10-28 14:50 -------- d-----w- c:\users\user\AppData\Roaming\Malwarebytes
2011-10-28 14:50 . 2011-10-28 14:50 -------- d-----w- c:\programdata\Malwarebytes
2011-10-28 14:49 . 2011-10-28 14:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-28 14:49 . 2011-08-31 15:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-23 18:51 . 2011-10-26 20:35 -------- d-----w- c:\users\user\AppData\Local\ReadyNASRemote
2011-10-23 18:49 . 2011-05-31 21:37 22848 ----a-w- c:\windows\system32\drivers\fwleaf.sys
2011-10-23 14:03 . 2011-10-23 14:03 -------- d-----w- C:\updates
2011-10-23 13:59 . 2011-10-23 14:03 -------- d-----w- c:\programdata\Squeezebox
2011-10-23 13:59 . 2011-10-23 14:01 -------- d-----w- c:\program files\Squeezebox
2011-10-22 16:42 . 2011-10-22 16:42 -------- d-----w- c:\program files\Makayama Interactive
2011-10-22 07:42 . 2011-10-22 07:42 -------- d-----w- c:\program files\FreeTime
2011-10-22 07:17 . 2011-10-22 07:17 -------- d-----w- C:\OUT_MEDIA_FILES
2011-10-22 07:17 . 2002-07-17 14:23 45056 ----a-w- c:\windows\system32\WNASPI32.DLL
2011-10-22 07:17 . 2002-07-17 14:20 84832 ----a-w- c:\windows\system32\drivers\ASPI32.SYS
2011-10-21 20:29 . 2011-10-22 13:01 -------- d-----w- c:\users\user\AppData\Roaming\Spotify
2011-10-21 20:29 . 2011-10-22 13:00 -------- d-----w- c:\users\user\AppData\Local\Spotify
2011-10-21 19:27 . 2011-10-23 18:48 -------- d-----w- c:\program files\NETGEAR ReadyNAS
2011-10-21 07:49 . 2011-10-21 07:49 -------- d-----w- c:\program files\QuickTime
2011-10-20 15:43 . 2011-02-19 06:30 805376 ----a-w- c:\windows\system32\FntCache.dll
2011-10-20 15:43 . 2011-02-19 06:30 1076736 ----a-w- c:\windows\system32\DWrite.dll
2011-10-20 15:43 . 2011-02-19 06:30 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-10-15 07:06 . 2011-10-15 07:06 -------- d-----w- c:\users\user\AppData\Local\SRS Labs
2011-10-15 07:06 . 2011-10-15 07:06 -------- d-----w- c:\program files\SRS Labs
2011-10-15 07:06 . 2010-09-23 11:24 123008 ------w- c:\windows\system32\CxUSBDock32.exe
2011-10-15 07:06 . 2010-09-23 11:33 190592 ------w- c:\windows\system32\CxAudMsg32.exe
2011-10-15 07:05 . 2011-10-15 07:05 -------- d-----w- c:\windows\system32\SRSLabs
2011-10-15 07:04 . 2010-09-09 14:11 330368 ----a-w- c:\windows\system32\UCI32A63.dll
2011-10-15 07:04 . 2010-07-14 07:56 1743488 ----a-w- c:\windows\system32\CX32PP25.dll
2011-10-15 07:04 . 2010-06-22 11:27 521344 ----a-w- c:\windows\system32\drivers\CHDRT32.sys
2011-10-13 03:52 . 2011-08-17 04:24 465408 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-13 03:52 . 2011-08-17 04:19 75776 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-13 03:52 . 2011-08-27 04:26 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-13 03:52 . 2011-08-27 04:26 233472 ----a-w- c:\windows\system32\oleacc.dll
2011-10-13 03:52 . 2011-09-06 02:28 2334720 ----a-w- c:\windows\system32\win32k.sys
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-10 06:33 . 2011-06-20 17:59 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-09 19:06 . 2011-10-09 19:06 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2011-09-25 15:05 . 2011-09-25 15:05 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup .dll
2011-09-25 15:05 . 2011-09-25 15:05 882496 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\Spotlight Resources.dll
2011-09-03 12:51 . 2011-09-03 12:51 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-09-03 12:51 . 2011-09-03 12:51 161792 ----a-w- c:\windows\system32\msls31.dll
2011-09-03 12:51 . 2011-09-03 12:51 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-09-03 12:51 . 2011-09-03 12:51 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-09-03 12:51 . 2011-09-03 12:51 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-09-03 12:51 . 2011-09-03 12:51 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-09-03 12:51 . 2011-09-03 12:51 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-09-03 12:51 . 2011-09-03 12:51 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-09-03 12:51 . 2011-09-03 12:51 367104 ----a-w- c:\windows\system32\html.iec
2011-09-03 12:51 . 2011-09-03 12:51 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-09-03 12:51 . 2011-09-03 12:51 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-09-03 12:51 . 2011-09-03 12:51 152064 ----a-w- c:\windows\system32\wextract.exe
2011-09-03 12:51 . 2011-09-03 12:51 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-09-03 12:51 . 2011-09-03 12:51 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-09-03 12:51 . 2011-09-03 12:51 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-09-03 12:51 . 2011-09-03 12:51 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-09-03 12:51 . 2011-09-03 12:51 11776 ----a-w- c:\windows\system32\mshta.exe
2011-09-03 12:51 . 2011-09-03 12:51 101888 ----a-w- c:\windows\system32\admparse.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-05-26 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-25 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-25 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-25 150552]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-08-12 1873192]
"Dell Magneto Popup"="c:\program files\STMicroelectronics\Accelerometer-Magnetometer\PopUp_DM.exe" [2010-11-03 111216]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"CnxtCoInstallerDefer"="c:\program files\CONEXANT\PREINSTALL\SETUP4E993818342\setup.exe" [2010-09-09 1223296]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-04-28 307768]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
.
c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
BTGuard Updates.lnk - c:\btguard\settings.exe [2010-6-28 1160192]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Systeempictogram van Squeezebox Server.lnk - c:\program files\Squeezebox\SqueezeTray.exe [2011-10-23 2162775]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R1 MpKsl0a841fb9;MpKsl0a841fb9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FDE06139-4379-4BCF-B461-2E0DE46D00BB}\MpKsl0a841fb9.sys [x]
R1 MpKsl30f9ebb3;MpKsl30f9ebb3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A3F2F095-D6FD-4C78-8701-9F77E60BC3AD}\MpKsl30f9ebb3.sys [x]
R1 MpKsl39b88671;MpKsl39b88671;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{299185C1-E7FB-4D35-BD32-24E0E0042985}\MpKsl39b88671.sys [x]
R1 MpKsl3a3d43fa;MpKsl3a3d43fa;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B2F9D188-2F03-4C83-B53E-1F5445049F4C}\MpKsl3a3d43fa.sys [x]
R1 MpKsl449f1697;MpKsl449f1697;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{63890CD0-60B5-4E2A-BE2C-5D2396864DD7}\MpKsl449f1697.sys [x]
R1 MpKsl55197cb9;MpKsl55197cb9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{62B74F7B-BF3A-4904-BECA-08A356A295AA}\MpKsl55197cb9.sys [x]
R1 MpKsl66a2a486;MpKsl66a2a486;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{93281F5F-1BA1-4953-B6E2-57E43FD7BD4D}\MpKsl66a2a486.sys [x]
R1 MpKsl7b619c06;MpKsl7b619c06;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2A776573-CD4B-4574-AC92-51EC42DE7711}\MpKsl7b619c06.sys [x]
R1 MpKsl8b0c9026;MpKsl8b0c9026;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3170E121-75A8-42FC-A1A5-BE43BFAA8555}\MpKsl8b0c9026.sys [x]
R1 MpKslaa30d8be;MpKslaa30d8be;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{06B5759F-FCA6-41BF-BCB8-E266F0A8BB56}\MpKslaa30d8be.sys [x]
R1 MpKslb61aabd5;MpKslb61aabd5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{62468657-75A8-4D48-8F28-87398E4FA016}\MpKslb61aabd5.sys [x]
R1 MpKslbac233d7;MpKslbac233d7;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{48BFA347-8D9F-4F9F-93C0-087892C312F4}\MpKslbac233d7.sys [x]
R1 MpKslbdfb7049;MpKslbdfb7049;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{ABC7BA99-ED3E-432E-88F3-46EAD9E8AAB5}\MpKslbdfb7049.sys [x]
R1 MpKslbf689fea;MpKslbf689fea;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F0A7196C-ACBF-4CF2-9866-503803D4A02A}\MpKslbf689fea.sys [x]
R1 MpKslc1f3797e;MpKslc1f3797e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BFFAD0CC-FA23-4AF3-AC8A-F8F5F0EC4D7F}\MpKslc1f3797e.sys [x]
R1 MpKsld0115633;MpKsld0115633;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F4D457D2-B816-43FD-9629-1307A6DAA30A}\MpKsld0115633.sys [x]
R1 MpKsld8f64202;MpKsld8f64202;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7A8B7953-BBAD-41CD-9A6B-9F12AE20D8BC}\MpKsld8f64202.sys [x]
R1 MpKslecbb81fc;MpKslecbb81fc;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E3581DB8-F78B-4729-9C41-8967220DD9DD}\MpKslecbb81fc.sys [x]
R1 MpKslf85a474e;MpKslf85a474e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4F8F4726-2DCD-438D-99AB-1186944C6828}\MpKslf85a474e.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-05-26 136176]
R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2002-07-17 84832]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [2011-05-06 13904]
R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-05-26 136176]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-27 1343400]
R3 WPRO_41_1742;WinPcap Packet Driver (WPRO_41_1742);c:\windows\system32\drivers\WPRO_41_1742.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg32.exe [2010-09-23 190592]
S2 CxUSBDock;Conexant USB Audio Dock Service;c:\windows\system32\CxUSBDock32.exe [2010-09-23 123008]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-06-01 2337144]
S3 acpials;ALS-sensorfilter;c:\windows\system32\DRIVERS\acpials.sys [2009-07-13 7680]
S3 Fwleaf;NETGEAR Firewall Driver;c:\windows\system32\DRIVERS\fwleaf.sys [2011-05-31 22848]
S3 leafnets;Leaf Networks Adapter;c:\windows\system32\DRIVERS\leafnets.sys [2011-05-26 55296]
S3 LSM303DLH;STMicroelectronics™ 3-Axis Accelerometer/Magnetometer;c:\windows\system32\DRIVERS\LSM303DLH.sys [2010-09-21 28272]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2010-09-14 577384]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2010-09-14 194408]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2010-09-14 21864]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2010-09-14 19304]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Inhoud van de 'Gedeelde Taken' map
.
2011-11-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-26 19:40]
.
2011-11-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-26 19:40]
.
2011-10-30 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-10-06 20:31]
.
2011-11-09 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-10-06 20:31]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://nu.nl/
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
Handler: leaf - {3c4a8a13-029e-430d-b8c1-46e834d20b31} - c:\windows\System32\mscoree.dll
.
- - - - ORPHANS VERWIJDERD - - - -
.
HKCU-Run-hkmu - c:\users\user\AppData\Roaming\license3.dll
.
.
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\progra~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
c:\windows\SYSTEM32\WISPTIS.EXE
c:\windows\system32\WUDFHost.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\taskhost.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Common Files\microsoft shared\ink\TabTip.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\TeamViewer\Version6\TeamViewer.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\System32\rundll32.exe
c:\windows\system32\conhost.exe
c:\program files\SRS Labs\SRS Premium Sound Control Panel\srspremiumpanel.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
c:\windows\system32\sppsvc.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Voltooingstijd: 2011-11-09 23:38:40 - machine werd herstart
ComboFix-quarantined-files.txt 2011-11-09 22:38
.
Pre-Run: 200.308.060.160 bytes beschikbaar
Post-Run: 200.102.670.336 bytes beschikbaar
.
- - End Of File - - 6E66D50CFF1331E70A6BCA9FF388B151
Larusso's Avatar
Larusso Larusso is offline Larusso is authorized to help remove malware.
Malware Removal Specialist with 808 posts.
 
Join Date: Aug 2011
Location: Austria
Experience: learning every day
11-Nov-2011, 01:35 AM #8
Hy there,

I see no evidence of an AntiVirus program on your system. This must be resolved. Connecting to the Internet without antivirus protection is a "Welcome" doormat for malware.

Here are a few very good free Antivirus products which are available: Select one of these, or another of your choice. Do not install more than one antivirus program because they will conflict with each other. It is imperative that you update your antivirus software at least once a week (even more if you wish). If you do not update your antivirus software then it will not be able to catch new malware that may have come out.

Install, update definitions, and run a full system scan with the Anti-Virus of your choice.



I notice you have Malwarebytes' Anti-Malware installed on your machine. Please launch the program and select the update tab, then click on the check for updates button.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Save it to your desktop.

Note: Malwarebytes' Anti-Malware may require a reboot to complete removals. After a reboot, if required, post that saved log in your next reply.



Please post in your next reply
MBAM Logfile
govert's Avatar
govert govert is offline
Computer Specs
Member with 12 posts.
THREAD STARTER
 
Join Date: Nov 2011
Location: amsterdam
Experience: Beginner
11-Nov-2011, 10:18 AM #9
Hello Daniel,
I already had MSE installed, but for some reason once installed it protects, but i cannot open the menu. that's why i've deinstalled it.
govert
govert's Avatar
govert govert is offline
Computer Specs
Member with 12 posts.
THREAD STARTER
 
Join Date: Nov 2011
Location: amsterdam
Experience: Beginner
11-Nov-2011, 11:00 AM #10
malware found nothing and google works fine at the moment

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Databaseversie: 8139
Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421
11-11-2011 16:43:35
mbam-log-2011-11-11 (16-43-35).txt
Scantype: Snelle scan
Objecten gescand: 161794
Verstreken tijd: 6 minuut/minuten, 2 seconde(n)
Geheugenprocessen ge´nfecteerd: 0
Geheugenmodulen ge´nfecteerd: 0
Registersleutels ge´nfecteerd: 0
Registerwaarden ge´nfecteerd: 0
Registerdata ge´nfecteerd: 0
Mappen ge´nfecteerd: 0
Bestanden ge´nfecteerd: 0
Geheugenprocessen ge´nfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen ge´nfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels ge´nfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registerwaarden ge´nfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registerdata ge´nfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Mappen ge´nfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Bestanden ge´nfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Larusso's Avatar
Larusso Larusso is offline Larusso is authorized to help remove malware.
Malware Removal Specialist with 808 posts.
 
Join Date: Aug 2011
Location: Austria
Experience: learning every day
11-Nov-2011, 12:58 PM #11
Hy there,
how is your system behaving ? Please note any open issues in your next reply



Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
  • Download the latest version of Java Runtime Enviroment ( JRE ) 7 and save it to your desktop.
  • Scroll down to where it says Java SE 7 Update 1
  • Click the red Download JRE button on the right.
  • Read the License Agreement then select Accept License Agreement
  • Click on the link to download Windows x86 Offline and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u1-windows-i586.exe to install the newest version.

After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
  • On the General tab, under Temporary Internet Files, click the Settings button.
  • Next, click on the Delete Files button
  • There are three options in the window to clear the cache - Make sure all are checked
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.



Go here to run an online scanner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked, and the option Scan unwanted applications is checked
  • Click Start
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
  • Copy and paste that log in your next reply.



Please launch DDS
  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt
  • Save both reports to your desktop and post both in your next reply



Please post in your next reply
log.txt
dds.txt
attach.txt
govert's Avatar
govert govert is offline
Computer Specs
Member with 12 posts.
THREAD STARTER
 
Join Date: Nov 2011
Location: amsterdam
Experience: Beginner
12-Nov-2011, 02:20 AM #12
GoodMorning,
-Eset found 2 things but Log is empty????.:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
- I had java but it always failed to update
-everything seems to work fine
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by user at 7:55:15 on 2011-11-12
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.2036.1020 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\CxAudMsg32.exe
C:\Windows\system32\CxUSBDock32.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\TeamViewer\Version6\TeamViewer.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\STMicroelectronics\Accelerometer-Magnetometer\PopUp_DM.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Squeezebox\SqueezeTray.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\taskeng.exe
C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\srspremiumpanel.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\svchost.exe -k SDRSVC
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Program Files\Microsoft Security Client\msseces.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe
C:\Windows\system32\prevhost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://nu.nl/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [Dell Magneto Popup] c:\program files\stmicroelectronics\accelerometer-magnetometer\PopUp_DM.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [CnxtCoInstallerDefer] c:\program files\conexant\preinstall\setup4e993818342\setup.exe -REBOOTED_FROM_NO_ENUM_INSTALL_METHOD=2 -S2 -S3
mRun: [SmartAudio] c:\program files\conexant\saii\SAIICpl.exe /t
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\user\appdata\roaming\micros~1\windows\startm~1\programs\startup\bt guar~1.lnk - c:\btguard\settings.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\systee~1.lnk - c:\program files\squeezebox\SqueezeTray.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxp://support.euro.dell.com/systemprofiler/SysProExe.CAB
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{45CAF88F-358E-4D78-81CF-DC7A283083A0} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{45CAF88F-358E-4D78-81CF-DC7A283083A0}\26167656C637265616E637 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{45CAF88F-358E-4D78-81CF-DC7A283083A0}\27F65747562747A656 : DhcpNameServer = 192.168.1.1
Handler: leaf - {3c4a8a13-029e-430d-b8c1-46e834d20b31} - c:\windows\system32\mscoree.dll
Notify: igfxcui - igfxdev.dll
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R1 MpKsla5ce7ae0;MpKsla5ce7ae0;c:\programdata\microsoft\microsoft antimalware\definition updates\{f4914ece-181c-4b63-bdc7-b54929f0c475}\MpKsla5ce7ae0.sys [2011-11-11 28752]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2010-10-20 821664]
R2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg32.exe [2011-10-15 190592]
R2 CxUSBDock;Conexant USB Audio Dock Service;c:\windows\system32\CxUSBDock32.exe [2011-10-15 123008]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-10-28 366152]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-10-28 1153368]
R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2010-9-14 508264]
R2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\enigma~1\spyhun~1\SH4SER~1.EXE [2011-10-10 736672]
R2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2011-7-5 2337144]
R3 acpials;ALS-sensorfilter;c:\windows\system32\drivers\acpials.sys [2009-7-14 7680]
R3 Fwleaf;NETGEAR Firewall Driver;c:\windows\system32\drivers\fwleaf.sys [2011-10-23 22848]
R3 leafnets;Leaf Networks Adapter;c:\windows\system32\drivers\leafnets.sys [2011-5-26 55296]
R3 LSM303DLH;STMicroelectronics™ 3-Axis Accelerometer/Magnetometer;c:\windows\system32\drivers\LSM303DLH.sys [2011-2-1 28272]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-10-28 22216]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2010-9-14 577384]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2010-9-14 194408]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2010-9-14 21864]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2010-9-14 19304]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2010-9-14 219496]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Updateservice (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-5-26 136176]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2011-10-22 84832]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 esgiguard;esgiguard;c:\program files\enigma software group\spyhunter\esgiguard.sys [2011-5-6 13904]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-6-13 54632]
S3 fsssvc;De service Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 gupdatem;Google Update-service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-5-26 136176]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-23 52224]
S3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\wat\WatAdminSvc.exe [2011-5-29 1343400]
.
=============== Created Last 30 ================
.
2011-11-11 21:43:20 -------- d-----w- c:\program files\ESET
2011-11-11 15:15:23 703824 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{51b68297-124f-4667-b0be-a5b8a5e938b9}\gapaengine.dll
2011-11-11 15:15:23 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{f4914ece-181c-4b63-bdc7-b54929f0c475}\MpKsla5ce7ae0.sys
2011-11-11 15:15:11 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{f4914ece-181c-4b63-bdc7-b54929f0c475}\offreg.dll
2011-11-11 15:15:08 6668624 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{f4914ece-181c-4b63-bdc7-b54929f0c475}\mpengine.dll
2011-11-11 15:14:16 6668624 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{fb5295fd-a972-4acd-abde-8fa6359a5960}\mpengine.dll
2011-11-11 15:13:28 -------- d-----w- c:\program files\Microsoft Security Client
2011-11-11 15:12:48 -------- d-----w- C:\438a6cb23df005e65f250699
2011-11-10 03:07:13 6668624 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll
2011-11-09 22:32:49 -------- d-----w- C:\$RECYCLE.BIN
2011-11-09 22:11:29 256000 ----a-w- c:\windows\PEV.exe
2011-11-09 22:11:29 208896 ----a-w- c:\windows\MBR.exe
2011-11-09 22:11:28 98816 ----a-w- c:\windows\sed.exe
2011-11-09 22:11:28 518144 ----a-w- c:\windows\SWREG.exe
2011-11-09 22:11:13 -------- d-----w- C:\ComboFix
2011-11-09 12:18:00 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 12:17:58 708608 ----a-w- c:\program files\common files\system\wab32.dll
2011-11-09 12:17:55 2341888 ----a-w- c:\windows\system32\win32k.sys
2011-10-30 12:03:09 110080 ----a-r- c:\users\user\appdata\roaming\microsoft\installer\{1c7cc8e2-cfcf-41e6-a863-7c7a45ce8a78}\IconF7A21AF7.exe
2011-10-30 12:03:09 110080 ----a-r- c:\users\user\appdata\roaming\microsoft\installer\{1c7cc8e2-cfcf-41e6-a863-7c7a45ce8a78}\IconD7F16134.exe
2011-10-30 12:03:09 110080 ----a-r- c:\users\user\appdata\roaming\microsoft\installer\{1c7cc8e2-cfcf-41e6-a863-7c7a45ce8a78}\IconCF33A0CE.exe
2011-10-30 12:03:06 -------- d-----w- C:\sh4ldr
2011-10-30 12:03:05 -------- d-----w- c:\program files\Enigma Software Group
2011-10-30 11:59:54 -------- d-----w- c:\windows\1C7CC8E2CFCF41E6A8637C7A45CE8A78.TMP
2011-10-30 11:59:48 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2011-10-30 08:23:18 388096 ----a-r- c:\users\user\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-10-30 08:23:15 -------- d-----w- c:\program files\Trend Micro
2011-10-28 18:15:51 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-10-28 18:15:51 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-10-28 14:50:21 -------- d-----w- c:\users\user\appdata\roaming\Malwarebytes
2011-10-28 14:50:05 -------- d-----w- c:\programdata\Malwarebytes
2011-10-28 14:49:59 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-28 14:49:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-23 18:51:51 -------- d-----w- c:\users\user\appdata\local\ReadyNASRemote
2011-10-23 18:49:31 22848 ----a-w- c:\windows\system32\drivers\fwleaf.sys
2011-10-23 14:03:26 -------- d-----w- C:\updates
2011-10-23 13:59:44 -------- d-----w- c:\programdata\Squeezebox
2011-10-23 13:59:44 -------- d-----w- c:\program files\Squeezebox
2011-10-22 16:42:06 -------- d-----w- c:\program files\Makayama Interactive
2011-10-22 07:42:41 -------- d-----w- c:\program files\FreeTime
2011-10-22 07:17:17 -------- d-----w- C:\OUT_MEDIA_FILES
2011-10-22 07:17:03 84832 ----a-w- c:\windows\system32\drivers\ASPI32.SYS
2011-10-22 07:17:03 45056 ----a-w- c:\windows\system32\WNASPI32.DLL
2011-10-21 20:29:16 -------- d-----w- c:\users\user\appdata\roaming\Spotify
2011-10-21 20:29:16 -------- d-----w- c:\users\user\appdata\local\Spotify
2011-10-21 19:27:48 -------- d-----w- c:\program files\NETGEAR ReadyNAS
2011-10-20 15:43:59 805376 ----a-w- c:\windows\system32\FntCache.dll
2011-10-20 15:43:58 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-10-20 15:43:58 1076736 ----a-w- c:\windows\system32\DWrite.dll
2011-10-15 07:06:57 -------- d-----w- c:\users\user\appdata\local\SRS Labs
2011-10-15 07:06:50 -------- d-----w- c:\program files\SRS Labs
2011-10-15 07:06:26 123008 ------w- c:\windows\system32\CxUSBDock32.exe
2011-10-15 07:06:19 190592 ------w- c:\windows\system32\CxAudMsg32.exe
2011-10-15 07:05:55 -------- d-----w- c:\windows\system32\SRSLabs
2011-10-15 07:04:06 330368 ----a-w- c:\windows\system32\UCI32A63.dll
2011-10-15 07:04:03 521344 ----a-w- c:\windows\system32\drivers\CHDRT32.sys
2011-10-15 07:04:03 1743488 ----a-w- c:\windows\system32\CX32PP25.dll
.
==================== Find3M ====================
.
2011-11-11 21:34:09 544656 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-10 06:33:32 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-01 02:35:59 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-09-01 02:28:15 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-09-01 02:22:54 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-08-27 04:26:27 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-27 04:26:27 233472 ----a-w- c:\windows\system32\oleacc.dll
2011-08-17 04:24:12 465408 ----a-w- c:\windows\system32\psisdecd.dll
2011-08-17 04:19:27 75776 ----a-w- c:\windows\system32\psisrndr.ax
.
============= FINISH: 7:56:32,80 ===============


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by user at 7:55:15 on 2011-11-12
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.2036.1020 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\CxAudMsg32.exe
C:\Windows\system32\CxUSBDock32.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\TeamViewer\Version6\TeamViewer.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\STMicroelectronics\Accelerometer-Magnetometer\PopUp_DM.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Squeezebox\SqueezeTray.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\taskeng.exe
C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\srspremiumpanel.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\svchost.exe -k SDRSVC
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Program Files\Microsoft Security Client\msseces.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe
C:\Windows\system32\prevhost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://nu.nl/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [Dell Magneto Popup] c:\program files\stmicroelectronics\accelerometer-magnetometer\PopUp_DM.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [CnxtCoInstallerDefer] c:\program files\conexant\preinstall\setup4e993818342\setup.exe -REBOOTED_FROM_NO_ENUM_INSTALL_METHOD=2 -S2 -S3
mRun: [SmartAudio] c:\program files\conexant\saii\SAIICpl.exe /t
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\user\appdata\roaming\micros~1\windows\startm~1\programs\startup\bt guar~1.lnk - c:\btguard\settings.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\systee~1.lnk - c:\program files\squeezebox\SqueezeTray.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxp://support.euro.dell.com/systemprofiler/SysProExe.CAB
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{45CAF88F-358E-4D78-81CF-DC7A283083A0} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{45CAF88F-358E-4D78-81CF-DC7A283083A0}\26167656C637265616E637 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{45CAF88F-358E-4D78-81CF-DC7A283083A0}\27F65747562747A656 : DhcpNameServer = 192.168.1.1
Handler: leaf - {3c4a8a13-029e-430d-b8c1-46e834d20b31} - c:\windows\system32\mscoree.dll
Notify: igfxcui - igfxdev.dll
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R1 MpKsla5ce7ae0;MpKsla5ce7ae0;c:\programdata\microsoft\microsoft antimalware\definition updates\{f4914ece-181c-4b63-bdc7-b54929f0c475}\MpKsla5ce7ae0.sys [2011-11-11 28752]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2010-10-20 821664]
R2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg32.exe [2011-10-15 190592]
R2 CxUSBDock;Conexant USB Audio Dock Service;c:\windows\system32\CxUSBDock32.exe [2011-10-15 123008]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-10-28 366152]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-10-28 1153368]
R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2010-9-14 508264]
R2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\enigma~1\spyhun~1\SH4SER~1.EXE [2011-10-10 736672]
R2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2011-7-5 2337144]
R3 acpials;ALS-sensorfilter;c:\windows\system32\drivers\acpials.sys [2009-7-14 7680]
R3 Fwleaf;NETGEAR Firewall Driver;c:\windows\system32\drivers\fwleaf.sys [2011-10-23 22848]
R3 leafnets;Leaf Networks Adapter;c:\windows\system32\drivers\leafnets.sys [2011-5-26 55296]
R3 LSM303DLH;STMicroelectronics™ 3-Axis Accelerometer/Magnetometer;c:\windows\system32\drivers\LSM303DLH.sys [2011-2-1 28272]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-10-28 22216]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2010-9-14 577384]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2010-9-14 194408]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2010-9-14 21864]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2010-9-14 19304]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2010-9-14 219496]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Updateservice (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-5-26 136176]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2011-10-22 84832]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 esgiguard;esgiguard;c:\program files\enigma software group\spyhunter\esgiguard.sys [2011-5-6 13904]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-6-13 54632]
S3 fsssvc;De service Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 gupdatem;Google Update-service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-5-26 136176]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-23 52224]
S3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\wat\WatAdminSvc.exe [2011-5-29 1343400]
.
=============== Created Last 30 ================
.
2011-11-11 21:43:20 -------- d-----w- c:\program files\ESET
2011-11-11 15:15:23 703824 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{51b68297-124f-4667-b0be-a5b8a5e938b9}\gapaengine.dll
2011-11-11 15:15:23 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{f4914ece-181c-4b63-bdc7-b54929f0c475}\MpKsla5ce7ae0.sys
2011-11-11 15:15:11 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{f4914ece-181c-4b63-bdc7-b54929f0c475}\offreg.dll
2011-11-11 15:15:08 6668624 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{f4914ece-181c-4b63-bdc7-b54929f0c475}\mpengine.dll
2011-11-11 15:14:16 6668624 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{fb5295fd-a972-4acd-abde-8fa6359a5960}\mpengine.dll
2011-11-11 15:13:28 -------- d-----w- c:\program files\Microsoft Security Client
2011-11-11 15:12:48 -------- d-----w- C:\438a6cb23df005e65f250699
2011-11-10 03:07:13 6668624 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll
2011-11-09 22:32:49 -------- d-----w- C:\$RECYCLE.BIN
2011-11-09 22:11:29 256000 ----a-w- c:\windows\PEV.exe
2011-11-09 22:11:29 208896 ----a-w- c:\windows\MBR.exe
2011-11-09 22:11:28 98816 ----a-w- c:\windows\sed.exe
2011-11-09 22:11:28 518144 ----a-w- c:\windows\SWREG.exe
2011-11-09 22:11:13 -------- d-----w- C:\ComboFix
2011-11-09 12:18:00 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 12:17:58 708608 ----a-w- c:\program files\common files\system\wab32.dll
2011-11-09 12:17:55 2341888 ----a-w- c:\windows\system32\win32k.sys
2011-10-30 12:03:09 110080 ----a-r- c:\users\user\appdata\roaming\microsoft\installer\{1c7cc8e2-cfcf-41e6-a863-7c7a45ce8a78}\IconF7A21AF7.exe
2011-10-30 12:03:09 110080 ----a-r- c:\users\user\appdata\roaming\microsoft\installer\{1c7cc8e2-cfcf-41e6-a863-7c7a45ce8a78}\IconD7F16134.exe
2011-10-30 12:03:09 110080 ----a-r- c:\users\user\appdata\roaming\microsoft\installer\{1c7cc8e2-cfcf-41e6-a863-7c7a45ce8a78}\IconCF33A0CE.exe
2011-10-30 12:03:06 -------- d-----w- C:\sh4ldr
2011-10-30 12:03:05 -------- d-----w- c:\program files\Enigma Software Group
2011-10-30 11:59:54 -------- d-----w- c:\windows\1C7CC8E2CFCF41E6A8637C7A45CE8A78.TMP
2011-10-30 11:59:48 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2011-10-30 08:23:18 388096 ----a-r- c:\users\user\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-10-30 08:23:15 -------- d-----w- c:\program files\Trend Micro
2011-10-28 18:15:51 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-10-28 18:15:51 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-10-28 14:50:21 -------- d-----w- c:\users\user\appdata\roaming\Malwarebytes
2011-10-28 14:50:05 -------- d-----w- c:\programdata\Malwarebytes
2011-10-28 14:49:59 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-28 14:49:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-23 18:51:51 -------- d-----w- c:\users\user\appdata\local\ReadyNASRemote
2011-10-23 18:49:31 22848 ----a-w- c:\windows\system32\drivers\fwleaf.sys
2011-10-23 14:03:26 -------- d-----w- C:\updates
2011-10-23 13:59:44 -------- d-----w- c:\programdata\Squeezebox
2011-10-23 13:59:44 -------- d-----w- c:\program files\Squeezebox
2011-10-22 16:42:06 -------- d-----w- c:\program files\Makayama Interactive
2011-10-22 07:42:41 -------- d-----w- c:\program files\FreeTime
2011-10-22 07:17:17 -------- d-----w- C:\OUT_MEDIA_FILES
2011-10-22 07:17:03 84832 ----a-w- c:\windows\system32\drivers\ASPI32.SYS
2011-10-22 07:17:03 45056 ----a-w- c:\windows\system32\WNASPI32.DLL
2011-10-21 20:29:16 -------- d-----w- c:\users\user\appdata\roaming\Spotify
2011-10-21 20:29:16 -------- d-----w- c:\users\user\appdata\local\Spotify
2011-10-21 19:27:48 -------- d-----w- c:\program files\NETGEAR ReadyNAS
2011-10-20 15:43:59 805376 ----a-w- c:\windows\system32\FntCache.dll
2011-10-20 15:43:58 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-10-20 15:43:58 1076736 ----a-w- c:\windows\system32\DWrite.dll
2011-10-15 07:06:57 -------- d-----w- c:\users\user\appdata\local\SRS Labs
2011-10-15 07:06:50 -------- d-----w- c:\program files\SRS Labs
2011-10-15 07:06:26 123008 ------w- c:\windows\system32\CxUSBDock32.exe
2011-10-15 07:06:19 190592 ------w- c:\windows\system32\CxAudMsg32.exe
2011-10-15 07:05:55 -------- d-----w- c:\windows\system32\SRSLabs
2011-10-15 07:04:06 330368 ----a-w- c:\windows\system32\UCI32A63.dll
2011-10-15 07:04:03 521344 ----a-w- c:\windows\system32\drivers\CHDRT32.sys
2011-10-15 07:04:03 1743488 ----a-w- c:\windows\system32\CX32PP25.dll
.
==================== Find3M ====================
.
2011-11-11 21:34:09 544656 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-10 06:33:32 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-01 02:35:59 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-09-01 02:28:15 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-09-01 02:22:54 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-08-27 04:26:27 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-27 04:26:27 233472 ----a-w- c:\windows\system32\oleacc.dll
2011-08-17 04:24:12 465408 ----a-w- c:\windows\system32\psisdecd.dll
2011-08-17 04:19:27 75776 ----a-w- c:\windows\system32\psisrndr.ax
.
============= FINISH: 7:56:32,80 ===============
Larusso's Avatar
Larusso Larusso is offline Larusso is authorized to help remove malware.
Malware Removal Specialist with 808 posts.
 
Join Date: Aug 2011
Location: Austria
Experience: learning every day
12-Nov-2011, 11:13 AM #13
Hy,

Can you remember on the filepath of Eset's detections ?
Otherwise I need you to run the Online Scan again and please write down what has been found.


You wrote that the Java Update failed. Can you tell me the exact error message or explain me the problem ?


You posted the dds.txt 2 times instead the attach.txt. If the attach.txt is saved on your desktop, please post its contents here.
If not, you have to re-run DDS.
govert's Avatar
govert govert is offline
Computer Specs
Member with 12 posts.
THREAD STARTER
 
Join Date: Nov 2011
Location: amsterdam
Experience: Beginner
12-Nov-2011, 03:47 PM #14
Hello,

i thought java said something about administrator rights

C:\Qoobox\Quarantine\C\Users\user\AppData\Roaming\license3.dll.vir Win32/Ponmocup.AA trojan
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SPD44D1Q\spirits-snap[1].htm JS/Kryptik.BP trojan


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 24-5-2011 16:50:08
System Uptime: 11-11-2011 16:09:12 (29 hours ago)
.
Motherboard: Dell Inc. | | Inspiron 1090
Processor: Intel(R) Atom(TM) CPU N550 @ 1.50GHz | CPU | 1500/667mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 233 GiB total, 191,667 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKslc1f3797e
Device ID: ROOT\LEGACY_MPKSLC1F3797E\0000
Manufacturer:
Name: MpKslc1f3797e
PNP Device ID: ROOT\LEGACY_MPKSLC1F3797E\0000
Service: MpKslc1f3797e
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl30f9ebb3
Device ID: ROOT\LEGACY_MPKSL30F9EBB3\0000
Manufacturer:
Name: MpKsl30f9ebb3
PNP Device ID: ROOT\LEGACY_MPKSL30F9EBB3\0000
Service: MpKsl30f9ebb3
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsld0115633
Device ID: ROOT\LEGACY_MPKSLD0115633\0000
Manufacturer:
Name: MpKsld0115633
PNP Device ID: ROOT\LEGACY_MPKSLD0115633\0000
Service: MpKsld0115633
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl39b88671
Device ID: ROOT\LEGACY_MPKSL39B88671\0000
Manufacturer:
Name: MpKsl39b88671
PNP Device ID: ROOT\LEGACY_MPKSL39B88671\0000
Service: MpKsl39b88671
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsld8f64202
Device ID: ROOT\LEGACY_MPKSLD8F64202\0000
Manufacturer:
Name: MpKsld8f64202
PNP Device ID: ROOT\LEGACY_MPKSLD8F64202\0000
Service: MpKsld8f64202
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl3a3d43fa
Device ID: ROOT\LEGACY_MPKSL3A3D43FA\0000
Manufacturer:
Name: MpKsl3a3d43fa
PNP Device ID: ROOT\LEGACY_MPKSL3A3D43FA\0000
Service: MpKsl3a3d43fa
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl449f1697
Device ID: ROOT\LEGACY_MPKSL449F1697\0000
Manufacturer:
Name: MpKsl449f1697
PNP Device ID: ROOT\LEGACY_MPKSL449F1697\0000
Service: MpKsl449f1697
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl55197cb9
Device ID: ROOT\LEGACY_MPKSL55197CB9\0000
Manufacturer:
Name: MpKsl55197cb9
PNP Device ID: ROOT\LEGACY_MPKSL55197CB9\0000
Service: MpKsl55197cb9
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKslecbb81fc
Device ID: ROOT\LEGACY_MPKSLECBB81FC\0000
Manufacturer:
Name: MpKslecbb81fc
PNP Device ID: ROOT\LEGACY_MPKSLECBB81FC\0000
Service: MpKslecbb81fc
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl66a2a486
Device ID: ROOT\LEGACY_MPKSL66A2A486\0000
Manufacturer:
Name: MpKsl66a2a486
PNP Device ID: ROOT\LEGACY_MPKSL66A2A486\0000
Service: MpKsl66a2a486
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKslf85a474e
Device ID: ROOT\LEGACY_MPKSLF85A474E\0000
Manufacturer:
Name: MpKslf85a474e
PNP Device ID: ROOT\LEGACY_MPKSLF85A474E\0000
Service: MpKslf85a474e
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl7b619c06
Device ID: ROOT\LEGACY_MPKSL7B619C06\0000
Manufacturer:
Name: MpKsl7b619c06
PNP Device ID: ROOT\LEGACY_MPKSL7B619C06\0000
Service: MpKsl7b619c06
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl8b0c9026
Device ID: ROOT\LEGACY_MPKSL8B0C9026\0000
Manufacturer:
Name: MpKsl8b0c9026
PNP Device ID: ROOT\LEGACY_MPKSL8B0C9026\0000
Service: MpKsl8b0c9026
.
Class GUID: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Description: Generic Bluetooth Adapter
Device ID: USB\VID_0CF3&PID_3002\5&3A195F82&0&2
Manufacturer: GenericAdapter
Name: Generic Bluetooth Adapter
PNP Device ID: USB\VID_0CF3&PID_3002\5&3A195F82&0&2
Service: BTHUSB
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKslaa30d8be
Device ID: ROOT\LEGACY_MPKSLAA30D8BE\0000
Manufacturer:
Name: MpKslaa30d8be
PNP Device ID: ROOT\LEGACY_MPKSLAA30D8BE\0000
Service: MpKslaa30d8be
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKslb61aabd5
Device ID: ROOT\LEGACY_MPKSLB61AABD5\0000
Manufacturer:
Name: MpKslb61aabd5
PNP Device ID: ROOT\LEGACY_MPKSLB61AABD5\0000
Service: MpKslb61aabd5
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Teredo Tunneling-adapter
Device ID: ROOT\*TEREDO\0000
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TEREDO\0000
Service: tunnel
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKslbac233d7
Device ID: ROOT\LEGACY_MPKSLBAC233D7\0000
Manufacturer:
Name: MpKslbac233d7
PNP Device ID: ROOT\LEGACY_MPKSLBAC233D7\0000
Service: MpKslbac233d7
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl0a841fb9
Device ID: ROOT\LEGACY_MPKSL0A841FB9\0000
Manufacturer:
Name: MpKsl0a841fb9
PNP Device ID: ROOT\LEGACY_MPKSL0A841FB9\0000
Service: MpKsl0a841fb9
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKslbdfb7049
Device ID: ROOT\LEGACY_MPKSLBDFB7049\0000
Manufacturer:
Name: MpKslbdfb7049
PNP Device ID: ROOT\LEGACY_MPKSLBDFB7049\0000
Service: MpKslbdfb7049
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKslbf689fea
Device ID: ROOT\LEGACY_MPKSLBF689FEA\0000
Manufacturer:
Name: MpKslbf689fea
PNP Device ID: ROOT\LEGACY_MPKSLBF689FEA\0000
Service: MpKslbf689fea
.
==== System Restore Points ===================
.
RP151: 10-11-2011 3:00:13 - Windows Update
RP152: 11-11-2011 22:29:19 - Removed Java(TM) 6 Update 26
RP153: 11-11-2011 22:33:42 - Installed Java(TM) 7 Update 1
RP154: 12-11-2011 3:00:13 - Windows Update
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
Accelerometer-Magnetometer
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.1) - Nederlands
BTGuard 2.3
CCleaner
CDBurnerXP
Conexant HD Audio
Corel Graphics - Windows Shell Extension
CorelDRAW Graphics Suite X5
CorelDRAW Graphics Suite X5 - Capture
CorelDRAW Graphics Suite X5 - Common
CorelDRAW Graphics Suite X5 - Connect
CorelDRAW Graphics Suite X5 - Custom Data
CorelDRAW Graphics Suite X5 - Draw
CorelDRAW Graphics Suite X5 - EN
CorelDRAW Graphics Suite X5 - Filters
CorelDRAW Graphics Suite X5 - FontNav
CorelDRAW Graphics Suite X5 - IPM
CorelDRAW Graphics Suite X5 - PHOTO-PAINT
CorelDRAW Graphics Suite X5 - Photozoom Plugin
CorelDRAW Graphics Suite X5 - Redist
CorelDRAW Graphics Suite X5 - Setup Files
CorelDRAW Graphics Suite X5 - VBA
CorelDRAW Graphics Suite X5 - VideoBrowser
CorelDRAW Graphics Suite X5 - VSTA
CorelDRAW Graphics Suite X5 - WT
CorelDRAW(R) Graphics Suite X5
CyberLink YouPaint
Dell Driver Download Manager
Dell MusicStage
Dell PhotoStage
Dell Support Center
Dell VideoStage
ESET Online Scanner v3
FormatFactory 2.70
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Hema Fotoalbum
HiJackThis
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
HP Photosmart B109a-m All-in-One Driver 14.0 Rel. 6
Intel(R) Graphics Media Accelerator Driver
Java Auto Updater
Java(TM) 7 Update 1
Junk Mail filter update
K-Lite Codec Pack 5.2.0 (Full)
Kinderopvangtoeslag 2011
Logitech Harmony Remote Software 7
Malwarebytes' Anti-Malware versie 1.51.2.1300
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile NLD Language Pack
Microsoft Antimalware
Microsoft Antimalware Service NL-NL Language Pack
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office Home and Student 2010 - Nederlands
Microsoft Office Klik-en-Klaar 2010
Microsoft Search Enhancement Pack
Microsoft Security Client
Microsoft Security Client NL-NL Language Pack
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Touch Pack for Windows 7
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual Studio Tools for Applications 2.0 - ENU
Microsoft Visual Studio Tools for Applications 2.0 Runtime
Microsoft XNA Framework Redistributable 3.0
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
PS_AIO_06_B109a-m_SW_Min
QuickSet32
RAIDar 4.3.3
ReadyNAS Remote
Remote Control USB Driver
Revo Uninstaller 1.92
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD (KB2478663)
Security Update for Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD (KB2518870)
Spybot - Search & Destroy
SpyHunter
Squeezebox Server 7.6.1
StickyNotes
SUPERAntiSpyware
Synaptics Pointing Device Driver
Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD
TeamViewer 6
Toolbox
TweetDeck
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Video DVD Maker v3.32.0.80
Visual Basic for Applications (R) Core
Visual Basic for Applications (R) Core - English
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Toolbar
Windows Live Writer
.
==== End Of File ===========================
Larusso's Avatar
Larusso Larusso is offline Larusso is authorized to help remove malware.
Malware Removal Specialist with 808 posts.
 
Join Date: Aug 2011
Location: Austria
Experience: learning every day
12-Nov-2011, 08:48 PM #15
Hy there,

One of the detections of Eset is in a quarantine folder of our tools we used and the other one in your temp files which we will delete now.


Please download TFC by OldTimer to your desktop.
  • Close any open windows.
  • Please double-click TFC.exe to run it.
    Vista and Win7 Users: Please right-click on the file and choose Run As Administrator.
  • TFC will close all open programs itself in order to run.
  • Click the Start button to begin the process
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job.
  • Once it's finished it should automatically reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

It's normal after running TFC cleaner that the PC will be slower to boot the first time.



Unless you do not have any open issues, you are good to go
Please follow these last few steps.


Please press the + R Key and Copy/Paste the following single-line command into the Run box and click OK

combofix /uninstall


This will uninstall ComboFix and delete ComboFix's quarantine folder. It will also implement some cleanup procedures, remove old System Restore Points which contain previous infections, and create a fresh, clean System Restore Point.

Please re-enable your antivirus program and any other antispyware programs disabled earlier if you haven't already.

You can safely delete any tools downloaded or any logs, files, and any shortcuts on your desktop that were created during this fix.

Empty your Recycle Bin if it does not do so automatically.



Please delete the following tools we have used.
DDS - Delete the file to remove this tool
TDSSKiller - Delete the folder to remove this tool



Now that you appear to be free from malware lets help you stay that way!

It is vital that you keep your system up to date
  • Please enable Automatic Updates to keep your system up to date.
  • Windows Updates
    • Win XP: Start --> Control Panel and double- click on Automatic Updates.
    • Vista / 7: Start --> Control Panel --> System and Security --> Windows Updates
  • Software Updates
    Your installed Software also can have vulnerabilities that malware can use to infect your system.
    To keep your installed Software up to date I recommend File Hippo.


Anti Virus Software
  • Make sure to have one Anti Virus programme installed and update it on a regular basis. It is useless with out of date definitions.


Additional Protection
  • Malwarebytes Anti Malware
    The freeware Version is an on demand scanner which will check your system for malware. Update it once a week and run a Quick Scan. You can also buy a licence which offers more features.
  • WinPatrol
    WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.


Safer Browsing

Use an alternate browser
Other browsers tend to be more secure than IE as they do not make use of active x objects. Active x objects can be used by spyware as an infection point on your computer.Note: If you use Firefox you may want to have a look on this Add Ons.

Computer Maintenance
Clean out your temp files on a regular basis -I recommend TFC ( Temp File Cleaner ).


Thinking while surfing
There is no software which will protect your system from yourself.
I have included some security related articles that I advise you read through in your own time. These articles will give you tips and advice on preventing infection, and how to stay safe whilst browsing the internet.

If you have any questions kindly ask.


Please respond to this thread one more time and click on the MARK SOLVED Button at the top of your first post.
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


Tags
adultfriendfinder, google, redirect

(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑

Content Relevant URLs by vBSEO 3.3.2