As far as I know my computer is infected with win64/Sirefef B and win64/Sirefef Y. I tried removing it with Windows Defender Offline which didn't succeed. I do not have a Windows boot CD / install disc.
PS. Ark.txt isn't included in the ZIP file since I'm not running a 32 bit version, I hope I understood this correctly.
DDS (Ver_2012-10-19.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2
Run by T.M. Meijers at 18:47:21 on 2012-10-20
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1033.18.3948.2429 [GMT 2:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.luchtvaartmeteo.nl/
uDefault_Page_URL = hxxp://acer.msn.com
mStart Page = hxxp://acer.msn.com
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [Dolby Advanced Audio v2] "C:\Dolby PCEE4\pcee4.exe" -autostart
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
dRunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid}
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: Interfaces\{26FF0B73-E228-4602-90A3-2B243A65689E} : DHCPNameServer = 7.254.254.254
TCP: Interfaces\{A772CDAF-FA86-4FC2-B6D1-D2A23A2323AD} : NameServer = 192.168.1.1
TCP: Interfaces\{A772CDAF-FA86-4FC2-B6D1-D2A23A2323AD}\2456C6B696E6F574F505C65737F5D494D4F4F5138303137303 : DHCPNameServer = 62.179.104.196 213.46.228.196
TCP: Interfaces\{A772CDAF-FA86-4FC2-B6D1-D2A23A2323AD}\3486279637479616E6560262024456C616E616 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{A772CDAF-FA86-4FC2-B6D1-D2A23A2323AD}\45B2E40277030347 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{A772CDAF-FA86-4FC2-B6D1-D2A23A2323AD}\45F627E61646F6 : DHCPNameServer = 10.0.0.138 192.168.123.254
TCP: Interfaces\{A772CDAF-FA86-4FC2-B6D1-D2A23A2323AD}\A597F507279667164756F5939585B49533 : DHCPNameServer = 192.168.1.254
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
x64-mStart Page = hxxp://acer.msn.com
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\T.M. Meijers\AppData\Roaming\Mozilla\Firefox\Profiles\swhrq7gi.default\
FF - prefs.js: browser.startup.homepage - Sign In
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Users\T.M. Meijers\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2012-09-11 16:08; utools@k3ltic.com; C:\Users\T.M. Meijers\AppData\Roaming\Mozilla\Firefox\Profiles\swhrq7gi.default\extensions\utools@k3ltic.com.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]
R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2012-3-28 28992]
R1 MpKsl39728606;MpKsl39728606;C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D6B26FFF-BCCA-4B07-8629-A465ED3DD287}\MpKsl39728606.sys [2012-10-20 35664]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-4-6 13336]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 128456]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-3-28 2348352]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-6-6 2656280]
R3 b57xdbd;Broadcom xD Picture Bus Driver Service;C:\Windows\System32\drivers\b57xdbd.sys [2011-1-21 67624]
R3 b57xdmp;Broadcom xD Picture vstorp client drv;C:\Windows\System32\drivers\b57xdmp.sys [2011-1-21 19496]
R3 bScsiMSa;bScsiMSa;C:\Windows\System32\drivers\bScsiMSa.sys [2011-1-20 52264]
R3 bScsiSDa;bScsiSDa;C:\Windows\System32\drivers\bScsiSDa.sys [2011-1-14 85544]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-4-6 317440]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2011-1-18 412712]
R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2011-4-6 56344]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);C:\Windows\System32\drivers\tap0901t.sys [2012-9-30 31232]
S1 ayhbnipn;ayhbnipn;C:\Windows\System32\drivers\ayhbnipn.sys [2012-10-20 49872]
S1 glmlyrox;glmlyrox;C:\Windows\System32\drivers\glmlyrox.sys [2012-10-20 49872]
S1 jvuzdcmp;jvuzdcmp;C:\Windows\System32\drivers\jvuzdcmp.sys [2012-10-20 49872]
S1 qamwfjjz;qamwfjjz;C:\Windows\System32\drivers\qamwfjjz.sys [2012-10-20 49872]
S1 rpsglrcb;rpsglrcb;C:\Windows\System32\drivers\rpsglrcb.sys [2012-10-20 49872]
S1 wvygkoca;wvygkoca;C:\Windows\System32\drivers\wvygkoca.sys [2012-10-20 49872]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]
S3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2011-6-2 17864]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-3 115168]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 TunngleService;TunngleService;C:\Program Files (x86)\Tunngle\TnglCtrl.exe [2012-9-30 743320]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-9-24 1255736]
.
=============== Created Last 30 ================
.
2012-10-20 21:20:11 -------- d-----w- C:\Windows\Microsoft Antimalware
2012-10-20 16:24:46 49872 ----a-w- C:\Windows\System32\drivers\jvuzdcmp.sys
2012-10-20 16:24:46 328704 ----a-w- C:\Windows\System32\services.exe.ED10CAF90558A668
2012-10-20 16:10:05 49872 ----a-w- C:\Windows\System32\drivers\ayhbnipn.sys
2012-10-20 16:10:04 328704 ----a-w- C:\Windows\System32\services.exe.67A772EA134E4A2B
2012-10-20 16:07:52 49872 ----a-w- C:\Windows\System32\drivers\qamwfjjz.sys
2012-10-20 16:07:52 328704 ----a-w- C:\Windows\System32\services.exe.DFFA0393FC053F4E
2012-10-20 16:07:28 35664 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D6B26FFF-BCCA-4B07-8629-A465ED3DD287}\MpKsl39728606.sys
2012-10-20 16:07:01 49872 ----a-w- C:\Windows\System32\drivers\glmlyrox.sys
2012-10-20 16:07:01 328704 ----a-w- C:\Windows\System32\services.exe.5103F286783A5043
2012-10-20 16:06:16 49872 ----a-w- C:\Windows\System32\drivers\rpsglrcb.sys
2012-10-20 16:06:16 328704 ----a-w- C:\Windows\System32\services.exe.630A874EDAFD7920
2012-10-20 16:04:11 49872 ----a-w- C:\Windows\System32\drivers\wvygkoca.sys
2012-10-20 16:04:11 328704 ----a-w- C:\Windows\System32\services.exe.8DE28EBD2040637B
2012-10-20 16:04:03 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D6B26FFF-BCCA-4B07-8629-A465ED3DD287}\offreg.dll
2012-10-20 15:57:38 972192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F66340FB-2B7A-4108-9D7C-166F7DD5FF9C}\gapaengine.dll
2012-10-20 15:57:22 9291768 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D6B26FFF-BCCA-4B07-8629-A465ED3DD287}\mpengine.dll
2012-10-20 15:56:14 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-10-20 15:56:08 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-09-30 20:14:39 -------- d-----w- C:\Users\T.M. Meijers\AppData\Roaming\Tunngle
2012-09-30 20:14:39 -------- d-----w- C:\ProgramData\Tunngle
2012-09-30 20:14:38 31232 ----a-w- C:\Windows\System32\drivers\tap0901t.sys
2012-09-30 20:14:37 -------- d-----w- C:\Program Files (x86)\Tunngle
2012-09-24 17:01:05 328704 ----a-w- C:\Windows\System32\services.exe.EF38979C8B9D55B0
2012-09-24 16:54:54 328704 ----a-w- C:\Windows\System32\services.exe.F4EFC570DCA98489
2012-09-24 16:48:47 328704 ----a-w- C:\Windows\System32\services.exe.7A70E597EBDF3142
2012-09-22 09:00:05 -------- d-----w- C:\Users\T.M. Meijers\AppData\Local\SKIDROW
2012-09-22 08:48:02 -------- d-----w- C:\Program Files (x86)\2K Games
2012-09-21 15:57:40 -------- d-----w- C:\Users\T.M. Meijers\AppData\Roaming\mIRC
2012-09-21 15:57:40 -------- d-----w- C:\Program Files (x86)\mIRC
.
==================== Find3M ====================
.
2012-10-09 16:14:10 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-09 16:14:10 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-09-11 14:11:03 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-11 14:11:02 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-09-11 14:11:02 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-09-07 15:04:46 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-08-30 20:03:48 228768 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2012-08-30 20:03:48 128456 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2012-08-07 14:18:24 279656 ------w- C:\Windows\System32\MpSigStub.exe
.
============= FINISH: 18:48:27,85 ===============
PS. Ark.txt isn't included in the ZIP file since I'm not running a 32 bit version, I hope I understood this correctly.
DDS (Ver_2012-10-19.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2
Run by T.M. Meijers at 18:47:21 on 2012-10-20
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1033.18.3948.2429 [GMT 2:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.luchtvaartmeteo.nl/
uDefault_Page_URL = hxxp://acer.msn.com
mStart Page = hxxp://acer.msn.com
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [Dolby Advanced Audio v2] "C:\Dolby PCEE4\pcee4.exe" -autostart
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
dRunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid}
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: Interfaces\{26FF0B73-E228-4602-90A3-2B243A65689E} : DHCPNameServer = 7.254.254.254
TCP: Interfaces\{A772CDAF-FA86-4FC2-B6D1-D2A23A2323AD} : NameServer = 192.168.1.1
TCP: Interfaces\{A772CDAF-FA86-4FC2-B6D1-D2A23A2323AD}\2456C6B696E6F574F505C65737F5D494D4F4F5138303137303 : DHCPNameServer = 62.179.104.196 213.46.228.196
TCP: Interfaces\{A772CDAF-FA86-4FC2-B6D1-D2A23A2323AD}\3486279637479616E6560262024456C616E616 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{A772CDAF-FA86-4FC2-B6D1-D2A23A2323AD}\45B2E40277030347 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{A772CDAF-FA86-4FC2-B6D1-D2A23A2323AD}\45F627E61646F6 : DHCPNameServer = 10.0.0.138 192.168.123.254
TCP: Interfaces\{A772CDAF-FA86-4FC2-B6D1-D2A23A2323AD}\A597F507279667164756F5939585B49533 : DHCPNameServer = 192.168.1.254
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
x64-mStart Page = hxxp://acer.msn.com
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\T.M. Meijers\AppData\Roaming\Mozilla\Firefox\Profiles\swhrq7gi.default\
FF - prefs.js: browser.startup.homepage - Sign In
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Users\T.M. Meijers\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2012-09-11 16:08; utools@k3ltic.com; C:\Users\T.M. Meijers\AppData\Roaming\Mozilla\Firefox\Profiles\swhrq7gi.default\extensions\utools@k3ltic.com.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]
R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2012-3-28 28992]
R1 MpKsl39728606;MpKsl39728606;C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D6B26FFF-BCCA-4B07-8629-A465ED3DD287}\MpKsl39728606.sys [2012-10-20 35664]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-4-6 13336]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 128456]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-3-28 2348352]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-6-6 2656280]
R3 b57xdbd;Broadcom xD Picture Bus Driver Service;C:\Windows\System32\drivers\b57xdbd.sys [2011-1-21 67624]
R3 b57xdmp;Broadcom xD Picture vstorp client drv;C:\Windows\System32\drivers\b57xdmp.sys [2011-1-21 19496]
R3 bScsiMSa;bScsiMSa;C:\Windows\System32\drivers\bScsiMSa.sys [2011-1-20 52264]
R3 bScsiSDa;bScsiSDa;C:\Windows\System32\drivers\bScsiSDa.sys [2011-1-14 85544]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-4-6 317440]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2011-1-18 412712]
R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2011-4-6 56344]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);C:\Windows\System32\drivers\tap0901t.sys [2012-9-30 31232]
S1 ayhbnipn;ayhbnipn;C:\Windows\System32\drivers\ayhbnipn.sys [2012-10-20 49872]
S1 glmlyrox;glmlyrox;C:\Windows\System32\drivers\glmlyrox.sys [2012-10-20 49872]
S1 jvuzdcmp;jvuzdcmp;C:\Windows\System32\drivers\jvuzdcmp.sys [2012-10-20 49872]
S1 qamwfjjz;qamwfjjz;C:\Windows\System32\drivers\qamwfjjz.sys [2012-10-20 49872]
S1 rpsglrcb;rpsglrcb;C:\Windows\System32\drivers\rpsglrcb.sys [2012-10-20 49872]
S1 wvygkoca;wvygkoca;C:\Windows\System32\drivers\wvygkoca.sys [2012-10-20 49872]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]
S3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2011-6-2 17864]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-3 115168]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 TunngleService;TunngleService;C:\Program Files (x86)\Tunngle\TnglCtrl.exe [2012-9-30 743320]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-9-24 1255736]
.
=============== Created Last 30 ================
.
2012-10-20 21:20:11 -------- d-----w- C:\Windows\Microsoft Antimalware
2012-10-20 16:24:46 49872 ----a-w- C:\Windows\System32\drivers\jvuzdcmp.sys
2012-10-20 16:24:46 328704 ----a-w- C:\Windows\System32\services.exe.ED10CAF90558A668
2012-10-20 16:10:05 49872 ----a-w- C:\Windows\System32\drivers\ayhbnipn.sys
2012-10-20 16:10:04 328704 ----a-w- C:\Windows\System32\services.exe.67A772EA134E4A2B
2012-10-20 16:07:52 49872 ----a-w- C:\Windows\System32\drivers\qamwfjjz.sys
2012-10-20 16:07:52 328704 ----a-w- C:\Windows\System32\services.exe.DFFA0393FC053F4E
2012-10-20 16:07:28 35664 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D6B26FFF-BCCA-4B07-8629-A465ED3DD287}\MpKsl39728606.sys
2012-10-20 16:07:01 49872 ----a-w- C:\Windows\System32\drivers\glmlyrox.sys
2012-10-20 16:07:01 328704 ----a-w- C:\Windows\System32\services.exe.5103F286783A5043
2012-10-20 16:06:16 49872 ----a-w- C:\Windows\System32\drivers\rpsglrcb.sys
2012-10-20 16:06:16 328704 ----a-w- C:\Windows\System32\services.exe.630A874EDAFD7920
2012-10-20 16:04:11 49872 ----a-w- C:\Windows\System32\drivers\wvygkoca.sys
2012-10-20 16:04:11 328704 ----a-w- C:\Windows\System32\services.exe.8DE28EBD2040637B
2012-10-20 16:04:03 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D6B26FFF-BCCA-4B07-8629-A465ED3DD287}\offreg.dll
2012-10-20 15:57:38 972192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F66340FB-2B7A-4108-9D7C-166F7DD5FF9C}\gapaengine.dll
2012-10-20 15:57:22 9291768 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D6B26FFF-BCCA-4B07-8629-A465ED3DD287}\mpengine.dll
2012-10-20 15:56:14 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-10-20 15:56:08 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-09-30 20:14:39 -------- d-----w- C:\Users\T.M. Meijers\AppData\Roaming\Tunngle
2012-09-30 20:14:39 -------- d-----w- C:\ProgramData\Tunngle
2012-09-30 20:14:38 31232 ----a-w- C:\Windows\System32\drivers\tap0901t.sys
2012-09-30 20:14:37 -------- d-----w- C:\Program Files (x86)\Tunngle
2012-09-24 17:01:05 328704 ----a-w- C:\Windows\System32\services.exe.EF38979C8B9D55B0
2012-09-24 16:54:54 328704 ----a-w- C:\Windows\System32\services.exe.F4EFC570DCA98489
2012-09-24 16:48:47 328704 ----a-w- C:\Windows\System32\services.exe.7A70E597EBDF3142
2012-09-22 09:00:05 -------- d-----w- C:\Users\T.M. Meijers\AppData\Local\SKIDROW
2012-09-22 08:48:02 -------- d-----w- C:\Program Files (x86)\2K Games
2012-09-21 15:57:40 -------- d-----w- C:\Users\T.M. Meijers\AppData\Roaming\mIRC
2012-09-21 15:57:40 -------- d-----w- C:\Program Files (x86)\mIRC
.
==================== Find3M ====================
.
2012-10-09 16:14:10 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-09 16:14:10 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-09-11 14:11:03 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-11 14:11:02 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-09-11 14:11:02 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-09-07 15:04:46 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-08-30 20:03:48 228768 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2012-08-30 20:03:48 128456 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2012-08-07 14:18:24 279656 ------w- C:\Windows\System32\MpSigStub.exe
.
============= FINISH: 18:48:27,85 ===============