. DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_26 Run by Niels at 22:22:30 on 2011-10-15 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.3069.975 [GMT 2:00] . AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1} SP: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\Acer\Empowering Technology\Service\ETService.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Windows\system32\PnkBstrA.exe C:\Program Files\Acer\Acer VCM\RS_Service.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\vfsFPService.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Acer\Acer Bio Protection\CompPtcVUI.exe C:\Windows\system32\Dwm.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\DllHost.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\rundll32.exe C:\Windows\explorer.exe C:\Program Files\Steam\Steam.exe C:\Program Files\Common Files\Steam\SteamService.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Windows\system32\NOTEPAD.EXE C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0813&s=2&o=vp32&d=0211&m=aspire_8930 uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0813&s=2&o=vp32&d=0211&m=aspire_8930 mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0813&s=2&o=vp32&d=0211&m=aspire_8930 mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0813&s=2&o=vp32&d=0211&m=aspire_8930 uURLSearchHooks: H - No File BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: ShowBarObj Class: {83a2f9b1-01a2-4aa5-87d1-45b6b8505e96} - c:\program files\acer\empowering technology\edatasecurity\x86\ActiveToolBand.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\program files\acer\empowering technology\edatasecurity\x86\eDStoolbar.dll TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File uRun: [ProductReg] "c:\program files\acer\wr_popup\ProductReg.exe" uRun: [Steam] "c:\program files\steam\steam.exe" -silent uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background mRun: [RtHDVCpl] RtHDVCpl.exe mRun: [eAudio] "c:\program files\acer\empowering technology\eaudio\eAudio.exe" mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe mRun: [PLFSetI] c:\windows\PLFSetI.exe mRun: [ZPdtWzdVitaKey MC3000] "c:\program files\acer\acer bio protection\PdtWzd.exe" show mRun: [LManager] c:\program files\launch manager\LManager.exe mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice mRun: [HP CP1020 System Tray] "c:\program files\hp\hp laserjet professional cp1020 series\HPCP1020STRAY.EXE" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [SoftMaths startmenu] "c:\program files\gedesasoft\softmaths2\Menu.exe" mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) mPolicies-system: SoftwareSASGeneration = 1 (0x1) IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xporteren naar Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000 IE: {10954C80-4F0F-11d3-B17C-00C0DFE39736} - c:\program files\acer\acer bio protection\PwdBank.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/nl/uno1/GAME_UNO1.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab TCP: DhcpNameServer = 195.130.130.129 195.130.131.129 TCP: Interfaces\{163C3E8B-3433-49B1-AB34-FA5C194BA61E} : DhcpNameServer = 195.130.130.129 195.130.131.129 TCP: Interfaces\{163C3E8B-3433-49B1-AB34-FA5C194BA61E}\136393 : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{163C3E8B-3433-49B1-AB34-FA5C194BA61E}\75966496F53454 : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{163C3E8B-3433-49B1-AB34-FA5C194BA61E}\75966496F57324 : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{163C3E8B-3433-49B1-AB34-FA5C194BA61E}\D4F6F66726F687 : DhcpNameServer = 192.168.0.10 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL Notify: AWinNotifyVitaKey MC3000 - c:\program files\acer\acer bio protection\WinNotify.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL LSA: Notification Packages = scecli c:\program files\acer\acer bio protection\PwdFilter . ================= FIREFOX =================== . FF - ProfilePath - c:\users\niels\appdata\roaming\mozilla\firefox\profiles\uq5j2qje.default\ FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll FF - plugin: c:\program files\google\picasa3\npPicasa3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll . ============= SERVICES / DRIVERS =============== . R0 AlfaFF;AlfaFF File System mini-filter;c:\windows\system32\drivers\AlfaFF.sys [2011-2-12 43184] R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-2-17 218688] R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128] R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\acer arcade deluxe\playmovie\000.fcl [2011-2-12 61424] R2 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2010-12-21 137144] R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2010-12-21 95384] R2 NTIPPKernel;NTIPPKernel;c:\program files\acer arcade deluxe\homemedia\kernel\dmp\NTIPPKernel.sys [2011-2-12 122368] R3 itecir;ITECIR Infrared Receiver;c:\windows\system32\drivers\itecir.sys [2011-2-12 54784] R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2008-1-14 21632] R3 NETw5s32;Intel(R) Wireless WiFi Link adapter stuurprogramma onder Windows 7 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2009-9-15 6114816] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2011-2-13 64032] R3 vfs101x;vfs101x;c:\windows\system32\drivers\vfs101x.sys [2008-5-26 40752] RUnknown SASKUTIL;SASKUTIL; [x] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888] S3 HPFXBULKLEDM;HPFXBULKLEDM;c:\windows\system32\drivers\hppcbulkio.sys [2011-1-20 20792] S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2009-1-12 85136] S3 netw5v32;Stuurprogramma voor Intel(R) Wireless WiFi Link 5000 Series-adapter 32-bits Windows Vista;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168] S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-9 52224] . =============== Created Last 30 ================ . 2011-10-15 20:13:39 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-10-14 20:18:45 54016 ----a-w- c:\windows\system32\drivers\qmuc.sys 2011-10-14 16:27:20 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{fa3ea1e7-f5af-4d90-a6a3-6f97abf652f7}\offreg.dll 2011-10-14 15:17:15 7269712 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{fa3ea1e7-f5af-4d90-a6a3-6f97abf652f7}\mpengine.dll 2011-10-14 05:49:53 -------- d-----w- c:\users\niels\appdata\local\{7027E086-6312-4333-B445-7E0FD7EEE8B8} 2011-10-14 05:49:31 -------- d-----w- c:\users\niels\appdata\local\{A30FB95B-37EE-4D60-ACE4-F5A8C4D4FEF0} 2011-10-13 17:16:34 -------- d-----w- c:\users\niels\appdata\local\{A4CC0BD4-04EA-4C59-8F86-5569868660D4} 2011-10-13 17:16:20 -------- d-----w- c:\users\niels\appdata\local\{8248B0EE-0CC3-4BF1-B396-5D763DBDC670} 2011-10-12 19:56:05 75776 ----a-w- c:\windows\system32\psisrndr.ax 2011-10-12 19:56:04 465408 ----a-w- c:\windows\system32\psisdecd.dll 2011-10-12 19:56:03 233472 ----a-w- c:\windows\system32\oleacc.dll 2011-10-12 19:56:02 571904 ----a-w- c:\windows\system32\oleaut32.dll 2011-10-12 16:11:36 -------- d-----w- c:\users\niels\appdata\local\{FC45665E-85F7-47AE-B812-B8958DFACA58} 2011-10-12 16:11:14 -------- d-----w- c:\users\niels\appdata\local\{58D45C99-CBAC-45ED-B20E-BC21E0CB33E6} 2011-10-10 16:35:31 -------- d-----w- c:\users\niels\appdata\local\{BF3A6863-415A-48A6-8F5C-B6BE6EC18BC7} 2011-10-10 16:35:03 -------- d-----w- c:\users\niels\appdata\local\{BAB92BEB-1149-4391-A563-7BBD0FD3B504} 2011-10-09 16:38:26 -------- d-----w- c:\users\niels\appdata\local\{34569E67-A094-4ACC-A9C3-28BE93AABA96} 2011-10-09 16:38:03 -------- d-----w- c:\users\niels\appdata\local\{E6570C2D-59CB-41D1-9113-712E9BB1243A} 2011-10-03 17:40:17 -------- d-----w- c:\users\niels\appdata\local\{DAFE633A-4E2B-4A91-B95C-B5518E00FDD1} 2011-10-03 17:15:00 -------- d-----w- c:\users\niels\appdata\local\{2EBDD362-A03A-4292-AA64-BFE0E0741D03} 2011-10-01 15:21:37 -------- d-----w- c:\users\niels\appdata\local\{93DF830F-0FEB-466A-9FD5-9C77C60E4A9F} 2011-09-30 17:53:24 -------- d-----w- c:\users\niels\appdata\local\{4FC3900C-06AF-41DD-993E-1606EE3598BF} 2011-09-30 06:24:11 -------- d-----w- c:\users\niels\appdata\local\{DE09A728-9E22-4A4C-BFE3-BAB8E53096CC} 2011-09-29 07:31:01 -------- d-----w- c:\users\niels\appdata\local\{3594B2D5-0A6C-4C68-9961-85A7DB0F7145} 2011-09-28 18:20:37 -------- d-----w- c:\users\niels\appdata\local\{CF8B7D8D-CC41-4F5B-8FF9-A3F94F14DBBB} 2011-09-28 15:14:51 -------- d-----w- c:\users\niels\appdata\local\{1F75519D-0011-4AE3-9A32-01D35C693D7D} 2011-09-26 18:19:12 -------- d-----w- c:\users\niels\appdata\local\{A254542B-F80A-400C-ADAF-5DDF953524DC} 2011-09-22 17:39:34 -------- d-----w- c:\users\niels\appdata\local\{E838E657-E3AE-44AF-A7FE-E1B55E12A88D} 2011-09-22 17:39:12 -------- d-----w- c:\users\niels\appdata\local\{1C029BBC-4606-425E-8F45-9F6AD8462948} 2011-09-22 05:38:47 -------- d-----w- c:\users\niels\appdata\local\{4DA6D5BD-9B98-4A16-9787-1BDE68F6C706} 2011-09-22 05:38:24 -------- d-----w- c:\users\niels\appdata\local\{334B5549-192D-4C38-AFCC-4BF58FDAB0C7} 2011-09-21 11:07:37 -------- d-----w- c:\users\niels\appdata\local\{4BEC9EEC-1D77-48C3-9327-8D8F5D879674} 2011-09-21 11:07:14 -------- d-----w- c:\users\niels\appdata\local\{56F6565F-141D-460C-9659-714E5AB6BB1C} 2011-09-17 15:43:47 -------- d-----w- c:\users\niels\appdata\local\{3070EC84-13FA-4AB8-AB57-ACCF044B741A} 2011-09-17 15:43:34 -------- d-----w- c:\users\niels\appdata\local\{5E32EC10-1BD7-449B-8BD5-4177F05A0465} 2011-09-16 17:51:15 -------- d-----w- c:\users\niels\appdata\local\{14D6C425-F2D2-4B8C-B08E-4042CF4AAC21} . ==================== Find3M ==================== . 2011-10-10 16:47:03 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-10-01 02:42:56 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2011-09-06 02:28:37 2334720 ----a-w- c:\windows\system32\win32k.sys 2011-08-31 15:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-08-27 16:30:36 499712 ----a-w- c:\windows\system32\msvcp71.dll 2011-08-27 16:30:36 348160 ----a-w- c:\windows\system32\msvcr71.dll 2011-08-20 04:31:05 981504 ----a-w- c:\windows\system32\wininet.dll 2011-08-15 13:06:20 90928 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys 2011-08-15 13:06:20 158512 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys 2011-08-15 13:06:20 116016 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys 2011-08-15 13:06:20 104752 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys 2011-08-15 13:06:12 135472 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll . ============= FINISH: 22:23:39,63 ===============