View Full Version : Searchq and/or Nailingsearchsystems.com
Hi, i while back i downloaded (foolishly by accident) ilivid download manager for whatever reason which messed up my firefox, i didn't realise this until much later though.
Searchq was made the homepage, the default search engine in the search bar and in the address bar. I changed these things manually through firefox back to google and removed the toolbar that came with it. Later my search was back to Searchq when you search from the firefox homepage (standard) and through the address bar, the search bar option was added again but was not made the default search engine for that bar.
Last night i started having issues going to some websites, i didn't think much of it, this morning; every time i went to a website it would take a really long time loading and trying to redirect and then it would end up redirecting to random parked domains with ads and nonsense. If the page is refreshed i reach the destination.
I've run Search & Destroy scan and CClean since i started experiencing trouble. That's about it.
Thanks for you help, hopefully we can solve this.
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
Run by Arnhem at 6:09:03 on 2011-10-14
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.61.1033.18.6139.3485 [GMT 2:00]
.
SP: Spybot - Search & Destroy *Enabled/Outdated* {1EAF1D03-5480-F3B2-EB14-11F0F5EE2699}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Tablet\Pen\Pen_TouchService.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\explorer.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe
C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Users\Arnhem\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Net iD\iid.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDRootAlyzer.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\explorer.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.searchqu.com//406
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
uWinlogon: Shell=C:\Users\Arnhem\AppData\Local\c68babac\X
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Web Accessibility Toolbar: {11352a67-0178-46b1-8855-d50b2f81c054} - C:\PROGRA~2\ACCESS~1\ACCESS~1.DLL
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [GameXN (update)] "C:\ProgramData\GameXN\GameXNGO.exe" /u
uRun: [GameXN (news)] "C:\ProgramData\GameXN\GameXNGO.exe" /n
uRun: [ccleaner] "C:\Program Files\CCleaner\CCleaner64.exe" /AUTO
mRun: [<NO NAME>]
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Net iD] "C:\Program Files (x86)\Net iD\iid.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
StartupFolder: C:\Users\Arnhem\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
StartupFolder: C:\Users\Arnhem\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Arnhem\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Arnhem\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: DhcpNameServer = 83.255.245.11 193.150.193.150
TCP: Interfaces\{833F4ED1-7FBC-4DF3-8CC7-6AF12719D1DC} : DhcpNameServer = 83.255.245.11 193.150.193.150
TCP: Interfaces\{D100012C-EB29-45AE-A97E-BFE9EA3FFDB6} : DhcpNameServer = 83.255.245.11 193.150.193.150
TCP: Interfaces\{D100012C-EB29-45AE-A97E-BFE9EA3FFDB6}\2556B64757D6E45445 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{D100012C-EB29-45AE-A97E-BFE9EA3FFDB6}\35B656A71647368696 : DhcpNameServer = 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
AppInit_DLLs:
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Web Accessibility Toolbar: {11352A67-0178-46B1-8855-D50B2F81C054} - C:\PROGRA~2\ACCESS~1\ACCESS~1.DLL
mRun-x64: [(Default)]
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Net iD] "C:\Program Files (x86)\Net iD\iid.exe"
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
AppInit_DLLs-X64:
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Arnhem\AppData\Roaming\Mozilla\Firefox\Profiles\bqyusmwu.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnG=Google+Search&q=
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npiidplg.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 SDHookDriver;Spybot-S&D 2 Hook Driver;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [2011-10-14 48888]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 mi-raysat_3dsmax2011_32;mental ray 3.8 Satellite for Autodesk 3ds Max 2011 32-bit 32-bit;C:\Program Files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe [2010-3-10 86016]
R2 mi-raysat_3dsmax2011_64;mental ray 3.8 Satellite for Autodesk 3ds Max 2011 64-bit 64-bit;C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe [2010-3-10 86016]
R2 SDHookService;Spybot S&D 2 Live Protection Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookSvc.exe [2011-10-14 130976]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2011-10-14 892336]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2011-10-14 955816]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2011-10-14 169624]
R2 TabletServicePen;TabletServicePen;C:\Program Files\Tablet\Pen\Pen_Tablet.exe [2010-11-26 5790064]
R2 TouchServicePen;Wacom Consumer Touch Service;C:\Program Files\Tablet\Pen\Pen_TouchService.exe [2010-11-26 487280]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;C:\Windows\system32\DRIVERS\OA001Ufd.sys --> C:\Windows\system32\DRIVERS\OA001Ufd.sys [?]
R3 OA001Vid;Creative Camera OA001 Function Driver;C:\Windows\system32\DRIVERS\OA001Vid.sys --> C:\Windows\system32\DRIVERS\OA001Vid.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-3-16 1436424]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\system32\DRIVERS\netaapl64.sys --> C:\Windows\system32\DRIVERS\netaapl64.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 wacmoumonitor;Wacom Mode Helper;C:\Windows\system32\DRIVERS\wacmoumonitor.sys --> C:\Windows\system32\DRIVERS\wacmoumonitor.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-10-14 03:08:50 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2011-10-14 03:08:38 17272 ----a-w- C:\Windows\System32\sdnclean64.exe
2011-10-14 03:08:35 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2011-10-13 20:33:32 -------- d-----w- C:\Users\Arnhem\AppData\Local\{C15863C8-C672-46AD-97F8-D577FF18B40F}
2011-10-13 20:32:58 -------- d-----w- C:\Users\Arnhem\AppData\Local\{E4ABF979-C0E5-4DDB-96C0-7ECB92570008}
2011-10-13 15:34:37 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F7864F62-4331-45FE-982A-B4ABA2FA29F1}\offreg.dll
2011-10-13 03:12:11 -------- d-----we C:\Windows\system64
2011-10-13 03:11:07 -------- d-sh--w- C:\Users\Arnhem\AppData\Local\c68babac
2011-10-13 01:25:47 -------- d-----w- C:\Users\Arnhem\AppData\Local\{F60E279F-41FE-4B1C-9258-70D102459A7C}
2011-10-13 01:25:08 -------- d-----w- C:\Users\Arnhem\AppData\Local\{F1BDDAE4-2C4E-4214-A46E-22DB74F8AC14}
2011-10-12 16:21:14 -------- d-----w- C:\Users\Arnhem\AppData\Local\{CEA8F98E-1536-45A8-A87E-151A25DB4B25}
2011-10-12 16:20:50 -------- d-----w- C:\Users\Arnhem\AppData\Local\{70B6F2A3-275B-438A-AAB6-B4BEA9A8B775}
2011-10-12 13:12:45 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
2011-10-12 13:07:58 9049936 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F7864F62-4331-45FE-982A-B4ABA2FA29F1}\mpengine.dll
2011-10-10 12:16:30 -------- d-----w- C:\Users\Arnhem\AppData\Local\{6A0A16FD-54B1-4E48-911C-81F7281C73BA}
2011-10-10 12:15:54 -------- d-----w- C:\Users\Arnhem\AppData\Local\{E6618734-5CEA-4840-A27E-CB8458DA7479}
2011-10-09 17:10:38 -------- d-----w- C:\Users\Arnhem\AppData\Local\{3F5C3F5B-5E25-4B86-90B4-CA5984C216F1}
2011-10-09 17:10:12 -------- d-----w- C:\Users\Arnhem\AppData\Local\{4119DE13-4778-4A50-A0E8-92FBB4CAA079}
2011-10-08 11:19:10 -------- d-----w- C:\Users\Arnhem\AppData\Local\{141915DC-0EAA-4918-91DD-72026851A830}
2011-10-08 11:18:47 -------- d-----w- C:\Users\Arnhem\AppData\Local\{11A75D34-32D4-47BF-8EF1-65AB72B92430}
2011-10-06 16:32:23 -------- d-----w- C:\Users\Arnhem\AppData\Local\{6B5CDBEF-E60E-40EA-B375-D5C5D5D5C022}
2011-10-06 16:32:00 -------- d-----w- C:\Users\Arnhem\AppData\Local\{D0FA8CC2-F669-4EB6-9D37-84C208DF8DB1}
2011-10-05 15:38:29 -------- d-----w- C:\Users\Arnhem\AppData\Local\{BE68F107-987A-41CF-86DE-6C303951F770}
2011-10-05 15:38:04 -------- d-----w- C:\Users\Arnhem\AppData\Local\{1B20D703-E7E5-463E-B8DF-E6E7FDAEBD14}
2011-10-05 01:04:46 -------- d-----w- C:\Users\Arnhem\AppData\Local\{C161C6AA-99FC-417B-B2DA-A73E6BE5C4A0}
2011-10-05 01:04:22 -------- d-----w- C:\Users\Arnhem\AppData\Local\{E77DC846-4CAF-49EF-853C-A42D1EFD734B}
2011-10-03 13:59:29 -------- d-----w- C:\Users\Arnhem\AppData\Local\{BEC77D5A-B595-46F7-9396-2E2867FF9B1B}
2011-10-03 13:59:04 -------- d-----w- C:\Users\Arnhem\AppData\Local\{B2F75C00-DBBB-432F-8080-F9612DC2EC59}
2011-10-02 09:53:39 -------- d-----w- C:\Program Files\CCleaner
2011-10-02 09:47:38 -------- d-----w- C:\Users\Arnhem\AppData\Local\{E42AF2C5-25B3-44E6-84C7-1BC5CFFC33CD}
2011-10-02 09:47:11 -------- d-----w- C:\Users\Arnhem\AppData\Local\{FFC03E53-CD63-45C3-A315-71FBF622AEA6}
2011-10-01 12:19:28 -------- d-----w- C:\Users\Arnhem\AppData\Local\{4DDC42B7-F24C-44D0-AF19-B12D1C43C1DC}
2011-10-01 12:18:52 -------- d-----w- C:\Users\Arnhem\AppData\Local\{A84943AB-A09D-433E-BA1F-B0B2064307C0}
2011-10-01 07:31:43 -------- d-----w- C:\Users\Arnhem\AppData\Local\{748085CF-77D2-46CE-B2D9-1AA9C0E45373}
2011-10-01 07:31:17 -------- d-----w- C:\Users\Arnhem\AppData\Local\{FB33D34F-2E42-454D-A997-7D1EA44E3BC6}
2011-09-30 13:43:31 -------- d-----w- C:\Users\Arnhem\AppData\Local\{A3A6DDFD-B5C6-4E66-AA12-8AA8DA41FB56}
2011-09-30 13:42:57 -------- d-----w- C:\Users\Arnhem\AppData\Local\{FDBAEBE9-A92D-4181-B55C-B683F389C364}
2011-09-30 08:09:07 -------- d-----w- C:\Users\Arnhem\AppData\Local\{661A534F-15EB-4168-9C2E-E899D191CFCA}
2011-09-30 08:08:43 -------- d-----w- C:\Users\Arnhem\AppData\Local\{B3AAB1B3-91B2-470C-A311-F7E3C4D85C00}
2011-09-29 19:51:17 -------- d-----w- C:\Program Files (x86)\AMD APP
2011-09-29 19:51:13 -------- d-----w- C:\Program Files\Common Files\ATI Technologies
2011-09-29 19:51:13 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies
2011-09-29 19:42:31 -------- d-----w- C:\Program Files (x86)\Battlelog Web Plugins
2011-09-29 18:31:37 -------- d-----w- C:\ProgramData\EA Core
2011-09-29 18:30:42 -------- d--h--w- C:\Program Files (x86)\Common Files\EAInstaller
2011-09-29 17:22:54 -------- d-----w- C:\Users\Arnhem\AppData\Roaming\Origin
2011-09-29 17:22:51 -------- d-----w- C:\Users\Arnhem\AppData\Local\Origin
2011-09-29 17:22:39 -------- d-----w- C:\ProgramData\Origin
2011-09-29 17:22:39 -------- d-----w- C:\ProgramData\Electronic Arts
2011-09-29 17:22:39 -------- d-----w- C:\Program Files (x86)\Origin Games
2011-09-29 17:22:27 -------- d-----w- C:\Program Files (x86)\Origin
2011-09-29 16:32:08 -------- d-----w- C:\Users\Arnhem\AppData\Local\{BBC5D151-3D43-4546-8FB5-275F1455AAC6}
2011-09-29 16:31:44 -------- d-----w- C:\Users\Arnhem\AppData\Local\{7060EBAB-9C44-4A31-B3CE-CE8C2AF9CC7D}
2011-09-28 08:32:09 -------- d-----w- C:\Users\Arnhem\AppData\Local\{CC97E64C-E406-485D-95CD-66D0DDE55459}
2011-09-28 08:31:36 -------- d-----w- C:\Users\Arnhem\AppData\Local\{B92BFC83-282F-4E0A-89F4-0B77E027AA46}
2011-09-28 05:56:48 -------- d-----w- C:\Users\Arnhem\AppData\Local\{AF92ACC8-6FA3-4EDF-8EF0-066A343928DA}
2011-09-28 05:56:26 -------- d-----w- C:\Users\Arnhem\AppData\Local\{82B6281D-4E0D-49D9-829F-66448031B576}
2011-09-27 20:06:45 -------- d-----w- C:\Program Files (x86)\Thugs at Bay
2011-09-27 19:35:41 -------- d-----w- C:\Fraps
2011-09-27 18:14:29 -------- d-----w- C:\Users\Arnhem\AppData\Local\{07ACAD1D-82C0-46C2-B6FE-DA18ED46F979}
2011-09-27 18:13:54 -------- d-----w- C:\Users\Arnhem\AppData\Local\{17434ADB-EF68-427E-B23D-C0D4CFE48D49}
2011-09-27 17:40:46 -------- d-----w- C:\UDK
2011-09-27 13:35:04 -------- d-----w- C:\Users\Arnhem\AppData\Local\{60F10B38-643A-4B27-A2C1-C9A0829EB3D4}
2011-09-27 13:34:39 -------- d-----w- C:\Users\Arnhem\AppData\Local\{E3B824C8-8362-4029-B525-25772C959FDD}
2011-09-26 14:23:10 -------- d-----w- C:\Users\Arnhem\AppData\Local\{9C0D7ED4-33F9-4568-B87D-068B840D0488}
2011-09-26 14:22:46 -------- d-----w- C:\Users\Arnhem\AppData\Local\{D80B1AFD-C29D-4709-9A86-8A7B8D8B4906}
2011-09-25 20:46:49 -------- d-----w- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
2011-09-25 19:50:56 -------- d-----w- C:\Users\Arnhem\AppData\Local\CutePDF Writer
2011-09-25 19:50:23 -------- d-----w- C:\Program Files (x86)\GPLGS
2011-09-25 19:48:42 85504 ----a-w- C:\Windows\System32\cpwmon64.dll
2011-09-25 19:48:42 -------- d-----w- C:\Program Files (x86)\Acro Software
2011-09-25 15:34:15 -------- d-----w- C:\Users\Arnhem\AppData\Local\{7E10DD6E-6A13-43FD-AD8A-C56BB87FCCF8}
2011-09-25 15:33:51 -------- d-----w- C:\Users\Arnhem\AppData\Local\{E05D64BB-4B42-45E9-A106-86DFF63D275D}
2011-09-25 14:09:50 -------- d-----w- C:\Users\Arnhem\AppData\Roaming\UBitMenu
2011-09-25 13:59:28 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
2011-09-25 13:58:44 -------- d-----w- C:\Users\Arnhem\AppData\Local\Microsoft Help
2011-09-25 09:34:14 -------- d-----w- C:\Users\Arnhem\AppData\Local\{9FE2D018-2B3D-4568-A1D8-52CAB9288E03}
2011-09-25 09:33:40 -------- d-----w- C:\Users\Arnhem\AppData\Local\{47AF762C-EC7B-4D6C-8E8C-6AA797D4AB89}
2011-09-25 03:47:17 -------- d-----w- C:\Users\Arnhem\AppData\Local\{1DBCA37A-C57B-437A-9094-CF18794EEE1C}
2011-09-25 03:47:02 -------- d-----w- C:\Users\Arnhem\AppData\Local\{072204B6-13F2-47F7-A137-61222C81D13F}
2011-09-23 00:56:40 -------- d-----w- C:\Users\Arnhem\AppData\Local\{E273B139-471D-4C4B-AF49-2FF77B132C5B}
2011-09-23 00:56:17 -------- d-----w- C:\Users\Arnhem\AppData\Local\{C95312FD-8388-4DF1-BA89-396E821DBB62}
2011-09-21 22:19:54 -------- d-----w- C:\Users\Arnhem\AppData\Local\{126677DF-1C24-4093-ADBA-DBF5C000182F}
2011-09-21 22:19:26 -------- d-----w- C:\Users\Arnhem\AppData\Local\{117D4F35-E655-4ACA-8865-168016EA1C8B}
2011-09-21 10:05:49 -------- d-----w- C:\Users\Arnhem\AppData\Local\{097EC7F2-EF06-49AD-B3D1-C0C7DC2CAE76}
2011-09-21 10:05:25 -------- d-----w- C:\Users\Arnhem\AppData\Local\{6B040E85-97AC-4F0E-A3E0-6BF7F7CDFF15}
2011-09-21 02:24:38 -------- d-----w- C:\Users\Arnhem\AppData\Local\{65BAB9A3-5150-4B46-8C77-2A4B26AE412F}
2011-09-21 02:24:03 -------- d-----w- C:\Users\Arnhem\AppData\Local\{539CF775-ACFA-4371-879F-7B6E0A44D83E}
2011-09-20 19:43:03 -------- d-----w- C:\Users\Arnhem\AppData\Local\{9AE85326-FB91-44E9-89A4-C80728857A14}
2011-09-20 19:42:47 -------- d-----w- C:\Users\Arnhem\AppData\Local\{4CF6F820-5953-4299-A930-4F2773899952}
2011-09-20 04:54:48 -------- d-----w- C:\Users\Arnhem\AppData\Local\{D9BAD932-EE65-40E7-BC85-48590B660297}
2011-09-20 04:54:14 -------- d-----w- C:\Users\Arnhem\AppData\Local\{F188A0D7-6AFB-44E1-9C5F-EF83929F4FC8}
2011-09-20 00:58:07 -------- d-----w- C:\Users\Arnhem\AppData\Local\{B63972DC-231D-4FAF-94B3-051295790ED4}
2011-09-20 00:57:34 -------- d-----w- C:\Users\Arnhem\AppData\Local\{EA80F7F3-3729-4CA7-8C39-1BA5984D218F}
2011-09-19 19:17:24 -------- d-----w- C:\Users\Arnhem\AppData\Local\{C5E95953-BE1A-46C7-BF3B-7D85A24638E7}
2011-09-19 19:16:51 -------- d-----w- C:\Users\Arnhem\AppData\Local\{833F29B3-4A8A-4423-9D5F-60E98A484EE6}
2011-09-19 08:00:26 -------- d-----w- C:\Users\Arnhem\AppData\Local\{E1ADE350-7CDF-4DB0-A037-205A1D147996}
2011-09-19 07:59:58 -------- d-----w- C:\Users\Arnhem\AppData\Local\{A0C16307-4563-42AB-9C77-DCAF1AE5CD3F}
2011-09-19 02:04:23 -------- d-----w- C:\Users\Arnhem\AppData\Local\{10A39B66-E3B6-43F1-807D-C92DB866C1F4}
2011-09-19 02:04:01 -------- d-----w- C:\Users\Arnhem\AppData\Local\{0AA02A5D-4943-4DCC-9430-E18AF8049A07}
2011-09-18 15:39:14 -------- d-----w- C:\Users\Arnhem\AppData\Local\{C0307087-D258-4851-A4E2-007DCCE35034}
2011-09-18 15:38:49 -------- d-----w- C:\Users\Arnhem\AppData\Local\{F6FD1AFF-F44D-4FBA-B7F8-444116670692}
2011-09-18 04:04:29 -------- d-----w- C:\Users\Arnhem\AppData\Local\{3F1B9766-0DE1-495C-9BEA-C2D4A31661F0}
2011-09-18 04:04:05 -------- d-----w- C:\Users\Arnhem\AppData\Local\{354F916B-487C-45DC-902F-5BEBE3B6F357}
2011-09-16 15:31:23 -------- d-----w- C:\Users\Arnhem\School Work
2011-09-16 15:28:25 -------- d-----r- C:\Users\Arnhem\At Your Disposal
2011-09-16 14:05:43 -------- d-----w- C:\Users\Arnhem\AppData\Local\{4E480779-62AC-46E0-A762-15C74E736B1B}
2011-09-16 14:05:18 -------- d-----w- C:\Users\Arnhem\AppData\Local\{62916455-C42B-4549-B196-8692A4256612}
2011-09-15 19:17:20 -------- d-----w- C:\Users\Arnhem\AppData\Local\{F826E5C4-2D65-4A2B-9AF5-E7F305692D76}
2011-09-15 19:16:56 -------- d-----w- C:\Users\Arnhem\AppData\Local\{0CB7E0EC-4A87-4DB9-AAEA-2B50EBC8721C}
2011-09-15 01:41:21 -------- d-----w- C:\ProgramData\boost_interprocess
2011-09-14 23:37:56 36864 ----a-w- C:\Windows\SysWow64\SDDEVMGR.dll
2011-09-14 23:37:51 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\ctor.dll
2011-09-14 23:37:51 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\objectps.dll
2011-09-14 23:37:51 225280 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\IScript\IScript.dll
2011-09-14 23:37:51 176128 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\iuser.dll
2011-09-14 23:37:50 212992 ------w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\ILog.dll
2011-09-14 23:36:13 -------- d-----w- C:\Users\Arnhem\AppData\Local\Ilivid Player
2011-09-14 23:36:00 -------- d-----w- C:\Program Files (x86)\iLivid
2011-09-14 23:35:24 -------- d-----w- C:\Users\Arnhem\AppData\Local\PackageAware
2011-09-14 14:07:35 -------- d-----w- C:\Users\Arnhem\AppData\Local\{C254F886-116B-4F3D-AF59-AAEFB52F8619}
2011-09-14 14:07:10 -------- d-----w- C:\Users\Arnhem\AppData\Local\{E31C7D90-3AAA-46FC-92A1-4627DCA8D702}
2011-09-14 09:47:42 60416 ----a-w- C:\Windows\System32\OVDecode64.dll
2011-09-14 09:47:40 53760 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2011-09-14 09:47:10 16652288 ----a-w- C:\Windows\System32\amdocl64.dll
2011-09-14 09:46:58 13625856 ----a-w- C:\Windows\SysWow64\amdocl.dll
2011-09-14 09:38:30 44032 ----a-w- C:\Windows\System32\amdoclcl64.dll
2011-09-14 09:38:28 37376 ----a-w- C:\Windows\SysWow64\amdoclcl.dll
.
==================== Find3M ====================
.
2011-10-01 10:58:08 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2011-10-01 10:58:08 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2011-10-01 10:50:33 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2011-10-01 03:21:20 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-10-01 02:59:14 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-09-29 18:30:09 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2011-09-08 18:27:22 10203648 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2011-09-08 17:59:44 24229376 ----a-w- C:\Windows\System32\atio6axx.dll
2011-09-08 17:39:44 18534912 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2011-09-08 17:34:20 151552 ----a-w- C:\Windows\System32\atiapfxx.exe
2011-09-08 17:34:10 732672 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2011-09-08 17:32:58 862720 ----a-w- C:\Windows\System32\aticfx64.dll
2011-09-08 17:30:38 466944 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2011-09-08 17:30:26 486912 ----a-w- C:\Windows\System32\atieclxx.exe
2011-09-08 17:29:56 204288 ----a-w- C:\Windows\System32\atiesrxx.exe
2011-09-08 17:28:54 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2011-09-08 17:28:38 423424 ----a-w- C:\Windows\System32\atipdl64.dll
2011-09-08 17:28:32 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll
2011-09-08 17:28:22 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll
2011-09-08 17:28:18 21504 ----a-w- C:\Windows\System32\atimuixx.dll
2011-09-08 17:28:14 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2011-09-08 17:28:10 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2011-09-08 17:24:38 4204032 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2011-09-08 17:18:56 1113088 ----a-w- C:\Windows\System32\atiumd6v.dll
2011-09-08 17:18:22 1828864 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
2011-09-08 17:18:08 3888640 ----a-w- C:\Windows\System32\atiumd6a.dll
2011-09-08 17:16:00 4944896 ----a-w- C:\Windows\System32\atidxx64.dll
2011-09-08 17:09:42 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2011-09-08 17:09:40 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2011-09-08 17:09:30 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2011-09-08 17:09:28 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2011-09-08 17:09:18 8723456 ----a-w- C:\Windows\System32\aticaldd64.dll
2011-09-08 17:08:24 4064768 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2011-09-08 17:05:52 7331840 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2011-09-08 17:05:44 4289024 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2011-09-08 17:00:02 5428736 ----a-w- C:\Windows\System32\atiumd64.dll
2011-09-08 16:59:48 58880 ----a-w- C:\Windows\System32\coinst.dll
2011-09-08 16:53:20 381952 ----a-w- C:\Windows\System32\atiadlxx.dll
2011-09-08 16:53:12 270336 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2011-09-08 16:52:58 15360 ----a-w- C:\Windows\System32\atig6pxx.dll
2011-09-08 16:52:56 13312 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2011-09-08 16:52:56 13312 ----a-w- C:\Windows\System32\atiglpxx.dll
2011-09-08 16:52:54 39936 ----a-w- C:\Windows\System32\atig6txx.dll
2011-09-08 16:52:46 32768 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2011-09-08 16:52:40 310784 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2011-09-08 16:52:00 40960 ----a-w- C:\Windows\System32\atiuxp64.dll
2011-09-08 16:51:54 31744 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2011-09-08 16:51:50 38912 ----a-w- C:\Windows\System32\atiu9p64.dll
2011-09-08 16:51:44 29184 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2011-09-08 16:51:12 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2011-09-08 16:51:02 54784 ----a-w- C:\Windows\System32\atimpc64.dll
2011-09-08 16:51:02 54784 ----a-w- C:\Windows\System32\amdpcom64.dll
2011-09-08 16:50:54 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2011-09-08 16:50:54 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2011-09-06 03:07:02 3134976 ----a-w- C:\Windows\System32\win32k.sys
2011-08-27 05:40:28 861184 ----a-w- C:\Windows\System32\oleaut32.dll
2011-08-27 05:40:28 331776 ----a-w- C:\Windows\System32\oleacc.dll
2011-08-27 04:43:07 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-08-27 04:43:06 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2011-08-20 05:45:20 1197568 ----a-w- C:\Windows\System32\wininet.dll
2011-08-20 05:41:16 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2011-08-20 04:38:10 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-08-20 04:35:20 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2011-08-20 04:20:23 482816 ----a-w- C:\Windows\System32\html.iec
2011-08-20 03:26:38 386048 ----a-w- C:\Windows\SysWow64\html.iec
2011-08-17 05:32:24 613888 ----a-w- C:\Windows\System32\psisdecd.dll
2011-08-17 05:27:46 75776 ----a-w- C:\Windows\System32\MSDvbNP.ax
2011-08-17 05:27:46 288256 ----a-w- C:\Windows\System32\MSNP.ax
2011-08-17 05:27:46 108032 ----a-w- C:\Windows\System32\psisrndr.ax
2011-08-17 05:27:46 104960 ----a-w- C:\Windows\System32\Mpeg2Data.ax
2011-08-17 04:26:02 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll
2011-08-17 04:22:23 72704 ----a-w- C:\Windows\SysWow64\Mpeg2Data.ax
2011-08-17 04:22:23 59904 ----a-w- C:\Windows\SysWow64\MSDvbNP.ax
2011-08-17 04:22:23 204288 ----a-w- C:\Windows\SysWow64\MSNP.ax
2011-07-16 05:26:54 362496 ----a-w- C:\Windows\System32\wow64win.dll
2011-07-16 05:26:53 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-07-16 05:26:53 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2011-07-16 05:26:18 214528 ----a-w- C:\Windows\System32\winsrv.dll
2011-07-16 05:24:09 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2011-07-16 05:21:32 422400 ----a-w- C:\Windows\System32\KernelBase.dll
2011-07-16 05:17:46 338432 ----a-w- C:\Windows\System32\conhost.exe
2011-07-16 04:36:09 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-07-16 04:32:14 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-07-16 04:31:50 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-07-16 04:30:29 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-07-16 04:30:27 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
.
============= FINISH: 6:11:02.52 ===============
I just realised something, it's ONLY when i enter sites through a search engine result that it redirects. It does not redirect if i enter the website into the address bar or if i go through my bookmarks or external links from websites.
I thought that detail might be relevant.
Hi,
IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.
µTorrent
I'd like you to read this thread (http://forums.spybot.info/showthread.php?t=282).
Please uninstall the programs listed above (in red). Post fresh dds logs after that.
Read the thread, uninstalled/removed utorrent through windows add/remove.
I seem to be getting even more things now, i just turned my computer on after not using it since i last posted and i'm getting pop ups that are telling me i need to update codecs. They try to resemble windows designs but clearly are not legitimate.
Thanks for your help.
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
Run by Arnhem at 17:49:18 on 2011-10-16
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.61.1033.18.6139.4167 [GMT 2:00]
.
SP: Spybot - Search & Destroy *Enabled/Updated* {1EAF1D03-5480-F3B2-EB14-11F0F5EE2699}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Tablet\Pen\Pen_TouchService.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Windows\explorer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe
C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\ProgramData\gigwnhspvbda\lhrlltbf.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\ProgramData\gigwnhspvbda\SmartGearlhrlltbf.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Users\Arnhem\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Net iD\iid.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wuauclt.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.searchqu.com//406
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
uWinlogon: Shell=C:\Users\Arnhem\AppData\Local\c68babac\X
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Web Accessibility Toolbar: {11352a67-0178-46b1-8855-d50b2f81c054} - C:\PROGRA~2\ACCESS~1\ACCESS~1.DLL
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [GameXN (update)] "C:\ProgramData\GameXN\GameXNGO.exe" /u
uRun: [GameXN (news)] "C:\ProgramData\GameXN\GameXNGO.exe" /n
uRun: [ccleaner] "C:\Program Files\CCleaner\CCleaner64.exe" /AUTO
uRun: [CreoLab] C:\ProgramData\gigwnhspvbda\lhrlltbf.exe
mRun: [<NO NAME>]
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Net iD] "C:\Program Files (x86)\Net iD\iid.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
StartupFolder: C:\Users\Arnhem\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
StartupFolder: C:\Users\Arnhem\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Arnhem\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Arnhem\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: DhcpNameServer = 83.255.245.11 193.150.193.150
TCP: Interfaces\{833F4ED1-7FBC-4DF3-8CC7-6AF12719D1DC} : DhcpNameServer = 83.255.245.11 193.150.193.150
TCP: Interfaces\{D100012C-EB29-45AE-A97E-BFE9EA3FFDB6} : DhcpNameServer = 83.255.245.11 193.150.193.150
TCP: Interfaces\{D100012C-EB29-45AE-A97E-BFE9EA3FFDB6}\2556B64757D6E45445 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{D100012C-EB29-45AE-A97E-BFE9EA3FFDB6}\35B656A71647368696 : DhcpNameServer = 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
AppInit_DLLs:
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Web Accessibility Toolbar: {11352A67-0178-46B1-8855-D50B2F81C054} - C:\PROGRA~2\ACCESS~1\ACCESS~1.DLL
mRun-x64: [(Default)]
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Net iD] "C:\Program Files (x86)\Net iD\iid.exe"
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
AppInit_DLLs-X64:
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
Hosts: 94.228.209.244 www.google-analytics.com.
Hosts: 94.228.209.244 ad-emea.doubleclick.net.
Hosts: 94.228.209.244 www.statcounter.com.
Hosts: 178.250.45.15 www.google-analytics.com.
Hosts: 178.250.45.15 ad-emea.doubleclick.net.
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Arnhem\AppData\Roaming\Mozilla\Firefox\Profiles\bqyusmwu.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnG=Google+Search&q=
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npiidplg.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 SDHookDriver;Spybot-S&D 2 Hook Driver;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [2011-10-14 48888]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 mi-raysat_3dsmax2011_32;mental ray 3.8 Satellite for Autodesk 3ds Max 2011 32-bit 32-bit;C:\Program Files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe [2010-3-10 86016]
R2 mi-raysat_3dsmax2011_64;mental ray 3.8 Satellite for Autodesk 3ds Max 2011 64-bit 64-bit;C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe [2010-3-10 86016]
R2 SDHookService;Spybot S&D 2 Live Protection Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookSvc.exe [2011-10-14 130976]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2011-10-14 892336]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2011-10-14 955816]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2011-10-14 169624]
R2 TabletServicePen;TabletServicePen;C:\Program Files\Tablet\Pen\Pen_Tablet.exe [2010-11-26 5790064]
R2 TouchServicePen;Wacom Consumer Touch Service;C:\Program Files\Tablet\Pen\Pen_TouchService.exe [2010-11-26 487280]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;C:\Windows\system32\DRIVERS\OA001Ufd.sys --> C:\Windows\system32\DRIVERS\OA001Ufd.sys [?]
R3 OA001Vid;Creative Camera OA001 Function Driver;C:\Windows\system32\DRIVERS\OA001Vid.sys --> C:\Windows\system32\DRIVERS\OA001Vid.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-3-16 1436424]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\system32\DRIVERS\netaapl64.sys --> C:\Windows\system32\DRIVERS\netaapl64.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 wacmoumonitor;Wacom Mode Helper;C:\Windows\system32\DRIVERS\wacmoumonitor.sys --> C:\Windows\system32\DRIVERS\wacmoumonitor.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-10-16 15:46:47 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{360F36E1-B921-41AC-88A4-66B60443AF4D}\offreg.dll
2011-10-14 14:06:21 -------- d-----w- C:\ProgramData\gigwnhspvbda
2011-10-14 13:39:34 9049936 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{360F36E1-B921-41AC-88A4-66B60443AF4D}\mpengine.dll
2011-10-14 03:08:50 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2011-10-14 03:08:38 17272 ----a-w- C:\Windows\System32\sdnclean64.exe
2011-10-14 03:08:35 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2011-10-13 20:33:32 -------- d-----w- C:\Users\Arnhem\AppData\Local\{C15863C8-C672-46AD-97F8-D577FF18B40F}
2011-10-13 20:32:58 -------- d-----w- C:\Users\Arnhem\AppData\Local\{E4ABF979-C0E5-4DDB-96C0-7ECB92570008}
2011-10-13 03:12:11 -------- d-----we C:\Windows\system64
2011-10-13 03:11:07 -------- d-sh--w- C:\Users\Arnhem\AppData\Local\c68babac
2011-10-13 01:25:47 -------- d-----w- C:\Users\Arnhem\AppData\Local\{F60E279F-41FE-4B1C-9258-70D102459A7C}
2011-10-13 01:25:08 -------- d-----w- C:\Users\Arnhem\AppData\Local\{F1BDDAE4-2C4E-4214-A46E-22DB74F8AC14}
2011-10-12 16:21:14 -------- d-----w- C:\Users\Arnhem\AppData\Local\{CEA8F98E-1536-45A8-A87E-151A25DB4B25}
2011-10-12 16:20:50 -------- d-----w- C:\Users\Arnhem\AppData\Local\{70B6F2A3-275B-438A-AAB6-B4BEA9A8B775}
2011-10-12 13:12:45 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
2011-10-10 12:16:30 -------- d-----w- C:\Users\Arnhem\AppData\Local\{6A0A16FD-54B1-4E48-911C-81F7281C73BA}
2011-10-10 12:15:54 -------- d-----w- C:\Users\Arnhem\AppData\Local\{E6618734-5CEA-4840-A27E-CB8458DA7479}
2011-10-09 17:10:38 -------- d-----w- C:\Users\Arnhem\AppData\Local\{3F5C3F5B-5E25-4B86-90B4-CA5984C216F1}
2011-10-09 17:10:12 -------- d-----w- C:\Users\Arnhem\AppData\Local\{4119DE13-4778-4A50-A0E8-92FBB4CAA079}
2011-10-08 11:19:10 -------- d-----w- C:\Users\Arnhem\AppData\Local\{141915DC-0EAA-4918-91DD-72026851A830}
2011-10-08 11:18:47 -------- d-----w- C:\Users\Arnhem\AppData\Local\{11A75D34-32D4-47BF-8EF1-65AB72B92430}
2011-10-06 16:32:23 -------- d-----w- C:\Users\Arnhem\AppData\Local\{6B5CDBEF-E60E-40EA-B375-D5C5D5D5C022}
2011-10-06 16:32:00 -------- d-----w- C:\Users\Arnhem\AppData\Local\{D0FA8CC2-F669-4EB6-9D37-84C208DF8DB1}
2011-10-05 15:38:29 -------- d-----w- C:\Users\Arnhem\AppData\Local\{BE68F107-987A-41CF-86DE-6C303951F770}
2011-10-05 15:38:04 -------- d-----w- C:\Users\Arnhem\AppData\Local\{1B20D703-E7E5-463E-B8DF-E6E7FDAEBD14}
2011-10-05 01:04:46 -------- d-----w- C:\Users\Arnhem\AppData\Local\{C161C6AA-99FC-417B-B2DA-A73E6BE5C4A0}
2011-10-05 01:04:22 -------- d-----w- C:\Users\Arnhem\AppData\Local\{E77DC846-4CAF-49EF-853C-A42D1EFD734B}
2011-10-03 13:59:29 -------- d-----w- C:\Users\Arnhem\AppData\Local\{BEC77D5A-B595-46F7-9396-2E2867FF9B1B}
2011-10-03 13:59:04 -------- d-----w- C:\Users\Arnhem\AppData\Local\{B2F75C00-DBBB-432F-8080-F9612DC2EC59}
2011-10-02 09:53:39 -------- d-----w- C:\Program Files\CCleaner
2011-10-02 09:47:38 -------- d-----w- C:\Users\Arnhem\AppData\Local\{E42AF2C5-25B3-44E6-84C7-1BC5CFFC33CD}
2011-10-02 09:47:11 -------- d-----w- C:\Users\Arnhem\AppData\Local\{FFC03E53-CD63-45C3-A315-71FBF622AEA6}
2011-10-01 12:19:28 -------- d-----w- C:\Users\Arnhem\AppData\Local\{4DDC42B7-F24C-44D0-AF19-B12D1C43C1DC}
2011-10-01 12:18:52 -------- d-----w- C:\Users\Arnhem\AppData\Local\{A84943AB-A09D-433E-BA1F-B0B2064307C0}
2011-10-01 07:31:43 -------- d-----w- C:\Users\Arnhem\AppData\Local\{748085CF-77D2-46CE-B2D9-1AA9C0E45373}
2011-10-01 07:31:17 -------- d-----w- C:\Users\Arnhem\AppData\Local\{FB33D34F-2E42-454D-A997-7D1EA44E3BC6}
2011-09-30 13:43:31 -------- d-----w- C:\Users\Arnhem\AppData\Local\{A3A6DDFD-B5C6-4E66-AA12-8AA8DA41FB56}
2011-09-30 13:42:57 -------- d-----w- C:\Users\Arnhem\AppData\Local\{FDBAEBE9-A92D-4181-B55C-B683F389C364}
2011-09-30 08:09:07 -------- d-----w- C:\Users\Arnhem\AppData\Local\{661A534F-15EB-4168-9C2E-E899D191CFCA}
2011-09-30 08:08:43 -------- d-----w- C:\Users\Arnhem\AppData\Local\{B3AAB1B3-91B2-470C-A311-F7E3C4D85C00}
2011-09-29 19:51:17 -------- d-----w- C:\Program Files (x86)\AMD APP
2011-09-29 19:51:13 -------- d-----w- C:\Program Files\Common Files\ATI Technologies
2011-09-29 19:51:13 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies
2011-09-29 19:42:31 -------- d-----w- C:\Program Files (x86)\Battlelog Web Plugins
2011-09-29 18:31:37 -------- d-----w- C:\ProgramData\EA Core
2011-09-29 18:30:42 -------- d--h--w- C:\Program Files (x86)\Common Files\EAInstaller
2011-09-29 17:22:54 -------- d-----w- C:\Users\Arnhem\AppData\Roaming\Origin
2011-09-29 17:22:51 -------- d-----w- C:\Users\Arnhem\AppData\Local\Origin
2011-09-29 17:22:39 -------- d-----w- C:\ProgramData\Origin
2011-09-29 17:22:39 -------- d-----w- C:\ProgramData\Electronic Arts
2011-09-29 17:22:39 -------- d-----w- C:\Program Files (x86)\Origin Games
2011-09-29 17:22:27 -------- d-----w- C:\Program Files (x86)\Origin
2011-09-29 16:32:08 -------- d-----w- C:\Users\Arnhem\AppData\Local\{BBC5D151-3D43-4546-8FB5-275F1455AAC6}
2011-09-29 16:31:44 -------- d-----w- C:\Users\Arnhem\AppData\Local\{7060EBAB-9C44-4A31-B3CE-CE8C2AF9CC7D}
2011-09-28 08:32:09 -------- d-----w- C:\Users\Arnhem\AppData\Local\{CC97E64C-E406-485D-95CD-66D0DDE55459}
2011-09-28 08:31:36 -------- d-----w- C:\Users\Arnhem\AppData\Local\{B92BFC83-282F-4E0A-89F4-0B77E027AA46}
2011-09-28 05:56:48 -------- d-----w- C:\Users\Arnhem\AppData\Local\{AF92ACC8-6FA3-4EDF-8EF0-066A343928DA}
2011-09-28 05:56:26 -------- d-----w- C:\Users\Arnhem\AppData\Local\{82B6281D-4E0D-49D9-829F-66448031B576}
2011-09-27 20:06:45 -------- d-----w- C:\Program Files (x86)\Thugs at Bay
2011-09-27 19:35:41 -------- d-----w- C:\Fraps
2011-09-27 18:14:29 -------- d-----w- C:\Users\Arnhem\AppData\Local\{07ACAD1D-82C0-46C2-B6FE-DA18ED46F979}
2011-09-27 18:13:54 -------- d-----w- C:\Users\Arnhem\AppData\Local\{17434ADB-EF68-427E-B23D-C0D4CFE48D49}
2011-09-27 17:40:46 -------- d-----w- C:\UDK
2011-09-27 13:35:04 -------- d-----w- C:\Users\Arnhem\AppData\Local\{60F10B38-643A-4B27-A2C1-C9A0829EB3D4}
2011-09-27 13:34:39 -------- d-----w- C:\Users\Arnhem\AppData\Local\{E3B824C8-8362-4029-B525-25772C959FDD}
2011-09-26 14:23:10 -------- d-----w- C:\Users\Arnhem\AppData\Local\{9C0D7ED4-33F9-4568-B87D-068B840D0488}
2011-09-26 14:22:46 -------- d-----w- C:\Users\Arnhem\AppData\Local\{D80B1AFD-C29D-4709-9A86-8A7B8D8B4906}
2011-09-25 20:46:49 -------- d-----w- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
2011-09-25 19:50:56 -------- d-----w- C:\Users\Arnhem\AppData\Local\CutePDF Writer
2011-09-25 19:50:23 -------- d-----w- C:\Program Files (x86)\GPLGS
2011-09-25 19:48:42 85504 ----a-w- C:\Windows\System32\cpwmon64.dll
2011-09-25 19:48:42 -------- d-----w- C:\Program Files (x86)\Acro Software
2011-09-25 15:34:15 -------- d-----w- C:\Users\Arnhem\AppData\Local\{7E10DD6E-6A13-43FD-AD8A-C56BB87FCCF8}
2011-09-25 15:33:51 -------- d-----w- C:\Users\Arnhem\AppData\Local\{E05D64BB-4B42-45E9-A106-86DFF63D275D}
2011-09-25 14:09:50 -------- d-----w- C:\Users\Arnhem\AppData\Roaming\UBitMenu
2011-09-25 13:59:28 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
2011-09-25 13:58:44 -------- d-----w- C:\Users\Arnhem\AppData\Local\Microsoft Help
2011-09-25 09:34:14 -------- d-----w- C:\Users\Arnhem\AppData\Local\{9FE2D018-2B3D-4568-A1D8-52CAB9288E03}
2011-09-25 09:33:40 -------- d-----w- C:\Users\Arnhem\AppData\Local\{47AF762C-EC7B-4D6C-8E8C-6AA797D4AB89}
2011-09-25 03:47:17 -------- d-----w- C:\Users\Arnhem\AppData\Local\{1DBCA37A-C57B-437A-9094-CF18794EEE1C}
2011-09-25 03:47:02 -------- d-----w- C:\Users\Arnhem\AppData\Local\{072204B6-13F2-47F7-A137-61222C81D13F}
2011-09-23 00:56:40 -------- d-----w- C:\Users\Arnhem\AppData\Local\{E273B139-471D-4C4B-AF49-2FF77B132C5B}
2011-09-23 00:56:17 -------- d-----w- C:\Users\Arnhem\AppData\Local\{C95312FD-8388-4DF1-BA89-396E821DBB62}
2011-09-21 22:19:54 -------- d-----w- C:\Users\Arnhem\AppData\Local\{126677DF-1C24-4093-ADBA-DBF5C000182F}
2011-09-21 22:19:26 -------- d-----w- C:\Users\Arnhem\AppData\Local\{117D4F35-E655-4ACA-8865-168016EA1C8B}
2011-09-21 10:05:49 -------- d-----w- C:\Users\Arnhem\AppData\Local\{097EC7F2-EF06-49AD-B3D1-C0C7DC2CAE76}
2011-09-21 10:05:25 -------- d-----w- C:\Users\Arnhem\AppData\Local\{6B040E85-97AC-4F0E-A3E0-6BF7F7CDFF15}
2011-09-21 02:24:38 -------- d-----w- C:\Users\Arnhem\AppData\Local\{65BAB9A3-5150-4B46-8C77-2A4B26AE412F}
2011-09-21 02:24:03 -------- d-----w- C:\Users\Arnhem\AppData\Local\{539CF775-ACFA-4371-879F-7B6E0A44D83E}
2011-09-20 19:43:03 -------- d-----w- C:\Users\Arnhem\AppData\Local\{9AE85326-FB91-44E9-89A4-C80728857A14}
2011-09-20 19:42:47 -------- d-----w- C:\Users\Arnhem\AppData\Local\{4CF6F820-5953-4299-A930-4F2773899952}
2011-09-20 04:54:48 -------- d-----w- C:\Users\Arnhem\AppData\Local\{D9BAD932-EE65-40E7-BC85-48590B660297}
2011-09-20 04:54:14 -------- d-----w- C:\Users\Arnhem\AppData\Local\{F188A0D7-6AFB-44E1-9C5F-EF83929F4FC8}
2011-09-20 00:58:07 -------- d-----w- C:\Users\Arnhem\AppData\Local\{B63972DC-231D-4FAF-94B3-051295790ED4}
2011-09-20 00:57:34 -------- d-----w- C:\Users\Arnhem\AppData\Local\{EA80F7F3-3729-4CA7-8C39-1BA5984D218F}
2011-09-19 19:17:24 -------- d-----w- C:\Users\Arnhem\AppData\Local\{C5E95953-BE1A-46C7-BF3B-7D85A24638E7}
2011-09-19 19:16:51 -------- d-----w- C:\Users\Arnhem\AppData\Local\{833F29B3-4A8A-4423-9D5F-60E98A484EE6}
2011-09-19 08:00:26 -------- d-----w- C:\Users\Arnhem\AppData\Local\{E1ADE350-7CDF-4DB0-A037-205A1D147996}
2011-09-19 07:59:58 -------- d-----w- C:\Users\Arnhem\AppData\Local\{A0C16307-4563-42AB-9C77-DCAF1AE5CD3F}
2011-09-19 02:04:23 -------- d-----w- C:\Users\Arnhem\AppData\Local\{10A39B66-E3B6-43F1-807D-C92DB866C1F4}
2011-09-19 02:04:01 -------- d-----w- C:\Users\Arnhem\AppData\Local\{0AA02A5D-4943-4DCC-9430-E18AF8049A07}
2011-09-18 15:39:14 -------- d-----w- C:\Users\Arnhem\AppData\Local\{C0307087-D258-4851-A4E2-007DCCE35034}
2011-09-18 15:38:49 -------- d-----w- C:\Users\Arnhem\AppData\Local\{F6FD1AFF-F44D-4FBA-B7F8-444116670692}
2011-09-18 04:04:29 -------- d-----w- C:\Users\Arnhem\AppData\Local\{3F1B9766-0DE1-495C-9BEA-C2D4A31661F0}
2011-09-18 04:04:05 -------- d-----w- C:\Users\Arnhem\AppData\Local\{354F916B-487C-45DC-902F-5BEBE3B6F357}
.
==================== Find3M ====================
.
2011-10-01 10:58:08 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2011-10-01 10:58:08 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2011-10-01 10:50:33 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2011-10-01 03:21:20 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-10-01 02:59:14 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-09-29 18:30:09 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2011-09-14 09:47:42 60416 ----a-w- C:\Windows\System32\OVDecode64.dll
2011-09-14 09:47:40 53760 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2011-09-14 09:47:10 16652288 ----a-w- C:\Windows\System32\amdocl64.dll
2011-09-14 09:46:58 13625856 ----a-w- C:\Windows\SysWow64\amdocl.dll
2011-09-14 09:38:30 44032 ----a-w- C:\Windows\System32\amdoclcl64.dll
2011-09-14 09:38:28 37376 ----a-w- C:\Windows\SysWow64\amdoclcl.dll
2011-09-08 18:27:22 10203648 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2011-09-08 17:59:44 24229376 ----a-w- C:\Windows\System32\atio6axx.dll
2011-09-08 17:39:44 18534912 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2011-09-08 17:34:20 151552 ----a-w- C:\Windows\System32\atiapfxx.exe
2011-09-08 17:34:10 732672 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2011-09-08 17:32:58 862720 ----a-w- C:\Windows\System32\aticfx64.dll
2011-09-08 17:30:38 466944 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2011-09-08 17:30:26 486912 ----a-w- C:\Windows\System32\atieclxx.exe
2011-09-08 17:29:56 204288 ----a-w- C:\Windows\System32\atiesrxx.exe
2011-09-08 17:28:54 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2011-09-08 17:28:38 423424 ----a-w- C:\Windows\System32\atipdl64.dll
2011-09-08 17:28:32 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll
2011-09-08 17:28:22 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll
2011-09-08 17:28:18 21504 ----a-w- C:\Windows\System32\atimuixx.dll
2011-09-08 17:28:14 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2011-09-08 17:28:10 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2011-09-08 17:24:38 4204032 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2011-09-08 17:18:56 1113088 ----a-w- C:\Windows\System32\atiumd6v.dll
2011-09-08 17:18:22 1828864 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
2011-09-08 17:18:08 3888640 ----a-w- C:\Windows\System32\atiumd6a.dll
2011-09-08 17:16:00 4944896 ----a-w- C:\Windows\System32\atidxx64.dll
2011-09-08 17:09:42 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2011-09-08 17:09:40 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2011-09-08 17:09:30 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2011-09-08 17:09:28 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2011-09-08 17:09:18 8723456 ----a-w- C:\Windows\System32\aticaldd64.dll
2011-09-08 17:08:24 4064768 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2011-09-08 17:05:52 7331840 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2011-09-08 17:05:44 4289024 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2011-09-08 17:00:02 5428736 ----a-w- C:\Windows\System32\atiumd64.dll
2011-09-08 16:59:48 58880 ----a-w- C:\Windows\System32\coinst.dll
2011-09-08 16:53:20 381952 ----a-w- C:\Windows\System32\atiadlxx.dll
2011-09-08 16:53:12 270336 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2011-09-08 16:52:58 15360 ----a-w- C:\Windows\System32\atig6pxx.dll
2011-09-08 16:52:56 13312 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2011-09-08 16:52:56 13312 ----a-w- C:\Windows\System32\atiglpxx.dll
2011-09-08 16:52:54 39936 ----a-w- C:\Windows\System32\atig6txx.dll
2011-09-08 16:52:46 32768 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2011-09-08 16:52:40 310784 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2011-09-08 16:52:00 40960 ----a-w- C:\Windows\System32\atiuxp64.dll
2011-09-08 16:51:54 31744 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2011-09-08 16:51:50 38912 ----a-w- C:\Windows\System32\atiu9p64.dll
2011-09-08 16:51:44 29184 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2011-09-08 16:51:12 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2011-09-08 16:51:02 54784 ----a-w- C:\Windows\System32\atimpc64.dll
2011-09-08 16:51:02 54784 ----a-w- C:\Windows\System32\amdpcom64.dll
2011-09-08 16:50:54 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2011-09-08 16:50:54 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2011-09-06 03:07:02 3134976 ----a-w- C:\Windows\System32\win32k.sys
2011-08-27 05:40:28 861184 ----a-w- C:\Windows\System32\oleaut32.dll
2011-08-27 05:40:28 331776 ----a-w- C:\Windows\System32\oleacc.dll
2011-08-27 04:43:07 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-08-27 04:43:06 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2011-08-20 05:45:20 1197568 ----a-w- C:\Windows\System32\wininet.dll
2011-08-20 05:41:16 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2011-08-20 04:38:10 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-08-20 04:35:20 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2011-08-20 04:20:23 482816 ----a-w- C:\Windows\System32\html.iec
2011-08-20 03:26:38 386048 ----a-w- C:\Windows\SysWow64\html.iec
2011-08-17 05:32:24 613888 ----a-w- C:\Windows\System32\psisdecd.dll
2011-08-17 05:27:46 75776 ----a-w- C:\Windows\System32\MSDvbNP.ax
2011-08-17 05:27:46 288256 ----a-w- C:\Windows\System32\MSNP.ax
2011-08-17 05:27:46 108032 ----a-w- C:\Windows\System32\psisrndr.ax
2011-08-17 05:27:46 104960 ----a-w- C:\Windows\System32\Mpeg2Data.ax
2011-08-17 04:26:02 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll
2011-08-17 04:22:23 72704 ----a-w- C:\Windows\SysWow64\Mpeg2Data.ax
2011-08-17 04:22:23 59904 ----a-w- C:\Windows\SysWow64\MSDvbNP.ax
2011-08-17 04:22:23 204288 ----a-w- C:\Windows\SysWow64\MSNP.ax
.
============= FINISH: 17:52:33.29 ===============
In the attachment is an example of what pops up every now and again.
Hi
Please visit this webpage for download links, and instructions for running ComboFix tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Please ensure you read this guide carefully first.
Please continue as follows:
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link (http://www.bleepingcomputer.com/forums/topic114351.html)
Remember to re-enable them afterwards.
Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.
Please include the following reports for further review, and so we may continue cleansing the system:
C:\ComboFix.txt
New dds log.
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
Here is the log that it produced, i've also attached it if you find that to be easier to read. (it's the same log)
ComboFix 11-10-16.03 - Arnhem 17/10/2011 10:18:42.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.61.1033.18.6139.4297 [GMT 2:00]
Running from: c:\users\Arnhem\Desktop\ComboFix.exe
SP: Spybot - Search & Destroy *Disabled/Updated* {1EAF1D03-5480-F3B2-EB14-11F0F5EE2699}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\windows\assembly\tmp\U
c:\windows\assembly\tmp\U\000000c0.@
c:\windows\assembly\tmp\U\000000cb.@
c:\windows\assembly\tmp\U\000000cf.@
c:\windows\assembly\tmp\U\80000000.@
c:\windows\assembly\tmp\U\800000c0.@
c:\windows\assembly\tmp\U\800000cb.@
c:\windows\assembly\tmp\U\800000cf.@
c:\windows\system32\consrv.dll
c:\windows\System64
.
.
((((((((((((((((((((((((( Files Created from 2011-09-17 to 2011-10-17 )))))))))))))))))))))))))))))))
.
.
2011-10-14 13:39 . 2011-09-13 00:26 9049936 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{360F36E1-B921-41AC-88A4-66B60443AF4D}\mpengine.dll
2011-10-14 04:06 . 2011-10-14 04:06 -------- d-----w- c:\program files (x86)\ERUNT
2011-10-14 03:08 . 2011-10-17 08:12 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-10-14 03:08 . 2009-01-25 11:14 17272 ----a-w- c:\windows\system32\sdnclean64.exe
2011-10-14 03:08 . 2011-10-14 03:08 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2011-10-13 03:11 . 2011-10-13 03:11 -------- d-sh--w- c:\users\Arnhem\AppData\Local\c68babac
2011-10-12 13:12 . 2011-08-17 05:32 613888 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-02 09:53 . 2011-10-02 09:53 -------- d-----w- c:\program files\CCleaner
2011-09-29 19:51 . 2011-09-29 19:51 -------- d-----w- c:\programdata\ATI
2011-09-29 19:51 . 2011-09-29 19:51 -------- d-----w- c:\program files (x86)\AMD APP
2011-09-29 19:51 . 2011-09-29 19:51 -------- d-----w- c:\program files\Common Files\ATI Technologies
2011-09-29 19:51 . 2011-09-29 19:51 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2011-09-29 19:42 . 2011-09-29 19:42 -------- d-----w- c:\program files (x86)\Battlelog Web Plugins
2011-09-29 18:31 . 2011-09-29 18:31 -------- d-----w- c:\programdata\EA Core
2011-09-29 18:30 . 2011-09-29 18:30 -------- d--h--w- c:\program files (x86)\Common Files\EAInstaller
2011-09-29 17:22 . 2011-09-29 17:22 -------- d-----w- c:\users\Arnhem\AppData\Roaming\Origin
2011-09-29 17:22 . 2011-09-29 17:22 -------- d-----w- c:\users\Arnhem\AppData\Local\Origin
2011-09-29 17:22 . 2011-09-29 18:31 -------- d-----w- c:\programdata\Electronic Arts
2011-09-29 17:22 . 2011-09-29 18:31 -------- d-----w- c:\programdata\Origin
2011-09-29 17:22 . 2011-09-29 17:24 -------- d-----w- c:\program files (x86)\Origin Games
2011-09-29 17:22 . 2011-09-29 17:22 -------- d-----w- c:\program files (x86)\Origin
2011-09-27 20:06 . 2011-09-27 20:06 -------- d-----w- c:\program files (x86)\Thugs at Bay
2011-09-27 19:35 . 2011-09-27 19:35 -------- d-----w- C:\Fraps
2011-09-27 17:40 . 2011-09-27 17:40 -------- d-----w- C:\UDK
2011-09-25 20:46 . 2011-09-25 20:46 -------- d-----w- c:\program files (x86)\Microsoft CAPICOM 2.1.0.2
2011-09-25 20:41 . 2011-09-25 20:41 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2011-09-25 19:50 . 2011-10-16 21:15 -------- d-----w- c:\users\Arnhem\AppData\Local\CutePDF Writer
2011-09-25 19:50 . 2011-09-25 19:50 -------- d-----w- c:\program files (x86)\GPLGS
2011-09-25 19:48 . 2011-09-25 19:48 -------- d-----w- c:\program files (x86)\Acro Software
2011-09-25 19:48 . 2009-11-05 06:40 85504 ----a-w- c:\windows\system32\cpwmon64.dll
2011-09-25 14:09 . 2011-09-25 14:09 -------- d-----w- c:\users\Arnhem\AppData\Roaming\UBitMenu
2011-09-25 14:02 . 2011-09-25 20:44 -------- d-----w- c:\program files (x86)\Microsoft Works
2011-09-25 13:59 . 2011-09-25 13:59 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2011-09-25 13:58 . 2011-09-25 13:58 -------- d-----w- c:\users\Arnhem\AppData\Local\Microsoft Help
2011-09-25 13:58 . 2011-10-13 01:01 -------- d-----w- c:\programdata\Microsoft Help
2011-09-25 13:56 . 2011-09-25 13:56 -------- d-----r- C:\MSOCache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-01 10:58 . 2011-07-03 23:59 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-10-01 10:58 . 2011-05-14 02:49 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-10-01 10:50 . 2011-05-14 02:49 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2011-09-29 18:30 . 2011-05-14 02:49 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-09-14 09:47 . 2011-09-14 09:47 60416 ----a-w- c:\windows\system32\OVDecode64.dll
2011-09-14 09:47 . 2011-09-14 09:47 53760 ----a-w- c:\windows\SysWow64\OVDecode.dll
2011-09-14 09:47 . 2011-09-14 09:47 16652288 ----a-w- c:\windows\system32\amdocl64.dll
2011-09-14 09:46 . 2011-09-14 09:46 13625856 ----a-w- c:\windows\SysWow64\amdocl.dll
2011-09-14 09:38 . 2011-09-14 09:38 44032 ----a-w- c:\windows\system32\amdoclcl64.dll
2011-09-14 09:38 . 2011-09-14 09:38 37376 ----a-w- c:\windows\SysWow64\amdoclcl.dll
2011-09-08 18:27 . 2011-09-08 18:27 10203648 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-09-08 17:59 . 2011-09-08 17:59 24229376 ----a-w- c:\windows\system32\atio6axx.dll
2011-09-08 17:39 . 2011-09-08 17:39 18534912 ----a-w- c:\windows\SysWow64\atioglxx.dll
2011-09-08 17:34 . 2011-09-08 17:34 151552 ----a-w- c:\windows\system32\atiapfxx.exe
2011-09-08 17:34 . 2011-05-25 03:07 732672 ----a-w- c:\windows\SysWow64\aticfx32.dll
2011-09-08 17:32 . 2011-05-25 03:06 862720 ----a-w- c:\windows\system32\aticfx64.dll
2011-09-08 17:30 . 2011-05-25 03:04 466944 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-09-08 17:30 . 2011-09-08 17:30 486912 ----a-w- c:\windows\system32\atieclxx.exe
2011-09-08 17:29 . 2011-09-08 17:29 204288 ----a-w- c:\windows\system32\atiesrxx.exe
2011-09-08 17:28 . 2011-09-08 17:28 120320 ----a-w- c:\windows\system32\atitmm64.dll
2011-09-08 17:28 . 2011-05-25 03:02 423424 ----a-w- c:\windows\system32\atipdl64.dll
2011-09-08 17:28 . 2011-09-08 17:28 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll
2011-09-08 17:28 . 2011-09-08 17:28 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
2011-09-08 17:28 . 2011-09-08 17:28 21504 ----a-w- c:\windows\system32\atimuixx.dll
2011-09-08 17:28 . 2011-09-08 17:28 59392 ----a-w- c:\windows\system32\atiedu64.dll
2011-09-08 17:28 . 2011-09-08 17:28 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2011-09-08 17:24 . 2011-05-25 02:58 4204032 ----a-w- c:\windows\SysWow64\atidxx32.dll
2011-09-08 17:18 . 2011-09-08 17:18 1113088 ----a-w- c:\windows\system32\atiumd6v.dll
2011-09-08 17:18 . 2011-09-08 17:18 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2011-09-08 17:18 . 2011-05-25 02:59 3888640 ----a-w- c:\windows\system32\atiumd6a.dll
2011-09-08 17:16 . 2009-07-13 21:59 4944896 ----a-w- c:\windows\system32\atidxx64.dll
2011-09-08 17:09 . 2011-09-08 17:09 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2011-09-08 17:09 . 2011-09-08 17:09 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2011-09-08 17:09 . 2011-09-08 17:09 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2011-09-08 17:09 . 2011-09-08 17:09 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2011-09-08 17:09 . 2011-09-08 17:09 8723456 ----a-w- c:\windows\system32\aticaldd64.dll
2011-09-08 17:08 . 2011-09-08 17:08 4064768 ----a-w- c:\windows\SysWow64\atiumdva.dll
2011-09-08 17:05 . 2011-09-08 17:05 7331840 ----a-w- c:\windows\SysWow64\aticaldd.dll
2011-09-08 17:05 . 2011-09-08 17:05 4289024 ----a-w- c:\windows\SysWow64\atiumdag.dll
2011-09-08 17:00 . 2011-05-25 02:33 5428736 ----a-w- c:\windows\system32\atiumd64.dll
2011-09-08 16:59 . 2011-05-25 02:19 58880 ----a-w- c:\windows\system32\coinst.dll
2011-09-08 16:53 . 2011-05-25 02:26 381952 ----a-w- c:\windows\system32\atiadlxx.dll
2011-09-08 16:53 . 2011-09-08 16:53 270336 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2011-09-08 16:52 . 2011-09-08 16:52 15360 ----a-w- c:\windows\system32\atig6pxx.dll
2011-09-08 16:52 . 2011-09-08 16:52 13312 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2011-09-08 16:52 . 2011-09-08 16:52 13312 ----a-w- c:\windows\system32\atiglpxx.dll
2011-09-08 16:52 . 2011-09-08 16:52 39936 ----a-w- c:\windows\system32\atig6txx.dll
2011-09-08 16:52 . 2011-09-08 16:52 32768 ----a-w- c:\windows\SysWow64\atigktxx.dll
2011-09-08 16:52 . 2011-09-08 16:52 310784 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-09-08 16:52 . 2011-05-25 02:24 40960 ----a-w- c:\windows\system32\atiuxp64.dll
2011-09-08 16:51 . 2011-05-25 02:24 31744 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2011-09-08 16:51 . 2011-05-25 02:24 38912 ----a-w- c:\windows\system32\atiu9p64.dll
2011-09-08 16:51 . 2011-05-25 02:24 29184 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2011-09-08 16:51 . 2011-09-08 16:51 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-09-08 16:51 . 2011-09-08 16:51 54784 ----a-w- c:\windows\system32\atimpc64.dll
2011-09-08 16:51 . 2011-09-08 16:51 54784 ----a-w- c:\windows\system32\amdpcom64.dll
2011-09-08 16:50 . 2011-09-08 16:50 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
2011-09-08 16:50 . 2011-09-08 16:50 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Arnhem\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Arnhem\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Arnhem\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Arnhem\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-08-24 1242448]
"GameXN (update)"="c:\programdata\GameXN\GameXNGO.exe" [2011-09-09 347008]
"GameXN (news)"="c:\programdata\GameXN\GameXNGO.exe" [2011-09-09 347008]
"ccleaner"="c:\program files\CCleaner\CCleaner64.exe" [2011-09-23 4478784]
"CreoLab"="c:\programdata\gigwnhspvbda\lhrlltbf.exe" [2011-10-14 3666944]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-08-18 421736]
"Net iD"="c:\program files (x86)\Net iD\iid.exe" [2011-03-21 87352]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-09-08 343168]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2011-10-05 3578272]
.
c:\users\Arnhem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Dropbox.lnk - c:\users\Arnhem\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-11-17 1066536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\winlogon]
"Shell"="c:\users\Arnhem\AppData\Local\c68babac\X"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-03-16 1436424]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [x]
R3 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2011-10-05 892336]
R3 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2011-10-05 955816]
R3 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2011-10-05 169624]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 SDHookDriver;Spybot-S&D 2 Hook Driver;c:\program files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [2011-10-05 48888]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 mi-raysat_3dsmax2011_32;mental ray 3.8 Satellite for Autodesk 3ds Max 2011 32-bit 32-bit;c:\program files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe [2010-03-10 86016]
S2 mi-raysat_3dsmax2011_64;mental ray 3.8 Satellite for Autodesk 3ds Max 2011 64-bit 64-bit;c:\program files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe [2010-03-10 86016]
S2 SDHookService;Spybot S&D 2 Live Protection Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDHookSvc.exe [2011-10-05 130976]
S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2010-10-13 5790064]
S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2010-10-13 487280]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
S3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\DRIVERS\OA001Ufd.sys [x]
S3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\DRIVERS\OA001Vid.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-17 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2011-10-14 13:46]
.
2011-10-17 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\program files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2011-10-14 13:46]
.
2011-10-17 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\program files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2011-10-14 13:46]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Arnhem\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Arnhem\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Arnhem\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Arnhem\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-09-25 1552168]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 2327952]
"combofix"="c:\combofix\CF10741.3XE" [2009-07-14 344576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.searchqu.com//406
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 83.255.245.11 193.150.193.150
FF - ProfilePath - c:\users\Arnhem\AppData\Roaming\Mozilla\Firefox\Profiles\bqyusmwu.default\
FF - prefs.js: browser.search.selectedEngine - YouTube Video Search
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnG=Google+Search&q=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
Notify-SDWinLogon - SDWinLogon.dll
Toolbar-10 - (no file)
AddRemove-{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B} - c:\program files (x86)\InstallShield Installation Information\{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-587842109-1465246950-3102458467-1001\Software\SecuROM\License information*]
"datasecu"=hex:6a,96,86,0e,eb,a3,d5,66,46,da,43,bd,e2,78,82,01,19,27,6b,a6,d5,
7b,b0,21,7c,c3,48,79,be,e9,8d,a3,ff,71,33,df,f8,cd,2b,4e,08,d9,c1,33,a8,9c,\
"rkeysecu"=hex:c4,05,15,5f,42,ca,4d,5f,8a,58,b2,4a,be,1a,8b,96
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\RunDll32.exe
c:\program files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
c:\programdata\gigwnhspvbda\SmartGearlhrlltbf.exe
c:\program files (x86)\Common Files\Java\Java Update\jucheck.exe
.
**************************************************************************
.
Completion time: 2011-10-17 10:32:34 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-17 08:32
.
Pre-Run: 172,725,137,408 bytes free
Post-Run: 172,467,380,224 bytes free
.
- - End Of File - - 7AAFA38789CF90A322F64F577875F3F2
Hi,
Please post fresh dds.txt log too.
Oh sorry, i missed that line of text somehow.
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
Run by Arnhem at 15:32:58 on 2011-10-17
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.61.1033.18.6139.4087 [GMT 2:00]
.
SP: Spybot - Search & Destroy *Disabled/Updated* {1EAF1D03-5480-F3B2-EB14-11F0F5EE2699}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Tablet\Pen\Pen_TouchService.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\explorer.exe
C:\Program Files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe
C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\ProgramData\gigwnhspvbda\lhrlltbf.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Users\Arnhem\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Net iD\iid.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\ProgramData\gigwnhspvbda\SmartGearlhrlltbf.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
"C:\Windows\system32\svchost.exe"
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.searchqu.com//406
uInternet Settings,ProxyOverride = *.local
uWinlogon: Shell=C:\Users\Arnhem\AppData\Local\c68babac\X
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Web Accessibility Toolbar: {11352a67-0178-46b1-8855-d50b2f81c054} - C:\PROGRA~2\ACCESS~1\ACCESS~1.DLL
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [GameXN (update)] "C:\ProgramData\GameXN\GameXNGO.exe" /u
uRun: [GameXN (news)] "C:\ProgramData\GameXN\GameXNGO.exe" /n
uRun: [ccleaner] "C:\Program Files\CCleaner\CCleaner64.exe" /AUTO
uRun: [CreoLab] C:\ProgramData\gigwnhspvbda\lhrlltbf.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Net iD] "C:\Program Files (x86)\Net iD\iid.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
StartupFolder: C:\Users\Arnhem\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
StartupFolder: C:\Users\Arnhem\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Arnhem\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Arnhem\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: DhcpNameServer = 83.255.245.11 193.150.193.150
TCP: Interfaces\{833F4ED1-7FBC-4DF3-8CC7-6AF12719D1DC} : DhcpNameServer = 83.255.245.11 193.150.193.150
TCP: Interfaces\{D100012C-EB29-45AE-A97E-BFE9EA3FFDB6} : DhcpNameServer = 83.255.245.11 193.150.193.150
TCP: Interfaces\{D100012C-EB29-45AE-A97E-BFE9EA3FFDB6}\2556B64757D6E45445 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{D100012C-EB29-45AE-A97E-BFE9EA3FFDB6}\35B656A71647368696 : DhcpNameServer = 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Web Accessibility Toolbar: {11352A67-0178-46B1-8855-D50B2F81C054} - C:\PROGRA~2\ACCESS~1\ACCESS~1.DLL
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Net iD] "C:\Program Files (x86)\Net iD\iid.exe"
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Arnhem\AppData\Roaming\Mozilla\Firefox\Profiles\bqyusmwu.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnG=Google+Search&q=
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npiidplg.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 SDHookDriver;Spybot-S&D 2 Hook Driver;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [2011-10-14 48888]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 mi-raysat_3dsmax2011_32;mental ray 3.8 Satellite for Autodesk 3ds Max 2011 32-bit 32-bit;C:\Program Files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe [2010-3-10 86016]
R2 mi-raysat_3dsmax2011_64;mental ray 3.8 Satellite for Autodesk 3ds Max 2011 64-bit 64-bit;C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe [2010-3-10 86016]
R2 SDHookService;Spybot S&D 2 Live Protection Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookSvc.exe [2011-10-14 130976]
R2 TabletServicePen;TabletServicePen;C:\Program Files\Tablet\Pen\Pen_Tablet.exe [2010-11-26 5790064]
R2 TouchServicePen;Wacom Consumer Touch Service;C:\Program Files\Tablet\Pen\Pen_TouchService.exe [2010-11-26 487280]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;C:\Windows\system32\DRIVERS\OA001Ufd.sys --> C:\Windows\system32\DRIVERS\OA001Ufd.sys [?]
R3 OA001Vid;Creative Camera OA001 Function Driver;C:\Windows\system32\DRIVERS\OA001Vid.sys --> C:\Windows\system32\DRIVERS\OA001Vid.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-3-16 1436424]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\system32\DRIVERS\netaapl64.sys --> C:\Windows\system32\DRIVERS\netaapl64.sys [?]
S3 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2011-10-14 892336]
S3 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2011-10-14 955816]
S3 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2011-10-14 169624]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 wacmoumonitor;Wacom Mode Helper;C:\Windows\system32\DRIVERS\wacmoumonitor.sys --> C:\Windows\system32\DRIVERS\wacmoumonitor.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-10-17 08:30:40 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{360F36E1-B921-41AC-88A4-66B60443AF4D}\offreg.dll
2011-10-17 08:27:07 -------- d-----w- C:\$RECYCLE.BIN
2011-10-17 08:16:31 98816 ----a-w- C:\Windows\sed.exe
2011-10-17 08:16:31 518144 ----a-w- C:\Windows\SWREG.exe
2011-10-17 08:16:31 256000 ----a-w- C:\Windows\PEV.exe
2011-10-17 08:16:31 208896 ----a-w- C:\Windows\MBR.exe
2011-10-17 08:16:26 -------- d-----w- C:\ComboFix
2011-10-14 14:06:21 -------- d-----w- C:\ProgramData\gigwnhspvbda
2011-10-14 13:39:34 9049936 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{360F36E1-B921-41AC-88A4-66B60443AF4D}\mpengine.dll
2011-10-14 03:08:50 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2011-10-14 03:08:38 17272 ----a-w- C:\Windows\System32\sdnclean64.exe
2011-10-14 03:08:35 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2011-10-13 20:33:32 -------- d-----w- C:\Users\Arnhem\AppData\Local\{C15863C8-C672-46AD-97F8-D577FF18B40F}
2011-10-13 20:32:58 -------- d-----w- C:\Users\Arnhem\AppData\Local\{E4ABF979-C0E5-4DDB-96C0-7ECB92570008}
2011-10-13 03:11:07 -------- d-sh--w- C:\Users\Arnhem\AppData\Local\c68babac
2011-10-13 01:25:47 -------- d-----w- C:\Users\Arnhem\AppData\Local\{F60E279F-41FE-4B1C-9258-70D102459A7C}
2011-10-13 01:25:08 -------- d-----w- C:\Users\Arnhem\AppData\Local\{F1BDDAE4-2C4E-4214-A46E-22DB74F8AC14}
2011-10-12 16:21:14 -------- d-----w- C:\Users\Arnhem\AppData\Local\{CEA8F98E-1536-45A8-A87E-151A25DB4B25}
2011-10-12 16:20:50 -------- d-----w- C:\Users\Arnhem\AppData\Local\{70B6F2A3-275B-438A-AAB6-B4BEA9A8B775}
2011-10-12 13:12:45 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
2011-10-10 12:16:30 -------- d-----w- C:\Users\Arnhem\AppData\Local\{6A0A16FD-54B1-4E48-911C-81F7281C73BA}
2011-10-10 12:15:54 -------- d-----w- C:\Users\Arnhem\AppData\Local\{E6618734-5CEA-4840-A27E-CB8458DA7479}
2011-10-09 17:10:38 -------- d-----w- C:\Users\Arnhem\AppData\Local\{3F5C3F5B-5E25-4B86-90B4-CA5984C216F1}
2011-10-09 17:10:12 -------- d-----w- C:\Users\Arnhem\AppData\Local\{4119DE13-4778-4A50-A0E8-92FBB4CAA079}
2011-10-08 11:19:10 -------- d-----w- C:\Users\Arnhem\AppData\Local\{141915DC-0EAA-4918-91DD-72026851A830}
2011-10-08 11:18:47 -------- d-----w- C:\Users\Arnhem\AppData\Local\{11A75D34-32D4-47BF-8EF1-65AB72B92430}
2011-10-06 16:32:23 -------- d-----w- C:\Users\Arnhem\AppData\Local\{6B5CDBEF-E60E-40EA-B375-D5C5D5D5C022}
2011-10-06 16:32:00 -------- d-----w- C:\Users\Arnhem\AppData\Local\{D0FA8CC2-F669-4EB6-9D37-84C208DF8DB1}
2011-10-05 15:38:29 -------- d-----w- C:\Users\Arnhem\AppData\Local\{BE68F107-987A-41CF-86DE-6C303951F770}
2011-10-05 15:38:04 -------- d-----w- C:\Users\Arnhem\AppData\Local\{1B20D703-E7E5-463E-B8DF-E6E7FDAEBD14}
2011-10-05 01:04:46 -------- d-----w- C:\Users\Arnhem\AppData\Local\{C161C6AA-99FC-417B-B2DA-A73E6BE5C4A0}
2011-10-05 01:04:22 -------- d-----w- C:\Users\Arnhem\AppData\Local\{E77DC846-4CAF-49EF-853C-A42D1EFD734B}
2011-10-03 13:59:29 -------- d-----w- C:\Users\Arnhem\AppData\Local\{BEC77D5A-B595-46F7-9396-2E2867FF9B1B}
2011-10-03 13:59:04 -------- d-----w- C:\Users\Arnhem\AppData\Local\{B2F75C00-DBBB-432F-8080-F9612DC2EC59}
2011-10-02 09:53:39 -------- d-----w- C:\Program Files\CCleaner
2011-10-02 09:47:38 -------- d-----w- C:\Users\Arnhem\AppData\Local\{E42AF2C5-25B3-44E6-84C7-1BC5CFFC33CD}
2011-10-02 09:47:11 -------- d-----w- C:\Users\Arnhem\AppData\Local\{FFC03E53-CD63-45C3-A315-71FBF622AEA6}
2011-10-01 12:19:28 -------- d-----w- C:\Users\Arnhem\AppData\Local\{4DDC42B7-F24C-44D0-AF19-B12D1C43C1DC}
2011-10-01 12:18:52 -------- d-----w- C:\Users\Arnhem\AppData\Local\{A84943AB-A09D-433E-BA1F-B0B2064307C0}
2011-10-01 07:31:43 -------- d-----w- C:\Users\Arnhem\AppData\Local\{748085CF-77D2-46CE-B2D9-1AA9C0E45373}
2011-10-01 07:31:17 -------- d-----w- C:\Users\Arnhem\AppData\Local\{FB33D34F-2E42-454D-A997-7D1EA44E3BC6}
2011-09-30 13:43:31 -------- d-----w- C:\Users\Arnhem\AppData\Local\{A3A6DDFD-B5C6-4E66-AA12-8AA8DA41FB56}
2011-09-30 13:42:57 -------- d-----w- C:\Users\Arnhem\AppData\Local\{FDBAEBE9-A92D-4181-B55C-B683F389C364}
2011-09-30 08:09:07 -------- d-----w- C:\Users\Arnhem\AppData\Local\{661A534F-15EB-4168-9C2E-E899D191CFCA}
2011-09-30 08:08:43 -------- d-----w- C:\Users\Arnhem\AppData\Local\{B3AAB1B3-91B2-470C-A311-F7E3C4D85C00}
2011-09-29 19:51:17 -------- d-----w- C:\Program Files (x86)\AMD APP
2011-09-29 19:51:13 -------- d-----w- C:\Program Files\Common Files\ATI Technologies
2011-09-29 19:51:13 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies
2011-09-29 19:42:31 -------- d-----w- C:\Program Files (x86)\Battlelog Web Plugins
2011-09-29 18:31:37 -------- d-----w- C:\ProgramData\EA Core
2011-09-29 18:30:42 -------- d--h--w- C:\Program Files (x86)\Common Files\EAInstaller
2011-09-29 17:22:54 -------- d-----w- C:\Users\Arnhem\AppData\Roaming\Origin
2011-09-29 17:22:51 -------- d-----w- C:\Users\Arnhem\AppData\Local\Origin
2011-09-29 17:22:39 -------- d-----w- C:\ProgramData\Origin
2011-09-29 17:22:39 -------- d-----w- C:\ProgramData\Electronic Arts
2011-09-29 17:22:39 -------- d-----w- C:\Program Files (x86)\Origin Games
2011-09-29 17:22:27 -------- d-----w- C:\Program Files (x86)\Origin
2011-09-29 16:32:08 -------- d-----w- C:\Users\Arnhem\AppData\Local\{BBC5D151-3D43-4546-8FB5-275F1455AAC6}
2011-09-29 16:31:44 -------- d-----w- C:\Users\Arnhem\AppData\Local\{7060EBAB-9C44-4A31-B3CE-CE8C2AF9CC7D}
2011-09-28 08:32:09 -------- d-----w- C:\Users\Arnhem\AppData\Local\{CC97E64C-E406-485D-95CD-66D0DDE55459}
2011-09-28 08:31:36 -------- d-----w- C:\Users\Arnhem\AppData\Local\{B92BFC83-282F-4E0A-89F4-0B77E027AA46}
2011-09-28 05:56:48 -------- d-----w- C:\Users\Arnhem\AppData\Local\{AF92ACC8-6FA3-4EDF-8EF0-066A343928DA}
2011-09-28 05:56:26 -------- d-----w- C:\Users\Arnhem\AppData\Local\{82B6281D-4E0D-49D9-829F-66448031B576}
2011-09-27 20:06:45 -------- d-----w- C:\Program Files (x86)\Thugs at Bay
2011-09-27 19:35:41 -------- d-----w- C:\Fraps
2011-09-27 18:14:29 -------- d-----w- C:\Users\Arnhem\AppData\Local\{07ACAD1D-82C0-46C2-B6FE-DA18ED46F979}
2011-09-27 18:13:54 -------- d-----w- C:\Users\Arnhem\AppData\Local\{17434ADB-EF68-427E-B23D-C0D4CFE48D49}
2011-09-27 17:40:46 -------- d-----w- C:\UDK
2011-09-27 13:35:04 -------- d-----w- C:\Users\Arnhem\AppData\Local\{60F10B38-643A-4B27-A2C1-C9A0829EB3D4}
2011-09-27 13:34:39 -------- d-----w- C:\Users\Arnhem\AppData\Local\{E3B824C8-8362-4029-B525-25772C959FDD}
2011-09-26 14:23:10 -------- d-----w- C:\Users\Arnhem\AppData\Local\{9C0D7ED4-33F9-4568-B87D-068B840D0488}
2011-09-26 14:22:46 -------- d-----w- C:\Users\Arnhem\AppData\Local\{D80B1AFD-C29D-4709-9A86-8A7B8D8B4906}
2011-09-25 20:46:49 -------- d-----w- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
2011-09-25 19:50:56 -------- d-----w- C:\Users\Arnhem\AppData\Local\CutePDF Writer
2011-09-25 19:50:23 -------- d-----w- C:\Program Files (x86)\GPLGS
2011-09-25 19:48:42 85504 ----a-w- C:\Windows\System32\cpwmon64.dll
2011-09-25 19:48:42 -------- d-----w- C:\Program Files (x86)\Acro Software
2011-09-25 15:34:15 -------- d-----w- C:\Users\Arnhem\AppData\Local\{7E10DD6E-6A13-43FD-AD8A-C56BB87FCCF8}
2011-09-25 15:33:51 -------- d-----w- C:\Users\Arnhem\AppData\Local\{E05D64BB-4B42-45E9-A106-86DFF63D275D}
2011-09-25 14:09:50 -------- d-----w- C:\Users\Arnhem\AppData\Roaming\UBitMenu
2011-09-25 13:59:28 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
2011-09-25 13:58:44 -------- d-----w- C:\Users\Arnhem\AppData\Local\Microsoft Help
2011-09-25 09:34:14 -------- d-----w- C:\Users\Arnhem\AppData\Local\{9FE2D018-2B3D-4568-A1D8-52CAB9288E03}
2011-09-25 09:33:40 -------- d-----w- C:\Users\Arnhem\AppData\Local\{47AF762C-EC7B-4D6C-8E8C-6AA797D4AB89}
2011-09-25 03:47:17 -------- d-----w- C:\Users\Arnhem\AppData\Local\{1DBCA37A-C57B-437A-9094-CF18794EEE1C}
2011-09-25 03:47:02 -------- d-----w- C:\Users\Arnhem\AppData\Local\{072204B6-13F2-47F7-A137-61222C81D13F}
2011-09-23 00:56:40 -------- d-----w- C:\Users\Arnhem\AppData\Local\{E273B139-471D-4C4B-AF49-2FF77B132C5B}
2011-09-23 00:56:17 -------- d-----w- C:\Users\Arnhem\AppData\Local\{C95312FD-8388-4DF1-BA89-396E821DBB62}
2011-09-21 22:19:54 -------- d-----w- C:\Users\Arnhem\AppData\Local\{126677DF-1C24-4093-ADBA-DBF5C000182F}
2011-09-21 22:19:26 -------- d-----w- C:\Users\Arnhem\AppData\Local\{117D4F35-E655-4ACA-8865-168016EA1C8B}
2011-09-21 10:05:49 -------- d-----w- C:\Users\Arnhem\AppData\Local\{097EC7F2-EF06-49AD-B3D1-C0C7DC2CAE76}
2011-09-21 10:05:25 -------- d-----w- C:\Users\Arnhem\AppData\Local\{6B040E85-97AC-4F0E-A3E0-6BF7F7CDFF15}
2011-09-21 02:24:38 -------- d-----w- C:\Users\Arnhem\AppData\Local\{65BAB9A3-5150-4B46-8C77-2A4B26AE412F}
2011-09-21 02:24:03 -------- d-----w- C:\Users\Arnhem\AppData\Local\{539CF775-ACFA-4371-879F-7B6E0A44D83E}
2011-09-20 19:43:03 -------- d-----w- C:\Users\Arnhem\AppData\Local\{9AE85326-FB91-44E9-89A4-C80728857A14}
2011-09-20 19:42:47 -------- d-----w- C:\Users\Arnhem\AppData\Local\{4CF6F820-5953-4299-A930-4F2773899952}
2011-09-20 04:54:48 -------- d-----w- C:\Users\Arnhem\AppData\Local\{D9BAD932-EE65-40E7-BC85-48590B660297}
2011-09-20 04:54:14 -------- d-----w- C:\Users\Arnhem\AppData\Local\{F188A0D7-6AFB-44E1-9C5F-EF83929F4FC8}
2011-09-20 00:58:07 -------- d-----w- C:\Users\Arnhem\AppData\Local\{B63972DC-231D-4FAF-94B3-051295790ED4}
2011-09-20 00:57:34 -------- d-----w- C:\Users\Arnhem\AppData\Local\{EA80F7F3-3729-4CA7-8C39-1BA5984D218F}
2011-09-19 19:17:24 -------- d-----w- C:\Users\Arnhem\AppData\Local\{C5E95953-BE1A-46C7-BF3B-7D85A24638E7}
2011-09-19 19:16:51 -------- d-----w- C:\Users\Arnhem\AppData\Local\{833F29B3-4A8A-4423-9D5F-60E98A484EE6}
2011-09-19 08:00:26 -------- d-----w- C:\Users\Arnhem\AppData\Local\{E1ADE350-7CDF-4DB0-A037-205A1D147996}
2011-09-19 07:59:58 -------- d-----w- C:\Users\Arnhem\AppData\Local\{A0C16307-4563-42AB-9C77-DCAF1AE5CD3F}
2011-09-19 02:04:23 -------- d-----w- C:\Users\Arnhem\AppData\Local\{10A39B66-E3B6-43F1-807D-C92DB866C1F4}
2011-09-19 02:04:01 -------- d-----w- C:\Users\Arnhem\AppData\Local\{0AA02A5D-4943-4DCC-9430-E18AF8049A07}
2011-09-18 15:39:14 -------- d-----w- C:\Users\Arnhem\AppData\Local\{C0307087-D258-4851-A4E2-007DCCE35034}
2011-09-18 15:38:49 -------- d-----w- C:\Users\Arnhem\AppData\Local\{F6FD1AFF-F44D-4FBA-B7F8-444116670692}
2011-09-18 04:04:29 -------- d-----w- C:\Users\Arnhem\AppData\Local\{3F1B9766-0DE1-495C-9BEA-C2D4A31661F0}
2011-09-18 04:04:05 -------- d-----w- C:\Users\Arnhem\AppData\Local\{354F916B-487C-45DC-902F-5BEBE3B6F357}
.
==================== Find3M ====================
.
2011-10-01 10:58:08 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2011-10-01 10:58:08 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2011-10-01 10:50:33 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2011-10-01 03:21:20 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-10-01 02:59:14 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-09-29 18:30:09 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2011-09-14 09:47:42 60416 ----a-w- C:\Windows\System32\OVDecode64.dll
2011-09-14 09:47:40 53760 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2011-09-14 09:47:10 16652288 ----a-w- C:\Windows\System32\amdocl64.dll
2011-09-14 09:46:58 13625856 ----a-w- C:\Windows\SysWow64\amdocl.dll
2011-09-14 09:38:30 44032 ----a-w- C:\Windows\System32\amdoclcl64.dll
2011-09-14 09:38:28 37376 ----a-w- C:\Windows\SysWow64\amdoclcl.dll
2011-09-08 18:27:22 10203648 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2011-09-08 17:59:44 24229376 ----a-w- C:\Windows\System32\atio6axx.dll
2011-09-08 17:39:44 18534912 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2011-09-08 17:34:20 151552 ----a-w- C:\Windows\System32\atiapfxx.exe
2011-09-08 17:34:10 732672 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2011-09-08 17:32:58 862720 ----a-w- C:\Windows\System32\aticfx64.dll
2011-09-08 17:30:38 466944 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2011-09-08 17:30:26 486912 ----a-w- C:\Windows\System32\atieclxx.exe
2011-09-08 17:29:56 204288 ----a-w- C:\Windows\System32\atiesrxx.exe
2011-09-08 17:28:54 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2011-09-08 17:28:38 423424 ----a-w- C:\Windows\System32\atipdl64.dll
2011-09-08 17:28:32 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll
2011-09-08 17:28:22 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll
2011-09-08 17:28:18 21504 ----a-w- C:\Windows\System32\atimuixx.dll
2011-09-08 17:28:14 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2011-09-08 17:28:10 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2011-09-08 17:24:38 4204032 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2011-09-08 17:18:56 1113088 ----a-w- C:\Windows\System32\atiumd6v.dll
2011-09-08 17:18:22 1828864 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
2011-09-08 17:18:08 3888640 ----a-w- C:\Windows\System32\atiumd6a.dll
2011-09-08 17:16:00 4944896 ----a-w- C:\Windows\System32\atidxx64.dll
2011-09-08 17:09:42 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2011-09-08 17:09:40 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2011-09-08 17:09:30 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2011-09-08 17:09:28 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2011-09-08 17:09:18 8723456 ----a-w- C:\Windows\System32\aticaldd64.dll
2011-09-08 17:08:24 4064768 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2011-09-08 17:05:52 7331840 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2011-09-08 17:05:44 4289024 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2011-09-08 17:00:02 5428736 ----a-w- C:\Windows\System32\atiumd64.dll
2011-09-08 16:59:48 58880 ----a-w- C:\Windows\System32\coinst.dll
2011-09-08 16:53:20 381952 ----a-w- C:\Windows\System32\atiadlxx.dll
2011-09-08 16:53:12 270336 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2011-09-08 16:52:58 15360 ----a-w- C:\Windows\System32\atig6pxx.dll
2011-09-08 16:52:56 13312 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2011-09-08 16:52:56 13312 ----a-w- C:\Windows\System32\atiglpxx.dll
2011-09-08 16:52:54 39936 ----a-w- C:\Windows\System32\atig6txx.dll
2011-09-08 16:52:46 32768 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2011-09-08 16:52:40 310784 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2011-09-08 16:52:00 40960 ----a-w- C:\Windows\System32\atiuxp64.dll
2011-09-08 16:51:54 31744 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2011-09-08 16:51:50 38912 ----a-w- C:\Windows\System32\atiu9p64.dll
2011-09-08 16:51:44 29184 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2011-09-08 16:51:12 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2011-09-08 16:51:02 54784 ----a-w- C:\Windows\System32\atimpc64.dll
2011-09-08 16:51:02 54784 ----a-w- C:\Windows\System32\amdpcom64.dll
2011-09-08 16:50:54 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2011-09-08 16:50:54 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2011-09-06 03:07:02 3134976 ----a-w- C:\Windows\System32\win32k.sys
2011-08-27 05:40:28 861184 ----a-w- C:\Windows\System32\oleaut32.dll
2011-08-27 05:40:28 331776 ----a-w- C:\Windows\System32\oleacc.dll
2011-08-27 04:43:07 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-08-27 04:43:06 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2011-08-20 05:45:20 1197568 ----a-w- C:\Windows\System32\wininet.dll
2011-08-20 05:41:16 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2011-08-20 04:38:10 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-08-20 04:35:20 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2011-08-20 04:20:23 482816 ----a-w- C:\Windows\System32\html.iec
2011-08-20 03:26:38 386048 ----a-w- C:\Windows\SysWow64\html.iec
2011-08-17 05:32:24 613888 ----a-w- C:\Windows\System32\psisdecd.dll
2011-08-17 05:27:46 75776 ----a-w- C:\Windows\System32\MSDvbNP.ax
2011-08-17 05:27:46 288256 ----a-w- C:\Windows\System32\MSNP.ax
2011-08-17 05:27:46 108032 ----a-w- C:\Windows\System32\psisrndr.ax
2011-08-17 05:27:46 104960 ----a-w- C:\Windows\System32\Mpeg2Data.ax
2011-08-17 04:26:02 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll
2011-08-17 04:22:23 72704 ----a-w- C:\Windows\SysWow64\Mpeg2Data.ax
2011-08-17 04:22:23 59904 ----a-w- C:\Windows\SysWow64\MSDvbNP.ax
2011-08-17 04:22:23 204288 ----a-w- C:\Windows\SysWow64\MSNP.ax
.
============= FINISH: 15:33:22.25 ===============
Hi again,
Open notepad and copy/paste the text in the quotebox below into it:
http://forums.spybot.info/showthread.php?t=64136
DirLook::
c:\users\Arnhem\AppData\Local\c68babac
Suspect::
c:\programdata\gigwnhspvbda\lhrlltbf.exe
Save this as
CFScript
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe (let the tool to update itself if prompted).
Then post the resultant log.
Uninstall old Adobe Reader versions and get the latest one (Adobe Reader 10.1 and separate 10.1.1 update for it) here (http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows) or get Foxit Reader here (http://www.foxitsoftware.com/pdf/reader_2/down_reader.htm). Make sure you don't (unless you want to) install toolbar if choose Foxit Reader! You may also check free readers introduced here (http://pdfreaders.org/).
Uninstall vulnerable Flash versions by following instructions here (http://kb2.adobe.com/cps/141/tn_14157.html). Fresh version can be obtained here (http://get.adobe.com/flashplayer/).
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...
Updating Java:
Download the latest version of Java Runtime Environment (JRE) 7 (http://www.oracle.com/technetwork/java/javase/downloads/index.html).
Click the
Download
button to the right.
Select Windows on platform combobox and check the box that says:
Accept License Agreement. Click continue.
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-7-windows-i586.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.
* Go here (http://www.eset.eu/online-scanner) to run an online scanner from ESET.
Note: You will need to use Internet explorer for this scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is UNchecked and the option Scan unwanted applications is checkmarked.
Click Scan
Wait for the scan to finish.
Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.
Here is the log, just when i ran combofix it asked to update so i did so, when it was finished it ran as normal and produced this log after asking to confirm an internet connection for submission of malware files for analysis.
I'll go through the rest of the steps in the next post.
ComboFix 11-10-17.02 - Arnhem 17/10/2011 20:47:17.2.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.61.1033.18.6139.4140 [GMT 2:00]
Running from: c:\users\Arnhem\Desktop\ComboFix.exe
Command switches used :: c:\users\Arnhem\Desktop\CFScript.txt
SP: Spybot - Search & Destroy *Disabled/Updated* {1EAF1D03-5480-F3B2-EB14-11F0F5EE2699}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
.
((((((((((((((((((((((((( Files Created from 2011-09-17 to 2011-10-17 )))))))))))))))))))))))))))))))
.
.
2011-10-17 18:53 . 2011-10-17 18:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-14 04:06 . 2011-10-14 04:06 -------- d-----w- c:\program files (x86)\ERUNT
2011-10-14 03:08 . 2011-10-17 08:12 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-10-14 03:08 . 2009-01-25 11:14 17272 ----a-w- c:\windows\system32\sdnclean64.exe
2011-10-14 03:08 . 2011-10-14 03:08 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2011-10-13 03:11 . 2011-10-13 03:11 -------- d-sh--w- c:\users\Arnhem\AppData\Local\c68babac
2011-10-12 13:12 . 2011-08-17 05:32 613888 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-02 09:53 . 2011-10-02 09:53 -------- d-----w- c:\program files\CCleaner
2011-09-29 19:51 . 2011-09-29 19:51 -------- d-----w- c:\programdata\ATI
2011-09-29 19:51 . 2011-09-29 19:51 -------- d-----w- c:\program files (x86)\AMD APP
2011-09-29 19:51 . 2011-09-29 19:51 -------- d-----w- c:\program files\Common Files\ATI Technologies
2011-09-29 19:51 . 2011-09-29 19:51 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2011-09-29 19:42 . 2011-09-29 19:42 -------- d-----w- c:\program files (x86)\Battlelog Web Plugins
2011-09-29 18:31 . 2011-09-29 18:31 -------- d-----w- c:\programdata\EA Core
2011-09-29 18:30 . 2011-09-29 18:30 -------- d--h--w- c:\program files (x86)\Common Files\EAInstaller
2011-09-29 17:22 . 2011-09-29 17:22 -------- d-----w- c:\users\Arnhem\AppData\Roaming\Origin
2011-09-29 17:22 . 2011-09-29 17:22 -------- d-----w- c:\users\Arnhem\AppData\Local\Origin
2011-09-29 17:22 . 2011-09-29 18:31 -------- d-----w- c:\programdata\Electronic Arts
2011-09-29 17:22 . 2011-09-29 18:31 -------- d-----w- c:\programdata\Origin
2011-09-29 17:22 . 2011-09-29 17:24 -------- d-----w- c:\program files (x86)\Origin Games
2011-09-29 17:22 . 2011-09-29 17:22 -------- d-----w- c:\program files (x86)\Origin
2011-09-27 20:06 . 2011-09-27 20:06 -------- d-----w- c:\program files (x86)\Thugs at Bay
2011-09-27 19:35 . 2011-09-27 19:35 -------- d-----w- C:\Fraps
2011-09-27 17:40 . 2011-09-27 17:40 -------- d-----w- C:\UDK
2011-09-25 20:46 . 2011-09-25 20:46 -------- d-----w- c:\program files (x86)\Microsoft CAPICOM 2.1.0.2
2011-09-25 20:41 . 2011-09-25 20:41 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2011-09-25 19:50 . 2011-10-16 21:15 -------- d-----w- c:\users\Arnhem\AppData\Local\CutePDF Writer
2011-09-25 19:50 . 2011-09-25 19:50 -------- d-----w- c:\program files (x86)\GPLGS
2011-09-25 19:48 . 2011-09-25 19:48 -------- d-----w- c:\program files (x86)\Acro Software
2011-09-25 19:48 . 2009-11-05 06:40 85504 ----a-w- c:\windows\system32\cpwmon64.dll
2011-09-25 14:09 . 2011-09-25 14:09 -------- d-----w- c:\users\Arnhem\AppData\Roaming\UBitMenu
2011-09-25 14:02 . 2011-09-25 20:44 -------- d-----w- c:\program files (x86)\Microsoft Works
2011-09-25 13:59 . 2011-09-25 13:59 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2011-09-25 13:58 . 2011-09-25 13:58 -------- d-----w- c:\users\Arnhem\AppData\Local\Microsoft Help
2011-09-25 13:58 . 2011-10-13 01:01 -------- d-----w- c:\programdata\Microsoft Help
2011-09-25 13:56 . 2011-09-25 13:56 -------- d-----r- C:\MSOCache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-01 10:58 . 2011-07-03 23:59 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-10-01 10:58 . 2011-05-14 02:49 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-10-01 10:50 . 2011-05-14 02:49 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2011-09-29 18:30 . 2011-05-14 02:49 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-09-14 09:47 . 2011-09-14 09:47 60416 ----a-w- c:\windows\system32\OVDecode64.dll
2011-09-14 09:47 . 2011-09-14 09:47 53760 ----a-w- c:\windows\SysWow64\OVDecode.dll
2011-09-14 09:47 . 2011-09-14 09:47 16652288 ----a-w- c:\windows\system32\amdocl64.dll
2011-09-14 09:46 . 2011-09-14 09:46 13625856 ----a-w- c:\windows\SysWow64\amdocl.dll
2011-09-14 09:38 . 2011-09-14 09:38 44032 ----a-w- c:\windows\system32\amdoclcl64.dll
2011-09-14 09:38 . 2011-09-14 09:38 37376 ----a-w- c:\windows\SysWow64\amdoclcl.dll
2011-09-08 18:27 . 2011-09-08 18:27 10203648 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-09-08 17:59 . 2011-09-08 17:59 24229376 ----a-w- c:\windows\system32\atio6axx.dll
2011-09-08 17:39 . 2011-09-08 17:39 18534912 ----a-w- c:\windows\SysWow64\atioglxx.dll
2011-09-08 17:34 . 2011-09-08 17:34 151552 ----a-w- c:\windows\system32\atiapfxx.exe
2011-09-08 17:34 . 2011-05-25 03:07 732672 ----a-w- c:\windows\SysWow64\aticfx32.dll
2011-09-08 17:32 . 2011-05-25 03:06 862720 ----a-w- c:\windows\system32\aticfx64.dll
2011-09-08 17:30 . 2011-05-25 03:04 466944 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-09-08 17:30 . 2011-09-08 17:30 486912 ----a-w- c:\windows\system32\atieclxx.exe
2011-09-08 17:29 . 2011-09-08 17:29 204288 ----a-w- c:\windows\system32\atiesrxx.exe
2011-09-08 17:28 . 2011-09-08 17:28 120320 ----a-w- c:\windows\system32\atitmm64.dll
2011-09-08 17:28 . 2011-05-25 03:02 423424 ----a-w- c:\windows\system32\atipdl64.dll
2011-09-08 17:28 . 2011-09-08 17:28 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll
2011-09-08 17:28 . 2011-09-08 17:28 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
2011-09-08 17:28 . 2011-09-08 17:28 21504 ----a-w- c:\windows\system32\atimuixx.dll
2011-09-08 17:28 . 2011-09-08 17:28 59392 ----a-w- c:\windows\system32\atiedu64.dll
2011-09-08 17:28 . 2011-09-08 17:28 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2011-09-08 17:24 . 2011-05-25 02:58 4204032 ----a-w- c:\windows\SysWow64\atidxx32.dll
2011-09-08 17:18 . 2011-09-08 17:18 1113088 ----a-w- c:\windows\system32\atiumd6v.dll
2011-09-08 17:18 . 2011-09-08 17:18 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2011-09-08 17:18 . 2011-05-25 02:59 3888640 ----a-w- c:\windows\system32\atiumd6a.dll
2011-09-08 17:16 . 2009-07-13 21:59 4944896 ----a-w- c:\windows\system32\atidxx64.dll
2011-09-08 17:09 . 2011-09-08 17:09 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2011-09-08 17:09 . 2011-09-08 17:09 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2011-09-08 17:09 . 2011-09-08 17:09 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2011-09-08 17:09 . 2011-09-08 17:09 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2011-09-08 17:09 . 2011-09-08 17:09 8723456 ----a-w- c:\windows\system32\aticaldd64.dll
2011-09-08 17:08 . 2011-09-08 17:08 4064768 ----a-w- c:\windows\SysWow64\atiumdva.dll
2011-09-08 17:05 . 2011-09-08 17:05 7331840 ----a-w- c:\windows\SysWow64\aticaldd.dll
2011-09-08 17:05 . 2011-09-08 17:05 4289024 ----a-w- c:\windows\SysWow64\atiumdag.dll
2011-09-08 17:00 . 2011-05-25 02:33 5428736 ----a-w- c:\windows\system32\atiumd64.dll
2011-09-08 16:59 . 2011-05-25 02:19 58880 ----a-w- c:\windows\system32\coinst.dll
2011-09-08 16:53 . 2011-05-25 02:26 381952 ----a-w- c:\windows\system32\atiadlxx.dll
2011-09-08 16:53 . 2011-09-08 16:53 270336 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2011-09-08 16:52 . 2011-09-08 16:52 15360 ----a-w- c:\windows\system32\atig6pxx.dll
2011-09-08 16:52 . 2011-09-08 16:52 13312 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2011-09-08 16:52 . 2011-09-08 16:52 13312 ----a-w- c:\windows\system32\atiglpxx.dll
2011-09-08 16:52 . 2011-09-08 16:52 39936 ----a-w- c:\windows\system32\atig6txx.dll
2011-09-08 16:52 . 2011-09-08 16:52 32768 ----a-w- c:\windows\SysWow64\atigktxx.dll
2011-09-08 16:52 . 2011-09-08 16:52 310784 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-09-08 16:52 . 2011-05-25 02:24 40960 ----a-w- c:\windows\system32\atiuxp64.dll
2011-09-08 16:51 . 2011-05-25 02:24 31744 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2011-09-08 16:51 . 2011-05-25 02:24 38912 ----a-w- c:\windows\system32\atiu9p64.dll
2011-09-08 16:51 . 2011-05-25 02:24 29184 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2011-09-08 16:51 . 2011-09-08 16:51 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-09-08 16:51 . 2011-09-08 16:51 54784 ----a-w- c:\windows\system32\atimpc64.dll
2011-09-08 16:51 . 2011-09-08 16:51 54784 ----a-w- c:\windows\system32\amdpcom64.dll
2011-09-08 16:50 . 2011-09-08 16:50 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
2011-09-08 16:50 . 2011-09-08 16:50 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\users\Arnhem\AppData\Local\c68babac ----
.
2011-10-17 15:14 . 2011-10-17 15:29 17408 ----a-w- c:\users\Arnhem\AppData\Local\c68babac\U\80000000.@
2011-10-14 22:23 . 2011-10-16 15:43 18944 ----a-w- c:\users\Arnhem\AppData\Local\c68babac\U\800000cb.@
2011-10-13 03:11 . 2011-10-13 03:11 42496 --sha-w- c:\users\Arnhem\AppData\Local\c68babac\X
2011-10-13 03:11 . 2011-10-13 03:11 2048 --sha-w- c:\users\Arnhem\AppData\Local\c68babac\@
.
.
((((((((((((((((((((((((((((( SnapShot@2011-10-17_08.27.08 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 05:10 . 2011-10-17 08:28 38354 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-10-29 21:45 . 2011-10-17 08:28 13232 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-587842109-1465246950-3102458467-1001_UserData.bin
+ 2010-10-29 21:45 . 2011-10-17 18:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-10-29 21:45 . 2011-10-17 08:28 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-10-29 21:45 . 2011-10-17 18:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-10-29 21:45 . 2011-10-17 08:28 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-10-30 01:37 . 2011-10-17 15:12 312324 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 02:36 . 2011-10-17 15:15 664992 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-10-17 08:12 664992 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-10-17 08:12 125696 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2011-10-17 15:15 125696 c:\windows\system32\perfc009.dat
- 2009-07-14 02:34 . 2011-10-16 22:21 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2011-10-17 17:09 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Arnhem\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Arnhem\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Arnhem\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Arnhem\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-08-24 1242448]
"GameXN (update)"="c:\programdata\GameXN\GameXNGO.exe" [2011-09-09 347008]
"GameXN (news)"="c:\programdata\GameXN\GameXNGO.exe" [2011-09-09 347008]
"ccleaner"="c:\program files\CCleaner\CCleaner64.exe" [2011-09-23 4478784]
"CreoLab"="c:\programdata\gigwnhspvbda\lhrlltbf.exe" [2011-10-14 3666944]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-08-18 421736]
"Net iD"="c:\program files (x86)\Net iD\iid.exe" [2011-03-21 87352]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-09-08 343168]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2011-10-05 3578272]
.
c:\users\Arnhem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Dropbox.lnk - c:\users\Arnhem\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-11-17 1066536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\winlogon]
"Shell"="c:\users\Arnhem\AppData\Local\c68babac\X"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SDWinLogon]
SDWinLogon.dll [BU]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 mi-raysat_3dsmax2011_32;mental ray 3.8 Satellite for Autodesk 3ds Max 2011 32-bit 32-bit;c:\program files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe [2010-03-10 86016]
R2 mi-raysat_3dsmax2011_64;mental ray 3.8 Satellite for Autodesk 3ds Max 2011 64-bit 64-bit;c:\program files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe [2010-03-10 86016]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-03-16 1436424]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [x]
R3 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2011-10-05 892336]
R3 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2011-10-05 955816]
R3 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2011-10-05 169624]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 SDHookDriver;Spybot-S&D 2 Hook Driver;c:\program files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [2011-10-05 48888]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 SDHookService;Spybot S&D 2 Live Protection Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDHookSvc.exe [2011-10-05 130976]
S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2010-10-13 5790064]
S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2010-10-13 487280]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
S3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\DRIVERS\OA001Ufd.sys [x]
S3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\DRIVERS\OA001Vid.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-17 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2011-10-14 13:46]
.
2011-10-17 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\program files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2011-10-14 13:46]
.
2011-10-17 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\program files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2011-10-14 13:46]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Arnhem\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Arnhem\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Arnhem\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Arnhem\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-09-25 1552168]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 2327952]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.searchqu.com//406
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 83.255.245.11 193.150.193.150
FF - ProfilePath - c:\users\Arnhem\AppData\Roaming\Mozilla\Firefox\Profiles\bqyusmwu.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnG=Google+Search&q=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-587842109-1465246950-3102458467-1001\Software\SecuROM\License information*]
"datasecu"=hex:6a,96,86,0e,eb,a3,d5,66,46,da,43,bd,e2,78,82,01,19,27,6b,a6,d5,
7b,b0,21,7c,c3,48,79,be,e9,8d,a3,ff,71,33,df,f8,cd,2b,4e,08,d9,c1,33,a8,9c,\
"rkeysecu"=hex:c4,05,15,5f,42,ca,4d,5f,8a,58,b2,4a,be,1a,8b,96
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-10-17 20:55:39
ComboFix-quarantined-files.txt 2011-10-17 18:55
ComboFix2.txt 2011-10-17 08:32
.
Pre-Run: 172,146,094,080 bytes free
Post-Run: 172,144,889,856 bytes free
.
- - End Of File - - 7D35CF21A9E7C5C3BDF957D32740FAE5
Upload was successful
ESET:
C:\Program Files (x86)\Black_Box\The Witcher 2 Assassins of Kings\bin\paul.dll a variant of Win32/Packed.VMProtect.AAA trojan
C:\ProgramData\gigwnhspvbda\spoof.avi Win32/Agent.SWD trojan
C:\Qoobox\Quarantine\C\Windows\System32\consrv.dll.vir probably a variant of Win32/Agent.IKPFSXV trojan
C:\Users\All Users\gigwnhspvbda\spoof.avi Win32/Agent.SWD trojan
C:\Users\Arnhem\AppData\Local\c68babac\X Win64/Sirefef.A trojan
C:\Users\Arnhem\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\79efab09-25b9b0bc probably a variant of Java/TrojanDownloader.OpenStream.NCC trojan
C:\Users\Arnhem\Documents\My Received Files\xf-a2011-32bits.exe a variant of Win32/Keygen.BL application
C:\Users\Arnhem\Documents\My Received Files\xf-a2011-64bits.exe a variant of Win32/Keygen.BL application
C:\Users\Arnhem\Downloads\Plogue Chipsounds Standalone VSTi v1.0\PLGCHPSTDLONEVTIV10HLLWN_POT\Plogue_Chipsound\setup.exe a variant of Win32/Kryptik.DFE trojan
DDS
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 10.0.0
Run by Arnhem at 22:50:08 on 2011-10-17
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.61.1033.18.6139.3134 [GMT 2:00]
.
SP: Spybot - Search & Destroy *Disabled/Updated* {1EAF1D03-5480-F3B2-EB14-11F0F5EE2699}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Tablet\Pen\Pen_TouchService.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\explorer.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Net iD\iid.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Program Files (x86)\foobar2000\foobar2000.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.searchqu.com//406
uInternet Settings,ProxyOverride = *.local
uWinlogon: Shell=C:\Users\Arnhem\AppData\Local\c68babac\X
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Web Accessibility Toolbar: {11352a67-0178-46b1-8855-d50b2f81c054} - C:\PROGRA~2\ACCESS~1\ACCESS~1.DLL
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [GameXN (update)] "C:\ProgramData\GameXN\GameXNGO.exe" /u
uRun: [GameXN (news)] "C:\ProgramData\GameXN\GameXNGO.exe" /n
uRun: [ccleaner] "C:\Program Files\CCleaner\CCleaner64.exe" /AUTO
uRun: [CreoLab] C:\ProgramData\gigwnhspvbda\lhrlltbf.exe
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Net iD] "C:\Program Files (x86)\Net iD\iid.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\Users\Arnhem\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
StartupFolder: C:\Users\Arnhem\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Arnhem\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Arnhem\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
TCP: DhcpNameServer = 83.255.245.11 193.150.193.150
TCP: Interfaces\{833F4ED1-7FBC-4DF3-8CC7-6AF12719D1DC} : DhcpNameServer = 83.255.245.11 193.150.193.150
TCP: Interfaces\{D100012C-EB29-45AE-A97E-BFE9EA3FFDB6} : DhcpNameServer = 83.255.245.11 193.150.193.150
TCP: Interfaces\{D100012C-EB29-45AE-A97E-BFE9EA3FFDB6}\2556B64757D6E45445 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{D100012C-EB29-45AE-A97E-BFE9EA3FFDB6}\35B656A71647368696 : DhcpNameServer = 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB-X64: Web Accessibility Toolbar: {11352A67-0178-46B1-8855-D50B2F81C054} - C:\PROGRA~2\ACCESS~1\ACCESS~1.DLL
mRun-x64: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Net iD] "C:\Program Files (x86)\Net iD\iid.exe"
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Arnhem\AppData\Roaming\Mozilla\Firefox\Profiles\bqyusmwu.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnG=Google+Search&q=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npiidplg.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 SDHookDriver;Spybot-S&D 2 Hook Driver;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [2011-10-14 48888]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 SDHookService;Spybot S&D 2 Live Protection Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookSvc.exe [2011-10-14 130976]
R2 TabletServicePen;TabletServicePen;C:\Program Files\Tablet\Pen\Pen_Tablet.exe [2010-11-26 5790064]
R2 TouchServicePen;Wacom Consumer Touch Service;C:\Program Files\Tablet\Pen\Pen_TouchService.exe [2010-11-26 487280]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;C:\Windows\system32\DRIVERS\OA001Ufd.sys --> C:\Windows\system32\DRIVERS\OA001Ufd.sys [?]
R3 OA001Vid;Creative Camera OA001 Function Driver;C:\Windows\system32\DRIVERS\OA001Vid.sys --> C:\Windows\system32\DRIVERS\OA001Vid.sys [?]
R3 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2011-10-14 892336]
S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 mi-raysat_3dsmax2011_32;mental ray 3.8 Satellite for Autodesk 3ds Max 2011 32-bit 32-bit;C:\Program Files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe [2010-3-10 86016]
S2 mi-raysat_3dsmax2011_64;mental ray 3.8 Satellite for Autodesk 3ds Max 2011 64-bit 64-bit;C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe [2010-3-10 86016]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-3-16 1436424]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\system32\DRIVERS\netaapl64.sys --> C:\Windows\system32\DRIVERS\netaapl64.sys [?]
S3 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2011-10-14 955816]
S3 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2011-10-14 169624]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 wacmoumonitor;Wacom Mode Helper;C:\Windows\system32\DRIVERS\wacmoumonitor.sys --> C:\Windows\system32\DRIVERS\wacmoumonitor.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-10-17 19:21:07 -------- d-----w- C:\Program Files (x86)\ESET
2011-10-17 19:19:30 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-17 19:04:23 -------- d-sh--w- C:\$RECYCLE.BIN
2011-10-17 18:45:51 -------- d-----w- C:\ComboFix
2011-10-17 13:36:22 -------- d-----w- C:\Users\Arnhem\AppData\Local\{C7FD4943-6DA2-4B30-A77A-E3C441977D34}
2011-10-17 13:35:57 -------- d-----w- C:\Users\Arnhem\AppData\Local\{69153016-A4FD-45A5-A69B-585239C38082}
2011-10-17 08:30:40 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{360F36E1-B921-41AC-88A4-66B60443AF4D}\offreg.dll
2011-10-17 08:16:31 98816 ----a-w- C:\Windows\sed.exe
2011-10-17 08:16:31 518144 ----a-w- C:\Windows\SWREG.exe
2011-10-17 08:16:31 256000 ----a-w- C:\Windows\PEV.exe
2011-10-17 08:16:31 208896 ----a-w- C:\Windows\MBR.exe
2011-10-14 14:06:21 -------- d-----w- C:\ProgramData\gigwnhspvbda
2011-10-14 13:39:34 9049936 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{360F36E1-B921-41AC-88A4-66B60443AF4D}\mpengine.dll
2011-10-14 03:08:50 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2011-10-14 03:08:38 17272 ----a-w- C:\Windows\System32\sdnclean64.exe
2011-10-14 03:08:35 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2011-10-13 20:33:32 -------- d-----w- C:\Users\Arnhem\AppData\Local\{C15863C8-C672-46AD-97F8-D577FF18B40F}
2011-10-13 20:32:58 -------- d-----w- C:\Users\Arnhem\AppData\Local\{E4ABF979-C0E5-4DDB-96C0-7ECB92570008}
2011-10-13 03:11:07 -------- d-sh--w- C:\Users\Arnhem\AppData\Local\c68babac
2011-10-13 01:25:47 -------- d-----w- C:\Users\Arnhem\AppData\Local\{F60E279F-41FE-4B1C-9258-70D102459A7C}
2011-10-13 01:25:08 -------- d-----w- C:\Users\Arnhem\AppData\Local\{F1BDDAE4-2C4E-4214-A46E-22DB74F8AC14}
2011-10-12 16:21:14 -------- d-----w- C:\Users\Arnhem\AppData\Local\{CEA8F98E-1536-45A8-A87E-151A25DB4B25}
2011-10-12 16:20:50 -------- d-----w- C:\Users\Arnhem\AppData\Local\{70B6F2A3-275B-438A-AAB6-B4BEA9A8B775}
2011-10-12 13:12:45 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
2011-10-10 12:16:30 -------- d-----w- C:\Users\Arnhem\AppData\Local\{6A0A16FD-54B1-4E48-911C-81F7281C73BA}
2011-10-10 12:15:54 -------- d-----w- C:\Users\Arnhem\AppData\Local\{E6618734-5CEA-4840-A27E-CB8458DA7479}
2011-10-09 17:10:38 -------- d-----w- C:\Users\Arnhem\AppData\Local\{3F5C3F5B-5E25-4B86-90B4-CA5984C216F1}
2011-10-09 17:10:12 -------- d-----w- C:\Users\Arnhem\AppData\Local\{4119DE13-4778-4A50-A0E8-92FBB4CAA079}
2011-10-08 11:19:10 -------- d-----w- C:\Users\Arnhem\AppData\Local\{141915DC-0EAA-4918-91DD-72026851A830}
2011-10-08 11:18:47 -------- d-----w- C:\Users\Arnhem\AppData\Local\{11A75D34-32D4-47BF-8EF1-65AB72B92430}
2011-10-06 16:32:23 -------- d-----w- C:\Users\Arnhem\AppData\Local\{6B5CDBEF-E60E-40EA-B375-D5C5D5D5C022}
2011-10-06 16:32:00 -------- d-----w- C:\Users\Arnhem\AppData\Local\{D0FA8CC2-F669-4EB6-9D37-84C208DF8DB1}
2011-10-05 15:38:29 -------- d-----w- C:\Users\Arnhem\AppData\Local\{BE68F107-987A-41CF-86DE-6C303951F770}
2011-10-05 15:38:04 -------- d-----w- C:\Users\Arnhem\AppData\Local\{1B20D703-E7E5-463E-B8DF-E6E7FDAEBD14}
2011-10-05 01:04:46 -------- d-----w- C:\Users\Arnhem\AppData\Local\{C161C6AA-99FC-417B-B2DA-A73E6BE5C4A0}
2011-10-05 01:04:22 -------- d-----w- C:\Users\Arnhem\AppData\Local\{E77DC846-4CAF-49EF-853C-A42D1EFD734B}
2011-10-03 13:59:29 -------- d-----w- C:\Users\Arnhem\AppData\Local\{BEC77D5A-B595-46F7-9396-2E2867FF9B1B}
2011-10-03 13:59:04 -------- d-----w- C:\Users\Arnhem\AppData\Local\{B2F75C00-DBBB-432F-8080-F9612DC2EC59}
2011-10-02 09:53:39 -------- d-----w- C:\Program Files\CCleaner
2011-10-02 09:47:38 -------- d-----w- C:\Users\Arnhem\AppData\Local\{E42AF2C5-25B3-44E6-84C7-1BC5CFFC33CD}
2011-10-02 09:47:11 -------- d-----w- C:\Users\Arnhem\AppData\Local\{FFC03E53-CD63-45C3-A315-71FBF622AEA6}
2011-10-01 12:19:28 -------- d-----w- C:\Users\Arnhem\AppData\Local\{4DDC42B7-F24C-44D0-AF19-B12D1C43C1DC}
2011-10-01 12:18:52 -------- d-----w- C:\Users\Arnhem\AppData\Local\{A84943AB-A09D-433E-BA1F-B0B2064307C0}
2011-10-01 07:31:43 -------- d-----w- C:\Users\Arnhem\AppData\Local\{748085CF-77D2-46CE-B2D9-1AA9C0E45373}
2011-10-01 07:31:17 -------- d-----w- C:\Users\Arnhem\AppData\Local\{FB33D34F-2E42-454D-A997-7D1EA44E3BC6}
2011-09-30 13:43:31 -------- d-----w- C:\Users\Arnhem\AppData\Local\{A3A6DDFD-B5C6-4E66-AA12-8AA8DA41FB56}
2011-09-30 13:42:57 -------- d-----w- C:\Users\Arnhem\AppData\Local\{FDBAEBE9-A92D-4181-B55C-B683F389C364}
2011-09-30 08:09:07 -------- d-----w- C:\Users\Arnhem\AppData\Local\{661A534F-15EB-4168-9C2E-E899D191CFCA}
2011-09-30 08:08:43 -------- d-----w- C:\Users\Arnhem\AppData\Local\{B3AAB1B3-91B2-470C-A311-F7E3C4D85C00}
2011-09-29 19:51:17 -------- d-----w- C:\Program Files (x86)\AMD APP
2011-09-29 19:51:13 -------- d-----w- C:\Program Files\Common Files\ATI Technologies
2011-09-29 19:51:13 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies
2011-09-29 19:42:31 -------- d-----w- C:\Program Files (x86)\Battlelog Web Plugins
2011-09-29 18:31:37 -------- d-----w- C:\ProgramData\EA Core
2011-09-29 18:30:42 -------- d--h--w- C:\Program Files (x86)\Common Files\EAInstaller
2011-09-29 17:22:54 -------- d-----w- C:\Users\Arnhem\AppData\Roaming\Origin
2011-09-29 17:22:51 -------- d-----w- C:\Users\Arnhem\AppData\Local\Origin
2011-09-29 17:22:39 -------- d-----w- C:\ProgramData\Origin
2011-09-29 17:22:39 -------- d-----w- C:\ProgramData\Electronic Arts
2011-09-29 17:22:39 -------- d-----w- C:\Program Files (x86)\Origin Games
2011-09-29 17:22:27 -------- d-----w- C:\Program Files (x86)\Origin
2011-09-29 16:32:08 -------- d-----w- C:\Users\Arnhem\AppData\Local\{BBC5D151-3D43-4546-8FB5-275F1455AAC6}
2011-09-29 16:31:44 -------- d-----w- C:\Users\Arnhem\AppData\Local\{7060EBAB-9C44-4A31-B3CE-CE8C2AF9CC7D}
2011-09-28 08:32:09 -------- d-----w- C:\Users\Arnhem\AppData\Local\{CC97E64C-E406-485D-95CD-66D0DDE55459}
2011-09-28 08:31:36 -------- d-----w- C:\Users\Arnhem\AppData\Local\{B92BFC83-282F-4E0A-89F4-0B77E027AA46}
2011-09-28 05:56:48 -------- d-----w- C:\Users\Arnhem\AppData\Local\{AF92ACC8-6FA3-4EDF-8EF0-066A343928DA}
2011-09-28 05:56:26 -------- d-----w- C:\Users\Arnhem\AppData\Local\{82B6281D-4E0D-49D9-829F-66448031B576}
2011-09-27 20:06:45 -------- d-----w- C:\Program Files (x86)\Thugs at Bay
2011-09-27 19:35:41 -------- d-----w- C:\Fraps
2011-09-27 18:14:29 -------- d-----w- C:\Users\Arnhem\AppData\Local\{07ACAD1D-82C0-46C2-B6FE-DA18ED46F979}
2011-09-27 18:13:54 -------- d-----w- C:\Users\Arnhem\AppData\Local\{17434ADB-EF68-427E-B23D-C0D4CFE48D49}
2011-09-27 17:40:46 -------- d-----w- C:\UDK
2011-09-27 13:35:04 -------- d-----w- C:\Users\Arnhem\AppData\Local\{60F10B38-643A-4B27-A2C1-C9A0829EB3D4}
2011-09-27 13:34:39 -------- d-----w- C:\Users\Arnhem\AppData\Local\{E3B824C8-8362-4029-B525-25772C959FDD}
2011-09-26 14:23:10 -------- d-----w- C:\Users\Arnhem\AppData\Local\{9C0D7ED4-33F9-4568-B87D-068B840D0488}
2011-09-26 14:22:46 -------- d-----w- C:\Users\Arnhem\AppData\Local\{D80B1AFD-C29D-4709-9A86-8A7B8D8B4906}
2011-09-25 20:46:49 -------- d-----w- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
2011-09-25 19:50:56 -------- d-----w- C:\Users\Arnhem\AppData\Local\CutePDF Writer
2011-09-25 19:50:23 -------- d-----w- C:\Program Files (x86)\GPLGS
2011-09-25 19:48:42 85504 ----a-w- C:\Windows\System32\cpwmon64.dll
2011-09-25 19:48:42 -------- d-----w- C:\Program Files (x86)\Acro Software
2011-09-25 15:34:15 -------- d-----w- C:\Users\Arnhem\AppData\Local\{7E10DD6E-6A13-43FD-AD8A-C56BB87FCCF8}
2011-09-25 15:33:51 -------- d-----w- C:\Users\Arnhem\AppData\Local\{E05D64BB-4B42-45E9-A106-86DFF63D275D}
2011-09-25 14:09:50 -------- d-----w- C:\Users\Arnhem\AppData\Roaming\UBitMenu
2011-09-25 13:59:28 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
2011-09-25 13:58:44 -------- d-----w- C:\Users\Arnhem\AppData\Local\Microsoft Help
2011-09-25 09:34:14 -------- d-----w- C:\Users\Arnhem\AppData\Local\{9FE2D018-2B3D-4568-A1D8-52CAB9288E03}
2011-09-25 09:33:40 -------- d-----w- C:\Users\Arnhem\AppData\Local\{47AF762C-EC7B-4D6C-8E8C-6AA797D4AB89}
2011-09-25 03:47:17 -------- d-----w- C:\Users\Arnhem\AppData\Local\{1DBCA37A-C57B-437A-9094-CF18794EEE1C}
2011-09-25 03:47:02 -------- d-----w- C:\Users\Arnhem\AppData\Local\{072204B6-13F2-47F7-A137-61222C81D13F}
2011-09-23 00:56:40 -------- d-----w- C:\Users\Arnhem\AppData\Local\{E273B139-471D-4C4B-AF49-2FF77B132C5B}
2011-09-23 00:56:17 -------- d-----w- C:\Users\Arnhem\AppData\Local\{C95312FD-8388-4DF1-BA89-396E821DBB62}
2011-09-21 22:19:54 -------- d-----w- C:\Users\Arnhem\AppData\Local\{126677DF-1C24-4093-ADBA-DBF5C000182F}
2011-09-21 22:19:26 -------- d-----w- C:\Users\Arnhem\AppData\Local\{117D4F35-E655-4ACA-8865-168016EA1C8B}
2011-09-21 10:05:49 -------- d-----w- C:\Users\Arnhem\AppData\Local\{097EC7F2-EF06-49AD-B3D1-C0C7DC2CAE76}
2011-09-21 10:05:25 -------- d-----w- C:\Users\Arnhem\AppData\Local\{6B040E85-97AC-4F0E-A3E0-6BF7F7CDFF15}
2011-09-21 02:24:38 -------- d-----w- C:\Users\Arnhem\AppData\Local\{65BAB9A3-5150-4B46-8C77-2A4B26AE412F}
2011-09-21 02:24:03 -------- d-----w- C:\Users\Arnhem\AppData\Local\{539CF775-ACFA-4371-879F-7B6E0A44D83E}
2011-09-20 19:43:03 -------- d-----w- C:\Users\Arnhem\AppData\Local\{9AE85326-FB91-44E9-89A4-C80728857A14}
2011-09-20 19:42:47 -------- d-----w- C:\Users\Arnhem\AppData\Local\{4CF6F820-5953-4299-A930-4F2773899952}
2011-09-20 04:54:48 -------- d-----w- C:\Users\Arnhem\AppData\Local\{D9BAD932-EE65-40E7-BC85-48590B660297}
2011-09-20 04:54:14 -------- d-----w- C:\Users\Arnhem\AppData\Local\{F188A0D7-6AFB-44E1-9C5F-EF83929F4FC8}
2011-09-20 00:58:07 -------- d-----w- C:\Users\Arnhem\AppData\Local\{B63972DC-231D-4FAF-94B3-051295790ED4}
2011-09-20 00:57:34 -------- d-----w- C:\Users\Arnhem\AppData\Local\{EA80F7F3-3729-4CA7-8C39-1BA5984D218F}
2011-09-19 19:17:24 -------- d-----w- C:\Users\Arnhem\AppData\Local\{C5E95953-BE1A-46C7-BF3B-7D85A24638E7}
2011-09-19 19:16:51 -------- d-----w- C:\Users\Arnhem\AppData\Local\{833F29B3-4A8A-4423-9D5F-60E98A484EE6}
2011-09-19 08:00:26 -------- d-----w- C:\Users\Arnhem\AppData\Local\{E1ADE350-7CDF-4DB0-A037-205A1D147996}
2011-09-19 07:59:58 -------- d-----w- C:\Users\Arnhem\AppData\Local\{A0C16307-4563-42AB-9C77-DCAF1AE5CD3F}
2011-09-19 02:04:23 -------- d-----w- C:\Users\Arnhem\AppData\Local\{10A39B66-E3B6-43F1-807D-C92DB866C1F4}
2011-09-19 02:04:01 -------- d-----w- C:\Users\Arnhem\AppData\Local\{0AA02A5D-4943-4DCC-9430-E18AF8049A07}
2011-09-18 15:39:14 -------- d-----w- C:\Users\Arnhem\AppData\Local\{C0307087-D258-4851-A4E2-007DCCE35034}
2011-09-18 15:38:49 -------- d-----w- C:\Users\Arnhem\AppData\Local\{F6FD1AFF-F44D-4FBA-B7F8-444116670692}
2011-09-18 04:04:29 -------- d-----w- C:\Users\Arnhem\AppData\Local\{3F1B9766-0DE1-495C-9BEA-C2D4A31661F0}
2011-09-18 04:04:05 -------- d-----w- C:\Users\Arnhem\AppData\Local\{354F916B-487C-45DC-902F-5BEBE3B6F357}
.
==================== Find3M ====================
.
2011-10-17 19:03:32 544656 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-10-01 10:58:08 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2011-10-01 10:58:08 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2011-10-01 10:50:33 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2011-10-01 03:21:20 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-10-01 02:59:14 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-09-29 18:30:09 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2011-09-14 09:47:42 60416 ----a-w- C:\Windows\System32\OVDecode64.dll
2011-09-14 09:47:40 53760 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2011-09-14 09:47:10 16652288 ----a-w- C:\Windows\System32\amdocl64.dll
2011-09-14 09:46:58 13625856 ----a-w- C:\Windows\SysWow64\amdocl.dll
2011-09-14 09:38:30 44032 ----a-w- C:\Windows\System32\amdoclcl64.dll
2011-09-14 09:38:28 37376 ----a-w- C:\Windows\SysWow64\amdoclcl.dll
2011-09-08 18:27:22 10203648 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2011-09-08 17:59:44 24229376 ----a-w- C:\Windows\System32\atio6axx.dll
2011-09-08 17:39:44 18534912 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2011-09-08 17:34:20 151552 ----a-w- C:\Windows\System32\atiapfxx.exe
2011-09-08 17:34:10 732672 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2011-09-08 17:32:58 862720 ----a-w- C:\Windows\System32\aticfx64.dll
2011-09-08 17:30:38 466944 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2011-09-08 17:30:26 486912 ----a-w- C:\Windows\System32\atieclxx.exe
2011-09-08 17:29:56 204288 ----a-w- C:\Windows\System32\atiesrxx.exe
2011-09-08 17:28:54 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2011-09-08 17:28:38 423424 ----a-w- C:\Windows\System32\atipdl64.dll
2011-09-08 17:28:32 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll
2011-09-08 17:28:22 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll
2011-09-08 17:28:18 21504 ----a-w- C:\Windows\System32\atimuixx.dll
2011-09-08 17:28:14 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2011-09-08 17:28:10 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2011-09-08 17:24:38 4204032 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2011-09-08 17:18:56 1113088 ----a-w- C:\Windows\System32\atiumd6v.dll
2011-09-08 17:18:22 1828864 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
2011-09-08 17:18:08 3888640 ----a-w- C:\Windows\System32\atiumd6a.dll
2011-09-08 17:16:00 4944896 ----a-w- C:\Windows\System32\atidxx64.dll
2011-09-08 17:09:42 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2011-09-08 17:09:40 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2011-09-08 17:09:30 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2011-09-08 17:09:28 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2011-09-08 17:09:18 8723456 ----a-w- C:\Windows\System32\aticaldd64.dll
2011-09-08 17:08:24 4064768 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2011-09-08 17:05:52 7331840 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2011-09-08 17:05:44 4289024 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2011-09-08 17:00:02 5428736 ----a-w- C:\Windows\System32\atiumd64.dll
2011-09-08 16:59:48 58880 ----a-w- C:\Windows\System32\coinst.dll
2011-09-08 16:53:20 381952 ----a-w- C:\Windows\System32\atiadlxx.dll
2011-09-08 16:53:12 270336 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2011-09-08 16:52:58 15360 ----a-w- C:\Windows\System32\atig6pxx.dll
2011-09-08 16:52:56 13312 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2011-09-08 16:52:56 13312 ----a-w- C:\Windows\System32\atiglpxx.dll
2011-09-08 16:52:54 39936 ----a-w- C:\Windows\System32\atig6txx.dll
2011-09-08 16:52:46 32768 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2011-09-08 16:52:40 310784 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2011-09-08 16:52:00 40960 ----a-w- C:\Windows\System32\atiuxp64.dll
2011-09-08 16:51:54 31744 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2011-09-08 16:51:50 38912 ----a-w- C:\Windows\System32\atiu9p64.dll
2011-09-08 16:51:44 29184 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2011-09-08 16:51:12 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2011-09-08 16:51:02 54784 ----a-w- C:\Windows\System32\atimpc64.dll
2011-09-08 16:51:02 54784 ----a-w- C:\Windows\System32\amdpcom64.dll
2011-09-08 16:50:54 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2011-09-08 16:50:54 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2011-09-06 03:07:02 3134976 ----a-w- C:\Windows\System32\win32k.sys
2011-08-27 05:40:28 861184 ----a-w- C:\Windows\System32\oleaut32.dll
2011-08-27 05:40:28 331776 ----a-w- C:\Windows\System32\oleacc.dll
2011-08-27 04:43:07 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-08-27 04:43:06 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2011-08-20 05:45:20 1197568 ----a-w- C:\Windows\System32\wininet.dll
2011-08-20 05:41:16 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2011-08-20 04:38:10 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-08-20 04:35:20 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2011-08-20 04:20:23 482816 ----a-w- C:\Windows\System32\html.iec
2011-08-20 03:26:38 386048 ----a-w- C:\Windows\SysWow64\html.iec
2011-08-17 05:32:24 613888 ----a-w- C:\Windows\System32\psisdecd.dll
2011-08-17 05:27:46 75776 ----a-w- C:\Windows\System32\MSDvbNP.ax
2011-08-17 05:27:46 288256 ----a-w- C:\Windows\System32\MSNP.ax
2011-08-17 05:27:46 108032 ----a-w- C:\Windows\System32\psisrndr.ax
2011-08-17 05:27:46 104960 ----a-w- C:\Windows\System32\Mpeg2Data.ax
2011-08-17 04:26:02 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll
2011-08-17 04:22:23 72704 ----a-w- C:\Windows\SysWow64\Mpeg2Data.ax
2011-08-17 04:22:23 59904 ----a-w- C:\Windows\SysWow64\MSDvbNP.ax
2011-08-17 04:22:23 204288 ----a-w- C:\Windows\SysWow64\MSNP.ax
.
============= FINISH: 22:50:45.76 ===============
Hi again,
Uninstall this old Java:
Java(TM) 6 Update 22
Open notepad and copy/paste the text in the quotebox below into it:
Folder::
C:\ProgramData\gigwnhspvbda
C:\Users\Arnhem\Downloads\Plogue Chipsounds Standalone VSTi v1.0
C:\Users\All Users\gigwnhspvbda
C:\Users\Arnhem\AppData\Local\c68babac
File::
C:\Users\Arnhem\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\79efab09-25b9b0bc
C:\Users\Arnhem\Documents\My Received Files\xf-a2011-32bits.exe
C:\Users\Arnhem\Documents\My Received Files\xf-a2011-64bits.exe
DDS::
uStart Page = hxxp://www.searchqu.com//406
uWinlogon: Shell=C:\Users\Arnhem\AppData\Local\c68babac\X
uRun: [CreoLab] C:\ProgramData\gigwnhspvbda\lhrlltbf.exe
Save this as
CFScript
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe (let the tool to update itself if prompted).
Then post the resultant log. How's the system running?
ComboFix 11-10-18.01 - Arnhem 18/10/2011 15:43:04.3.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.61.1033.18.6139.4260 [GMT 2:00]
Running from: c:\users\Arnhem\Desktop\ComboFix.exe
Command switches used :: c:\users\Arnhem\Desktop\CFScript.txt
SP: Spybot - Search & Destroy *Disabled/Updated* {1EAF1D03-5480-F3B2-EB14-11F0F5EE2699}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Arnhem\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\79efab09-25b9b0bc"
"c:\users\Arnhem\Documents\My Received Files\xf-a2011-32bits.exe"
"c:\users\Arnhem\Documents\My Received Files\xf-a2011-64bits.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\gigwnhspvbda
c:\programdata\gigwnhspvbda\FRed32.dll
c:\programdata\gigwnhspvbda\instr.ini
c:\programdata\gigwnhspvbda\lhrlltbf.exe
c:\programdata\gigwnhspvbda\SmartGearlhrlltbf.exe
c:\programdata\gigwnhspvbda\spoof.avi
c:\users\All Users\gigwnhspvbda\FRed32.dll
c:\users\All Users\gigwnhspvbda\instr.ini
c:\users\All Users\gigwnhspvbda\lhrlltbf.exe
c:\users\All Users\gigwnhspvbda\SmartGearlhrlltbf.exe
c:\users\All Users\gigwnhspvbda\spoof.avi
c:\users\Arnhem\AppData\Local\c68babac
c:\users\Arnhem\AppData\Local\c68babac\@
c:\users\Arnhem\AppData\Local\c68babac\U\80000000.@
c:\users\Arnhem\AppData\Local\c68babac\U\800000cb.@
c:\users\Arnhem\AppData\Local\c68babac\X
c:\users\Arnhem\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\79efab09-25b9b0bc
c:\users\Arnhem\Documents\My Received Files\xf-a2011-32bits.exe
c:\users\Arnhem\Documents\My Received Files\xf-a2011-64bits.exe
c:\users\Arnhem\Downloads\Plogue Chipsounds Standalone VSTi v1.0
c:\users\Arnhem\Downloads\Plogue Chipsounds Standalone VSTi v1.0\PLGCHPSTDLONEVTIV10HLLWN_POT\Plogue_Chipsound\avaxhome.ws.nfo
c:\users\Arnhem\Downloads\Plogue Chipsounds Standalone VSTi v1.0\PLGCHPSTDLONEVTIV10HLLWN_POT\Plogue_Chipsound\peace-out.nfo
c:\users\Arnhem\Downloads\Plogue Chipsounds Standalone VSTi v1.0\PLGCHPSTDLONEVTIV10HLLWN_POT\Plogue_Chipsound\setup.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-09-18 to 2011-10-18 )))))))))))))))))))))))))))))))
.
.
2011-10-18 13:49 . 2011-10-18 13:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-18 13:38 . 2011-09-13 00:26 9049936 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{485D2325-B0FD-473F-9B24-504B41CA0349}\mpengine.dll
2011-10-17 19:21 . 2011-10-17 19:21 -------- d-----w- c:\program files (x86)\ESET
2011-10-17 19:19 . 2011-10-17 19:19 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-17 19:18 . 2011-10-17 19:18 -------- d-----w- c:\windows\system32\Macromed
2011-10-17 19:14 . 2011-10-17 19:14 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2011-10-17 19:04 . 2011-10-17 19:04 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-10-14 04:06 . 2011-10-14 04:06 -------- d-----w- c:\program files (x86)\ERUNT
2011-10-14 03:08 . 2011-10-17 08:12 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-10-14 03:08 . 2009-01-25 11:14 17272 ----a-w- c:\windows\system32\sdnclean64.exe
2011-10-14 03:08 . 2011-10-14 03:08 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2011-10-12 13:12 . 2011-08-17 05:32 613888 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-02 09:53 . 2011-10-02 09:53 -------- d-----w- c:\program files\CCleaner
2011-09-29 19:51 . 2011-09-29 19:51 -------- d-----w- c:\programdata\ATI
2011-09-29 19:51 . 2011-09-29 19:51 -------- d-----w- c:\program files (x86)\AMD APP
2011-09-29 19:51 . 2011-09-29 19:51 -------- d-----w- c:\program files\Common Files\ATI Technologies
2011-09-29 19:51 . 2011-09-29 19:51 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2011-09-29 19:42 . 2011-09-29 19:42 -------- d-----w- c:\program files (x86)\Battlelog Web Plugins
2011-09-29 18:31 . 2011-09-29 18:31 -------- d-----w- c:\programdata\EA Core
2011-09-29 18:30 . 2011-09-29 18:30 -------- d--h--w- c:\program files (x86)\Common Files\EAInstaller
2011-09-29 17:22 . 2011-09-29 17:22 -------- d-----w- c:\users\Arnhem\AppData\Roaming\Origin
2011-09-29 17:22 . 2011-09-29 17:22 -------- d-----w- c:\users\Arnhem\AppData\Local\Origin
2011-09-29 17:22 . 2011-09-29 18:31 -------- d-----w- c:\programdata\Electronic Arts
2011-09-29 17:22 . 2011-09-29 18:31 -------- d-----w- c:\programdata\Origin
2011-09-29 17:22 . 2011-09-29 17:24 -------- d-----w- c:\program files (x86)\Origin Games
2011-09-29 17:22 . 2011-09-29 17:22 -------- d-----w- c:\program files (x86)\Origin
2011-09-27 20:06 . 2011-09-27 20:06 -------- d-----w- c:\program files (x86)\Thugs at Bay
2011-09-27 19:35 . 2011-09-27 19:35 -------- d-----w- C:\Fraps
2011-09-27 17:40 . 2011-09-27 17:40 -------- d-----w- C:\UDK
2011-09-25 20:46 . 2011-09-25 20:46 -------- d-----w- c:\program files (x86)\Microsoft CAPICOM 2.1.0.2
2011-09-25 20:41 . 2011-09-25 20:41 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2011-09-25 19:50 . 2011-10-16 21:15 -------- d-----w- c:\users\Arnhem\AppData\Local\CutePDF Writer
2011-09-25 19:50 . 2011-09-25 19:50 -------- d-----w- c:\program files (x86)\GPLGS
2011-09-25 19:48 . 2011-09-25 19:48 -------- d-----w- c:\program files (x86)\Acro Software
2011-09-25 19:48 . 2009-11-05 06:40 85504 ----a-w- c:\windows\system32\cpwmon64.dll
2011-09-25 14:09 . 2011-09-25 14:09 -------- d-----w- c:\users\Arnhem\AppData\Roaming\UBitMenu
2011-09-25 14:02 . 2011-09-25 20:44 -------- d-----w- c:\program files (x86)\Microsoft Works
2011-09-25 13:59 . 2011-09-25 13:59 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2011-09-25 13:58 . 2011-09-25 13:58 -------- d-----w- c:\users\Arnhem\AppData\Local\Microsoft Help
2011-09-25 13:58 . 2011-10-13 01:01 -------- d-----w- c:\programdata\Microsoft Help
2011-09-25 13:56 . 2011-09-25 13:56 -------- d-----r- C:\MSOCache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-17 19:03 . 2011-02-08 02:05 544656 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-10-01 10:58 . 2011-07-03 23:59 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-10-01 10:58 . 2011-05-14 02:49 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-10-01 10:50 . 2011-05-14 02:49 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2011-09-29 18:30 . 2011-05-14 02:49 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-09-14 09:47 . 2011-09-14 09:47 60416 ----a-w- c:\windows\system32\OVDecode64.dll
2011-09-14 09:47 . 2011-09-14 09:47 53760 ----a-w- c:\windows\SysWow64\OVDecode.dll
2011-09-14 09:47 . 2011-09-14 09:47 16652288 ----a-w- c:\windows\system32\amdocl64.dll
2011-09-14 09:46 . 2011-09-14 09:46 13625856 ----a-w- c:\windows\SysWow64\amdocl.dll
2011-09-14 09:38 . 2011-09-14 09:38 44032 ----a-w- c:\windows\system32\amdoclcl64.dll
2011-09-14 09:38 . 2011-09-14 09:38 37376 ----a-w- c:\windows\SysWow64\amdoclcl.dll
2011-09-08 18:27 . 2011-09-08 18:27 10203648 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-09-08 17:59 . 2011-09-08 17:59 24229376 ----a-w- c:\windows\system32\atio6axx.dll
2011-09-08 17:39 . 2011-09-08 17:39 18534912 ----a-w- c:\windows\SysWow64\atioglxx.dll
2011-09-08 17:34 . 2011-09-08 17:34 151552 ----a-w- c:\windows\system32\atiapfxx.exe
2011-09-08 17:34 . 2011-05-25 03:07 732672 ----a-w- c:\windows\SysWow64\aticfx32.dll
2011-09-08 17:32 . 2011-05-25 03:06 862720 ----a-w- c:\windows\system32\aticfx64.dll
2011-09-08 17:30 . 2011-05-25 03:04 466944 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-09-08 17:30 . 2011-09-08 17:30 486912 ----a-w- c:\windows\system32\atieclxx.exe
2011-09-08 17:29 . 2011-09-08 17:29 204288 ----a-w- c:\windows\system32\atiesrxx.exe
2011-09-08 17:28 . 2011-09-08 17:28 120320 ----a-w- c:\windows\system32\atitmm64.dll
2011-09-08 17:28 . 2011-05-25 03:02 423424 ----a-w- c:\windows\system32\atipdl64.dll
2011-09-08 17:28 . 2011-09-08 17:28 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll
2011-09-08 17:28 . 2011-09-08 17:28 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
2011-09-08 17:28 . 2011-09-08 17:28 21504 ----a-w- c:\windows\system32\atimuixx.dll
2011-09-08 17:28 . 2011-09-08 17:28 59392 ----a-w- c:\windows\system32\atiedu64.dll
2011-09-08 17:28 . 2011-09-08 17:28 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2011-09-08 17:24 . 2011-05-25 02:58 4204032 ----a-w- c:\windows\SysWow64\atidxx32.dll
2011-09-08 17:18 . 2011-09-08 17:18 1113088 ----a-w- c:\windows\system32\atiumd6v.dll
2011-09-08 17:18 . 2011-09-08 17:18 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2011-09-08 17:18 . 2011-05-25 02:59 3888640 ----a-w- c:\windows\system32\atiumd6a.dll
2011-09-08 17:16 . 2009-07-13 21:59 4944896 ----a-w- c:\windows\system32\atidxx64.dll
2011-09-08 17:09 . 2011-09-08 17:09 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2011-09-08 17:09 . 2011-09-08 17:09 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2011-09-08 17:09 . 2011-09-08 17:09 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2011-09-08 17:09 . 2011-09-08 17:09 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2011-09-08 17:09 . 2011-09-08 17:09 8723456 ----a-w- c:\windows\system32\aticaldd64.dll
2011-09-08 17:08 . 2011-09-08 17:08 4064768 ----a-w- c:\windows\SysWow64\atiumdva.dll
2011-09-08 17:05 . 2011-09-08 17:05 7331840 ----a-w- c:\windows\SysWow64\aticaldd.dll
2011-09-08 17:05 . 2011-09-08 17:05 4289024 ----a-w- c:\windows\SysWow64\atiumdag.dll
2011-09-08 17:00 . 2011-05-25 02:33 5428736 ----a-w- c:\windows\system32\atiumd64.dll
2011-09-08 16:59 . 2011-05-25 02:19 58880 ----a-w- c:\windows\system32\coinst.dll
2011-09-08 16:53 . 2011-05-25 02:26 381952 ----a-w- c:\windows\system32\atiadlxx.dll
2011-09-08 16:53 . 2011-09-08 16:53 270336 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2011-09-08 16:52 . 2011-09-08 16:52 15360 ----a-w- c:\windows\system32\atig6pxx.dll
2011-09-08 16:52 . 2011-09-08 16:52 13312 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2011-09-08 16:52 . 2011-09-08 16:52 13312 ----a-w- c:\windows\system32\atiglpxx.dll
2011-09-08 16:52 . 2011-09-08 16:52 39936 ----a-w- c:\windows\system32\atig6txx.dll
2011-09-08 16:52 . 2011-09-08 16:52 32768 ----a-w- c:\windows\SysWow64\atigktxx.dll
2011-09-08 16:52 . 2011-09-08 16:52 310784 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-09-08 16:52 . 2011-05-25 02:24 40960 ----a-w- c:\windows\system32\atiuxp64.dll
2011-09-08 16:51 . 2011-05-25 02:24 31744 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2011-09-08 16:51 . 2011-05-25 02:24 38912 ----a-w- c:\windows\system32\atiu9p64.dll
2011-09-08 16:51 . 2011-05-25 02:24 29184 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2011-09-08 16:51 . 2011-09-08 16:51 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-09-08 16:51 . 2011-09-08 16:51 54784 ----a-w- c:\windows\system32\atimpc64.dll
2011-09-08 16:51 . 2011-09-08 16:51 54784 ----a-w- c:\windows\system32\amdpcom64.dll
2011-09-08 16:50 . 2011-09-08 16:50 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
2011-09-08 16:50 . 2011-09-08 16:50 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-10-17_08.27.08 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-10-30 15:38 . 2011-10-18 13:52 40846 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-10-18 13:52 38378 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-10-29 21:45 . 2011-10-18 13:52 13488 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-587842109-1465246950-3102458467-1001_UserData.bin
+ 2010-11-29 14:38 . 2011-10-18 13:50 62078 c:\windows\system32\config\systemprofile\AppData\Roaming\WTablet\Pen_Tablet.dat
- 2010-10-29 21:45 . 2011-10-17 08:28 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-10-29 21:45 . 2011-10-18 13:33 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-10-29 21:45 . 2011-10-17 08:28 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-10-29 21:45 . 2011-10-18 13:33 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-10-29 21:45 . 2011-10-18 13:33 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-10-29 21:45 . 2011-10-17 08:28 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-10-29 21:45 . 2011-10-17 08:28 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-10-29 21:45 . 2011-10-18 13:33 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-10-29 21:45 . 2011-10-18 13:33 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-10-29 21:45 . 2011-10-17 08:28 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-10-17 19:14 . 2011-10-17 19:14 32256 c:\windows\Installer\2472cab.msi
+ 2011-06-06 10:55 . 2011-06-06 10:55 73624 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\wow_helper.exe
+ 2011-06-06 10:55 . 2011-06-06 10:55 17304 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\ViewerPS.dll
+ 2011-06-06 10:55 . 2011-06-06 10:55 35736 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\reader_sl.exe
+ 2011-06-06 10:55 . 2011-06-06 10:55 88992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\PDFPrevHndlr.dll
+ 2011-06-06 10:55 . 2011-06-06 10:55 94608 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\eula.exe
+ 2011-06-06 10:55 . 2011-06-06 10:55 49064 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acrotextextractor.exe
+ 2011-06-06 10:55 . 2011-06-06 10:55 17824 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32Info.exe
+ 2011-06-06 10:55 . 2011-06-06 10:55 63912 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acroiehelpershim.dll
+ 2011-06-06 10:55 . 2011-06-06 10:55 64928 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroIEHelper.dll
+ 2011-06-06 10:55 . 2011-06-06 10:55 63384 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\Acrofx32.dll
+ 2011-10-18 13:50 . 2011-10-18 13:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-10-17 08:26 . 2011-10-17 08:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-10-18 13:50 . 2011-10-18 13:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-10-17 08:26 . 2011-10-17 08:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-10-17 19:19 . 2011-10-17 19:19 247968 c:\windows\SysWOW64\Macromed\Flash\FlashUtil11c_Plugin.exe
+ 2011-02-08 02:05 . 2011-10-17 19:03 214408 c:\windows\SysWOW64\javaws.exe
+ 2011-02-08 02:05 . 2011-10-17 19:03 173960 c:\windows\SysWOW64\javaw.exe
+ 2011-02-08 02:05 . 2011-10-17 19:03 173960 c:\windows\SysWOW64\java.exe
+ 2010-10-30 01:37 . 2011-10-17 15:12 312324 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:36 . 2011-10-17 08:12 664992 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-10-18 13:38 664992 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-10-17 08:12 125696 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2011-10-18 13:38 125696 c:\windows\system32\perfc009.dat
+ 2011-10-17 19:19 . 2011-10-17 19:19 461984 c:\windows\system32\Macromed\Flash\FlashUtil64_11_0_1_Plugin.exe
- 2009-07-14 05:01 . 2011-10-17 08:25 460212 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-10-18 13:49 460212 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-10-17 19:03 . 2011-10-17 19:03 180224 c:\windows\Installer\2472b54.msi
+ 2011-10-17 19:02 . 2011-10-17 19:02 941056 c:\windows\Installer\2472b46.msi
+ 2011-06-06 10:55 . 2011-06-06 10:55 249232 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\sqlite.dll
+ 2011-06-06 10:55 . 2011-06-06 10:55 394136 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\pdfshell.dll
+ 2011-06-06 10:55 . 2011-06-06 10:55 183696 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\nppdf32.dll
+ 2011-06-06 10:55 . 2011-06-06 10:55 104344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AiodLite.dll
+ 2011-06-06 10:55 . 2011-06-06 10:55 102808 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRdIF.dll
+ 2011-06-06 10:55 . 2011-06-06 10:55 755088 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroPDF.dll
+ 2011-06-06 10:55 . 2011-06-06 10:55 296344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acrobroker.exe
+ 2011-06-06 10:55 . 2011-06-06 10:55 205720 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\a3dutils.dll
+ 2011-10-18 13:32 . 2005-10-20 10:02 163328 c:\windows\ERDNT\AutoBackup\18-10-2011\ERDNT.EXE
+ 2011-10-17 19:19 . 2011-10-17 19:19 8522400 c:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
- 2011-02-11 12:33 . 2011-10-17 08:25 1640984 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-02-11 12:33 . 2011-10-18 13:49 1640984 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-06-06 20:45 . 2011-06-06 20:45 2318848 c:\windows\Installer\2472cf0.msi
+ 2011-06-06 10:55 . 2011-06-06 10:55 2215312 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\rt3d.dll
+ 2011-06-06 10:55 . 2011-06-06 10:55 6543768 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\authplay.dll
+ 2011-06-06 10:55 . 2011-06-06 10:55 1240992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AdobeCollabSync.exe
+ 2011-06-06 10:55 . 2011-06-06 10:55 1480600 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32.exe
+ 2011-10-18 13:32 . 2011-10-18 13:32 4075520 c:\windows\ERDNT\AutoBackup\18-10-2011\Users\00000002\UsrClass.dat
+ 2011-10-18 13:32 . 2011-10-18 13:32 2670592 c:\windows\ERDNT\AutoBackup\18-10-2011\Users\00000001\NTUSER.DAT
+ 2009-07-14 02:34 . 2011-10-18 13:48 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:34 . 2011-10-16 22:21 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2011-10-17 19:19 . 2011-10-17 19:19 11328672 c:\windows\system32\Macromed\Flash\NPSWF64_11_0_1.dll
+ 2010-11-22 10:19 . 2011-10-18 13:49 17003896 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-587842109-1465246950-3102458467-1001-12288.dat
+ 2011-09-05 21:51 . 2011-09-05 21:51 13135872 c:\windows\Installer\2472cf1.msp
+ 2011-06-06 10:55 . 2011-06-06 10:55 24731544 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Arnhem\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Arnhem\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Arnhem\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Arnhem\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-08-24 1242448]
"GameXN (update)"="c:\programdata\GameXN\GameXNGO.exe" [2011-09-09 347008]
"GameXN (news)"="c:\programdata\GameXN\GameXNGO.exe" [2011-09-09 347008]
"ccleaner"="c:\program files\CCleaner\CCleaner64.exe" [2011-09-23 4478784]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-08-18 421736]
"Net iD"="c:\program files (x86)\Net iD\iid.exe" [2011-03-21 87352]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-09-08 343168]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2011-10-05 3578272]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
c:\users\Arnhem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Dropbox.lnk - c:\users\Arnhem\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-11-17 1066536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SDWinLogon]
SDWinLogon.dll [BU]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-03-16 1436424]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [x]
R3 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2011-10-05 892336]
R3 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2011-10-05 955816]
R3 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2011-10-05 169624]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 SDHookDriver;Spybot-S&D 2 Hook Driver;c:\program files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [2011-10-05 48888]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 mi-raysat_3dsmax2011_32;mental ray 3.8 Satellite for Autodesk 3ds Max 2011 32-bit 32-bit;c:\program files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe [2010-03-10 86016]
S2 mi-raysat_3dsmax2011_64;mental ray 3.8 Satellite for Autodesk 3ds Max 2011 64-bit 64-bit;c:\program files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe [2010-03-10 86016]
S2 SDHookService;Spybot S&D 2 Live Protection Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDHookSvc.exe [2011-10-05 130976]
S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2010-10-13 5790064]
S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2010-10-13 487280]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
S3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\DRIVERS\OA001Ufd.sys [x]
S3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\DRIVERS\OA001Vid.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-18 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2011-10-14 13:46]
.
2011-10-17 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\program files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2011-10-14 13:46]
.
2011-10-17 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\program files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2011-10-14 13:46]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Arnhem\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Arnhem\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Arnhem\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Arnhem\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-09-25 1552168]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 2327952]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 83.255.245.11 193.150.193.150
FF - ProfilePath - c:\users\Arnhem\AppData\Roaming\Mozilla\Firefox\Profiles\bqyusmwu.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnG=Google+Search&q=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-587842109-1465246950-3102458467-1001\Software\SecuROM\License information*]
"datasecu"=hex:6a,96,86,0e,eb,a3,d5,66,46,da,43,bd,e2,78,82,01,19,27,6b,a6,d5,
7b,b0,21,7c,c3,48,79,be,e9,8d,a3,ff,71,33,df,f8,cd,2b,4e,08,d9,c1,33,a8,9c,\
"rkeysecu"=hex:c4,05,15,5f,42,ca,4d,5f,8a,58,b2,4a,be,1a,8b,96
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\windows\SysWOW64\RunDll32.exe
c:\program files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
.
**************************************************************************
.
Completion time: 2011-10-18 15:56:01 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-18 13:56
ComboFix2.txt 2011-10-17 18:57
ComboFix3.txt 2011-10-17 08:32
.
Pre-Run: 168,854,142,976 bytes free
Post-Run: 168,562,536,448 bytes free
.
- - End Of File - - 2058671FB8BE328A64B9900A86AB471D
The system runs as usual, no performance drops that are noticable. I had one pop up for codecs since the last log, when i use google i don't get redirected so that's excellent. The search engine from firefox start page is still Searchq and it's still added to IE as the default search bar (i'm guessing these are just things that need to be changed or removed, i just haven't done so because i don't want to mess anything up before we know what's going on)
other than the search engine thing, it's just a pop up that occurs infrequently.
Hi,
Please download Malwarebytes' Anti-Malware (http://www.besttechie.net/tools/mbam-setup.exe) to your desktop.
Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please save it to a convenient location.
Please post contents of that file in your next reply with fresh dds.txt log.
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 10.0.0
Run by Arnhem at 19:54:00 on 2011-10-18
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.61.1033.18.6139.4259 [GMT 2:00]
.
SP: Spybot - Search & Destroy *Disabled/Updated* {1EAF1D03-5480-F3B2-EB14-11F0F5EE2699}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Program Files\Tablet\Pen\Pen_TouchService.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe
C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookSvc.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Net iD\iid.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Users\Arnhem\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\DllHost.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
TB: Web Accessibility Toolbar: {11352a67-0178-46b1-8855-d50b2f81c054} - C:\PROGRA~2\ACCESS~1\ACCESS~1.DLL
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [GameXN (update)] "C:\ProgramData\GameXN\GameXNGO.exe" /u
uRun: [GameXN (news)] "C:\ProgramData\GameXN\GameXNGO.exe" /n
uRun: [ccleaner] "C:\Program Files\CCleaner\CCleaner64.exe" /AUTO
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Net iD] "C:\Program Files (x86)\Net iD\iid.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\Users\Arnhem\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
StartupFolder: C:\Users\Arnhem\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Arnhem\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Arnhem\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
TCP: DhcpNameServer = 83.255.245.11 193.150.193.150
TCP: Interfaces\{833F4ED1-7FBC-4DF3-8CC7-6AF12719D1DC} : DhcpNameServer = 83.255.245.11 193.150.193.150
TCP: Interfaces\{D100012C-EB29-45AE-A97E-BFE9EA3FFDB6} : DhcpNameServer = 83.255.245.11 193.150.193.150
TCP: Interfaces\{D100012C-EB29-45AE-A97E-BFE9EA3FFDB6}\2556B64757D6E45445 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{D100012C-EB29-45AE-A97E-BFE9EA3FFDB6}\35B656A71647368696 : DhcpNameServer = 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
TB-X64: Web Accessibility Toolbar: {11352A67-0178-46B1-8855-D50B2F81C054} - C:\PROGRA~2\ACCESS~1\ACCESS~1.DLL
mRun-x64: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Net iD] "C:\Program Files (x86)\Net iD\iid.exe"
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Arnhem\AppData\Roaming\Mozilla\Firefox\Profiles\bqyusmwu.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnG=Google+Search&q=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npiidplg.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 SDHookDriver;Spybot-S&D 2 Hook Driver;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [2011-10-14 48888]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-10-18 366152]
R2 mi-raysat_3dsmax2011_32;mental ray 3.8 Satellite for Autodesk 3ds Max 2011 32-bit 32-bit;C:\Program Files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe [2010-3-10 86016]
R2 mi-raysat_3dsmax2011_64;mental ray 3.8 Satellite for Autodesk 3ds Max 2011 64-bit 64-bit;C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe [2010-3-10 86016]
R2 SDHookService;Spybot S&D 2 Live Protection Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookSvc.exe [2011-10-14 130976]
R2 TabletServicePen;TabletServicePen;C:\Program Files\Tablet\Pen\Pen_Tablet.exe [2010-11-26 5790064]
R2 TouchServicePen;Wacom Consumer Touch Service;C:\Program Files\Tablet\Pen\Pen_TouchService.exe [2010-11-26 487280]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;C:\Windows\system32\DRIVERS\OA001Ufd.sys --> C:\Windows\system32\DRIVERS\OA001Ufd.sys [?]
R3 OA001Vid;Creative Camera OA001 Function Driver;C:\Windows\system32\DRIVERS\OA001Vid.sys --> C:\Windows\system32\DRIVERS\OA001Vid.sys [?]
R3 wacmoumonitor;Wacom Mode Helper;C:\Windows\system32\DRIVERS\wacmoumonitor.sys --> C:\Windows\system32\DRIVERS\wacmoumonitor.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-3-16 1436424]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\system32\DRIVERS\netaapl64.sys --> C:\Windows\system32\DRIVERS\netaapl64.sys [?]
S3 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2011-10-14 892336]
S3 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2011-10-14 955816]
S3 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2011-10-14 169624]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-10-18 17:53:57 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{485D2325-B0FD-473F-9B24-504B41CA0349}\offreg.dll
2011-10-18 16:58:52 -------- d-----w- C:\Users\Arnhem\AppData\Roaming\Malwarebytes
2011-10-18 16:58:46 -------- d-----w- C:\ProgramData\Malwarebytes
2011-10-18 16:58:43 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-10-18 16:58:43 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-10-18 13:50:55 -------- d-sh--w- C:\$RECYCLE.BIN
2011-10-18 13:41:39 -------- d-----w- C:\ComboFix
2011-10-18 13:38:23 9049936 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{485D2325-B0FD-473F-9B24-504B41CA0349}\mpengine.dll
2011-10-18 02:43:43 -------- d-----w- C:\Users\Arnhem\AppData\Local\{8453C44F-756F-4197-8AE1-653FF6BEDEBF}
2011-10-18 02:42:38 -------- d-----w- C:\Users\Arnhem\AppData\Local\{122D52CA-42A7-45BA-86A6-B211E98FB969}
2011-10-17 19:21:07 -------- d-----w- C:\Program Files (x86)\ESET
2011-10-17 19:19:30 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-17 13:36:22 -------- d-----w- C:\Users\Arnhem\AppData\Local\{C7FD4943-6DA2-4B30-A77A-E3C441977D34}
2011-10-17 13:35:57 -------- d-----w- C:\Users\Arnhem\AppData\Local\{69153016-A4FD-45A5-A69B-585239C38082}
2011-10-17 08:16:31 98816 ----a-w- C:\Windows\sed.exe
2011-10-17 08:16:31 518144 ----a-w- C:\Windows\SWREG.exe
2011-10-17 08:16:31 256000 ----a-w- C:\Windows\PEV.exe
2011-10-17 08:16:31 208896 ----a-w- C:\Windows\MBR.exe
2011-10-14 03:08:50 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2011-10-14 03:08:38 17272 ----a-w- C:\Windows\System32\sdnclean64.exe
2011-10-14 03:08:35 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2011-10-13 20:33:32 -------- d-----w- C:\Users\Arnhem\AppData\Local\{C15863C8-C672-46AD-97F8-D577FF18B40F}
2011-10-13 20:32:58 -------- d-----w- C:\Users\Arnhem\AppData\Local\{E4ABF979-C0E5-4DDB-96C0-7ECB92570008}
2011-10-13 01:25:47 -------- d-----w- C:\Users\Arnhem\AppData\Local\{F60E279F-41FE-4B1C-9258-70D102459A7C}
2011-10-13 01:25:08 -------- d-----w- C:\Users\Arnhem\AppData\Local\{F1BDDAE4-2C4E-4214-A46E-22DB74F8AC14}
2011-10-12 16:21:14 -------- d-----w- C:\Users\Arnhem\AppData\Local\{CEA8F98E-1536-45A8-A87E-151A25DB4B25}
2011-10-12 16:20:50 -------- d-----w- C:\Users\Arnhem\AppData\Local\{70B6F2A3-275B-438A-AAB6-B4BEA9A8B775}
2011-10-12 13:12:45 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
2011-10-10 12:16:30 -------- d-----w- C:\Users\Arnhem\AppData\Local\{6A0A16FD-54B1-4E48-911C-81F7281C73BA}
2011-10-10 12:15:54 -------- d-----w- C:\Users\Arnhem\AppData\Local\{E6618734-5CEA-4840-A27E-CB8458DA7479}
2011-10-09 17:10:38 -------- d-----w- C:\Users\Arnhem\AppData\Local\{3F5C3F5B-5E25-4B86-90B4-CA5984C216F1}
2011-10-09 17:10:12 -------- d-----w- C:\Users\Arnhem\AppData\Local\{4119DE13-4778-4A50-A0E8-92FBB4CAA079}
2011-10-08 11:19:10 -------- d-----w- C:\Users\Arnhem\AppData\Local\{141915DC-0EAA-4918-91DD-72026851A830}
2011-10-08 11:18:47 -------- d-----w- C:\Users\Arnhem\AppData\Local\{11A75D34-32D4-47BF-8EF1-65AB72B92430}
2011-10-06 16:32:23 -------- d-----w- C:\Users\Arnhem\AppData\Local\{6B5CDBEF-E60E-40EA-B375-D5C5D5D5C022}
2011-10-06 16:32:00 -------- d-----w- C:\Users\Arnhem\AppData\Local\{D0FA8CC2-F669-4EB6-9D37-84C208DF8DB1}
2011-10-05 15:38:29 -------- d-----w- C:\Users\Arnhem\AppData\Local\{BE68F107-987A-41CF-86DE-6C303951F770}
2011-10-05 15:38:04 -------- d-----w- C:\Users\Arnhem\AppData\Local\{1B20D703-E7E5-463E-B8DF-E6E7FDAEBD14}
2011-10-05 01:04:46 -------- d-----w- C:\Users\Arnhem\AppData\Local\{C161C6AA-99FC-417B-B2DA-A73E6BE5C4A0}
2011-10-05 01:04:22 -------- d-----w- C:\Users\Arnhem\AppData\Local\{E77DC846-4CAF-49EF-853C-A42D1EFD734B}
2011-10-03 13:59:29 -------- d-----w- C:\Users\Arnhem\AppData\Local\{BEC77D5A-B595-46F7-9396-2E2867FF9B1B}
2011-10-03 13:59:04 -------- d-----w- C:\Users\Arnhem\AppData\Local\{B2F75C00-DBBB-432F-8080-F9612DC2EC59}
2011-10-02 09:53:39 -------- d-----w- C:\Program Files\CCleaner
2011-10-02 09:47:38 -------- d-----w- C:\Users\Arnhem\AppData\Local\{E42AF2C5-25B3-44E6-84C7-1BC5CFFC33CD}
2011-10-02 09:47:11 -------- d-----w- C:\Users\Arnhem\AppData\Local\{FFC03E53-CD63-45C3-A315-71FBF622AEA6}
2011-10-01 12:19:28 -------- d-----w- C:\Users\Arnhem\AppData\Local\{4DDC42B7-F24C-44D0-AF19-B12D1C43C1DC}
2011-10-01 12:18:52 -------- d-----w- C:\Users\Arnhem\AppData\Local\{A84943AB-A09D-433E-BA1F-B0B2064307C0}
2011-10-01 07:31:43 -------- d-----w- C:\Users\Arnhem\AppData\Local\{748085CF-77D2-46CE-B2D9-1AA9C0E45373}
2011-10-01 07:31:17 -------- d-----w- C:\Users\Arnhem\AppData\Local\{FB33D34F-2E42-454D-A997-7D1EA44E3BC6}
2011-09-30 13:43:31 -------- d-----w- C:\Users\Arnhem\AppData\Local\{A3A6DDFD-B5C6-4E66-AA12-8AA8DA41FB56}
2011-09-30 13:42:57 -------- d-----w- C:\Users\Arnhem\AppData\Local\{FDBAEBE9-A92D-4181-B55C-B683F389C364}
2011-09-30 08:09:07 -------- d-----w- C:\Users\Arnhem\AppData\Local\{661A534F-15EB-4168-9C2E-E899D191CFCA}
2011-09-30 08:08:43 -------- d-----w- C:\Users\Arnhem\AppData\Local\{B3AAB1B3-91B2-470C-A311-F7E3C4D85C00}
2011-09-29 19:51:17 -------- d-----w- C:\Program Files (x86)\AMD APP
2011-09-29 19:51:13 -------- d-----w- C:\Program Files\Common Files\ATI Technologies
2011-09-29 19:51:13 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies
2011-09-29 19:42:31 -------- d-----w- C:\Program Files (x86)\Battlelog Web Plugins
2011-09-29 18:31:37 -------- d-----w- C:\ProgramData\EA Core
2011-09-29 18:30:42 -------- d--h--w- C:\Program Files (x86)\Common Files\EAInstaller
2011-09-29 17:22:54 -------- d-----w- C:\Users\Arnhem\AppData\Roaming\Origin
2011-09-29 17:22:51 -------- d-----w- C:\Users\Arnhem\AppData\Local\Origin
2011-09-29 17:22:39 -------- d-----w- C:\ProgramData\Origin
2011-09-29 17:22:39 -------- d-----w- C:\ProgramData\Electronic Arts
2011-09-29 17:22:39 -------- d-----w- C:\Program Files (x86)\Origin Games
2011-09-29 17:22:27 -------- d-----w- C:\Program Files (x86)\Origin
2011-09-29 16:32:08 -------- d-----w- C:\Users\Arnhem\AppData\Local\{BBC5D151-3D43-4546-8FB5-275F1455AAC6}
2011-09-29 16:31:44 -------- d-----w- C:\Users\Arnhem\AppData\Local\{7060EBAB-9C44-4A31-B3CE-CE8C2AF9CC7D}
2011-09-28 08:32:09 -------- d-----w- C:\Users\Arnhem\AppData\Local\{CC97E64C-E406-485D-95CD-66D0DDE55459}
2011-09-28 08:31:36 -------- d-----w- C:\Users\Arnhem\AppData\Local\{B92BFC83-282F-4E0A-89F4-0B77E027AA46}
2011-09-28 05:56:48 -------- d-----w- C:\Users\Arnhem\AppData\Local\{AF92ACC8-6FA3-4EDF-8EF0-066A343928DA}
2011-09-28 05:56:26 -------- d-----w- C:\Users\Arnhem\AppData\Local\{82B6281D-4E0D-49D9-829F-66448031B576}
2011-09-27 20:06:45 -------- d-----w- C:\Program Files (x86)\Thugs at Bay
2011-09-27 19:35:41 -------- d-----w- C:\Fraps
2011-09-27 18:14:29 -------- d-----w- C:\Users\Arnhem\AppData\Local\{07ACAD1D-82C0-46C2-B6FE-DA18ED46F979}
2011-09-27 18:13:54 -------- d-----w- C:\Users\Arnhem\AppData\Local\{17434ADB-EF68-427E-B23D-C0D4CFE48D49}
2011-09-27 17:40:46 -------- d-----w- C:\UDK
2011-09-27 13:35:04 -------- d-----w- C:\Users\Arnhem\AppData\Local\{60F10B38-643A-4B27-A2C1-C9A0829EB3D4}
2011-09-27 13:34:39 -------- d-----w- C:\Users\Arnhem\AppData\Local\{E3B824C8-8362-4029-B525-25772C959FDD}
2011-09-26 14:23:10 -------- d-----w- C:\Users\Arnhem\AppData\Local\{9C0D7ED4-33F9-4568-B87D-068B840D0488}
2011-09-26 14:22:46 -------- d-----w- C:\Users\Arnhem\AppData\Local\{D80B1AFD-C29D-4709-9A86-8A7B8D8B4906}
2011-09-25 20:46:49 -------- d-----w- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
2011-09-25 19:50:56 -------- d-----w- C:\Users\Arnhem\AppData\Local\CutePDF Writer
2011-09-25 19:50:23 -------- d-----w- C:\Program Files (x86)\GPLGS
2011-09-25 19:48:42 85504 ----a-w- C:\Windows\System32\cpwmon64.dll
2011-09-25 19:48:42 -------- d-----w- C:\Program Files (x86)\Acro Software
2011-09-25 15:34:15 -------- d-----w- C:\Users\Arnhem\AppData\Local\{7E10DD6E-6A13-43FD-AD8A-C56BB87FCCF8}
2011-09-25 15:33:51 -------- d-----w- C:\Users\Arnhem\AppData\Local\{E05D64BB-4B42-45E9-A106-86DFF63D275D}
2011-09-25 14:09:50 -------- d-----w- C:\Users\Arnhem\AppData\Roaming\UBitMenu
2011-09-25 13:59:28 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
2011-09-25 13:58:44 -------- d-----w- C:\Users\Arnhem\AppData\Local\Microsoft Help
2011-09-25 09:34:14 -------- d-----w- C:\Users\Arnhem\AppData\Local\{9FE2D018-2B3D-4568-A1D8-52CAB9288E03}
2011-09-25 09:33:40 -------- d-----w- C:\Users\Arnhem\AppData\Local\{47AF762C-EC7B-4D6C-8E8C-6AA797D4AB89}
2011-09-25 03:47:17 -------- d-----w- C:\Users\Arnhem\AppData\Local\{1DBCA37A-C57B-437A-9094-CF18794EEE1C}
2011-09-25 03:47:02 -------- d-----w- C:\Users\Arnhem\AppData\Local\{072204B6-13F2-47F7-A137-61222C81D13F}
2011-09-23 00:56:40 -------- d-----w- C:\Users\Arnhem\AppData\Local\{E273B139-471D-4C4B-AF49-2FF77B132C5B}
2011-09-23 00:56:17 -------- d-----w- C:\Users\Arnhem\AppData\Local\{C95312FD-8388-4DF1-BA89-396E821DBB62}
2011-09-21 22:19:54 -------- d-----w- C:\Users\Arnhem\AppData\Local\{126677DF-1C24-4093-ADBA-DBF5C000182F}
2011-09-21 22:19:26 -------- d-----w- C:\Users\Arnhem\AppData\Local\{117D4F35-E655-4ACA-8865-168016EA1C8B}
2011-09-21 10:05:49 -------- d-----w- C:\Users\Arnhem\AppData\Local\{097EC7F2-EF06-49AD-B3D1-C0C7DC2CAE76}
2011-09-21 10:05:25 -------- d-----w- C:\Users\Arnhem\AppData\Local\{6B040E85-97AC-4F0E-A3E0-6BF7F7CDFF15}
2011-09-21 02:24:38 -------- d-----w- C:\Users\Arnhem\AppData\Local\{65BAB9A3-5150-4B46-8C77-2A4B26AE412F}
2011-09-21 02:24:03 -------- d-----w- C:\Users\Arnhem\AppData\Local\{539CF775-ACFA-4371-879F-7B6E0A44D83E}
2011-09-20 19:43:03 -------- d-----w- C:\Users\Arnhem\AppData\Local\{9AE85326-FB91-44E9-89A4-C80728857A14}
2011-09-20 19:42:47 -------- d-----w- C:\Users\Arnhem\AppData\Local\{4CF6F820-5953-4299-A930-4F2773899952}
2011-09-20 04:54:48 -------- d-----w- C:\Users\Arnhem\AppData\Local\{D9BAD932-EE65-40E7-BC85-48590B660297}
2011-09-20 04:54:14 -------- d-----w- C:\Users\Arnhem\AppData\Local\{F188A0D7-6AFB-44E1-9C5F-EF83929F4FC8}
2011-09-20 00:58:07 -------- d-----w- C:\Users\Arnhem\AppData\Local\{B63972DC-231D-4FAF-94B3-051295790ED4}
2011-09-20 00:57:34 -------- d-----w- C:\Users\Arnhem\AppData\Local\{EA80F7F3-3729-4CA7-8C39-1BA5984D218F}
2011-09-19 19:17:24 -------- d-----w- C:\Users\Arnhem\AppData\Local\{C5E95953-BE1A-46C7-BF3B-7D85A24638E7}
2011-09-19 19:16:51 -------- d-----w- C:\Users\Arnhem\AppData\Local\{833F29B3-4A8A-4423-9D5F-60E98A484EE6}
2011-09-19 08:00:26 -------- d-----w- C:\Users\Arnhem\AppData\Local\{E1ADE350-7CDF-4DB0-A037-205A1D147996}
2011-09-19 07:59:58 -------- d-----w- C:\Users\Arnhem\AppData\Local\{A0C16307-4563-42AB-9C77-DCAF1AE5CD3F}
2011-09-19 02:04:23 -------- d-----w- C:\Users\Arnhem\AppData\Local\{10A39B66-E3B6-43F1-807D-C92DB866C1F4}
2011-09-19 02:04:01 -------- d-----w- C:\Users\Arnhem\AppData\Local\{0AA02A5D-4943-4DCC-9430-E18AF8049A07}
.
==================== Find3M ====================
.
2011-10-17 19:03:32 544656 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-10-01 10:58:08 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2011-10-01 10:58:08 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2011-10-01 10:50:33 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2011-10-01 03:21:20 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-10-01 02:59:14 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-09-29 18:30:09 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2011-09-14 09:47:42 60416 ----a-w- C:\Windows\System32\OVDecode64.dll
2011-09-14 09:47:40 53760 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2011-09-14 09:47:10 16652288 ----a-w- C:\Windows\System32\amdocl64.dll
2011-09-14 09:46:58 13625856 ----a-w- C:\Windows\SysWow64\amdocl.dll
2011-09-14 09:38:30 44032 ----a-w- C:\Windows\System32\amdoclcl64.dll
2011-09-14 09:38:28 37376 ----a-w- C:\Windows\SysWow64\amdoclcl.dll
2011-09-08 18:27:22 10203648 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2011-09-08 17:59:44 24229376 ----a-w- C:\Windows\System32\atio6axx.dll
2011-09-08 17:39:44 18534912 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2011-09-08 17:34:20 151552 ----a-w- C:\Windows\System32\atiapfxx.exe
2011-09-08 17:34:10 732672 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2011-09-08 17:32:58 862720 ----a-w- C:\Windows\System32\aticfx64.dll
2011-09-08 17:30:38 466944 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2011-09-08 17:30:26 486912 ----a-w- C:\Windows\System32\atieclxx.exe
2011-09-08 17:29:56 204288 ----a-w- C:\Windows\System32\atiesrxx.exe
2011-09-08 17:28:54 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2011-09-08 17:28:38 423424 ----a-w- C:\Windows\System32\atipdl64.dll
2011-09-08 17:28:32 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll
2011-09-08 17:28:22 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll
2011-09-08 17:28:18 21504 ----a-w- C:\Windows\System32\atimuixx.dll
2011-09-08 17:28:14 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2011-09-08 17:28:10 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2011-09-08 17:24:38 4204032 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2011-09-08 17:18:56 1113088 ----a-w- C:\Windows\System32\atiumd6v.dll
2011-09-08 17:18:22 1828864 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
2011-09-08 17:18:08 3888640 ----a-w- C:\Windows\System32\atiumd6a.dll
2011-09-08 17:16:00 4944896 ----a-w- C:\Windows\System32\atidxx64.dll
2011-09-08 17:09:42 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2011-09-08 17:09:40 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2011-09-08 17:09:30 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2011-09-08 17:09:28 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2011-09-08 17:09:18 8723456 ----a-w- C:\Windows\System32\aticaldd64.dll
2011-09-08 17:08:24 4064768 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2011-09-08 17:05:52 7331840 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2011-09-08 17:05:44 4289024 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2011-09-08 17:00:02 5428736 ----a-w- C:\Windows\System32\atiumd64.dll
2011-09-08 16:59:48 58880 ----a-w- C:\Windows\System32\coinst.dll
2011-09-08 16:53:20 381952 ----a-w- C:\Windows\System32\atiadlxx.dll
2011-09-08 16:53:12 270336 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2011-09-08 16:52:58 15360 ----a-w- C:\Windows\System32\atig6pxx.dll
2011-09-08 16:52:56 13312 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2011-09-08 16:52:56 13312 ----a-w- C:\Windows\System32\atiglpxx.dll
2011-09-08 16:52:54 39936 ----a-w- C:\Windows\System32\atig6txx.dll
2011-09-08 16:52:46 32768 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2011-09-08 16:52:40 310784 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2011-09-08 16:52:00 40960 ----a-w- C:\Windows\System32\atiuxp64.dll
2011-09-08 16:51:54 31744 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2011-09-08 16:51:50 38912 ----a-w- C:\Windows\System32\atiu9p64.dll
2011-09-08 16:51:44 29184 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2011-09-08 16:51:12 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2011-09-08 16:51:02 54784 ----a-w- C:\Windows\System32\atimpc64.dll
2011-09-08 16:51:02 54784 ----a-w- C:\Windows\System32\amdpcom64.dll
2011-09-08 16:50:54 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2011-09-08 16:50:54 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2011-09-06 03:07:02 3134976 ----a-w- C:\Windows\System32\win32k.sys
2011-08-27 05:40:28 861184 ----a-w- C:\Windows\System32\oleaut32.dll
2011-08-27 05:40:28 331776 ----a-w- C:\Windows\System32\oleacc.dll
2011-08-27 04:43:07 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-08-27 04:43:06 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2011-08-20 05:45:20 1197568 ----a-w- C:\Windows\System32\wininet.dll
2011-08-20 05:41:16 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2011-08-20 04:38:10 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-08-20 04:35:20 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2011-08-20 04:20:23 482816 ----a-w- C:\Windows\System32\html.iec
2011-08-20 03:26:38 386048 ----a-w- C:\Windows\SysWow64\html.iec
2011-08-17 05:32:24 613888 ----a-w- C:\Windows\System32\psisdecd.dll
2011-08-17 05:27:46 75776 ----a-w- C:\Windows\System32\MSDvbNP.ax
2011-08-17 05:27:46 288256 ----a-w- C:\Windows\System32\MSNP.ax
2011-08-17 05:27:46 108032 ----a-w- C:\Windows\System32\psisrndr.ax
2011-08-17 05:27:46 104960 ----a-w- C:\Windows\System32\Mpeg2Data.ax
2011-08-17 04:26:02 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll
2011-08-17 04:22:23 72704 ----a-w- C:\Windows\SysWow64\Mpeg2Data.ax
2011-08-17 04:22:23 59904 ----a-w- C:\Windows\SysWow64\MSDvbNP.ax
2011-08-17 04:22:23 204288 ----a-w- C:\Windows\SysWow64\MSNP.ax
.
============= FINISH: 19:55:07.09 ===============
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Database version: 7974
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
18/10/2011 7:49:35 PM
mbam-log-2011-10-18 (19-49-31).txt
Scan type: Full scan (C:\|)
Objects scanned: 500720
Time elapsed: 45 minute(s), 32 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\Qoobox\quarantine\C\Users\Arnhem\AppData\Local\c68babac\X.vir (Rootkit.Agent) -> No action taken.
c:\Qoobox\quarantine\C\Users\Arnhem\documents\my received files\xf-a2011-32bits.exe.vir (RiskWare.Tool.CK) -> No action taken.
c:\Qoobox\quarantine\C\Users\Arnhem\documents\my received files\xf-a2011-64bits.exe.vir (RiskWare.Tool.CK) -> No action taken.
Hi,
Please download the Registry Search tool by clicking on the
hard drive icon halfway down this page:
http://www.billsway.com/vbspage/
Save it to the desktop and run it. If you get an alert from your antivirus about scripting, choose to allow the script to run. Search for searchq and click OK. Post the logfile from the tool here for me.
Does the pop up appear on some specific sites only?
REGEDIT4
; RegSrch.vbs © Bill James
; Registry search results for string "searchq" 19/10/2011 6:36:33 AM
; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
"URL"="http://www.searchqu.com/web?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
"SuggestionsURL_JSON"="http://www.searchqu.com/suggest.php?src=ieb&appid=113&systemid=406&qu={searchTerms}&ft=json"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
"URL"="http://www.searchqu.com/web?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
"SuggestionsURL_JSON"="http://www.searchqu.com/suggest.php?src=ieb&appid=113&systemid=406&qu={searchTerms}&ft=json"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SearchquMediaBar_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SearchquMediaBar_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SetupDataMngr_searchqu_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SetupDataMngr_searchqu_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_USERS\S-1-5-21-587842109-1465246950-3102458467-1001\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
"URL"="http://www.searchqu.com/web?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms}"
[HKEY_USERS\S-1-5-21-587842109-1465246950-3102458467-1001\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
"SuggestionsURL_JSON"="http://www.searchqu.com/suggest.php?src=ieb&appid=113&systemid=406&qu={searchTerms}&ft=json"
I haven't gotten the pop up all day. The pop up is not related to the browser i don't think. The pop up occurs on its own from the desktop sometimes.
Hi,
Open notepad and copy/paste the text in the quotebox below into it:
Firefox::
FF - ProfilePath - c:\users\Arnhem\AppData\Roaming\Mozilla\Firefox\Profiles\bqyusmwu.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnG=Google+Search&q=
Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SearchquMediaBar_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SearchquMediaBar_RASMANCS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SetupDataMngr_searchqu_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SetupDataMngr_searchqu_RASMANCS]
[-HKEY_USERS\S-1-5-21-587842109-1465246950-3102458467-1001\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
Save this as
CFScript
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe (let the tool to update itself if prompted).
Then post the resultant log and do a registry search like above.
Download aswMBR (http://public.avast.com/~gmerek/aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it
Click the Scan button to start scan
On completion of the scan click save log, save it to your desktop and post in your next reply
ComboFix 11-10-18.04 - Arnhem 19/10/2011 6:52.4.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.61.1033.18.6139.4331 [GMT 2:00]
Running from: c:\users\Arnhem\Desktop\ComboFix.exe
Command switches used :: c:\users\Arnhem\Desktop\CFScript.txt
SP: Spybot - Search & Destroy *Disabled/Updated* {1EAF1D03-5480-F3B2-EB14-11F0F5EE2699}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-09-19 to 2011-10-19 )))))))))))))))))))))))))))))))
.
.
2011-10-19 04:58 . 2011-10-19 04:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-18 23:27 . 2011-10-18 23:27 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{485D2325-B0FD-473F-9B24-504B41CA0349}\offreg.dll
2011-10-18 16:58 . 2011-10-18 16:58 -------- d-----w- c:\users\Arnhem\AppData\Roaming\Malwarebytes
2011-10-18 16:58 . 2011-10-18 16:58 -------- d-----w- c:\programdata\Malwarebytes
2011-10-18 16:58 . 2011-10-18 16:58 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-10-18 16:58 . 2011-08-31 15:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-18 13:38 . 2011-09-13 00:26 9049936 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{485D2325-B0FD-473F-9B24-504B41CA0349}\mpengine.dll
2011-10-17 19:21 . 2011-10-17 19:21 -------- d-----w- c:\program files (x86)\ESET
2011-10-17 19:19 . 2011-10-17 19:19 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-17 19:18 . 2011-10-17 19:18 -------- d-----w- c:\windows\system32\Macromed
2011-10-17 19:14 . 2011-10-17 19:14 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2011-10-17 19:04 . 2011-10-17 19:04 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-10-14 04:06 . 2011-10-14 04:06 -------- d-----w- c:\program files (x86)\ERUNT
2011-10-14 03:08 . 2011-10-17 08:12 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-10-14 03:08 . 2009-01-25 11:14 17272 ----a-w- c:\windows\system32\sdnclean64.exe
2011-10-14 03:08 . 2011-10-14 03:08 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2011-10-12 13:12 . 2011-08-17 05:32 613888 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-02 09:53 . 2011-10-02 09:53 -------- d-----w- c:\program files\CCleaner
2011-09-29 19:51 . 2011-09-29 19:51 -------- d-----w- c:\programdata\ATI
2011-09-29 19:51 . 2011-09-29 19:51 -------- d-----w- c:\program files (x86)\AMD APP
2011-09-29 19:51 . 2011-09-29 19:51 -------- d-----w- c:\program files\Common Files\ATI Technologies
2011-09-29 19:51 . 2011-09-29 19:51 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2011-09-29 19:42 . 2011-09-29 19:42 -------- d-----w- c:\program files (x86)\Battlelog Web Plugins
2011-09-29 18:31 . 2011-09-29 18:31 -------- d-----w- c:\programdata\EA Core
2011-09-29 18:30 . 2011-09-29 18:30 -------- d--h--w- c:\program files (x86)\Common Files\EAInstaller
2011-09-29 17:22 . 2011-09-29 17:22 -------- d-----w- c:\users\Arnhem\AppData\Roaming\Origin
2011-09-29 17:22 . 2011-09-29 17:22 -------- d-----w- c:\users\Arnhem\AppData\Local\Origin
2011-09-29 17:22 . 2011-09-29 18:31 -------- d-----w- c:\programdata\Electronic Arts
2011-09-29 17:22 . 2011-09-29 18:31 -------- d-----w- c:\programdata\Origin
2011-09-29 17:22 . 2011-09-29 17:24 -------- d-----w- c:\program files (x86)\Origin Games
2011-09-29 17:22 . 2011-09-29 17:22 -------- d-----w- c:\program files (x86)\Origin
2011-09-27 20:06 . 2011-09-27 20:06 -------- d-----w- c:\program files (x86)\Thugs at Bay
2011-09-27 19:35 . 2011-09-27 19:35 -------- d-----w- C:\Fraps
2011-09-27 17:40 . 2011-09-27 17:40 -------- d-----w- C:\UDK
2011-09-25 20:46 . 2011-09-25 20:46 -------- d-----w- c:\program files (x86)\Microsoft CAPICOM 2.1.0.2
2011-09-25 20:41 . 2011-09-25 20:41 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2011-09-25 19:50 . 2011-10-16 21:15 -------- d-----w- c:\users\Arnhem\AppData\Local\CutePDF Writer
2011-09-25 19:50 . 2011-09-25 19:50 -------- d-----w- c:\program files (x86)\GPLGS
2011-09-25 19:48 . 2011-09-25 19:48 -------- d-----w- c:\program files (x86)\Acro Software
2011-09-25 19:48 . 2009-11-05 06:40 85504 ----a-w- c:\windows\system32\cpwmon64.dll
2011-09-25 14:09 . 2011-09-25 14:09 -------- d-----w- c:\users\Arnhem\AppData\Roaming\UBitMenu
2011-09-25 14:02 . 2011-09-25 20:44 -------- d-----w- c:\program files (x86)\Microsoft Works
2011-09-25 13:59 . 2011-09-25 13:59 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2011-09-25 13:58 . 2011-09-25 13:58 -------- d-----w- c:\users\Arnhem\AppData\Local\Microsoft Help
2011-09-25 13:58 . 2011-10-13 01:01 -------- d-----w- c:\programdata\Microsoft Help
2011-09-25 13:56 . 2011-09-25 13:56 -------- d-----r- C:\MSOCache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-17 19:03 . 2011-02-08 02:05 544656 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-10-01 10:58 . 2011-07-03 23:59 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-10-01 10:58 . 2011-05-14 02:49 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-10-01 10:50 . 2011-05-14 02:49 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2011-09-29 18:30 . 2011-05-14 02:49 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-09-14 09:47 . 2011-09-14 09:47 60416 ----a-w- c:\windows\system32\OVDecode64.dll
2011-09-14 09:47 . 2011-09-14 09:47 53760 ----a-w- c:\windows\SysWow64\OVDecode.dll
2011-09-14 09:47 . 2011-09-14 09:47 16652288 ----a-w- c:\windows\system32\amdocl64.dll
2011-09-14 09:46 . 2011-09-14 09:46 13625856 ----a-w- c:\windows\SysWow64\amdocl.dll
2011-09-14 09:38 . 2011-09-14 09:38 44032 ----a-w- c:\windows\system32\amdoclcl64.dll
2011-09-14 09:38 . 2011-09-14 09:38 37376 ----a-w- c:\windows\SysWow64\amdoclcl.dll
2011-09-08 18:27 . 2011-09-08 18:27 10203648 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-09-08 17:59 . 2011-09-08 17:59 24229376 ----a-w- c:\windows\system32\atio6axx.dll
2011-09-08 17:39 . 2011-09-08 17:39 18534912 ----a-w- c:\windows\SysWow64\atioglxx.dll
2011-09-08 17:34 . 2011-09-08 17:34 151552 ----a-w- c:\windows\system32\atiapfxx.exe
2011-09-08 17:34 . 2011-05-25 03:07 732672 ----a-w- c:\windows\SysWow64\aticfx32.dll
2011-09-08 17:32 . 2011-05-25 03:06 862720 ----a-w- c:\windows\system32\aticfx64.dll
2011-09-08 17:30 . 2011-05-25 03:04 466944 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-09-08 17:30 . 2011-09-08 17:30 486912 ----a-w- c:\windows\system32\atieclxx.exe
2011-09-08 17:29 . 2011-09-08 17:29 204288 ----a-w- c:\windows\system32\atiesrxx.exe
2011-09-08 17:28 . 2011-09-08 17:28 120320 ----a-w- c:\windows\system32\atitmm64.dll
2011-09-08 17:28 . 2011-05-25 03:02 423424 ----a-w- c:\windows\system32\atipdl64.dll
2011-09-08 17:28 . 2011-09-08 17:28 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll
2011-09-08 17:28 . 2011-09-08 17:28 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
2011-09-08 17:28 . 2011-09-08 17:28 21504 ----a-w- c:\windows\system32\atimuixx.dll
2011-09-08 17:28 . 2011-09-08 17:28 59392 ----a-w- c:\windows\system32\atiedu64.dll
2011-09-08 17:28 . 2011-09-08 17:28 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2011-09-08 17:24 . 2011-05-25 02:58 4204032 ----a-w- c:\windows\SysWow64\atidxx32.dll
2011-09-08 17:18 . 2011-09-08 17:18 1113088 ----a-w- c:\windows\system32\atiumd6v.dll
2011-09-08 17:18 . 2011-09-08 17:18 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2011-09-08 17:18 . 2011-05-25 02:59 3888640 ----a-w- c:\windows\system32\atiumd6a.dll
2011-09-08 17:16 . 2009-07-13 21:59 4944896 ----a-w- c:\windows\system32\atidxx64.dll
2011-09-08 17:09 . 2011-09-08 17:09 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2011-09-08 17:09 . 2011-09-08 17:09 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2011-09-08 17:09 . 2011-09-08 17:09 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2011-09-08 17:09 . 2011-09-08 17:09 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2011-09-08 17:09 . 2011-09-08 17:09 8723456 ----a-w- c:\windows\system32\aticaldd64.dll
2011-09-08 17:08 . 2011-09-08 17:08 4064768 ----a-w- c:\windows\SysWow64\atiumdva.dll
2011-09-08 17:05 . 2011-09-08 17:05 7331840 ----a-w- c:\windows\SysWow64\aticaldd.dll
2011-09-08 17:05 . 2011-09-08 17:05 4289024 ----a-w- c:\windows\SysWow64\atiumdag.dll
2011-09-08 17:00 . 2011-05-25 02:33 5428736 ----a-w- c:\windows\system32\atiumd64.dll
2011-09-08 16:59 . 2011-05-25 02:19 58880 ----a-w- c:\windows\system32\coinst.dll
2011-09-08 16:53 . 2011-05-25 02:26 381952 ----a-w- c:\windows\system32\atiadlxx.dll
2011-09-08 16:53 . 2011-09-08 16:53 270336 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2011-09-08 16:52 . 2011-09-08 16:52 15360 ----a-w- c:\windows\system32\atig6pxx.dll
2011-09-08 16:52 . 2011-09-08 16:52 13312 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2011-09-08 16:52 . 2011-09-08 16:52 13312 ----a-w- c:\windows\system32\atiglpxx.dll
2011-09-08 16:52 . 2011-09-08 16:52 39936 ----a-w- c:\windows\system32\atig6txx.dll
2011-09-08 16:52 . 2011-09-08 16:52 32768 ----a-w- c:\windows\SysWow64\atigktxx.dll
2011-09-08 16:52 . 2011-09-08 16:52 310784 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-09-08 16:52 . 2011-05-25 02:24 40960 ----a-w- c:\windows\system32\atiuxp64.dll
2011-09-08 16:51 . 2011-05-25 02:24 31744 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2011-09-08 16:51 . 2011-05-25 02:24 38912 ----a-w- c:\windows\system32\atiu9p64.dll
2011-09-08 16:51 . 2011-05-25 02:24 29184 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2011-09-08 16:51 . 2011-09-08 16:51 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-09-08 16:51 . 2011-09-08 16:51 54784 ----a-w- c:\windows\system32\atimpc64.dll
2011-09-08 16:51 . 2011-09-08 16:51 54784 ----a-w- c:\windows\system32\amdpcom64.dll
2011-09-08 16:50 . 2011-09-08 16:50 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
2011-09-08 16:50 . 2011-09-08 16:50 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2011-10-18_13.50.57 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-10-30 15:38 . 2011-10-18 23:26 41466 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-10-18 23:26 38394 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-10-29 21:45 . 2011-10-18 17:53 13746 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-587842109-1465246950-3102458467-1001_UserData.bin
+ 2010-10-29 12:34 . 2011-10-18 15:30 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-10-29 12:34 . 2011-10-13 01:23 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-10-29 12:34 . 2011-10-13 01:23 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-10-29 12:34 . 2011-10-18 15:30 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-10-13 01:23 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-10-18 15:30 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-10-29 21:45 . 2011-10-18 23:25 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-10-29 21:45 . 2011-10-18 13:33 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-10-29 21:45 . 2011-10-18 23:25 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-10-29 21:45 . 2011-10-18 13:33 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-10-29 21:45 . 2011-10-18 23:25 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-10-29 21:45 . 2011-10-18 13:33 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-10-29 21:45 . 2011-10-19 04:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-10-29 21:45 . 2011-10-18 13:33 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-10-29 21:45 . 2011-10-18 13:33 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-10-29 21:45 . 2011-10-19 04:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-10-18 23:24 . 2011-10-18 23:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-10-18 13:50 . 2011-10-18 13:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-10-18 23:24 . 2011-10-18 23:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-10-18 13:50 . 2011-10-18 13:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:36 . 2011-10-19 00:58 664992 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-10-18 13:38 664992 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-10-19 00:58 125696 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2011-10-18 13:38 125696 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2011-10-18 20:01 460212 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2011-10-18 13:49 460212 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-10-18 23:25 . 2005-10-20 10:02 163328 c:\windows\ERDNT\AutoBackup\19-10-2011\ERDNT.EXE
+ 2011-02-11 12:33 . 2011-10-18 20:01 1640984 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-02-11 12:33 . 2011-10-18 13:49 1640984 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-10-18 23:25 . 2011-10-18 23:25 4075520 c:\windows\ERDNT\AutoBackup\19-10-2011\Users\00000002\UsrClass.dat
+ 2011-10-18 23:25 . 2011-10-18 23:25 2670592 c:\windows\ERDNT\AutoBackup\19-10-2011\Users\00000001\NTUSER.DAT
+ 2009-07-14 02:34 . 2011-10-18 15:46 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:34 . 2011-10-18 13:48 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2010-11-22 10:19 . 2011-10-18 20:01 17051115 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-587842109-1465246950-3102458467-1001-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Arnhem\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Arnhem\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Arnhem\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Arnhem\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-08-24 1242448]
"GameXN (update)"="c:\programdata\GameXN\GameXNGO.exe" [2011-09-09 347008]
"GameXN (news)"="c:\programdata\GameXN\GameXNGO.exe" [2011-09-09 347008]
"ccleaner"="c:\program files\CCleaner\CCleaner64.exe" [2011-09-23 4478784]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-08-18 421736]
"Net iD"="c:\program files (x86)\Net iD\iid.exe" [2011-03-21 87352]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-09-08 343168]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2011-10-05 3578272]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
c:\users\Arnhem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Dropbox.lnk - c:\users\Arnhem\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-11-17 1066536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SDWinLogon]
SDWinLogon.dll [BU]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 mi-raysat_3dsmax2011_32;mental ray 3.8 Satellite for Autodesk 3ds Max 2011 32-bit 32-bit;c:\program files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe [2010-03-10 86016]
R2 mi-raysat_3dsmax2011_64;mental ray 3.8 Satellite for Autodesk 3ds Max 2011 64-bit 64-bit;c:\program files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe [2010-03-10 86016]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-03-16 1436424]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [x]
R3 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2011-10-05 892336]
R3 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2011-10-05 955816]
R3 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2011-10-05 169624]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 SDHookDriver;Spybot-S&D 2 Hook Driver;c:\program files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [2011-10-05 48888]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 SDHookService;Spybot S&D 2 Live Protection Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDHookSvc.exe [2011-10-05 130976]
S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2010-10-13 5790064]
S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2010-10-13 487280]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
S3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\DRIVERS\OA001Ufd.sys [x]
S3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\DRIVERS\OA001Vid.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-18 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2011-10-14 13:46]
.
2011-10-17 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\program files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2011-10-14 13:46]
.
2011-10-17 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\program files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2011-10-14 13:46]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Arnhem\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Arnhem\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Arnhem\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Arnhem\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-09-25 1552168]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 2327952]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 83.255.245.11 193.150.193.150
FF - ProfilePath - c:\users\Arnhem\AppData\Roaming\Mozilla\Firefox\Profiles\bqyusmwu.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-587842109-1465246950-3102458467-1001\Software\SecuROM\License information*]
"datasecu"=hex:6a,96,86,0e,eb,a3,d5,66,46,da,43,bd,e2,78,82,01,19,27,6b,a6,d5,
7b,b0,21,7c,c3,48,79,be,e9,8d,a3,ff,71,33,df,f8,cd,2b,4e,08,d9,c1,33,a8,9c,\
"rkeysecu"=hex:c4,05,15,5f,42,ca,4d,5f,8a,58,b2,4a,be,1a,8b,96
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-10-19 07:01:35
ComboFix-quarantined-files.txt 2011-10-19 05:01
ComboFix2.txt 2011-10-18 13:56
ComboFix3.txt 2011-10-17 18:57
ComboFix4.txt 2011-10-17 08:32
.
Pre-Run: 167,059,075,072 bytes free
Post-Run: 167,005,581,312 bytes free
.
- - End Of File - - 14CE61A4C8693581F53080D4DE759811
aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-10-19 07:06:17
-----------------------------
07:06:17.506 OS Version: Windows x64 6.1.7600
07:06:17.506 Number of processors: 2 586 0x170A
07:06:17.507 ComputerName: STEEZ UserName:
07:06:18.821 Initialize success
07:06:49.943 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
07:06:49.945 Disk 0 Vendor: ST9500420ASG 0002SDM1 Size: 476940MB BusType: 11
07:06:51.957 Disk 0 MBR read successfully
07:06:51.959 Disk 0 MBR scan
07:06:51.961 Disk 0 Windows 7 default MBR code
07:06:51.964 Service scanning
07:06:53.149 Modules scanning
07:06:53.152 Disk 0 trace - called modules:
07:06:53.174 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
07:06:53.177 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006471060]
07:06:53.181 3 CLASSPNP.SYS[fffff8800189343f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8005ef1680]
07:06:53.184 Scan finished successfully
07:07:02.642 Disk 0 MBR has been saved successfully to "C:\Users\Arnhem\Desktop\MBR.dat"
07:07:02.642 The log file has been saved successfully to "C:\Users\Arnhem\Desktop\aswMBR.txt"
Please post registry search tool output too.
REGEDIT4
; RegSrch.vbs © Bill James
; Registry search results for string "searchq" 20/10/2011 2:15:03 AM
; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
Good. How's the system now? Any issues left?
I haven't noticed any "Issues" but firefox start page search still redirects to searchq. I changed it before we started back to default, but it changed back, i haven't tried changing it to default since though. Will i have to change this things through firefox?
Hi,
Please try to change the home page manually and let me know how it goes.
AWESOME! I managed to find about 4-5 entires in about:config and managed to reset them to their default browser. Nothing happened at first, restarted the browser and everything was working as it should.
Good. If no issues left let's see the final steps then :)
THESE STEPS ARE VERY IMPORTANT
Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.
A To disable the System Restore feature:
1. Click on the Start button.
2. Hover over the Computer option, right click on it and then click Properties.
3. On the left hand side, click Advanced Settings.
4. If asked to permit the action, click on Allow.
5. Click on the System Protection tab.
6. Select c: drive and click Configure...
7. Select Turn off protection
8. Press OK.
Repeat steps 6-8 for each hard drive.
B. Reboot.
C Turn ON System Restore.
Follow the steps like you did when disabling system restore but on step 7. select Restore system settings and previous versions of files -option.
Now lets uninstall ComboFix:
Click START then RUN
Now copy-paste Combofix /uninstall in the runbox and click OK
UPDATING WINDOWS AND INTERNET EXPLORER
IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site (http://windowsupdate.microsoft.com/) to get the critical updates.
If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.
Make your Internet Explorer more secure
This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
The following are recommended third party programs that are designed to keep your computer clean. A link as well as a brief description is included with each item.
Download and run Secunia Personal Software Inspector (PSI) (http://secunia.com/vulnerability_scanning/personal/) and fix its findings. Leave the program installed so you'll stay alarmed about vulnerable components in future too.
Get Anti Virus Software and keep it updated - Most AVs will update automatically, but if not I would recommend making updating the AV the first job every time the PC is connected to the internet. An AV that is using defs that are seven days old is not going to be much protection. If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out. Good free antivirus programs are:
Antivir (http://free-av.com/en/download/1/download_avira_antivir_personal__free_antivirus.html)
Avast! (http://www.avast.com/eng/download-avast-home.html)
Good commercial ones are from:
Kaspersky (http://www.kaspersky.com/homeuser) and
ESET (http://www.eset.com/products/index.php)
Just a final reminder for you. I am trying to stress these two points.
UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
Make sure all of your security programs are up to date.
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
Once again, please post and tell me how things are going with your system... problems etc.
Have a great day,
Blade :cool:
Alright, fixed all the stuff you mentioned. I never knew that old versions of stuff made you more vulnerable as such, i just though that they were more vulnerable once you got a virus.
I'm kind of hesitant to update usually because i like everything the way it is, i guess i don't have a choice now though :D
Can i remove all the scanning tools and diagnostics tools that i've downloaded over the course of this?
Thank you so much, you were a great help, i hope that my virus can be of help to others in the future if they need to remove the same thing.
You're welcome :)
Can i remove all the scanning tools and diagnostics tools that i've downloaded over the course of this?
Yes, you may remove those now.
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help. :)
Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread.
If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.