Searchq and/or Nailingsearchsystems.com

T

TheTyro

New member
Hi, i while back i downloaded (foolishly by accident) ilivid download manager for whatever reason which messed up my firefox, i didn't realise this until much later though.

Searchq was made the homepage, the default search engine in the search bar and in the address bar. I changed these things manually through firefox back to google and removed the toolbar that came with it. Later my search was back to Searchq when you search from the firefox homepage (standard) and through the address bar, the search bar option was added again but was not made the default search engine for that bar.

Last night i started having issues going to some websites, i didn't think much of it, this morning; every time i went to a website it would take a really long time loading and trying to redirect and then it would end up redirecting to random parked domains with ads and nonsense. If the page is refreshed i reach the destination.

I've run Search & Destroy scan and CClean since i started experiencing trouble. That's about it.

Thanks for you help, hopefully we can solve this.


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
Run by Arnhem at 6:09:03 on 2011-10-14
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.61.1033.18.6139.3485 [GMT 2:00]
.
SP: Spybot - Search & Destroy *Enabled/Outdated* {1EAF1D03-5480-F3B2-EB14-11F0F5EE2699}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Tablet\Pen\Pen_TouchService.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\explorer.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe
C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Users\Arnhem\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Net iD\iid.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDRootAlyzer.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\explorer.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.searchqu.com//406
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
uWinlogon: Shell=C:\Users\Arnhem\AppData\Local\c68babac\X
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Web Accessibility Toolbar: {11352a67-0178-46b1-8855-d50b2f81c054} - C:\PROGRA~2\ACCESS~1\ACCESS~1.DLL
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [GameXN (update)] "C:\ProgramData\GameXN\GameXNGO.exe" /u
uRun: [GameXN (news)] "C:\ProgramData\GameXN\GameXNGO.exe" /n
uRun: [ccleaner] "C:\Program Files\CCleaner\CCleaner64.exe" /AUTO
mRun: [<NO NAME>]
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Net iD] "C:\Program Files (x86)\Net iD\iid.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
StartupFolder: C:\Users\Arnhem\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
StartupFolder: C:\Users\Arnhem\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Arnhem\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Arnhem\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: DhcpNameServer = 83.255.245.11 193.150.193.150
TCP: Interfaces\{833F4ED1-7FBC-4DF3-8CC7-6AF12719D1DC} : DhcpNameServer = 83.255.245.11 193.150.193.150
TCP: Interfaces\{D100012C-EB29-45AE-A97E-BFE9EA3FFDB6} : DhcpNameServer = 83.255.245.11 193.150.193.150
TCP: Interfaces\{D100012C-EB29-45AE-A97E-BFE9EA3FFDB6}\2556B64757D6E45445 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{D100012C-EB29-45AE-A97E-BFE9EA3FFDB6}\35B656A71647368696 : DhcpNameServer = 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
AppInit_DLLs:
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Web Accessibility Toolbar: {11352A67-0178-46B1-8855-D50B2F81C054} - C:\PROGRA~2\ACCESS~1\ACCESS~1.DLL
mRun-x64: [(Default)]
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Net iD] "C:\Program Files (x86)\Net iD\iid.exe"
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
AppInit_DLLs-X64:
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Arnhem\AppData\Roaming\Mozilla\Firefox\Profiles\bqyusmwu.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnG=Google+Search&q=
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npiidplg.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 SDHookDriver;Spybot-S&D 2 Hook Driver;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [2011-10-14 48888]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 mi-raysat_3dsmax2011_32;mental ray 3.8 Satellite for Autodesk 3ds Max 2011 32-bit 32-bit;C:\Program Files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe [2010-3-10 86016]
R2 mi-raysat_3dsmax2011_64;mental ray 3.8 Satellite for Autodesk 3ds Max 2011 64-bit 64-bit;C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe [2010-3-10 86016]
R2 SDHookService;Spybot S&D 2 Live Protection Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookSvc.exe [2011-10-14 130976]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2011-10-14 892336]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2011-10-14 955816]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2011-10-14 169624]
R2 TabletServicePen;TabletServicePen;C:\Program Files\Tablet\Pen\Pen_Tablet.exe [2010-11-26 5790064]
R2 TouchServicePen;Wacom Consumer Touch Service;C:\Program Files\Tablet\Pen\Pen_TouchService.exe [2010-11-26 487280]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;C:\Windows\system32\DRIVERS\OA001Ufd.sys --> C:\Windows\system32\DRIVERS\OA001Ufd.sys [?]
R3 OA001Vid;Creative Camera OA001 Function Driver;C:\Windows\system32\DRIVERS\OA001Vid.sys --> C:\Windows\system32\DRIVERS\OA001Vid.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-3-16 1436424]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\system32\DRIVERS\netaapl64.sys --> C:\Windows\system32\DRIVERS\netaapl64.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 wacmoumonitor;Wacom Mode Helper;C:\Windows\system32\DRIVERS\wacmoumonitor.sys --> C:\Windows\system32\DRIVERS\wacmoumonitor.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-10-14 03:08:50 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2011-10-14 03:08:38 17272 ----a-w- C:\Windows\System32\sdnclean64.exe
2011-10-14 03:08:35 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2011-10-13 20:33:32 -------- d-----w- C:\Users\Arnhem\AppData\Local\{C15863C8-C672-46AD-97F8-D577FF18B40F}
2011-10-13 20:32:58 -------- d-----w- C:\Users\Arnhem\AppData\Local\{E4ABF979-C0E5-4DDB-96C0-7ECB92570008}
2011-10-13 15:34:37 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F7864F62-4331-45FE-982A-B4ABA2FA29F1}\offreg.dll
2011-10-13 03:12:11 -------- d-----we C:\Windows\system64
2011-10-13 03:11:07 -------- d-sh--w- C:\Users\Arnhem\AppData\Local\c68babac
2011-10-13 01:25:47 -------- d-----w- C:\Users\Arnhem\AppData\Local\{F60E279F-41FE-4B1C-9258-70D102459A7C}
2011-10-13 01:25:08 -------- d-----w- C:\Users\Arnhem\AppData\Local\{F1BDDAE4-2C4E-4214-A46E-22DB74F8AC14}
2011-10-12 16:21:14 -------- d-----w- C:\Users\Arnhem\AppData\Local\{CEA8F98E-1536-45A8-A87E-151A25DB4B25}
2011-10-12 16:20:50 -------- d-----w- C:\Users\Arnhem\AppData\Local\{70B6F2A3-275B-438A-AAB6-B4BEA9A8B775}
2011-10-12 13:12:45 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
2011-10-12 13:07:58 9049936 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F7864F62-4331-45FE-982A-B4ABA2FA29F1}\mpengine.dll
2011-10-10 12:16:30 -------- d-----w- C:\Users\Arnhem\AppData\Local\{6A0A16FD-54B1-4E48-911C-81F7281C73BA}
2011-10-10 12:15:54 -------- d-----w- C:\Users\Arnhem\AppData\Local\{E6618734-5CEA-4840-A27E-CB8458DA7479}
2011-10-09 17:10:38 -------- d-----w- C:\Users\Arnhem\AppData\Local\{3F5C3F5B-5E25-4B86-90B4-CA5984C216F1}
2011-10-09 17:10:12 -------- d-----w- C:\Users\Arnhem\AppData\Local\{4119DE13-4778-4A50-A0E8-92FBB4CAA079}
2011-10-08 11:19:10 -------- d-----w- C:\Users\Arnhem\AppData\Local\{141915DC-0EAA-4918-91DD-72026851A830}
2011-10-08 11:18:47 -------- d-----w- C:\Users\Arnhem\AppData\Local\{11A75D34-32D4-47BF-8EF1-65AB72B92430}
2011-10-06 16:32:23 -------- d-----w- C:\Users\Arnhem\AppData\Local\{6B5CDBEF-E60E-40EA-B375-D5C5D5D5C022}
2011-10-06 16:32:00 -------- d-----w- C:\Users\Arnhem\AppData\Local\{D0FA8CC2-F669-4EB6-9D37-84C208DF8DB1}
2011-10-05 15:38:29 -------- d-----w- C:\Users\Arnhem\AppData\Local\{BE68F107-987A-41CF-86DE-6C303951F770}
2011-10-05 15:38:04 -------- d-----w- C:\Users\Arnhem\AppData\Local\{1B20D703-E7E5-463E-B8DF-E6E7FDAEBD14}
2011-10-05 01:04:46 -------- d-----w- C:\Users\Arnhem\AppData\Local\{C161C6AA-99FC-417B-B2DA-A73E6BE5C4A0}
2011-10-05 01:04:22 -------- d-----w- C:\Users\Arnhem\AppData\Local\{E77DC846-4CAF-49EF-853C-A42D1EFD734B}
2011-10-03 13:59:29 -------- d-----w- C:\Users\Arnhem\AppData\Local\{BEC77D5A-B595-46F7-9396-2E2867FF9B1B}
2011-10-03 13:59:04 -------- d-----w- C:\Users\Arnhem\AppData\Local\{B2F75C00-DBBB-432F-8080-F9612DC2EC59}
2011-10-02 09:53:39 -------- d-----w- C:\Program Files\CCleaner
2011-10-02 09:47:38 -------- d-----w- C:\Users\Arnhem\AppData\Local\{E42AF2C5-25B3-44E6-84C7-1BC5CFFC33CD}
2011-10-02 09:47:11 -------- d-----w- C:\Users\Arnhem\AppData\Local\{FFC03E53-CD63-45C3-A315-71FBF622AEA6}
2011-10-01 12:19:28 -------- d-----w- C:\Users\Arnhem\AppData\Local\{4DDC42B7-F24C-44D0-AF19-B12D1C43C1DC}
2011-10-01 12:18:52 -------- d-----w- C:\Users\Arnhem\AppData\Local\{A84943AB-A09D-433E-BA1F-B0B2064307C0}
2011-10-01 07:31:43 -------- d-----w- C:\Users\Arnhem\AppData\Local\{748085CF-77D2-46CE-B2D9-1AA9C0E45373}
2011-10-01 07:31:17 -------- d-----w- C:\Users\Arnhem\AppData\Local\{FB33D34F-2E42-454D-A997-7D1EA44E3BC6}
2011-09-30 13:43:31 -------- d-----w- C:\Users\Arnhem\AppData\Local\{A3A6DDFD-B5C6-4E66-AA12-8AA8DA41FB56}
2011-09-30 13:42:57 -------- d-----w- C:\Users\Arnhem\AppData\Local\{FDBAEBE9-A92D-4181-B55C-B683F389C364}
2011-09-30 08:09:07 -------- d-----w- C:\Users\Arnhem\AppData\Local\{661A534F-15EB-4168-9C2E-E899D191CFCA}
2011-09-30 08:08:43 -------- d-----w- C:\Users\Arnhem\AppData\Local\{B3AAB1B3-91B2-470C-A311-F7E3C4D85C00}
2011-09-29 19:51:17 -------- d-----w- C:\Program Files (x86)\AMD APP
2011-09-29 19:51:13 -------- d-----w- C:\Program Files\Common Files\ATI Technologies
2011-09-29 19:51:13 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies
2011-09-29 19:42:31 -------- d-----w- C:\Program Files (x86)\Battlelog Web Plugins
2011-09-29 18:31:37 -------- d-----w- C:\ProgramData\EA Core
2011-09-29 18:30:42 -------- d--h--w- C:\Program Files (x86)\Common Files\EAInstaller
2011-09-29 17:22:54 -------- d-----w- C:\Users\Arnhem\AppData\Roaming\Origin
2011-09-29 17:22:51 -------- d-----w- C:\Users\Arnhem\AppData\Local\Origin
2011-09-29 17:22:39 -------- d-----w- C:\ProgramData\Origin
2011-09-29 17:22:39 -------- d-----w- C:\ProgramData\Electronic Arts
2011-09-29 17:22:39 -------- d-----w- C:\Program Files (x86)\Origin Games
2011-09-29 17:22:27 -------- d-----w- C:\Program Files (x86)\Origin
2011-09-29 16:32:08 -------- d-----w- C:\Users\Arnhem\AppData\Local\{BBC5D151-3D43-4546-8FB5-275F1455AAC6}
2011-09-29 16:31:44 -------- d-----w- C:\Users\Arnhem\AppData\Local\{7060EBAB-9C44-4A31-B3CE-CE8C2AF9CC7D}
2011-09-28 08:32:09 -------- d-----w- C:\Users\Arnhem\AppData\Local\{CC97E64C-E406-485D-95CD-66D0DDE55459}
2011-09-28 08:31:36 -------- d-----w- C:\Users\Arnhem\AppData\Local\{B92BFC83-282F-4E0A-89F4-0B77E027AA46}
2011-09-28 05:56:48 -------- d-----w- C:\Users\Arnhem\AppData\Local\{AF92ACC8-6FA3-4EDF-8EF0-066A343928DA}
2011-09-28 05:56:26 -------- d-----w- C:\Users\Arnhem\AppData\Local\{82B6281D-4E0D-49D9-829F-66448031B576}
2011-09-27 20:06:45 -------- d-----w- C:\Program Files (x86)\Thugs at Bay
2011-09-27 19:35:41 -------- d-----w- C:\Fraps
2011-09-27 18:14:29 -------- d-----w- C:\Users\Arnhem\AppData\Local\{07ACAD1D-82C0-46C2-B6FE-DA18ED46F979}
2011-09-27 18:13:54 -------- d-----w- C:\Users\Arnhem\AppData\Local\{17434ADB-EF68-427E-B23D-C0D4CFE48D49}
2011-09-27 17:40:46 -------- d-----w- C:\UDK
2011-09-27 13:35:04 -------- d-----w- C:\Users\Arnhem\AppData\Local\{60F10B38-643A-4B27-A2C1-C9A0829EB3D4}
2011-09-27 13:34:39 -------- d-----w- C:\Users\Arnhem\AppData\Local\{E3B824C8-8362-4029-B525-25772C959FDD}
2011-09-26 14:23:10 -------- d-----w- C:\Users\Arnhem\AppData\Local\{9C0D7ED4-33F9-4568-B87D-068B840D0488}
2011-09-26 14:22:46 -------- d-----w- C:\Users\Arnhem\AppData\Local\{D80B1AFD-C29D-4709-9A86-8A7B8D8B4906}
2011-09-25 20:46:49 -------- d-----w- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
2011-09-25 19:50:56 -------- d-----w- C:\Users\Arnhem\AppData\Local\CutePDF Writer
2011-09-25 19:50:23 -------- d-----w- C:\Program Files (x86)\GPLGS
2011-09-25 19:48:42 85504 ----a-w- C:\Windows\System32\cpwmon64.dll
2011-09-25 19:48:42 -------- d-----w- C:\Program Files (x86)\Acro Software
2011-09-25 15:34:15 -------- d-----w- C:\Users\Arnhem\AppData\Local\{7E10DD6E-6A13-43FD-AD8A-C56BB87FCCF8}
2011-09-25 15:33:51 -------- d-----w- C:\Users\Arnhem\AppData\Local\{E05D64BB-4B42-45E9-A106-86DFF63D275D}
2011-09-25 14:09:50 -------- d-----w- C:\Users\Arnhem\AppData\Roaming\UBitMenu
2011-09-25 13:59:28 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
2011-09-25 13:58:44 -------- d-----w- C:\Users\Arnhem\AppData\Local\Microsoft Help
2011-09-25 09:34:14 -------- d-----w- C:\Users\Arnhem\AppData\Local\{9FE2D018-2B3D-4568-A1D8-52CAB9288E03}
2011-09-25 09:33:40 -------- d-----w- C:\Users\Arnhem\AppData\Local\{47AF762C-EC7B-4D6C-8E8C-6AA797D4AB89}
2011-09-25 03:47:17 -------- d-----w- C:\Users\Arnhem\AppData\Local\{1DBCA37A-C57B-437A-9094-CF18794EEE1C}
2011-09-25 03:47:02 -------- d-----w- C:\Users\Arnhem\AppData\Local\{072204B6-13F2-47F7-A137-61222C81D13F}
2011-09-23 00:56:40 -------- d-----w- C:\Users\Arnhem\AppData\Local\{E273B139-471D-4C4B-AF49-2FF77B132C5B}
2011-09-23 00:56:17 -------- d-----w- C:\Users\Arnhem\AppData\Local\{C95312FD-8388-4DF1-BA89-396E821DBB62}
2011-09-21 22:19:54 -------- d-----w- C:\Users\Arnhem\AppData\Local\{126677DF-1C24-4093-ADBA-DBF5C000182F}
2011-09-21 22:19:26 -------- d-----w- C:\Users\Arnhem\AppData\Local\{117D4F35-E655-4ACA-8865-168016EA1C8B}
2011-09-21 10:05:49 -------- d-----w- C:\Users\Arnhem\AppData\Local\{097EC7F2-EF06-49AD-B3D1-C0C7DC2CAE76}
2011-09-21 10:05:25 -------- d-----w- C:\Users\Arnhem\AppData\Local\{6B040E85-97AC-4F0E-A3E0-6BF7F7CDFF15}
2011-09-21 02:24:38 -------- d-----w- C:\Users\Arnhem\AppData\Local\{65BAB9A3-5150-4B46-8C77-2A4B26AE412F}
2011-09-21 02:24:03 -------- d-----w- C:\Users\Arnhem\AppData\Local\{539CF775-ACFA-4371-879F-7B6E0A44D83E}
2011-09-20 19:43:03 -------- d-----w- C:\Users\Arnhem\AppData\Local\{9AE85326-FB91-44E9-89A4-C80728857A14}
2011-09-20 19:42:47 -------- d-----w- C:\Users\Arnhem\AppData\Local\{4CF6F820-5953-4299-A930-4F2773899952}
2011-09-20 04:54:48 -------- d-----w- C:\Users\Arnhem\AppData\Local\{D9BAD932-EE65-40E7-BC85-48590B660297}
2011-09-20 04:54:14 -------- d-----w- C:\Users\Arnhem\AppData\Local\{F188A0D7-6AFB-44E1-9C5F-EF83929F4FC8}
2011-09-20 00:58:07 -------- d-----w- C:\Users\Arnhem\AppData\Local\{B63972DC-231D-4FAF-94B3-051295790ED4}
2011-09-20 00:57:34 -------- d-----w- C:\Users\Arnhem\AppData\Local\{EA80F7F3-3729-4CA7-8C39-1BA5984D218F}
2011-09-19 19:17:24 -------- d-----w- C:\Users\Arnhem\AppData\Local\{C5E95953-BE1A-46C7-BF3B-7D85A24638E7}
2011-09-19 19:16:51 -------- d-----w- C:\Users\Arnhem\AppData\Local\{833F29B3-4A8A-4423-9D5F-60E98A484EE6}
2011-09-19 08:00:26 -------- d-----w- C:\Users\Arnhem\AppData\Local\{E1ADE350-7CDF-4DB0-A037-205A1D147996}
2011-09-19 07:59:58 -------- d-----w- C:\Users\Arnhem\AppData\Local\{A0C16307-4563-42AB-9C77-DCAF1AE5CD3F}
2011-09-19 02:04:23 -------- d-----w- C:\Users\Arnhem\AppData\Local\{10A39B66-E3B6-43F1-807D-C92DB866C1F4}
2011-09-19 02:04:01 -------- d-----w- C:\Users\Arnhem\AppData\Local\{0AA02A5D-4943-4DCC-9430-E18AF8049A07}
2011-09-18 15:39:14 -------- d-----w- C:\Users\Arnhem\AppData\Local\{C0307087-D258-4851-A4E2-007DCCE35034}
2011-09-18 15:38:49 -------- d-----w- C:\Users\Arnhem\AppData\Local\{F6FD1AFF-F44D-4FBA-B7F8-444116670692}
2011-09-18 04:04:29 -------- d-----w- C:\Users\Arnhem\AppData\Local\{3F1B9766-0DE1-495C-9BEA-C2D4A31661F0}
2011-09-18 04:04:05 -------- d-----w- C:\Users\Arnhem\AppData\Local\{354F916B-487C-45DC-902F-5BEBE3B6F357}
2011-09-16 15:31:23 -------- d-----w- C:\Users\Arnhem\School Work
2011-09-16 15:28:25 -------- d-----r- C:\Users\Arnhem\At Your Disposal
2011-09-16 14:05:43 -------- d-----w- C:\Users\Arnhem\AppData\Local\{4E480779-62AC-46E0-A762-15C74E736B1B}
2011-09-16 14:05:18 -------- d-----w- C:\Users\Arnhem\AppData\Local\{62916455-C42B-4549-B196-8692A4256612}
2011-09-15 19:17:20 -------- d-----w- C:\Users\Arnhem\AppData\Local\{F826E5C4-2D65-4A2B-9AF5-E7F305692D76}
2011-09-15 19:16:56 -------- d-----w- C:\Users\Arnhem\AppData\Local\{0CB7E0EC-4A87-4DB9-AAEA-2B50EBC8721C}
2011-09-15 01:41:21 -------- d-----w- C:\ProgramData\boost_interprocess
2011-09-14 23:37:56 36864 ----a-w- C:\Windows\SysWow64\SDDEVMGR.dll
2011-09-14 23:37:51 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\ctor.dll
2011-09-14 23:37:51 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\objectps.dll
2011-09-14 23:37:51 225280 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\IScript\IScript.dll
2011-09-14 23:37:51 176128 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\iuser.dll
2011-09-14 23:37:50 212992 ------w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\ILog.dll
2011-09-14 23:36:13 -------- d-----w- C:\Users\Arnhem\AppData\Local\Ilivid Player
2011-09-14 23:36:00 -------- d-----w- C:\Program Files (x86)\iLivid
2011-09-14 23:35:24 -------- d-----w- C:\Users\Arnhem\AppData\Local\PackageAware
2011-09-14 14:07:35 -------- d-----w- C:\Users\Arnhem\AppData\Local\{C254F886-116B-4F3D-AF59-AAEFB52F8619}
2011-09-14 14:07:10 -------- d-----w- C:\Users\Arnhem\AppData\Local\{E31C7D90-3AAA-46FC-92A1-4627DCA8D702}
2011-09-14 09:47:42 60416 ----a-w- C:\Windows\System32\OVDecode64.dll
2011-09-14 09:47:40 53760 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2011-09-14 09:47:10 16652288 ----a-w- C:\Windows\System32\amdocl64.dll
2011-09-14 09:46:58 13625856 ----a-w- C:\Windows\SysWow64\amdocl.dll
2011-09-14 09:38:30 44032 ----a-w- C:\Windows\System32\amdoclcl64.dll
2011-09-14 09:38:28 37376 ----a-w- C:\Windows\SysWow64\amdoclcl.dll
.
==================== Find3M ====================
.
2011-10-01 10:58:08 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2011-10-01 10:58:08 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2011-10-01 10:50:33 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2011-10-01 03:21:20 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-10-01 02:59:14 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-09-29 18:30:09 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2011-09-08 18:27:22 10203648 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2011-09-08 17:59:44 24229376 ----a-w- C:\Windows\System32\atio6axx.dll
2011-09-08 17:39:44 18534912 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2011-09-08 17:34:20 151552 ----a-w- C:\Windows\System32\atiapfxx.exe
2011-09-08 17:34:10 732672 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2011-09-08 17:32:58 862720 ----a-w- C:\Windows\System32\aticfx64.dll
2011-09-08 17:30:38 466944 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2011-09-08 17:30:26 486912 ----a-w- C:\Windows\System32\atieclxx.exe
2011-09-08 17:29:56 204288 ----a-w- C:\Windows\System32\atiesrxx.exe
2011-09-08 17:28:54 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2011-09-08 17:28:38 423424 ----a-w- C:\Windows\System32\atipdl64.dll
2011-09-08 17:28:32 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll
2011-09-08 17:28:22 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll
2011-09-08 17:28:18 21504 ----a-w- C:\Windows\System32\atimuixx.dll
2011-09-08 17:28:14 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2011-09-08 17:28:10 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2011-09-08 17:24:38 4204032 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2011-09-08 17:18:56 1113088 ----a-w- C:\Windows\System32\atiumd6v.dll
2011-09-08 17:18:22 1828864 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
2011-09-08 17:18:08 3888640 ----a-w- C:\Windows\System32\atiumd6a.dll
2011-09-08 17:16:00 4944896 ----a-w- C:\Windows\System32\atidxx64.dll
2011-09-08 17:09:42 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2011-09-08 17:09:40 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2011-09-08 17:09:30 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2011-09-08 17:09:28 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2011-09-08 17:09:18 8723456 ----a-w- C:\Windows\System32\aticaldd64.dll
2011-09-08 17:08:24 4064768 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2011-09-08 17:05:52 7331840 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2011-09-08 17:05:44 4289024 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2011-09-08 17:00:02 5428736 ----a-w- C:\Windows\System32\atiumd64.dll
2011-09-08 16:59:48 58880 ----a-w- C:\Windows\System32\coinst.dll
2011-09-08 16:53:20 381952 ----a-w- C:\Windows\System32\atiadlxx.dll
2011-09-08 16:53:12 270336 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2011-09-08 16:52:58 15360 ----a-w- C:\Windows\System32\atig6pxx.dll
2011-09-08 16:52:56 13312 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2011-09-08 16:52:56 13312 ----a-w- C:\Windows\System32\atiglpxx.dll
2011-09-08 16:52:54 39936 ----a-w- C:\Windows\System32\atig6txx.dll
2011-09-08 16:52:46 32768 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2011-09-08 16:52:40 310784 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2011-09-08 16:52:00 40960 ----a-w- C:\Windows\System32\atiuxp64.dll
2011-09-08 16:51:54 31744 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2011-09-08 16:51:50 38912 ----a-w- C:\Windows\System32\atiu9p64.dll
2011-09-08 16:51:44 29184 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2011-09-08 16:51:12 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2011-09-08 16:51:02 54784 ----a-w- C:\Windows\System32\atimpc64.dll
2011-09-08 16:51:02 54784 ----a-w- C:\Windows\System32\amdpcom64.dll
2011-09-08 16:50:54 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2011-09-08 16:50:54 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2011-09-06 03:07:02 3134976 ----a-w- C:\Windows\System32\win32k.sys
2011-08-27 05:40:28 861184 ----a-w- C:\Windows\System32\oleaut32.dll
2011-08-27 05:40:28 331776 ----a-w- C:\Windows\System32\oleacc.dll
2011-08-27 04:43:07 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-08-27 04:43:06 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2011-08-20 05:45:20 1197568 ----a-w- C:\Windows\System32\wininet.dll
2011-08-20 05:41:16 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2011-08-20 04:38:10 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-08-20 04:35:20 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2011-08-20 04:20:23 482816 ----a-w- C:\Windows\System32\html.iec
2011-08-20 03:26:38 386048 ----a-w- C:\Windows\SysWow64\html.iec
2011-08-17 05:32:24 613888 ----a-w- C:\Windows\System32\psisdecd.dll
2011-08-17 05:27:46 75776 ----a-w- C:\Windows\System32\MSDvbNP.ax
2011-08-17 05:27:46 288256 ----a-w- C:\Windows\System32\MSNP.ax
2011-08-17 05:27:46 108032 ----a-w- C:\Windows\System32\psisrndr.ax
2011-08-17 05:27:46 104960 ----a-w- C:\Windows\System32\Mpeg2Data.ax
2011-08-17 04:26:02 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll
2011-08-17 04:22:23 72704 ----a-w- C:\Windows\SysWow64\Mpeg2Data.ax
2011-08-17 04:22:23 59904 ----a-w- C:\Windows\SysWow64\MSDvbNP.ax
2011-08-17 04:22:23 204288 ----a-w- C:\Windows\SysWow64\MSNP.ax
2011-07-16 05:26:54 362496 ----a-w- C:\Windows\System32\wow64win.dll
2011-07-16 05:26:53 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-07-16 05:26:53 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2011-07-16 05:26:18 214528 ----a-w- C:\Windows\System32\winsrv.dll
2011-07-16 05:24:09 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2011-07-16 05:21:32 422400 ----a-w- C:\Windows\System32\KernelBase.dll
2011-07-16 05:17:46 338432 ----a-w- C:\Windows\System32\conhost.exe
2011-07-16 04:36:09 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-07-16 04:32:14 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-07-16 04:31:50 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-07-16 04:30:29 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-07-16 04:30:27 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
.
============= FINISH: 6:11:02.52 ===============

I just realised something, it's ONLY when i enter sites through a search engine result that it redirects. It does not redirect if i enter the website into the address bar or if i go through my bookmarks or external links from websites.

I thought that detail might be relevant.
 
Last edited by a moderator:
Hi,

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

µTorrent


I'd like you to read this thread.

Please uninstall the programs listed above (in red). Post fresh dds logs after that.
 
Read the thread, uninstalled/removed utorrent through windows add/remove.

I seem to be getting even more things now, i just turned my computer on after not using it since i last posted and i'm getting pop ups that are telling me i need to update codecs. They try to resemble windows designs but clearly are not legitimate.


Thanks for your help.
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
Run by Arnhem at 17:49:18 on 2011-10-16
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.61.1033.18.6139.4167 [GMT 2:00]
.
SP: Spybot - Search & Destroy *Enabled/Updated* {1EAF1D03-5480-F3B2-EB14-11F0F5EE2699}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Tablet\Pen\Pen_TouchService.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Windows\explorer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe
C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\ProgramData\gigwnhspvbda\lhrlltbf.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\ProgramData\gigwnhspvbda\SmartGearlhrlltbf.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Users\Arnhem\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Net iD\iid.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wuauclt.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.searchqu.com//406
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
uWinlogon: Shell=C:\Users\Arnhem\AppData\Local\c68babac\X
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Web Accessibility Toolbar: {11352a67-0178-46b1-8855-d50b2f81c054} - C:\PROGRA~2\ACCESS~1\ACCESS~1.DLL
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [GameXN (update)] "C:\ProgramData\GameXN\GameXNGO.exe" /u
uRun: [GameXN (news)] "C:\ProgramData\GameXN\GameXNGO.exe" /n
uRun: [ccleaner] "C:\Program Files\CCleaner\CCleaner64.exe" /AUTO
uRun: [CreoLab] C:\ProgramData\gigwnhspvbda\lhrlltbf.exe
mRun: [<NO NAME>]
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Net iD] "C:\Program Files (x86)\Net iD\iid.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
StartupFolder: C:\Users\Arnhem\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
StartupFolder: C:\Users\Arnhem\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Arnhem\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Arnhem\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: DhcpNameServer = 83.255.245.11 193.150.193.150
TCP: Interfaces\{833F4ED1-7FBC-4DF3-8CC7-6AF12719D1DC} : DhcpNameServer = 83.255.245.11 193.150.193.150
TCP: Interfaces\{D100012C-EB29-45AE-A97E-BFE9EA3FFDB6} : DhcpNameServer = 83.255.245.11 193.150.193.150
TCP: Interfaces\{D100012C-EB29-45AE-A97E-BFE9EA3FFDB6}\2556B64757D6E45445 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{D100012C-EB29-45AE-A97E-BFE9EA3FFDB6}\35B656A71647368696 : DhcpNameServer = 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
AppInit_DLLs:
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Web Accessibility Toolbar: {11352A67-0178-46B1-8855-D50B2F81C054} - C:\PROGRA~2\ACCESS~1\ACCESS~1.DLL
mRun-x64: [(Default)]
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Net iD] "C:\Program Files (x86)\Net iD\iid.exe"
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
AppInit_DLLs-X64:
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
Hosts: 94.228.209.244 www.google-analytics.com.
Hosts: 94.228.209.244 ad-emea.doubleclick.net.
Hosts: 94.228.209.244 www.statcounter.com.
Hosts: 178.250.45.15 www.google-analytics.com.
Hosts: 178.250.45.15 ad-emea.doubleclick.net.
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Arnhem\AppData\Roaming\Mozilla\Firefox\Profiles\bqyusmwu.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnG=Google+Search&q=
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npiidplg.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 SDHookDriver;Spybot-S&D 2 Hook Driver;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [2011-10-14 48888]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 mi-raysat_3dsmax2011_32;mental ray 3.8 Satellite for Autodesk 3ds Max 2011 32-bit 32-bit;C:\Program Files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe [2010-3-10 86016]
R2 mi-raysat_3dsmax2011_64;mental ray 3.8 Satellite for Autodesk 3ds Max 2011 64-bit 64-bit;C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe [2010-3-10 86016]
R2 SDHookService;Spybot S&D 2 Live Protection Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookSvc.exe [2011-10-14 130976]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2011-10-14 892336]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2011-10-14 955816]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2011-10-14 169624]
R2 TabletServicePen;TabletServicePen;C:\Program Files\Tablet\Pen\Pen_Tablet.exe [2010-11-26 5790064]
R2 TouchServicePen;Wacom Consumer Touch Service;C:\Program Files\Tablet\Pen\Pen_TouchService.exe [2010-11-26 487280]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;C:\Windows\system32\DRIVERS\OA001Ufd.sys --> C:\Windows\system32\DRIVERS\OA001Ufd.sys [?]
R3 OA001Vid;Creative Camera OA001 Function Driver;C:\Windows\system32\DRIVERS\OA001Vid.sys --> C:\Windows\system32\DRIVERS\OA001Vid.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-3-16 1436424]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\system32\DRIVERS\netaapl64.sys --> C:\Windows\system32\DRIVERS\netaapl64.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 wacmoumonitor;Wacom Mode Helper;C:\Windows\system32\DRIVERS\wacmoumonitor.sys --> C:\Windows\system32\DRIVERS\wacmoumonitor.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-10-16 15:46:47 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{360F36E1-B921-41AC-88A4-66B60443AF4D}\offreg.dll
2011-10-14 14:06:21 -------- d-----w- C:\ProgramData\gigwnhspvbda
2011-10-14 13:39:34 9049936 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{360F36E1-B921-41AC-88A4-66B60443AF4D}\mpengine.dll
2011-10-14 03:08:50 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2011-10-14 03:08:38 17272 ----a-w- C:\Windows\System32\sdnclean64.exe
2011-10-14 03:08:35 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2011-10-13 20:33:32 -------- d-----w- C:\Users\Arnhem\AppData\Local\{C15863C8-C672-46AD-97F8-D577FF18B40F}
2011-10-13 20:32:58 -------- d-----w- C:\Users\Arnhem\AppData\Local\{E4ABF979-C0E5-4DDB-96C0-7ECB92570008}
2011-10-13 03:12:11 -------- d-----we C:\Windows\system64
2011-10-13 03:11:07 -------- d-sh--w- C:\Users\Arnhem\AppData\Local\c68babac
2011-10-13 01:25:47 -------- d-----w- C:\Users\Arnhem\AppData\Local\{F60E279F-41FE-4B1C-9258-70D102459A7C}
2011-10-13 01:25:08 -------- d-----w- C:\Users\Arnhem\AppData\Local\{F1BDDAE4-2C4E-4214-A46E-22DB74F8AC14}
2011-10-12 16:21:14 -------- d-----w- C:\Users\Arnhem\AppData\Local\{CEA8F98E-1536-45A8-A87E-151A25DB4B25}
2011-10-12 16:20:50 -------- d-----w- C:\Users\Arnhem\AppData\Local\{70B6F2A3-275B-438A-AAB6-B4BEA9A8B775}
2011-10-12 13:12:45 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
2011-10-10 12:16:30 -------- d-----w- C:\Users\Arnhem\AppData\Local\{6A0A16FD-54B1-4E48-911C-81F7281C73BA}
2011-10-10 12:15:54 -------- d-----w- C:\Users\Arnhem\AppData\Local\{E6618734-5CEA-4840-A27E-CB8458DA7479}
2011-10-09 17:10:38 -------- d-----w- C:\Users\Arnhem\AppData\Local\{3F5C3F5B-5E25-4B86-90B4-CA5984C216F1}
2011-10-09 17:10:12 -------- d-----w- C:\Users\Arnhem\AppData\Local\{4119DE13-4778-4A50-A0E8-92FBB4CAA079}
2011-10-08 11:19:10 -------- d-----w- C:\Users\Arnhem\AppData\Local\{141915DC-0EAA-4918-91DD-72026851A830}
2011-10-08 11:18:47 -------- d-----w- C:\Users\Arnhem\AppData\Local\{11A75D34-32D4-47BF-8EF1-65AB72B92430}
2011-10-06 16:32:23 -------- d-----w- C:\Users\Arnhem\AppData\Local\{6B5CDBEF-E60E-40EA-B375-D5C5D5D5C022}
2011-10-06 16:32:00 -------- d-----w- C:\Users\Arnhem\AppData\Local\{D0FA8CC2-F669-4EB6-9D37-84C208DF8DB1}
2011-10-05 15:38:29 -------- d-----w- C:\Users\Arnhem\AppData\Local\{BE68F107-987A-41CF-86DE-6C303951F770}
2011-10-05 15:38:04 -------- d-----w- C:\Users\Arnhem\AppData\Local\{1B20D703-E7E5-463E-B8DF-E6E7FDAEBD14}
2011-10-05 01:04:46 -------- d-----w- C:\Users\Arnhem\AppData\Local\{C161C6AA-99FC-417B-B2DA-A73E6BE5C4A0}
2011-10-05 01:04:22 -------- d-----w- C:\Users\Arnhem\AppData\Local\{E77DC846-4CAF-49EF-853C-A42D1EFD734B}
2011-10-03 13:59:29 -------- d-----w- C:\Users\Arnhem\AppData\Local\{BEC77D5A-B595-46F7-9396-2E2867FF9B1B}
2011-10-03 13:59:04 -------- d-----w- C:\Users\Arnhem\AppData\Local\{B2F75C00-DBBB-432F-8080-F9612DC2EC59}
2011-10-02 09:53:39 -------- d-----w- C:\Program Files\CCleaner
2011-10-02 09:47:38 -------- d-----w- C:\Users\Arnhem\AppData\Local\{E42AF2C5-25B3-44E6-84C7-1BC5CFFC33CD}
2011-10-02 09:47:11 -------- d-----w- C:\Users\Arnhem\AppData\Local\{FFC03E53-CD63-45C3-A315-71FBF622AEA6}
2011-10-01 12:19:28 -------- d-----w- C:\Users\Arnhem\AppData\Local\{4DDC42B7-F24C-44D0-AF19-B12D1C43C1DC}
2011-10-01 12:18:52 -------- d-----w- C:\Users\Arnhem\AppData\Local\{A84943AB-A09D-433E-BA1F-B0B2064307C0}
2011-10-01 07:31:43 -------- d-----w- C:\Users\Arnhem\AppData\Local\{748085CF-77D2-46CE-B2D9-1AA9C0E45373}
2011-10-01 07:31:17 -------- d-----w- C:\Users\Arnhem\AppData\Local\{FB33D34F-2E42-454D-A997-7D1EA44E3BC6}
2011-09-30 13:43:31 -------- d-----w- C:\Users\Arnhem\AppData\Local\{A3A6DDFD-B5C6-4E66-AA12-8AA8DA41FB56}
2011-09-30 13:42:57 -------- d-----w- C:\Users\Arnhem\AppData\Local\{FDBAEBE9-A92D-4181-B55C-B683F389C364}
2011-09-30 08:09:07 -------- d-----w- C:\Users\Arnhem\AppData\Local\{661A534F-15EB-4168-9C2E-E899D191CFCA}
2011-09-30 08:08:43 -------- d-----w- C:\Users\Arnhem\AppData\Local\{B3AAB1B3-91B2-470C-A311-F7E3C4D85C00}
2011-09-29 19:51:17 -------- d-----w- C:\Program Files (x86)\AMD APP
2011-09-29 19:51:13 -------- d-----w- C:\Program Files\Common Files\ATI Technologies
2011-09-29 19:51:13 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies
2011-09-29 19:42:31 -------- d-----w- C:\Program Files (x86)\Battlelog Web Plugins
2011-09-29 18:31:37 -------- d-----w- C:\ProgramData\EA Core
2011-09-29 18:30:42 -------- d--h--w- C:\Program Files (x86)\Common Files\EAInstaller
2011-09-29 17:22:54 -------- d-----w- C:\Users\Arnhem\AppData\Roaming\Origin
2011-09-29 17:22:51 -------- d-----w- C:\Users\Arnhem\AppData\Local\Origin
2011-09-29 17:22:39 -------- d-----w- C:\ProgramData\Origin
2011-09-29 17:22:39 -------- d-----w- C:\ProgramData\Electronic Arts
2011-09-29 17:22:39 -------- d-----w- C:\Program Files (x86)\Origin Games
2011-09-29 17:22:27 -------- d-----w- C:\Program Files (x86)\Origin
2011-09-29 16:32:08 -------- d-----w- C:\Users\Arnhem\AppData\Local\{BBC5D151-3D43-4546-8FB5-275F1455AAC6}
2011-09-29 16:31:44 -------- d-----w- C:\Users\Arnhem\AppData\Local\{7060EBAB-9C44-4A31-B3CE-CE8C2AF9CC7D}
2011-09-28 08:32:09 -------- d-----w- C:\Users\Arnhem\AppData\Local\{CC97E64C-E406-485D-95CD-66D0DDE55459}
2011-09-28 08:31:36 -------- d-----w- C:\Users\Arnhem\AppData\Local\{B92BFC83-282F-4E0A-89F4-0B77E027AA46}
2011-09-28 05:56:48 -------- d-----w- C:\Users\Arnhem\AppData\Local\{AF92ACC8-6FA3-4EDF-8EF0-066A343928DA}
2011-09-28 05:56:26 -------- d-----w- C:\Users\Arnhem\AppData\Local\{82B6281D-4E0D-49D9-829F-66448031B576}
2011-09-27 20:06:45 -------- d-----w- C:\Program Files (x86)\Thugs at Bay
2011-09-27 19:35:41 -------- d-----w- C:\Fraps
2011-09-27 18:14:29 -------- d-----w- C:\Users\Arnhem\AppData\Local\{07ACAD1D-82C0-46C2-B6FE-DA18ED46F979}
2011-09-27 18:13:54 -------- d-----w- C:\Users\Arnhem\AppData\Local\{17434ADB-EF68-427E-B23D-C0D4CFE48D49}
2011-09-27 17:40:46 -------- d-----w- C:\UDK
2011-09-27 13:35:04 -------- d-----w- C:\Users\Arnhem\AppData\Local\{60F10B38-643A-4B27-A2C1-C9A0829EB3D4}
2011-09-27 13:34:39 -------- d-----w- C:\Users\Arnhem\AppData\Local\{E3B824C8-8362-4029-B525-25772C959FDD}
2011-09-26 14:23:10 -------- d-----w- C:\Users\Arnhem\AppData\Local\{9C0D7ED4-33F9-4568-B87D-068B840D0488}
2011-09-26 14:22:46 -------- d-----w- C:\Users\Arnhem\AppData\Local\{D80B1AFD-C29D-4709-9A86-8A7B8D8B4906}
2011-09-25 20:46:49 -------- d-----w- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
2011-09-25 19:50:56 -------- d-----w- C:\Users\Arnhem\AppData\Local\CutePDF Writer
2011-09-25 19:50:23 -------- d-----w- C:\Program Files (x86)\GPLGS
2011-09-25 19:48:42 85504 ----a-w- C:\Windows\System32\cpwmon64.dll
2011-09-25 19:48:42 -------- d-----w- C:\Program Files (x86)\Acro Software
2011-09-25 15:34:15 -------- d-----w- C:\Users\Arnhem\AppData\Local\{7E10DD6E-6A13-43FD-AD8A-C56BB87FCCF8}
2011-09-25 15:33:51 -------- d-----w- C:\Users\Arnhem\AppData\Local\{E05D64BB-4B42-45E9-A106-86DFF63D275D}
2011-09-25 14:09:50 -------- d-----w- C:\Users\Arnhem\AppData\Roaming\UBitMenu
2011-09-25 13:59:28 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
2011-09-25 13:58:44 -------- d-----w- C:\Users\Arnhem\AppData\Local\Microsoft Help
2011-09-25 09:34:14 -------- d-----w- C:\Users\Arnhem\AppData\Local\{9FE2D018-2B3D-4568-A1D8-52CAB9288E03}
2011-09-25 09:33:40 -------- d-----w- C:\Users\Arnhem\AppData\Local\{47AF762C-EC7B-4D6C-8E8C-6AA797D4AB89}
2011-09-25 03:47:17 -------- d-----w- C:\Users\Arnhem\AppData\Local\{1DBCA37A-C57B-437A-9094-CF18794EEE1C}
2011-09-25 03:47:02 -------- d-----w- C:\Users\Arnhem\AppData\Local\{072204B6-13F2-47F7-A137-61222C81D13F}
2011-09-23 00:56:40 -------- d-----w- C:\Users\Arnhem\AppData\Local\{E273B139-471D-4C4B-AF49-2FF77B132C5B}
2011-09-23 00:56:17 -------- d-----w- C:\Users\Arnhem\AppData\Local\{C95312FD-8388-4DF1-BA89-396E821DBB62}
2011-09-21 22:19:54 -------- d-----w- C:\Users\Arnhem\AppData\Local\{126677DF-1C24-4093-ADBA-DBF5C000182F}
2011-09-21 22:19:26 -------- d-----w- C:\Users\Arnhem\AppData\Local\{117D4F35-E655-4ACA-8865-168016EA1C8B}
2011-09-21 10:05:49 -------- d-----w- C:\Users\Arnhem\AppData\Local\{097EC7F2-EF06-49AD-B3D1-C0C7DC2CAE76}
2011-09-21 10:05:25 -------- d-----w- C:\Users\Arnhem\AppData\Local\{6B040E85-97AC-4F0E-A3E0-6BF7F7CDFF15}
2011-09-21 02:24:38 -------- d-----w- C:\Users\Arnhem\AppData\Local\{65BAB9A3-5150-4B46-8C77-2A4B26AE412F}
2011-09-21 02:24:03 -------- d-----w- C:\Users\Arnhem\AppData\Local\{539CF775-ACFA-4371-879F-7B6E0A44D83E}
2011-09-20 19:43:03 -------- d-----w- C:\Users\Arnhem\AppData\Local\{9AE85326-FB91-44E9-89A4-C80728857A14}
2011-09-20 19:42:47 -------- d-----w- C:\Users\Arnhem\AppData\Local\{4CF6F820-5953-4299-A930-4F2773899952}
2011-09-20 04:54:48 -------- d-----w- C:\Users\Arnhem\AppData\Local\{D9BAD932-EE65-40E7-BC85-48590B660297}
2011-09-20 04:54:14 -------- d-----w- C:\Users\Arnhem\AppData\Local\{F188A0D7-6AFB-44E1-9C5F-EF83929F4FC8}
2011-09-20 00:58:07 -------- d-----w- C:\Users\Arnhem\AppData\Local\{B63972DC-231D-4FAF-94B3-051295790ED4}
2011-09-20 00:57:34 -------- d-----w- C:\Users\Arnhem\AppData\Local\{EA80F7F3-3729-4CA7-8C39-1BA5984D218F}
2011-09-19 19:17:24 -------- d-----w- C:\Users\Arnhem\AppData\Local\{C5E95953-BE1A-46C7-BF3B-7D85A24638E7}
2011-09-19 19:16:51 -------- d-----w- C:\Users\Arnhem\AppData\Local\{833F29B3-4A8A-4423-9D5F-60E98A484EE6}
2011-09-19 08:00:26 -------- d-----w- C:\Users\Arnhem\AppData\Local\{E1ADE350-7CDF-4DB0-A037-205A1D147996}
2011-09-19 07:59:58 -------- d-----w- C:\Users\Arnhem\AppData\Local\{A0C16307-4563-42AB-9C77-DCAF1AE5CD3F}
2011-09-19 02:04:23 -------- d-----w- C:\Users\Arnhem\AppData\Local\{10A39B66-E3B6-43F1-807D-C92DB866C1F4}
2011-09-19 02:04:01 -------- d-----w- C:\Users\Arnhem\AppData\Local\{0AA02A5D-4943-4DCC-9430-E18AF8049A07}
2011-09-18 15:39:14 -------- d-----w- C:\Users\Arnhem\AppData\Local\{C0307087-D258-4851-A4E2-007DCCE35034}
2011-09-18 15:38:49 -------- d-----w- C:\Users\Arnhem\AppData\Local\{F6FD1AFF-F44D-4FBA-B7F8-444116670692}
2011-09-18 04:04:29 -------- d-----w- C:\Users\Arnhem\AppData\Local\{3F1B9766-0DE1-495C-9BEA-C2D4A31661F0}
2011-09-18 04:04:05 -------- d-----w- C:\Users\Arnhem\AppData\Local\{354F916B-487C-45DC-902F-5BEBE3B6F357}
.
==================== Find3M ====================
.
2011-10-01 10:58:08 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2011-10-01 10:58:08 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2011-10-01 10:50:33 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2011-10-01 03:21:20 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-10-01 02:59:14 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-09-29 18:30:09 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2011-09-14 09:47:42 60416 ----a-w- C:\Windows\System32\OVDecode64.dll
2011-09-14 09:47:40 53760 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2011-09-14 09:47:10 16652288 ----a-w- C:\Windows\System32\amdocl64.dll
2011-09-14 09:46:58 13625856 ----a-w- C:\Windows\SysWow64\amdocl.dll
2011-09-14 09:38:30 44032 ----a-w- C:\Windows\System32\amdoclcl64.dll
2011-09-14 09:38:28 37376 ----a-w- C:\Windows\SysWow64\amdoclcl.dll
2011-09-08 18:27:22 10203648 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2011-09-08 17:59:44 24229376 ----a-w- C:\Windows\System32\atio6axx.dll
2011-09-08 17:39:44 18534912 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2011-09-08 17:34:20 151552 ----a-w- C:\Windows\System32\atiapfxx.exe
2011-09-08 17:34:10 732672 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2011-09-08 17:32:58 862720 ----a-w- C:\Windows\System32\aticfx64.dll
2011-09-08 17:30:38 466944 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2011-09-08 17:30:26 486912 ----a-w- C:\Windows\System32\atieclxx.exe
2011-09-08 17:29:56 204288 ----a-w- C:\Windows\System32\atiesrxx.exe
2011-09-08 17:28:54 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2011-09-08 17:28:38 423424 ----a-w- C:\Windows\System32\atipdl64.dll
2011-09-08 17:28:32 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll
2011-09-08 17:28:22 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll
2011-09-08 17:28:18 21504 ----a-w- C:\Windows\System32\atimuixx.dll
2011-09-08 17:28:14 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2011-09-08 17:28:10 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2011-09-08 17:24:38 4204032 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2011-09-08 17:18:56 1113088 ----a-w- C:\Windows\System32\atiumd6v.dll
2011-09-08 17:18:22 1828864 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
2011-09-08 17:18:08 3888640 ----a-w- C:\Windows\System32\atiumd6a.dll
2011-09-08 17:16:00 4944896 ----a-w- C:\Windows\System32\atidxx64.dll
2011-09-08 17:09:42 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2011-09-08 17:09:40 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2011-09-08 17:09:30 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2011-09-08 17:09:28 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2011-09-08 17:09:18 8723456 ----a-w- C:\Windows\System32\aticaldd64.dll
2011-09-08 17:08:24 4064768 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2011-09-08 17:05:52 7331840 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2011-09-08 17:05:44 4289024 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2011-09-08 17:00:02 5428736 ----a-w- C:\Windows\System32\atiumd64.dll
2011-09-08 16:59:48 58880 ----a-w- C:\Windows\System32\coinst.dll
2011-09-08 16:53:20 381952 ----a-w- C:\Windows\System32\atiadlxx.dll
2011-09-08 16:53:12 270336 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2011-09-08 16:52:58 15360 ----a-w- C:\Windows\System32\atig6pxx.dll
2011-09-08 16:52:56 13312 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2011-09-08 16:52:56 13312 ----a-w- C:\Windows\System32\atiglpxx.dll
2011-09-08 16:52:54 39936 ----a-w- C:\Windows\System32\atig6txx.dll
2011-09-08 16:52:46 32768 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2011-09-08 16:52:40 310784 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2011-09-08 16:52:00 40960 ----a-w- C:\Windows\System32\atiuxp64.dll
2011-09-08 16:51:54 31744 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2011-09-08 16:51:50 38912 ----a-w- C:\Windows\System32\atiu9p64.dll
2011-09-08 16:51:44 29184 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2011-09-08 16:51:12 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2011-09-08 16:51:02 54784 ----a-w- C:\Windows\System32\atimpc64.dll
2011-09-08 16:51:02 54784 ----a-w- C:\Windows\System32\amdpcom64.dll
2011-09-08 16:50:54 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2011-09-08 16:50:54 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2011-09-06 03:07:02 3134976 ----a-w- C:\Windows\System32\win32k.sys
2011-08-27 05:40:28 861184 ----a-w- C:\Windows\System32\oleaut32.dll
2011-08-27 05:40:28 331776 ----a-w- C:\Windows\System32\oleacc.dll
2011-08-27 04:43:07 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-08-27 04:43:06 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2011-08-20 05:45:20 1197568 ----a-w- C:\Windows\System32\wininet.dll
2011-08-20 05:41:16 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2011-08-20 04:38:10 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-08-20 04:35:20 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2011-08-20 04:20:23 482816 ----a-w- C:\Windows\System32\html.iec
2011-08-20 03:26:38 386048 ----a-w- C:\Windows\SysWow64\html.iec
2011-08-17 05:32:24 613888 ----a-w- C:\Windows\System32\psisdecd.dll
2011-08-17 05:27:46 75776 ----a-w- C:\Windows\System32\MSDvbNP.ax
2011-08-17 05:27:46 288256 ----a-w- C:\Windows\System32\MSNP.ax
2011-08-17 05:27:46 108032 ----a-w- C:\Windows\System32\psisrndr.ax
2011-08-17 05:27:46 104960 ----a-w- C:\Windows\System32\Mpeg2Data.ax
2011-08-17 04:26:02 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll
2011-08-17 04:22:23 72704 ----a-w- C:\Windows\SysWow64\Mpeg2Data.ax
2011-08-17 04:22:23 59904 ----a-w- C:\Windows\SysWow64\MSDvbNP.ax
2011-08-17 04:22:23 204288 ----a-w- C:\Windows\SysWow64\MSNP.ax
.
============= FINISH: 17:52:33.29 ===============
 
Hi


Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:

  1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.

  2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
 
Here is the log that it produced, i've also attached it if you find that to be easier to read. (it's the same log)

ComboFix 11-10-16.03 - Arnhem 17/10/2011 10:18:42.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.61.1033.18.6139.4297 [GMT 2:00]
Running from: c:\users\Arnhem\Desktop\ComboFix.exe
SP: Spybot - Search & Destroy *Disabled/Updated* {1EAF1D03-5480-F3B2-EB14-11F0F5EE2699}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\windows\assembly\tmp\U
c:\windows\assembly\tmp\U\000000c0.@
c:\windows\assembly\tmp\U\000000cb.@
c:\windows\assembly\tmp\U\000000cf.@
c:\windows\assembly\tmp\U\80000000.@
c:\windows\assembly\tmp\U\800000c0.@
c:\windows\assembly\tmp\U\800000cb.@
c:\windows\assembly\tmp\U\800000cf.@
c:\windows\system32\consrv.dll
c:\windows\System64
.
.
((((((((((((((((((((((((( Files Created from 2011-09-17 to 2011-10-17 )))))))))))))))))))))))))))))))
.
.
2011-10-14 13:39 . 2011-09-13 00:26 9049936 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{360F36E1-B921-41AC-88A4-66B60443AF4D}\mpengine.dll
2011-10-14 04:06 . 2011-10-14 04:06 -------- d-----w- c:\program files (x86)\ERUNT
2011-10-14 03:08 . 2011-10-17 08:12 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-10-14 03:08 . 2009-01-25 11:14 17272 ----a-w- c:\windows\system32\sdnclean64.exe
2011-10-14 03:08 . 2011-10-14 03:08 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2011-10-13 03:11 . 2011-10-13 03:11 -------- d-sh--w- c:\users\Arnhem\AppData\Local\c68babac
2011-10-12 13:12 . 2011-08-17 05:32 613888 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-02 09:53 . 2011-10-02 09:53 -------- d-----w- c:\program files\CCleaner
2011-09-29 19:51 . 2011-09-29 19:51 -------- d-----w- c:\programdata\ATI
2011-09-29 19:51 . 2011-09-29 19:51 -------- d-----w- c:\program files (x86)\AMD APP
2011-09-29 19:51 . 2011-09-29 19:51 -------- d-----w- c:\program files\Common Files\ATI Technologies
2011-09-29 19:51 . 2011-09-29 19:51 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2011-09-29 19:42 . 2011-09-29 19:42 -------- d-----w- c:\program files (x86)\Battlelog Web Plugins
2011-09-29 18:31 . 2011-09-29 18:31 -------- d-----w- c:\programdata\EA Core
2011-09-29 18:30 . 2011-09-29 18:30 -------- d--h--w- c:\program files (x86)\Common Files\EAInstaller
2011-09-29 17:22 . 2011-09-29 17:22 -------- d-----w- c:\users\Arnhem\AppData\Roaming\Origin
2011-09-29 17:22 . 2011-09-29 17:22 -------- d-----w- c:\users\Arnhem\AppData\Local\Origin
2011-09-29 17:22 . 2011-09-29 18:31 -------- d-----w- c:\programdata\Electronic Arts
2011-09-29 17:22 . 2011-09-29 18:31 -------- d-----w- c:\programdata\Origin
2011-09-29 17:22 . 2011-09-29 17:24 -------- d-----w- c:\program files (x86)\Origin Games
2011-09-29 17:22 . 2011-09-29 17:22 -------- d-----w- c:\program files (x86)\Origin
2011-09-27 20:06 . 2011-09-27 20:06 -------- d-----w- c:\program files (x86)\Thugs at Bay
2011-09-27 19:35 . 2011-09-27 19:35 -------- d-----w- C:\Fraps
2011-09-27 17:40 . 2011-09-27 17:40 -------- d-----w- C:\UDK
2011-09-25 20:46 . 2011-09-25 20:46 -------- d-----w- c:\program files (x86)\Microsoft CAPICOM 2.1.0.2
2011-09-25 20:41 . 2011-09-25 20:41 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2011-09-25 19:50 . 2011-10-16 21:15 -------- d-----w- c:\users\Arnhem\AppData\Local\CutePDF Writer
2011-09-25 19:50 . 2011-09-25 19:50 -------- d-----w- c:\program files (x86)\GPLGS
2011-09-25 19:48 . 2011-09-25 19:48 -------- d-----w- c:\program files (x86)\Acro Software
2011-09-25 19:48 . 2009-11-05 06:40 85504 ----a-w- c:\windows\system32\cpwmon64.dll
2011-09-25 14:09 . 2011-09-25 14:09 -------- d-----w- c:\users\Arnhem\AppData\Roaming\UBitMenu
2011-09-25 14:02 . 2011-09-25 20:44 -------- d-----w- c:\program files (x86)\Microsoft Works
2011-09-25 13:59 . 2011-09-25 13:59 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2011-09-25 13:58 . 2011-09-25 13:58 -------- d-----w- c:\users\Arnhem\AppData\Local\Microsoft Help
2011-09-25 13:58 . 2011-10-13 01:01 -------- d-----w- c:\programdata\Microsoft Help
2011-09-25 13:56 . 2011-09-25 13:56 -------- d-----r- C:\MSOCache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-01 10:58 . 2011-07-03 23:59 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-10-01 10:58 . 2011-05-14 02:49 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-10-01 10:50 . 2011-05-14 02:49 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2011-09-29 18:30 . 2011-05-14 02:49 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-09-14 09:47 . 2011-09-14 09:47 60416 ----a-w- c:\windows\system32\OVDecode64.dll
2011-09-14 09:47 . 2011-09-14 09:47 53760 ----a-w- c:\windows\SysWow64\OVDecode.dll
2011-09-14 09:47 . 2011-09-14 09:47 16652288 ----a-w- c:\windows\system32\amdocl64.dll
2011-09-14 09:46 . 2011-09-14 09:46 13625856 ----a-w- c:\windows\SysWow64\amdocl.dll
2011-09-14 09:38 . 2011-09-14 09:38 44032 ----a-w- c:\windows\system32\amdoclcl64.dll
2011-09-14 09:38 . 2011-09-14 09:38 37376 ----a-w- c:\windows\SysWow64\amdoclcl.dll
2011-09-08 18:27 . 2011-09-08 18:27 10203648 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-09-08 17:59 . 2011-09-08 17:59 24229376 ----a-w- c:\windows\system32\atio6axx.dll
2011-09-08 17:39 . 2011-09-08 17:39 18534912 ----a-w- c:\windows\SysWow64\atioglxx.dll
2011-09-08 17:34 . 2011-09-08 17:34 151552 ----a-w- c:\windows\system32\atiapfxx.exe
2011-09-08 17:34 . 2011-05-25 03:07 732672 ----a-w- c:\windows\SysWow64\aticfx32.dll
2011-09-08 17:32 . 2011-05-25 03:06 862720 ----a-w- c:\windows\system32\aticfx64.dll
2011-09-08 17:30 . 2011-05-25 03:04 466944 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-09-08 17:30 . 2011-09-08 17:30 486912 ----a-w- c:\windows\system32\atieclxx.exe
2011-09-08 17:29 . 2011-09-08 17:29 204288 ----a-w- c:\windows\system32\atiesrxx.exe
2011-09-08 17:28 . 2011-09-08 17:28 120320 ----a-w- c:\windows\system32\atitmm64.dll
2011-09-08 17:28 . 2011-05-25 03:02 423424 ----a-w- c:\windows\system32\atipdl64.dll
2011-09-08 17:28 . 2011-09-08 17:28 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll
2011-09-08 17:28 . 2011-09-08 17:28 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
2011-09-08 17:28 . 2011-09-08 17:28 21504 ----a-w- c:\windows\system32\atimuixx.dll
2011-09-08 17:28 . 2011-09-08 17:28 59392 ----a-w- c:\windows\system32\atiedu64.dll
2011-09-08 17:28 . 2011-09-08 17:28 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2011-09-08 17:24 . 2011-05-25 02:58 4204032 ----a-w- c:\windows\SysWow64\atidxx32.dll
2011-09-08 17:18 . 2011-09-08 17:18 1113088 ----a-w- c:\windows\system32\atiumd6v.dll
2011-09-08 17:18 . 2011-09-08 17:18 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2011-09-08 17:18 . 2011-05-25 02:59 3888640 ----a-w- c:\windows\system32\atiumd6a.dll
2011-09-08 17:16 . 2009-07-13 21:59 4944896 ----a-w- c:\windows\system32\atidxx64.dll
2011-09-08 17:09 . 2011-09-08 17:09 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2011-09-08 17:09 . 2011-09-08 17:09 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2011-09-08 17:09 . 2011-09-08 17:09 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2011-09-08 17:09 . 2011-09-08 17:09 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2011-09-08 17:09 . 2011-09-08 17:09 8723456 ----a-w- c:\windows\system32\aticaldd64.dll
2011-09-08 17:08 . 2011-09-08 17:08 4064768 ----a-w- c:\windows\SysWow64\atiumdva.dll
2011-09-08 17:05 . 2011-09-08 17:05 7331840 ----a-w- c:\windows\SysWow64\aticaldd.dll
2011-09-08 17:05 . 2011-09-08 17:05 4289024 ----a-w- c:\windows\SysWow64\atiumdag.dll
2011-09-08 17:00 . 2011-05-25 02:33 5428736 ----a-w- c:\windows\system32\atiumd64.dll
2011-09-08 16:59 . 2011-05-25 02:19 58880 ----a-w- c:\windows\system32\coinst.dll
2011-09-08 16:53 . 2011-05-25 02:26 381952 ----a-w- c:\windows\system32\atiadlxx.dll
2011-09-08 16:53 . 2011-09-08 16:53 270336 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2011-09-08 16:52 . 2011-09-08 16:52 15360 ----a-w- c:\windows\system32\atig6pxx.dll
2011-09-08 16:52 . 2011-09-08 16:52 13312 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2011-09-08 16:52 . 2011-09-08 16:52 13312 ----a-w- c:\windows\system32\atiglpxx.dll
2011-09-08 16:52 . 2011-09-08 16:52 39936 ----a-w- c:\windows\system32\atig6txx.dll
2011-09-08 16:52 . 2011-09-08 16:52 32768 ----a-w- c:\windows\SysWow64\atigktxx.dll
2011-09-08 16:52 . 2011-09-08 16:52 310784 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-09-08 16:52 . 2011-05-25 02:24 40960 ----a-w- c:\windows\system32\atiuxp64.dll
2011-09-08 16:51 . 2011-05-25 02:24 31744 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2011-09-08 16:51 . 2011-05-25 02:24 38912 ----a-w- c:\windows\system32\atiu9p64.dll
2011-09-08 16:51 . 2011-05-25 02:24 29184 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2011-09-08 16:51 . 2011-09-08 16:51 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-09-08 16:51 . 2011-09-08 16:51 54784 ----a-w- c:\windows\system32\atimpc64.dll
2011-09-08 16:51 . 2011-09-08 16:51 54784 ----a-w- c:\windows\system32\amdpcom64.dll
2011-09-08 16:50 . 2011-09-08 16:50 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
2011-09-08 16:50 . 2011-09-08 16:50 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Arnhem\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Arnhem\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Arnhem\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Arnhem\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-08-24 1242448]
"GameXN (update)"="c:\programdata\GameXN\GameXNGO.exe" [2011-09-09 347008]
"GameXN (news)"="c:\programdata\GameXN\GameXNGO.exe" [2011-09-09 347008]
"ccleaner"="c:\program files\CCleaner\CCleaner64.exe" [2011-09-23 4478784]
"CreoLab"="c:\programdata\gigwnhspvbda\lhrlltbf.exe" [2011-10-14 3666944]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-08-18 421736]
"Net iD"="c:\program files (x86)\Net iD\iid.exe" [2011-03-21 87352]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-09-08 343168]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2011-10-05 3578272]
.
c:\users\Arnhem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Dropbox.lnk - c:\users\Arnhem\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-11-17 1066536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\winlogon]
"Shell"="c:\users\Arnhem\AppData\Local\c68babac\X"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-03-16 1436424]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [x]
R3 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2011-10-05 892336]
R3 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2011-10-05 955816]
R3 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2011-10-05 169624]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 SDHookDriver;Spybot-S&D 2 Hook Driver;c:\program files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [2011-10-05 48888]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 mi-raysat_3dsmax2011_32;mental ray 3.8 Satellite for Autodesk 3ds Max 2011 32-bit 32-bit;c:\program files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe [2010-03-10 86016]
S2 mi-raysat_3dsmax2011_64;mental ray 3.8 Satellite for Autodesk 3ds Max 2011 64-bit 64-bit;c:\program files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe [2010-03-10 86016]
S2 SDHookService;Spybot S&D 2 Live Protection Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDHookSvc.exe [2011-10-05 130976]
S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2010-10-13 5790064]
S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2010-10-13 487280]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
S3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\DRIVERS\OA001Ufd.sys [x]
S3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\DRIVERS\OA001Vid.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-17 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2011-10-14 13:46]
.
2011-10-17 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\program files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2011-10-14 13:46]
.
2011-10-17 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\program files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2011-10-14 13:46]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Arnhem\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Arnhem\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Arnhem\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Arnhem\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-09-25 1552168]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 2327952]
"combofix"="c:\combofix\CF10741.3XE" [2009-07-14 344576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.searchqu.com//406
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 83.255.245.11 193.150.193.150
FF - ProfilePath - c:\users\Arnhem\AppData\Roaming\Mozilla\Firefox\Profiles\bqyusmwu.default\
FF - prefs.js: browser.search.selectedEngine - YouTube Video Search
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnG=Google+Search&q=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
Notify-SDWinLogon - SDWinLogon.dll
Toolbar-10 - (no file)
AddRemove-{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B} - c:\program files (x86)\InstallShield Installation Information\{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-587842109-1465246950-3102458467-1001\Software\SecuROM\License information*]
"datasecu"=hex:6a,96,86,0e,eb,a3,d5,66,46,da,43,bd,e2,78,82,01,19,27,6b,a6,d5,
7b,b0,21,7c,c3,48,79,be,e9,8d,a3,ff,71,33,df,f8,cd,2b,4e,08,d9,c1,33,a8,9c,\
"rkeysecu"=hex:c4,05,15,5f,42,ca,4d,5f,8a,58,b2,4a,be,1a,8b,96
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\RunDll32.exe
c:\program files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
c:\programdata\gigwnhspvbda\SmartGearlhrlltbf.exe
c:\program files (x86)\Common Files\Java\Java Update\jucheck.exe
.
**************************************************************************
.
Completion time: 2011-10-17 10:32:34 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-17 08:32
.
Pre-Run: 172,725,137,408 bytes free
Post-Run: 172,467,380,224 bytes free
.
- - End Of File - - 7AAFA38789CF90A322F64F577875F3F2
 
Oh sorry, i missed that line of text somehow.


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
Run by Arnhem at 15:32:58 on 2011-10-17
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.61.1033.18.6139.4087 [GMT 2:00]
.
SP: Spybot - Search & Destroy *Disabled/Updated* {1EAF1D03-5480-F3B2-EB14-11F0F5EE2699}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Tablet\Pen\Pen_TouchService.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\explorer.exe
C:\Program Files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe
C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\ProgramData\gigwnhspvbda\lhrlltbf.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Users\Arnhem\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Net iD\iid.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\ProgramData\gigwnhspvbda\SmartGearlhrlltbf.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
"C:\Windows\system32\svchost.exe"
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.searchqu.com//406
uInternet Settings,ProxyOverride = *.local
uWinlogon: Shell=C:\Users\Arnhem\AppData\Local\c68babac\X
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Web Accessibility Toolbar: {11352a67-0178-46b1-8855-d50b2f81c054} - C:\PROGRA~2\ACCESS~1\ACCESS~1.DLL
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [GameXN (update)] "C:\ProgramData\GameXN\GameXNGO.exe" /u
uRun: [GameXN (news)] "C:\ProgramData\GameXN\GameXNGO.exe" /n
uRun: [ccleaner] "C:\Program Files\CCleaner\CCleaner64.exe" /AUTO
uRun: [CreoLab] C:\ProgramData\gigwnhspvbda\lhrlltbf.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Net iD] "C:\Program Files (x86)\Net iD\iid.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
StartupFolder: C:\Users\Arnhem\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
StartupFolder: C:\Users\Arnhem\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Arnhem\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Arnhem\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: DhcpNameServer = 83.255.245.11 193.150.193.150
TCP: Interfaces\{833F4ED1-7FBC-4DF3-8CC7-6AF12719D1DC} : DhcpNameServer = 83.255.245.11 193.150.193.150
TCP: Interfaces\{D100012C-EB29-45AE-A97E-BFE9EA3FFDB6} : DhcpNameServer = 83.255.245.11 193.150.193.150
TCP: Interfaces\{D100012C-EB29-45AE-A97E-BFE9EA3FFDB6}\2556B64757D6E45445 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{D100012C-EB29-45AE-A97E-BFE9EA3FFDB6}\35B656A71647368696 : DhcpNameServer = 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Web Accessibility Toolbar: {11352A67-0178-46B1-8855-D50B2F81C054} - C:\PROGRA~2\ACCESS~1\ACCESS~1.DLL
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Net iD] "C:\Program Files (x86)\Net iD\iid.exe"
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Arnhem\AppData\Roaming\Mozilla\Firefox\Profiles\bqyusmwu.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnG=Google+Search&q=
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npiidplg.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 SDHookDriver;Spybot-S&D 2 Hook Driver;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [2011-10-14 48888]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 mi-raysat_3dsmax2011_32;mental ray 3.8 Satellite for Autodesk 3ds Max 2011 32-bit 32-bit;C:\Program Files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe [2010-3-10 86016]
R2 mi-raysat_3dsmax2011_64;mental ray 3.8 Satellite for Autodesk 3ds Max 2011 64-bit 64-bit;C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe [2010-3-10 86016]
R2 SDHookService;Spybot S&D 2 Live Protection Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookSvc.exe [2011-10-14 130976]
R2 TabletServicePen;TabletServicePen;C:\Program Files\Tablet\Pen\Pen_Tablet.exe [2010-11-26 5790064]
R2 TouchServicePen;Wacom Consumer Touch Service;C:\Program Files\Tablet\Pen\Pen_TouchService.exe [2010-11-26 487280]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;C:\Windows\system32\DRIVERS\OA001Ufd.sys --> C:\Windows\system32\DRIVERS\OA001Ufd.sys [?]
R3 OA001Vid;Creative Camera OA001 Function Driver;C:\Windows\system32\DRIVERS\OA001Vid.sys --> C:\Windows\system32\DRIVERS\OA001Vid.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-3-16 1436424]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\system32\DRIVERS\netaapl64.sys --> C:\Windows\system32\DRIVERS\netaapl64.sys [?]
S3 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2011-10-14 892336]
S3 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2011-10-14 955816]
S3 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2011-10-14 169624]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 wacmoumonitor;Wacom Mode Helper;C:\Windows\system32\DRIVERS\wacmoumonitor.sys --> C:\Windows\system32\DRIVERS\wacmoumonitor.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-10-17 08:30:40 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{360F36E1-B921-41AC-88A4-66B60443AF4D}\offreg.dll
2011-10-17 08:27:07 -------- d-----w- C:\$RECYCLE.BIN
2011-10-17 08:16:31 98816 ----a-w- C:\Windows\sed.exe
2011-10-17 08:16:31 518144 ----a-w- C:\Windows\SWREG.exe
2011-10-17 08:16:31 256000 ----a-w- C:\Windows\PEV.exe
2011-10-17 08:16:31 208896 ----a-w- C:\Windows\MBR.exe
2011-10-17 08:16:26 -------- d-----w- C:\ComboFix
2011-10-14 14:06:21 -------- d-----w- C:\ProgramData\gigwnhspvbda
2011-10-14 13:39:34 9049936 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{360F36E1-B921-41AC-88A4-66B60443AF4D}\mpengine.dll
2011-10-14 03:08:50 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2011-10-14 03:08:38 17272 ----a-w- C:\Windows\System32\sdnclean64.exe
2011-10-14 03:08:35 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2011-10-13 20:33:32 -------- d-----w- C:\Users\Arnhem\AppData\Local\{C15863C8-C672-46AD-97F8-D577FF18B40F}
2011-10-13 20:32:58 -------- d-----w- C:\Users\Arnhem\AppData\Local\{E4ABF979-C0E5-4DDB-96C0-7ECB92570008}
2011-10-13 03:11:07 -------- d-sh--w- C:\Users\Arnhem\AppData\Local\c68babac
2011-10-13 01:25:47 -------- d-----w- C:\Users\Arnhem\AppData\Local\{F60E279F-41FE-4B1C-9258-70D102459A7C}
2011-10-13 01:25:08 -------- d-----w- C:\Users\Arnhem\AppData\Local\{F1BDDAE4-2C4E-4214-A46E-22DB74F8AC14}
2011-10-12 16:21:14 -------- d-----w- C:\Users\Arnhem\AppData\Local\{CEA8F98E-1536-45A8-A87E-151A25DB4B25}
2011-10-12 16:20:50 -------- d-----w- C:\Users\Arnhem\AppData\Local\{70B6F2A3-275B-438A-AAB6-B4BEA9A8B775}
2011-10-12 13:12:45 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
2011-10-10 12:16:30 -------- d-----w- C:\Users\Arnhem\AppData\Local\{6A0A16FD-54B1-4E48-911C-81F7281C73BA}
2011-10-10 12:15:54 -------- d-----w- C:\Users\Arnhem\AppData\Local\{E6618734-5CEA-4840-A27E-CB8458DA7479}
2011-10-09 17:10:38 -------- d-----w- C:\Users\Arnhem\AppData\Local\{3F5C3F5B-5E25-4B86-90B4-CA5984C216F1}
2011-10-09 17:10:12 -------- d-----w- C:\Users\Arnhem\AppData\Local\{4119DE13-4778-4A50-A0E8-92FBB4CAA079}
2011-10-08 11:19:10 -------- d-----w- C:\Users\Arnhem\AppData\Local\{141915DC-0EAA-4918-91DD-72026851A830}
2011-10-08 11:18:47 -------- d-----w- C:\Users\Arnhem\AppData\Local\{11A75D34-32D4-47BF-8EF1-65AB72B92430}
2011-10-06 16:32:23 -------- d-----w- C:\Users\Arnhem\AppData\Local\{6B5CDBEF-E60E-40EA-B375-D5C5D5D5C022}
2011-10-06 16:32:00 -------- d-----w- C:\Users\Arnhem\AppData\Local\{D0FA8CC2-F669-4EB6-9D37-84C208DF8DB1}
2011-10-05 15:38:29 -------- d-----w- C:\Users\Arnhem\AppData\Local\{BE68F107-987A-41CF-86DE-6C303951F770}
2011-10-05 15:38:04 -------- d-----w- C:\Users\Arnhem\AppData\Local\{1B20D703-E7E5-463E-B8DF-E6E7FDAEBD14}
2011-10-05 01:04:46 -------- d-----w- C:\Users\Arnhem\AppData\Local\{C161C6AA-99FC-417B-B2DA-A73E6BE5C4A0}
2011-10-05 01:04:22 -------- d-----w- C:\Users\Arnhem\AppData\Local\{E77DC846-4CAF-49EF-853C-A42D1EFD734B}
2011-10-03 13:59:29 -------- d-----w- C:\Users\Arnhem\AppData\Local\{BEC77D5A-B595-46F7-9396-2E2867FF9B1B}
2011-10-03 13:59:04 -------- d-----w- C:\Users\Arnhem\AppData\Local\{B2F75C00-DBBB-432F-8080-F9612DC2EC59}
2011-10-02 09:53:39 -------- d-----w- C:\Program Files\CCleaner
2011-10-02 09:47:38 -------- d-----w- C:\Users\Arnhem\AppData\Local\{E42AF2C5-25B3-44E6-84C7-1BC5CFFC33CD}
2011-10-02 09:47:11 -------- d-----w- C:\Users\Arnhem\AppData\Local\{FFC03E53-CD63-45C3-A315-71FBF622AEA6}
2011-10-01 12:19:28 -------- d-----w- C:\Users\Arnhem\AppData\Local\{4DDC42B7-F24C-44D0-AF19-B12D1C43C1DC}
2011-10-01 12:18:52 -------- d-----w- C:\Users\Arnhem\AppData\Local\{A84943AB-A09D-433E-BA1F-B0B2064307C0}
2011-10-01 07:31:43 -------- d-----w- C:\Users\Arnhem\AppData\Local\{748085CF-77D2-46CE-B2D9-1AA9C0E45373}
2011-10-01 07:31:17 -------- d-----w- C:\Users\Arnhem\AppData\Local\{FB33D34F-2E42-454D-A997-7D1EA44E3BC6}
2011-09-30 13:43:31 -------- d-----w- C:\Users\Arnhem\AppData\Local\{A3A6DDFD-B5C6-4E66-AA12-8AA8DA41FB56}
2011-09-30 13:42:57 -------- d-----w- C:\Users\Arnhem\AppData\Local\{FDBAEBE9-A92D-4181-B55C-B683F389C364}
2011-09-30 08:09:07 -------- d-----w- C:\Users\Arnhem\AppData\Local\{661A534F-15EB-4168-9C2E-E899D191CFCA}
2011-09-30 08:08:43 -------- d-----w- C:\Users\Arnhem\AppData\Local\{B3AAB1B3-91B2-470C-A311-F7E3C4D85C00}
2011-09-29 19:51:17 -------- d-----w- C:\Program Files (x86)\AMD APP
2011-09-29 19:51:13 -------- d-----w- C:\Program Files\Common Files\ATI Technologies
2011-09-29 19:51:13 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies
2011-09-29 19:42:31 -------- d-----w- C:\Program Files (x86)\Battlelog Web Plugins
2011-09-29 18:31:37 -------- d-----w- C:\ProgramData\EA Core
2011-09-29 18:30:42 -------- d--h--w- C:\Program Files (x86)\Common Files\EAInstaller
2011-09-29 17:22:54 -------- d-----w- C:\Users\Arnhem\AppData\Roaming\Origin
2011-09-29 17:22:51 -------- d-----w- C:\Users\Arnhem\AppData\Local\Origin
2011-09-29 17:22:39 -------- d-----w- C:\ProgramData\Origin
2011-09-29 17:22:39 -------- d-----w- C:\ProgramData\Electronic Arts
2011-09-29 17:22:39 -------- d-----w- C:\Program Files (x86)\Origin Games
2011-09-29 17:22:27 -------- d-----w- C:\Program Files (x86)\Origin
2011-09-29 16:32:08 -------- d-----w- C:\Users\Arnhem\AppData\Local\{BBC5D151-3D43-4546-8FB5-275F1455AAC6}
2011-09-29 16:31:44 -------- d-----w- C:\Users\Arnhem\AppData\Local\{7060EBAB-9C44-4A31-B3CE-CE8C2AF9CC7D}
2011-09-28 08:32:09 -------- d-----w- C:\Users\Arnhem\AppData\Local\{CC97E64C-E406-485D-95CD-66D0DDE55459}
2011-09-28 08:31:36 -------- d-----w- C:\Users\Arnhem\AppData\Local\{B92BFC83-282F-4E0A-89F4-0B77E027AA46}
2011-09-28 05:56:48 -------- d-----w- C:\Users\Arnhem\AppData\Local\{AF92ACC8-6FA3-4EDF-8EF0-066A343928DA}
2011-09-28 05:56:26 -------- d-----w- C:\Users\Arnhem\AppData\Local\{82B6281D-4E0D-49D9-829F-66448031B576}
2011-09-27 20:06:45 -------- d-----w- C:\Program Files (x86)\Thugs at Bay
2011-09-27 19:35:41 -------- d-----w- C:\Fraps
2011-09-27 18:14:29 -------- d-----w- C:\Users\Arnhem\AppData\Local\{07ACAD1D-82C0-46C2-B6FE-DA18ED46F979}
2011-09-27 18:13:54 -------- d-----w- C:\Users\Arnhem\AppData\Local\{17434ADB-EF68-427E-B23D-C0D4CFE48D49}
2011-09-27 17:40:46 -------- d-----w- C:\UDK
2011-09-27 13:35:04 -------- d-----w- C:\Users\Arnhem\AppData\Local\{60F10B38-643A-4B27-A2C1-C9A0829EB3D4}
2011-09-27 13:34:39 -------- d-----w- C:\Users\Arnhem\AppData\Local\{E3B824C8-8362-4029-B525-25772C959FDD}
2011-09-26 14:23:10 -------- d-----w- C:\Users\Arnhem\AppData\Local\{9C0D7ED4-33F9-4568-B87D-068B840D0488}
2011-09-26 14:22:46 -------- d-----w- C:\Users\Arnhem\AppData\Local\{D80B1AFD-C29D-4709-9A86-8A7B8D8B4906}
2011-09-25 20:46:49 -------- d-----w- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
2011-09-25 19:50:56 -------- d-----w- C:\Users\Arnhem\AppData\Local\CutePDF Writer
2011-09-25 19:50:23 -------- d-----w- C:\Program Files (x86)\GPLGS
2011-09-25 19:48:42 85504 ----a-w- C:\Windows\System32\cpwmon64.dll
2011-09-25 19:48:42 -------- d-----w- C:\Program Files (x86)\Acro Software
2011-09-25 15:34:15 -------- d-----w- C:\Users\Arnhem\AppData\Local\{7E10DD6E-6A13-43FD-AD8A-C56BB87FCCF8}
2011-09-25 15:33:51 -------- d-----w- C:\Users\Arnhem\AppData\Local\{E05D64BB-4B42-45E9-A106-86DFF63D275D}
2011-09-25 14:09:50 -------- d-----w- C:\Users\Arnhem\AppData\Roaming\UBitMenu
2011-09-25 13:59:28 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
2011-09-25 13:58:44 -------- d-----w- C:\Users\Arnhem\AppData\Local\Microsoft Help
2011-09-25 09:34:14 -------- d-----w- C:\Users\Arnhem\AppData\Local\{9FE2D018-2B3D-4568-A1D8-52CAB9288E03}
2011-09-25 09:33:40 -------- d-----w- C:\Users\Arnhem\AppData\Local\{47AF762C-EC7B-4D6C-8E8C-6AA797D4AB89}
2011-09-25 03:47:17 -------- d-----w- C:\Users\Arnhem\AppData\Local\{1DBCA37A-C57B-437A-9094-CF18794EEE1C}
2011-09-25 03:47:02 -------- d-----w- C:\Users\Arnhem\AppData\Local\{072204B6-13F2-47F7-A137-61222C81D13F}
2011-09-23 00:56:40 -------- d-----w- C:\Users\Arnhem\AppData\Local\{E273B139-471D-4C4B-AF49-2FF77B132C5B}
2011-09-23 00:56:17 -------- d-----w- C:\Users\Arnhem\AppData\Local\{C95312FD-8388-4DF1-BA89-396E821DBB62}
2011-09-21 22:19:54 -------- d-----w- C:\Users\Arnhem\AppData\Local\{126677DF-1C24-4093-ADBA-DBF5C000182F}
2011-09-21 22:19:26 -------- d-----w- C:\Users\Arnhem\AppData\Local\{117D4F35-E655-4ACA-8865-168016EA1C8B}
2011-09-21 10:05:49 -------- d-----w- C:\Users\Arnhem\AppData\Local\{097EC7F2-EF06-49AD-B3D1-C0C7DC2CAE76}
2011-09-21 10:05:25 -------- d-----w- C:\Users\Arnhem\AppData\Local\{6B040E85-97AC-4F0E-A3E0-6BF7F7CDFF15}
2011-09-21 02:24:38 -------- d-----w- C:\Users\Arnhem\AppData\Local\{65BAB9A3-5150-4B46-8C77-2A4B26AE412F}
2011-09-21 02:24:03 -------- d-----w- C:\Users\Arnhem\AppData\Local\{539CF775-ACFA-4371-879F-7B6E0A44D83E}
2011-09-20 19:43:03 -------- d-----w- C:\Users\Arnhem\AppData\Local\{9AE85326-FB91-44E9-89A4-C80728857A14}
2011-09-20 19:42:47 -------- d-----w- C:\Users\Arnhem\AppData\Local\{4CF6F820-5953-4299-A930-4F2773899952}
2011-09-20 04:54:48 -------- d-----w- C:\Users\Arnhem\AppData\Local\{D9BAD932-EE65-40E7-BC85-48590B660297}
2011-09-20 04:54:14 -------- d-----w- C:\Users\Arnhem\AppData\Local\{F188A0D7-6AFB-44E1-9C5F-EF83929F4FC8}
2011-09-20 00:58:07 -------- d-----w- C:\Users\Arnhem\AppData\Local\{B63972DC-231D-4FAF-94B3-051295790ED4}
2011-09-20 00:57:34 -------- d-----w- C:\Users\Arnhem\AppData\Local\{EA80F7F3-3729-4CA7-8C39-1BA5984D218F}
2011-09-19 19:17:24 -------- d-----w- C:\Users\Arnhem\AppData\Local\{C5E95953-BE1A-46C7-BF3B-7D85A24638E7}
2011-09-19 19:16:51 -------- d-----w- C:\Users\Arnhem\AppData\Local\{833F29B3-4A8A-4423-9D5F-60E98A484EE6}
2011-09-19 08:00:26 -------- d-----w- C:\Users\Arnhem\AppData\Local\{E1ADE350-7CDF-4DB0-A037-205A1D147996}
2011-09-19 07:59:58 -------- d-----w- C:\Users\Arnhem\AppData\Local\{A0C16307-4563-42AB-9C77-DCAF1AE5CD3F}
2011-09-19 02:04:23 -------- d-----w- C:\Users\Arnhem\AppData\Local\{10A39B66-E3B6-43F1-807D-C92DB866C1F4}
2011-09-19 02:04:01 -------- d-----w- C:\Users\Arnhem\AppData\Local\{0AA02A5D-4943-4DCC-9430-E18AF8049A07}
2011-09-18 15:39:14 -------- d-----w- C:\Users\Arnhem\AppData\Local\{C0307087-D258-4851-A4E2-007DCCE35034}
2011-09-18 15:38:49 -------- d-----w- C:\Users\Arnhem\AppData\Local\{F6FD1AFF-F44D-4FBA-B7F8-444116670692}
2011-09-18 04:04:29 -------- d-----w- C:\Users\Arnhem\AppData\Local\{3F1B9766-0DE1-495C-9BEA-C2D4A31661F0}
2011-09-18 04:04:05 -------- d-----w- C:\Users\Arnhem\AppData\Local\{354F916B-487C-45DC-902F-5BEBE3B6F357}
.
==================== Find3M ====================
.
2011-10-01 10:58:08 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2011-10-01 10:58:08 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2011-10-01 10:50:33 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2011-10-01 03:21:20 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-10-01 02:59:14 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-09-29 18:30:09 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2011-09-14 09:47:42 60416 ----a-w- C:\Windows\System32\OVDecode64.dll
2011-09-14 09:47:40 53760 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2011-09-14 09:47:10 16652288 ----a-w- C:\Windows\System32\amdocl64.dll
2011-09-14 09:46:58 13625856 ----a-w- C:\Windows\SysWow64\amdocl.dll
2011-09-14 09:38:30 44032 ----a-w- C:\Windows\System32\amdoclcl64.dll
2011-09-14 09:38:28 37376 ----a-w- C:\Windows\SysWow64\amdoclcl.dll
2011-09-08 18:27:22 10203648 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2011-09-08 17:59:44 24229376 ----a-w- C:\Windows\System32\atio6axx.dll
2011-09-08 17:39:44 18534912 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2011-09-08 17:34:20 151552 ----a-w- C:\Windows\System32\atiapfxx.exe
2011-09-08 17:34:10 732672 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2011-09-08 17:32:58 862720 ----a-w- C:\Windows\System32\aticfx64.dll
2011-09-08 17:30:38 466944 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2011-09-08 17:30:26 486912 ----a-w- C:\Windows\System32\atieclxx.exe
2011-09-08 17:29:56 204288 ----a-w- C:\Windows\System32\atiesrxx.exe
2011-09-08 17:28:54 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2011-09-08 17:28:38 423424 ----a-w- C:\Windows\System32\atipdl64.dll
2011-09-08 17:28:32 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll
2011-09-08 17:28:22 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll
2011-09-08 17:28:18 21504 ----a-w- C:\Windows\System32\atimuixx.dll
2011-09-08 17:28:14 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2011-09-08 17:28:10 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2011-09-08 17:24:38 4204032 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2011-09-08 17:18:56 1113088 ----a-w- C:\Windows\System32\atiumd6v.dll
2011-09-08 17:18:22 1828864 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
2011-09-08 17:18:08 3888640 ----a-w- C:\Windows\System32\atiumd6a.dll
2011-09-08 17:16:00 4944896 ----a-w- C:\Windows\System32\atidxx64.dll
2011-09-08 17:09:42 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2011-09-08 17:09:40 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2011-09-08 17:09:30 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2011-09-08 17:09:28 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2011-09-08 17:09:18 8723456 ----a-w- C:\Windows\System32\aticaldd64.dll
2011-09-08 17:08:24 4064768 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2011-09-08 17:05:52 7331840 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2011-09-08 17:05:44 4289024 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2011-09-08 17:00:02 5428736 ----a-w- C:\Windows\System32\atiumd64.dll
2011-09-08 16:59:48 58880 ----a-w- C:\Windows\System32\coinst.dll
2011-09-08 16:53:20 381952 ----a-w- C:\Windows\System32\atiadlxx.dll
2011-09-08 16:53:12 270336 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2011-09-08 16:52:58 15360 ----a-w- C:\Windows\System32\atig6pxx.dll
2011-09-08 16:52:56 13312 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2011-09-08 16:52:56 13312 ----a-w- C:\Windows\System32\atiglpxx.dll
2011-09-08 16:52:54 39936 ----a-w- C:\Windows\System32\atig6txx.dll
2011-09-08 16:52:46 32768 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2011-09-08 16:52:40 310784 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2011-09-08 16:52:00 40960 ----a-w- C:\Windows\System32\atiuxp64.dll
2011-09-08 16:51:54 31744 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2011-09-08 16:51:50 38912 ----a-w- C:\Windows\System32\atiu9p64.dll
2011-09-08 16:51:44 29184 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2011-09-08 16:51:12 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2011-09-08 16:51:02 54784 ----a-w- C:\Windows\System32\atimpc64.dll
2011-09-08 16:51:02 54784 ----a-w- C:\Windows\System32\amdpcom64.dll
2011-09-08 16:50:54 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2011-09-08 16:50:54 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2011-09-06 03:07:02 3134976 ----a-w- C:\Windows\System32\win32k.sys
2011-08-27 05:40:28 861184 ----a-w- C:\Windows\System32\oleaut32.dll
2011-08-27 05:40:28 331776 ----a-w- C:\Windows\System32\oleacc.dll
2011-08-27 04:43:07 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-08-27 04:43:06 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2011-08-20 05:45:20 1197568 ----a-w- C:\Windows\System32\wininet.dll
2011-08-20 05:41:16 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2011-08-20 04:38:10 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-08-20 04:35:20 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2011-08-20 04:20:23 482816 ----a-w- C:\Windows\System32\html.iec
2011-08-20 03:26:38 386048 ----a-w- C:\Windows\SysWow64\html.iec
2011-08-17 05:32:24 613888 ----a-w- C:\Windows\System32\psisdecd.dll
2011-08-17 05:27:46 75776 ----a-w- C:\Windows\System32\MSDvbNP.ax
2011-08-17 05:27:46 288256 ----a-w- C:\Windows\System32\MSNP.ax
2011-08-17 05:27:46 108032 ----a-w- C:\Windows\System32\psisrndr.ax
2011-08-17 05:27:46 104960 ----a-w- C:\Windows\System32\Mpeg2Data.ax
2011-08-17 04:26:02 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll
2011-08-17 04:22:23 72704 ----a-w- C:\Windows\SysWow64\Mpeg2Data.ax
2011-08-17 04:22:23 59904 ----a-w- C:\Windows\SysWow64\MSDvbNP.ax
2011-08-17 04:22:23 204288 ----a-w- C:\Windows\SysWow64\MSNP.ax
.
============= FINISH: 15:33:22.25 ===============
 
Hi again,


Open notepad and copy/paste the text in the quotebox below into it:

Code: 
http://forums.spybot.info/showthread.php?t=64136
DirLook::
c:\users\Arnhem\AppData\Local\c68babac
Suspect::
c:\programdata\gigwnhspvbda\lhrlltbf.exe


Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

CFScriptB-4.gif


Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe (let the tool to update itself if prompted).
Then post the resultant log.


Uninstall old Adobe Reader versions and get the latest one (Adobe Reader 10.1 and separate 10.1.1 update for it) here or get Foxit Reader here. Make sure you don't (unless you want to) install toolbar if choose Foxit Reader! You may also check free readers introduced here.


Uninstall vulnerable Flash versions by following instructions here. Fresh version can be obtained here.


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 7.
  • Click the
    Download
    button to the right.
  • Select Windows on platform combobox and check the box that says:
    Accept License Agreement. Click continue.
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7-windows-i586.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.


* Go here to run an online scanner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is UNchecked and the option Scan unwanted applications is checkmarked.
  • Click Scan
  • Wait for the scan to finish.


Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.
 
Here is the log, just when i ran combofix it asked to update so i did so, when it was finished it ran as normal and produced this log after asking to confirm an internet connection for submission of malware files for analysis.

I'll go through the rest of the steps in the next post.

ComboFix 11-10-17.02 - Arnhem 17/10/2011 20:47:17.2.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.61.1033.18.6139.4140 [GMT 2:00]
Running from: c:\users\Arnhem\Desktop\ComboFix.exe
Command switches used :: c:\users\Arnhem\Desktop\CFScript.txt
SP: Spybot - Search & Destroy *Disabled/Updated* {1EAF1D03-5480-F3B2-EB14-11F0F5EE2699}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
.
((((((((((((((((((((((((( Files Created from 2011-09-17 to 2011-10-17 )))))))))))))))))))))))))))))))
.
.
2011-10-17 18:53 . 2011-10-17 18:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-14 04:06 . 2011-10-14 04:06 -------- d-----w- c:\program files (x86)\ERUNT
2011-10-14 03:08 . 2011-10-17 08:12 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-10-14 03:08 . 2009-01-25 11:14 17272 ----a-w- c:\windows\system32\sdnclean64.exe
2011-10-14 03:08 . 2011-10-14 03:08 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2011-10-13 03:11 . 2011-10-13 03:11 -------- d-sh--w- c:\users\Arnhem\AppData\Local\c68babac
2011-10-12 13:12 . 2011-08-17 05:32 613888 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-02 09:53 . 2011-10-02 09:53 -------- d-----w- c:\program files\CCleaner
2011-09-29 19:51 . 2011-09-29 19:51 -------- d-----w- c:\programdata\ATI
2011-09-29 19:51 . 2011-09-29 19:51 -------- d-----w- c:\program files (x86)\AMD APP
2011-09-29 19:51 . 2011-09-29 19:51 -------- d-----w- c:\program files\Common Files\ATI Technologies
2011-09-29 19:51 . 2011-09-29 19:51 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2011-09-29 19:42 . 2011-09-29 19:42 -------- d-----w- c:\program files (x86)\Battlelog Web Plugins
2011-09-29 18:31 . 2011-09-29 18:31 -------- d-----w- c:\programdata\EA Core
2011-09-29 18:30 . 2011-09-29 18:30 -------- d--h--w- c:\program files (x86)\Common Files\EAInstaller
2011-09-29 17:22 . 2011-09-29 17:22 -------- d-----w- c:\users\Arnhem\AppData\Roaming\Origin
2011-09-29 17:22 . 2011-09-29 17:22 -------- d-----w- c:\users\Arnhem\AppData\Local\Origin
2011-09-29 17:22 . 2011-09-29 18:31 -------- d-----w- c:\programdata\Electronic Arts
2011-09-29 17:22 . 2011-09-29 18:31 -------- d-----w- c:\programdata\Origin
2011-09-29 17:22 . 2011-09-29 17:24 -------- d-----w- c:\program files (x86)\Origin Games
2011-09-29 17:22 . 2011-09-29 17:22 -------- d-----w- c:\program files (x86)\Origin
2011-09-27 20:06 . 2011-09-27 20:06 -------- d-----w- c:\program files (x86)\Thugs at Bay
2011-09-27 19:35 . 2011-09-27 19:35 -------- d-----w- C:\Fraps
2011-09-27 17:40 . 2011-09-27 17:40 -------- d-----w- C:\UDK
2011-09-25 20:46 . 2011-09-25 20:46 -------- d-----w- c:\program files (x86)\Microsoft CAPICOM 2.1.0.2
2011-09-25 20:41 . 2011-09-25 20:41 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2011-09-25 19:50 . 2011-10-16 21:15 -------- d-----w- c:\users\Arnhem\AppData\Local\CutePDF Writer
2011-09-25 19:50 . 2011-09-25 19:50 -------- d-----w- c:\program files (x86)\GPLGS
2011-09-25 19:48 . 2011-09-25 19:48 -------- d-----w- c:\program files (x86)\Acro Software
2011-09-25 19:48 . 2009-11-05 06:40 85504 ----a-w- c:\windows\system32\cpwmon64.dll
2011-09-25 14:09 . 2011-09-25 14:09 -------- d-----w- c:\users\Arnhem\AppData\Roaming\UBitMenu
2011-09-25 14:02 . 2011-09-25 20:44 -------- d-----w- c:\program files (x86)\Microsoft Works
2011-09-25 13:59 . 2011-09-25 13:59 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2011-09-25 13:58 . 2011-09-25 13:58 -------- d-----w- c:\users\Arnhem\AppData\Local\Microsoft Help
2011-09-25 13:58 . 2011-10-13 01:01 -------- d-----w- c:\programdata\Microsoft Help
2011-09-25 13:56 . 2011-09-25 13:56 -------- d-----r- C:\MSOCache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-01 10:58 . 2011-07-03 23:59 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-10-01 10:58 . 2011-05-14 02:49 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-10-01 10:50 . 2011-05-14 02:49 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2011-09-29 18:30 . 2011-05-14 02:49 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-09-14 09:47 . 2011-09-14 09:47 60416 ----a-w- c:\windows\system32\OVDecode64.dll
2011-09-14 09:47 . 2011-09-14 09:47 53760 ----a-w- c:\windows\SysWow64\OVDecode.dll
2011-09-14 09:47 . 2011-09-14 09:47 16652288 ----a-w- c:\windows\system32\amdocl64.dll
2011-09-14 09:46 . 2011-09-14 09:46 13625856 ----a-w- c:\windows\SysWow64\amdocl.dll
2011-09-14 09:38 . 2011-09-14 09:38 44032 ----a-w- c:\windows\system32\amdoclcl64.dll
2011-09-14 09:38 . 2011-09-14 09:38 37376 ----a-w- c:\windows\SysWow64\amdoclcl.dll
2011-09-08 18:27 . 2011-09-08 18:27 10203648 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-09-08 17:59 . 2011-09-08 17:59 24229376 ----a-w- c:\windows\system32\atio6axx.dll
2011-09-08 17:39 . 2011-09-08 17:39 18534912 ----a-w- c:\windows\SysWow64\atioglxx.dll
2011-09-08 17:34 . 2011-09-08 17:34 151552 ----a-w- c:\windows\system32\atiapfxx.exe
2011-09-08 17:34 . 2011-05-25 03:07 732672 ----a-w- c:\windows\SysWow64\aticfx32.dll
2011-09-08 17:32 . 2011-05-25 03:06 862720 ----a-w- c:\windows\system32\aticfx64.dll
2011-09-08 17:30 . 2011-05-25 03:04 466944 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-09-08 17:30 . 2011-09-08 17:30 486912 ----a-w- c:\windows\system32\atieclxx.exe
2011-09-08 17:29 . 2011-09-08 17:29 204288 ----a-w- c:\windows\system32\atiesrxx.exe
2011-09-08 17:28 . 2011-09-08 17:28 120320 ----a-w- c:\windows\system32\atitmm64.dll
2011-09-08 17:28 . 2011-05-25 03:02 423424 ----a-w- c:\windows\system32\atipdl64.dll
2011-09-08 17:28 . 2011-09-08 17:28 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll
2011-09-08 17:28 . 2011-09-08 17:28 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
2011-09-08 17:28 . 2011-09-08 17:28 21504 ----a-w- c:\windows\system32\atimuixx.dll
2011-09-08 17:28 . 2011-09-08 17:28 59392 ----a-w- c:\windows\system32\atiedu64.dll
2011-09-08 17:28 . 2011-09-08 17:28 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2011-09-08 17:24 . 2011-05-25 02:58 4204032 ----a-w- c:\windows\SysWow64\atidxx32.dll
2011-09-08 17:18 . 2011-09-08 17:18 1113088 ----a-w- c:\windows\system32\atiumd6v.dll
2011-09-08 17:18 . 2011-09-08 17:18 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2011-09-08 17:18 . 2011-05-25 02:59 3888640 ----a-w- c:\windows\system32\atiumd6a.dll
2011-09-08 17:16 . 2009-07-13 21:59 4944896 ----a-w- c:\windows\system32\atidxx64.dll
2011-09-08 17:09 . 2011-09-08 17:09 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2011-09-08 17:09 . 2011-09-08 17:09 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2011-09-08 17:09 . 2011-09-08 17:09 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2011-09-08 17:09 . 2011-09-08 17:09 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2011-09-08 17:09 . 2011-09-08 17:09 8723456 ----a-w- c:\windows\system32\aticaldd64.dll
2011-09-08 17:08 . 2011-09-08 17:08 4064768 ----a-w- c:\windows\SysWow64\atiumdva.dll
2011-09-08 17:05 . 2011-09-08 17:05 7331840 ----a-w- c:\windows\SysWow64\aticaldd.dll
2011-09-08 17:05 . 2011-09-08 17:05 4289024 ----a-w- c:\windows\SysWow64\atiumdag.dll
2011-09-08 17:00 . 2011-05-25 02:33 5428736 ----a-w- c:\windows\system32\atiumd64.dll
2011-09-08 16:59 . 2011-05-25 02:19 58880 ----a-w- c:\windows\system32\coinst.dll
2011-09-08 16:53 . 2011-05-25 02:26 381952 ----a-w- c:\windows\system32\atiadlxx.dll
2011-09-08 16:53 . 2011-09-08 16:53 270336 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2011-09-08 16:52 . 2011-09-08 16:52 15360 ----a-w- c:\windows\system32\atig6pxx.dll
2011-09-08 16:52 . 2011-09-08 16:52 13312 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2011-09-08 16:52 . 2011-09-08 16:52 13312 ----a-w- c:\windows\system32\atiglpxx.dll
2011-09-08 16:52 . 2011-09-08 16:52 39936 ----a-w- c:\windows\system32\atig6txx.dll
2011-09-08 16:52 . 2011-09-08 16:52 32768 ----a-w- c:\windows\SysWow64\atigktxx.dll
2011-09-08 16:52 . 2011-09-08 16:52 310784 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-09-08 16:52 . 2011-05-25 02:24 40960 ----a-w- c:\windows\system32\atiuxp64.dll
2011-09-08 16:51 . 2011-05-25 02:24 31744 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2011-09-08 16:51 . 2011-05-25 02:24 38912 ----a-w- c:\windows\system32\atiu9p64.dll
2011-09-08 16:51 . 2011-05-25 02:24 29184 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2011-09-08 16:51 . 2011-09-08 16:51 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-09-08 16:51 . 2011-09-08 16:51 54784 ----a-w- c:\windows\system32\atimpc64.dll
2011-09-08 16:51 . 2011-09-08 16:51 54784 ----a-w- c:\windows\system32\amdpcom64.dll
2011-09-08 16:50 . 2011-09-08 16:50 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
2011-09-08 16:50 . 2011-09-08 16:50 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\users\Arnhem\AppData\Local\c68babac ----
.
2011-10-17 15:14 . 2011-10-17 15:29 17408 ----a-w- c:\users\Arnhem\AppData\Local\c68babac\U\80000000.@
2011-10-14 22:23 . 2011-10-16 15:43 18944 ----a-w- c:\users\Arnhem\AppData\Local\c68babac\U\800000cb.@
2011-10-13 03:11 . 2011-10-13 03:11 42496 --sha-w- c:\users\Arnhem\AppData\Local\c68babac\X
2011-10-13 03:11 . 2011-10-13 03:11 2048 --sha-w- c:\users\Arnhem\AppData\Local\c68babac\@
.
.
((((((((((((((((((((((((((((( SnapShot@2011-10-17_08.27.08 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 05:10 . 2011-10-17 08:28 38354 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-10-29 21:45 . 2011-10-17 08:28 13232 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-587842109-1465246950-3102458467-1001_UserData.bin
+ 2010-10-29 21:45 . 2011-10-17 18:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-10-29 21:45 . 2011-10-17 08:28 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-10-29 21:45 . 2011-10-17 18:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-10-29 21:45 . 2011-10-17 08:28 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-10-30 01:37 . 2011-10-17 15:12 312324 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 02:36 . 2011-10-17 15:15 664992 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-10-17 08:12 664992 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-10-17 08:12 125696 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2011-10-17 15:15 125696 c:\windows\system32\perfc009.dat
- 2009-07-14 02:34 . 2011-10-16 22:21 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2011-10-17 17:09 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Arnhem\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Arnhem\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Arnhem\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Arnhem\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-08-24 1242448]
"GameXN (update)"="c:\programdata\GameXN\GameXNGO.exe" [2011-09-09 347008]
"GameXN (news)"="c:\programdata\GameXN\GameXNGO.exe" [2011-09-09 347008]
"ccleaner"="c:\program files\CCleaner\CCleaner64.exe" [2011-09-23 4478784]
"CreoLab"="c:\programdata\gigwnhspvbda\lhrlltbf.exe" [2011-10-14 3666944]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-08-18 421736]
"Net iD"="c:\program files (x86)\Net iD\iid.exe" [2011-03-21 87352]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-09-08 343168]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2011-10-05 3578272]
.
c:\users\Arnhem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Dropbox.lnk - c:\users\Arnhem\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-11-17 1066536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\winlogon]
"Shell"="c:\users\Arnhem\AppData\Local\c68babac\X"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SDWinLogon]
SDWinLogon.dll [BU]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 mi-raysat_3dsmax2011_32;mental ray 3.8 Satellite for Autodesk 3ds Max 2011 32-bit 32-bit;c:\program files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe [2010-03-10 86016]
R2 mi-raysat_3dsmax2011_64;mental ray 3.8 Satellite for Autodesk 3ds Max 2011 64-bit 64-bit;c:\program files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe [2010-03-10 86016]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-03-16 1436424]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [x]
R3 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2011-10-05 892336]
R3 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2011-10-05 955816]
R3 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2011-10-05 169624]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 SDHookDriver;Spybot-S&D 2 Hook Driver;c:\program files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [2011-10-05 48888]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 SDHookService;Spybot S&D 2 Live Protection Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDHookSvc.exe [2011-10-05 130976]
S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2010-10-13 5790064]
S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2010-10-13 487280]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
S3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\DRIVERS\OA001Ufd.sys [x]
S3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\DRIVERS\OA001Vid.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-17 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2011-10-14 13:46]
.
2011-10-17 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\program files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2011-10-14 13:46]
.
2011-10-17 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\program files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2011-10-14 13:46]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Arnhem\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Arnhem\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Arnhem\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Arnhem\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-09-25 1552168]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 2327952]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.searchqu.com//406
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 83.255.245.11 193.150.193.150
FF - ProfilePath - c:\users\Arnhem\AppData\Roaming\Mozilla\Firefox\Profiles\bqyusmwu.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnG=Google+Search&q=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-587842109-1465246950-3102458467-1001\Software\SecuROM\License information*]
"datasecu"=hex:6a,96,86,0e,eb,a3,d5,66,46,da,43,bd,e2,78,82,01,19,27,6b,a6,d5,
7b,b0,21,7c,c3,48,79,be,e9,8d,a3,ff,71,33,df,f8,cd,2b,4e,08,d9,c1,33,a8,9c,\
"rkeysecu"=hex:c4,05,15,5f,42,ca,4d,5f,8a,58,b2,4a,be,1a,8b,96
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-10-17 20:55:39
ComboFix-quarantined-files.txt 2011-10-17 18:55
ComboFix2.txt 2011-10-17 08:32
.
Pre-Run: 172,146,094,080 bytes free
Post-Run: 172,144,889,856 bytes free
.
- - End Of File - - 7D35CF21A9E7C5C3BDF957D32740FAE5
Upload was successful
 
ESET:


C:\Program Files (x86)\Black_Box\The Witcher 2 Assassins of Kings\bin\paul.dll a variant of Win32/Packed.VMProtect.AAA trojan
C:\ProgramData\gigwnhspvbda\spoof.avi Win32/Agent.SWD trojan
C:\Qoobox\Quarantine\C\Windows\System32\consrv.dll.vir probably a variant of Win32/Agent.IKPFSXV trojan
C:\Users\All Users\gigwnhspvbda\spoof.avi Win32/Agent.SWD trojan
C:\Users\Arnhem\AppData\Local\c68babac\X Win64/Sirefef.A trojan
C:\Users\Arnhem\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\79efab09-25b9b0bc probably a variant of Java/TrojanDownloader.OpenStream.NCC trojan
C:\Users\Arnhem\Documents\My Received Files\xf-a2011-32bits.exe a variant of Win32/Keygen.BL application
C:\Users\Arnhem\Documents\My Received Files\xf-a2011-64bits.exe a variant of Win32/Keygen.BL application
C:\Users\Arnhem\Downloads\Plogue Chipsounds Standalone VSTi v1.0\PLGCHPSTDLONEVTIV10HLLWN_POT\Plogue_Chipsound\setup.exe a variant of Win32/Kryptik.DFE trojan


DDS

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 10.0.0
Run by Arnhem at 22:50:08 on 2011-10-17
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.61.1033.18.6139.3134 [GMT 2:00]
.
SP: Spybot - Search & Destroy *Disabled/Updated* {1EAF1D03-5480-F3B2-EB14-11F0F5EE2699}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Tablet\Pen\Pen_TouchService.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\explorer.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Net iD\iid.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Program Files (x86)\foobar2000\foobar2000.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.searchqu.com//406
uInternet Settings,ProxyOverride = *.local
uWinlogon: Shell=C:\Users\Arnhem\AppData\Local\c68babac\X
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Web Accessibility Toolbar: {11352a67-0178-46b1-8855-d50b2f81c054} - C:\PROGRA~2\ACCESS~1\ACCESS~1.DLL
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [GameXN (update)] "C:\ProgramData\GameXN\GameXNGO.exe" /u
uRun: [GameXN (news)] "C:\ProgramData\GameXN\GameXNGO.exe" /n
uRun: [ccleaner] "C:\Program Files\CCleaner\CCleaner64.exe" /AUTO
uRun: [CreoLab] C:\ProgramData\gigwnhspvbda\lhrlltbf.exe
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Net iD] "C:\Program Files (x86)\Net iD\iid.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\Users\Arnhem\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
StartupFolder: C:\Users\Arnhem\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Arnhem\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Arnhem\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
TCP: DhcpNameServer = 83.255.245.11 193.150.193.150
TCP: Interfaces\{833F4ED1-7FBC-4DF3-8CC7-6AF12719D1DC} : DhcpNameServer = 83.255.245.11 193.150.193.150
TCP: Interfaces\{D100012C-EB29-45AE-A97E-BFE9EA3FFDB6} : DhcpNameServer = 83.255.245.11 193.150.193.150
TCP: Interfaces\{D100012C-EB29-45AE-A97E-BFE9EA3FFDB6}\2556B64757D6E45445 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{D100012C-EB29-45AE-A97E-BFE9EA3FFDB6}\35B656A71647368696 : DhcpNameServer = 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB-X64: Web Accessibility Toolbar: {11352A67-0178-46B1-8855-D50B2F81C054} - C:\PROGRA~2\ACCESS~1\ACCESS~1.DLL
mRun-x64: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Net iD] "C:\Program Files (x86)\Net iD\iid.exe"
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Arnhem\AppData\Roaming\Mozilla\Firefox\Profiles\bqyusmwu.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnG=Google+Search&q=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npiidplg.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 SDHookDriver;Spybot-S&D 2 Hook Driver;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [2011-10-14 48888]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 SDHookService;Spybot S&D 2 Live Protection Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookSvc.exe [2011-10-14 130976]
R2 TabletServicePen;TabletServicePen;C:\Program Files\Tablet\Pen\Pen_Tablet.exe [2010-11-26 5790064]
R2 TouchServicePen;Wacom Consumer Touch Service;C:\Program Files\Tablet\Pen\Pen_TouchService.exe [2010-11-26 487280]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;C:\Windows\system32\DRIVERS\OA001Ufd.sys --> C:\Windows\system32\DRIVERS\OA001Ufd.sys [?]
R3 OA001Vid;Creative Camera OA001 Function Driver;C:\Windows\system32\DRIVERS\OA001Vid.sys --> C:\Windows\system32\DRIVERS\OA001Vid.sys [?]
R3 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2011-10-14 892336]
S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 mi-raysat_3dsmax2011_32;mental ray 3.8 Satellite for Autodesk 3ds Max 2011 32-bit 32-bit;C:\Program Files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe [2010-3-10 86016]
S2 mi-raysat_3dsmax2011_64;mental ray 3.8 Satellite for Autodesk 3ds Max 2011 64-bit 64-bit;C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe [2010-3-10 86016]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-3-16 1436424]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\system32\DRIVERS\netaapl64.sys --> C:\Windows\system32\DRIVERS\netaapl64.sys [?]
S3 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2011-10-14 955816]
S3 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2011-10-14 169624]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 wacmoumonitor;Wacom Mode Helper;C:\Windows\system32\DRIVERS\wacmoumonitor.sys --> C:\Windows\system32\DRIVERS\wacmoumonitor.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-10-17 19:21:07 -------- d-----w- C:\Program Files (x86)\ESET
2011-10-17 19:19:30 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-17 19:04:23 -------- d-sh--w- C:\$RECYCLE.BIN
2011-10-17 18:45:51 -------- d-----w- C:\ComboFix
2011-10-17 13:36:22 -------- d-----w- C:\Users\Arnhem\AppData\Local\{C7FD4943-6DA2-4B30-A77A-E3C441977D34}
2011-10-17 13:35:57 -------- d-----w- C:\Users\Arnhem\AppData\Local\{69153016-A4FD-45A5-A69B-585239C38082}
2011-10-17 08:30:40 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{360F36E1-B921-41AC-88A4-66B60443AF4D}\offreg.dll
2011-10-17 08:16:31 98816 ----a-w- C:\Windows\sed.exe
2011-10-17 08:16:31 518144 ----a-w- C:\Windows\SWREG.exe
2011-10-17 08:16:31 256000 ----a-w- C:\Windows\PEV.exe
2011-10-17 08:16:31 208896 ----a-w- C:\Windows\MBR.exe
2011-10-14 14:06:21 -------- d-----w- C:\ProgramData\gigwnhspvbda
2011-10-14 13:39:34 9049936 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{360F36E1-B921-41AC-88A4-66B60443AF4D}\mpengine.dll
2011-10-14 03:08:50 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2011-10-14 03:08:38 17272 ----a-w- C:\Windows\System32\sdnclean64.exe
2011-10-14 03:08:35 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2011-10-13 20:33:32 -------- d-----w- C:\Users\Arnhem\AppData\Local\{C15863C8-C672-46AD-97F8-D577FF18B40F}
2011-10-13 20:32:58 -------- d-----w- C:\Users\Arnhem\AppData\Local\{E4ABF979-C0E5-4DDB-96C0-7ECB92570008}
2011-10-13 03:11:07 -------- d-sh--w- C:\Users\Arnhem\AppData\Local\c68babac
2011-10-13 01:25:47 -------- d-----w- C:\Users\Arnhem\AppData\Local\{F60E279F-41FE-4B1C-9258-70D102459A7C}
2011-10-13 01:25:08 -------- d-----w- C:\Users\Arnhem\AppData\Local\{F1BDDAE4-2C4E-4214-A46E-22DB74F8AC14}
2011-10-12 16:21:14 -------- d-----w- C:\Users\Arnhem\AppData\Local\{CEA8F98E-1536-45A8-A87E-151A25DB4B25}
2011-10-12 16:20:50 -------- d-----w- C:\Users\Arnhem\AppData\Local\{70B6F2A3-275B-438A-AAB6-B4BEA9A8B775}
2011-10-12 13:12:45 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
2011-10-10 12:16:30 -------- d-----w- C:\Users\Arnhem\AppData\Local\{6A0A16FD-54B1-4E48-911C-81F7281C73BA}
2011-10-10 12:15:54 -------- d-----w- C:\Users\Arnhem\AppData\Local\{E6618734-5CEA-4840-A27E-CB8458DA7479}
2011-10-09 17:10:38 -------- d-----w- C:\Users\Arnhem\AppData\Local\{3F5C3F5B-5E25-4B86-90B4-CA5984C216F1}
2011-10-09 17:10:12 -------- d-----w- C:\Users\Arnhem\AppData\Local\{4119DE13-4778-4A50-A0E8-92FBB4CAA079}
2011-10-08 11:19:10 -------- d-----w- C:\Users\Arnhem\AppData\Local\{141915DC-0EAA-4918-91DD-72026851A830}
2011-10-08 11:18:47 -------- d-----w- C:\Users\Arnhem\AppData\Local\{11A75D34-32D4-47BF-8EF1-65AB72B92430}
2011-10-06 16:32:23 -------- d-----w- C:\Users\Arnhem\AppData\Local\{6B5CDBEF-E60E-40EA-B375-D5C5D5D5C022}
2011-10-06 16:32:00 -------- d-----w- C:\Users\Arnhem\AppData\Local\{D0FA8CC2-F669-4EB6-9D37-84C208DF8DB1}
2011-10-05 15:38:29 -------- d-----w- C:\Users\Arnhem\AppData\Local\{BE68F107-987A-41CF-86DE-6C303951F770}
2011-10-05 15:38:04 -------- d-----w- C:\Users\Arnhem\AppData\Local\{1B20D703-E7E5-463E-B8DF-E6E7FDAEBD14}
2011-10-05 01:04:46 -------- d-----w- C:\Users\Arnhem\AppData\Local\{C161C6AA-99FC-417B-B2DA-A73E6BE5C4A0}
2011-10-05 01:04:22 -------- d-----w- C:\Users\Arnhem\AppData\Local\{E77DC846-4CAF-49EF-853C-A42D1EFD734B}
2011-10-03 13:59:29 -------- d-----w- C:\Users\Arnhem\AppData\Local\{BEC77D5A-B595-46F7-9396-2E2867FF9B1B}
2011-10-03 13:59:04 -------- d-----w- C:\Users\Arnhem\AppData\Local\{B2F75C00-DBBB-432F-8080-F9612DC2EC59}
2011-10-02 09:53:39 -------- d-----w- C:\Program Files\CCleaner
2011-10-02 09:47:38 -------- d-----w- C:\Users\Arnhem\AppData\Local\{E42AF2C5-25B3-44E6-84C7-1BC5CFFC33CD}
2011-10-02 09:47:11 -------- d-----w- C:\Users\Arnhem\AppData\Local\{FFC03E53-CD63-45C3-A315-71FBF622AEA6}
2011-10-01 12:19:28 -------- d-----w- C:\Users\Arnhem\AppData\Local\{4DDC42B7-F24C-44D0-AF19-B12D1C43C1DC}
2011-10-01 12:18:52 -------- d-----w- C:\Users\Arnhem\AppData\Local\{A84943AB-A09D-433E-BA1F-B0B2064307C0}
2011-10-01 07:31:43 -------- d-----w- C:\Users\Arnhem\AppData\Local\{748085CF-77D2-46CE-B2D9-1AA9C0E45373}
2011-10-01 07:31:17 -------- d-----w- C:\Users\Arnhem\AppData\Local\{FB33D34F-2E42-454D-A997-7D1EA44E3BC6}
2011-09-30 13:43:31 -------- d-----w- C:\Users\Arnhem\AppData\Local\{A3A6DDFD-B5C6-4E66-AA12-8AA8DA41FB56}
2011-09-30 13:42:57 -------- d-----w- C:\Users\Arnhem\AppData\Local\{FDBAEBE9-A92D-4181-B55C-B683F389C364}
2011-09-30 08:09:07 -------- d-----w- C:\Users\Arnhem\AppData\Local\{661A534F-15EB-4168-9C2E-E899D191CFCA}
2011-09-30 08:08:43 -------- d-----w- C:\Users\Arnhem\AppData\Local\{B3AAB1B3-91B2-470C-A311-F7E3C4D85C00}
2011-09-29 19:51:17 -------- d-----w- C:\Program Files (x86)\AMD APP
2011-09-29 19:51:13 -------- d-----w- C:\Program Files\Common Files\ATI Technologies
2011-09-29 19:51:13 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies
2011-09-29 19:42:31 -------- d-----w- C:\Program Files (x86)\Battlelog Web Plugins
2011-09-29 18:31:37 -------- d-----w- C:\ProgramData\EA Core
2011-09-29 18:30:42 -------- d--h--w- C:\Program Files (x86)\Common Files\EAInstaller
2011-09-29 17:22:54 -------- d-----w- C:\Users\Arnhem\AppData\Roaming\Origin
2011-09-29 17:22:51 -------- d-----w- C:\Users\Arnhem\AppData\Local\Origin
2011-09-29 17:22:39 -------- d-----w- C:\ProgramData\Origin
2011-09-29 17:22:39 -------- d-----w- C:\ProgramData\Electronic Arts
2011-09-29 17:22:39 -------- d-----w- C:\Program Files (x86)\Origin Games
2011-09-29 17:22:27 -------- d-----w- C:\Program Files (x86)\Origin
2011-09-29 16:32:08 -------- d-----w- C:\Users\Arnhem\AppData\Local\{BBC5D151-3D43-4546-8FB5-275F1455AAC6}
2011-09-29 16:31:44 -------- d-----w- C:\Users\Arnhem\AppData\Local\{7060EBAB-9C44-4A31-B3CE-CE8C2AF9CC7D}
2011-09-28 08:32:09 -------- d-----w- C:\Users\Arnhem\AppData\Local\{CC97E64C-E406-485D-95CD-66D0DDE55459}
2011-09-28 08:31:36 -------- d-----w- C:\Users\Arnhem\AppData\Local\{B92BFC83-282F-4E0A-89F4-0B77E027AA46}
2011-09-28 05:56:48 -------- d-----w- C:\Users\Arnhem\AppData\Local\{AF92ACC8-6FA3-4EDF-8EF0-066A343928DA}
2011-09-28 05:56:26 -------- d-----w- C:\Users\Arnhem\AppData\Local\{82B6281D-4E0D-49D9-829F-66448031B576}
2011-09-27 20:06:45 -------- d-----w- C:\Program Files (x86)\Thugs at Bay
2011-09-27 19:35:41 -------- d-----w- C:\Fraps
2011-09-27 18:14:29 -------- d-----w- C:\Users\Arnhem\AppData\Local\{07ACAD1D-82C0-46C2-B6FE-DA18ED46F979}
2011-09-27 18:13:54 -------- d-----w- C:\Users\Arnhem\AppData\Local\{17434ADB-EF68-427E-B23D-C0D4CFE48D49}
2011-09-27 17:40:46 -------- d-----w- C:\UDK
2011-09-27 13:35:04 -------- d-----w- C:\Users\Arnhem\AppData\Local\{60F10B38-643A-4B27-A2C1-C9A0829EB3D4}
2011-09-27 13:34:39 -------- d-----w- C:\Users\Arnhem\AppData\Local\{E3B824C8-8362-4029-B525-25772C959FDD}
2011-09-26 14:23:10 -------- d-----w- C:\Users\Arnhem\AppData\Local\{9C0D7ED4-33F9-4568-B87D-068B840D0488}
2011-09-26 14:22:46 -------- d-----w- C:\Users\Arnhem\AppData\Local\{D80B1AFD-C29D-4709-9A86-8A7B8D8B4906}
2011-09-25 20:46:49 -------- d-----w- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
2011-09-25 19:50:56 -------- d-----w- C:\Users\Arnhem\AppData\Local\CutePDF Writer
2011-09-25 19:50:23 -------- d-----w- C:\Program Files (x86)\GPLGS
2011-09-25 19:48:42 85504 ----a-w- C:\Windows\System32\cpwmon64.dll
2011-09-25 19:48:42 -------- d-----w- C:\Program Files (x86)\Acro Software
2011-09-25 15:34:15 -------- d-----w- C:\Users\Arnhem\AppData\Local\{7E10DD6E-6A13-43FD-AD8A-C56BB87FCCF8}
2011-09-25 15:33:51 -------- d-----w- C:\Users\Arnhem\AppData\Local\{E05D64BB-4B42-45E9-A106-86DFF63D275D}
2011-09-25 14:09:50 -------- d-----w- C:\Users\Arnhem\AppData\Roaming\UBitMenu
2011-09-25 13:59:28 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
2011-09-25 13:58:44 -------- d-----w- C:\Users\Arnhem\AppData\Local\Microsoft Help
2011-09-25 09:34:14 -------- d-----w- C:\Users\Arnhem\AppData\Local\{9FE2D018-2B3D-4568-A1D8-52CAB9288E03}
2011-09-25 09:33:40 -------- d-----w- C:\Users\Arnhem\AppData\Local\{47AF762C-EC7B-4D6C-8E8C-6AA797D4AB89}
2011-09-25 03:47:17 -------- d-----w- C:\Users\Arnhem\AppData\Local\{1DBCA37A-C57B-437A-9094-CF18794EEE1C}
2011-09-25 03:47:02 -------- d-----w- C:\Users\Arnhem\AppData\Local\{072204B6-13F2-47F7-A137-61222C81D13F}
2011-09-23 00:56:40 -------- d-----w- C:\Users\Arnhem\AppData\Local\{E273B139-471D-4C4B-AF49-2FF77B132C5B}
2011-09-23 00:56:17 -------- d-----w- C:\Users\Arnhem\AppData\Local\{C95312FD-8388-4DF1-BA89-396E821DBB62}
2011-09-21 22:19:54 -------- d-----w- C:\Users\Arnhem\AppData\Local\{126677DF-1C24-4093-ADBA-DBF5C000182F}
2011-09-21 22:19:26 -------- d-----w- C:\Users\Arnhem\AppData\Local\{117D4F35-E655-4ACA-8865-168016EA1C8B}
2011-09-21 10:05:49 -------- d-----w- C:\Users\Arnhem\AppData\Local\{097EC7F2-EF06-49AD-B3D1-C0C7DC2CAE76}
2011-09-21 10:05:25 -------- d-----w- C:\Users\Arnhem\AppData\Local\{6B040E85-97AC-4F0E-A3E0-6BF7F7CDFF15}
2011-09-21 02:24:38 -------- d-----w- C:\Users\Arnhem\AppData\Local\{65BAB9A3-5150-4B46-8C77-2A4B26AE412F}
2011-09-21 02:24:03 -------- d-----w- C:\Users\Arnhem\AppData\Local\{539CF775-ACFA-4371-879F-7B6E0A44D83E}
2011-09-20 19:43:03 -------- d-----w- C:\Users\Arnhem\AppData\Local\{9AE85326-FB91-44E9-89A4-C80728857A14}
2011-09-20 19:42:47 -------- d-----w- C:\Users\Arnhem\AppData\Local\{4CF6F820-5953-4299-A930-4F2773899952}
2011-09-20 04:54:48 -------- d-----w- C:\Users\Arnhem\AppData\Local\{D9BAD932-EE65-40E7-BC85-48590B660297}
2011-09-20 04:54:14 -------- d-----w- C:\Users\Arnhem\AppData\Local\{F188A0D7-6AFB-44E1-9C5F-EF83929F4FC8}
2011-09-20 00:58:07 -------- d-----w- C:\Users\Arnhem\AppData\Local\{B63972DC-231D-4FAF-94B3-051295790ED4}
2011-09-20 00:57:34 -------- d-----w- C:\Users\Arnhem\AppData\Local\{EA80F7F3-3729-4CA7-8C39-1BA5984D218F}
2011-09-19 19:17:24 -------- d-----w- C:\Users\Arnhem\AppData\Local\{C5E95953-BE1A-46C7-BF3B-7D85A24638E7}
2011-09-19 19:16:51 -------- d-----w- C:\Users\Arnhem\AppData\Local\{833F29B3-4A8A-4423-9D5F-60E98A484EE6}
2011-09-19 08:00:26 -------- d-----w- C:\Users\Arnhem\AppData\Local\{E1ADE350-7CDF-4DB0-A037-205A1D147996}
2011-09-19 07:59:58 -------- d-----w- C:\Users\Arnhem\AppData\Local\{A0C16307-4563-42AB-9C77-DCAF1AE5CD3F}
2011-09-19 02:04:23 -------- d-----w- C:\Users\Arnhem\AppData\Local\{10A39B66-E3B6-43F1-807D-C92DB866C1F4}
2011-09-19 02:04:01 -------- d-----w- C:\Users\Arnhem\AppData\Local\{0AA02A5D-4943-4DCC-9430-E18AF8049A07}
2011-09-18 15:39:14 -------- d-----w- C:\Users\Arnhem\AppData\Local\{C0307087-D258-4851-A4E2-007DCCE35034}
2011-09-18 15:38:49 -------- d-----w- C:\Users\Arnhem\AppData\Local\{F6FD1AFF-F44D-4FBA-B7F8-444116670692}
2011-09-18 04:04:29 -------- d-----w- C:\Users\Arnhem\AppData\Local\{3F1B9766-0DE1-495C-9BEA-C2D4A31661F0}
2011-09-18 04:04:05 -------- d-----w- C:\Users\Arnhem\AppData\Local\{354F916B-487C-45DC-902F-5BEBE3B6F357}
.
==================== Find3M ====================
.
2011-10-17 19:03:32 544656 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-10-01 10:58:08 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2011-10-01 10:58:08 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2011-10-01 10:50:33 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2011-10-01 03:21:20 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-10-01 02:59:14 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-09-29 18:30:09 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2011-09-14 09:47:42 60416 ----a-w- C:\Windows\System32\OVDecode64.dll
2011-09-14 09:47:40 53760 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2011-09-14 09:47:10 16652288 ----a-w- C:\Windows\System32\amdocl64.dll
2011-09-14 09:46:58 13625856 ----a-w- C:\Windows\SysWow64\amdocl.dll
2011-09-14 09:38:30 44032 ----a-w- C:\Windows\System32\amdoclcl64.dll
2011-09-14 09:38:28 37376 ----a-w- C:\Windows\SysWow64\amdoclcl.dll
2011-09-08 18:27:22 10203648 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2011-09-08 17:59:44 24229376 ----a-w- C:\Windows\System32\atio6axx.dll
2011-09-08 17:39:44 18534912 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2011-09-08 17:34:20 151552 ----a-w- C:\Windows\System32\atiapfxx.exe
2011-09-08 17:34:10 732672 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2011-09-08 17:32:58 862720 ----a-w- C:\Windows\System32\aticfx64.dll
2011-09-08 17:30:38 466944 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2011-09-08 17:30:26 486912 ----a-w- C:\Windows\System32\atieclxx.exe
2011-09-08 17:29:56 204288 ----a-w- C:\Windows\System32\atiesrxx.exe
2011-09-08 17:28:54 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2011-09-08 17:28:38 423424 ----a-w- C:\Windows\System32\atipdl64.dll
2011-09-08 17:28:32 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll
2011-09-08 17:28:22 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll
2011-09-08 17:28:18 21504 ----a-w- C:\Windows\System32\atimuixx.dll
2011-09-08 17:28:14 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2011-09-08 17:28:10 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2011-09-08 17:24:38 4204032 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2011-09-08 17:18:56 1113088 ----a-w- C:\Windows\System32\atiumd6v.dll
2011-09-08 17:18:22 1828864 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
2011-09-08 17:18:08 3888640 ----a-w- C:\Windows\System32\atiumd6a.dll
2011-09-08 17:16:00 4944896 ----a-w- C:\Windows\System32\atidxx64.dll
2011-09-08 17:09:42 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2011-09-08 17:09:40 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2011-09-08 17:09:30 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2011-09-08 17:09:28 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2011-09-08 17:09:18 8723456 ----a-w- C:\Windows\System32\aticaldd64.dll
2011-09-08 17:08:24 4064768 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2011-09-08 17:05:52 7331840 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2011-09-08 17:05:44 4289024 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2011-09-08 17:00:02 5428736 ----a-w- C:\Windows\System32\atiumd64.dll
2011-09-08 16:59:48 58880 ----a-w- C:\Windows\System32\coinst.dll
2011-09-08 16:53:20 381952 ----a-w- C:\Windows\System32\atiadlxx.dll
2011-09-08 16:53:12 270336 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2011-09-08 16:52:58 15360 ----a-w- C:\Windows\System32\atig6pxx.dll
2011-09-08 16:52:56 13312 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2011-09-08 16:52:56 13312 ----a-w- C:\Windows\System32\atiglpxx.dll
2011-09-08 16:52:54 39936 ----a-w- C:\Windows\System32\atig6txx.dll
2011-09-08 16:52:46 32768 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2011-09-08 16:52:40 310784 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2011-09-08 16:52:00 40960 ----a-w- C:\Windows\System32\atiuxp64.dll
2011-09-08 16:51:54 31744 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2011-09-08 16:51:50 38912 ----a-w- C:\Windows\System32\atiu9p64.dll
2011-09-08 16:51:44 29184 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2011-09-08 16:51:12 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2011-09-08 16:51:02 54784 ----a-w- C:\Windows\System32\atimpc64.dll
2011-09-08 16:51:02 54784 ----a-w- C:\Windows\System32\amdpcom64.dll
2011-09-08 16:50:54 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2011-09-08 16:50:54 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2011-09-06 03:07:02 3134976 ----a-w- C:\Windows\System32\win32k.sys
2011-08-27 05:40:28 861184 ----a-w- C:\Windows\System32\oleaut32.dll
2011-08-27 05:40:28 331776 ----a-w- C:\Windows\System32\oleacc.dll
2011-08-27 04:43:07 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-08-27 04:43:06 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2011-08-20 05:45:20 1197568 ----a-w- C:\Windows\System32\wininet.dll
2011-08-20 05:41:16 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2011-08-20 04:38:10 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-08-20 04:35:20 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2011-08-20 04:20:23 482816 ----a-w- C:\Windows\System32\html.iec
2011-08-20 03:26:38 386048 ----a-w- C:\Windows\SysWow64\html.iec
2011-08-17 05:32:24 613888 ----a-w- C:\Windows\System32\psisdecd.dll
2011-08-17 05:27:46 75776 ----a-w- C:\Windows\System32\MSDvbNP.ax
2011-08-17 05:27:46 288256 ----a-w- C:\Windows\System32\MSNP.ax
2011-08-17 05:27:46 108032 ----a-w- C:\Windows\System32\psisrndr.ax
2011-08-17 05:27:46 104960 ----a-w- C:\Windows\System32\Mpeg2Data.ax
2011-08-17 04:26:02 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll
2011-08-17 04:22:23 72704 ----a-w- C:\Windows\SysWow64\Mpeg2Data.ax
2011-08-17 04:22:23 59904 ----a-w- C:\Windows\SysWow64\MSDvbNP.ax
2011-08-17 04:22:23 204288 ----a-w- C:\Windows\SysWow64\MSNP.ax
.
============= FINISH: 22:50:45.76 ===============
 
Hi again,

Uninstall this old Java:
Java(TM) 6 Update 22


Open notepad and copy/paste the text in the quotebox below into it:

Code: 
Folder::
C:\ProgramData\gigwnhspvbda
C:\Users\Arnhem\Downloads\Plogue Chipsounds Standalone VSTi v1.0
C:\Users\All Users\gigwnhspvbda
C:\Users\Arnhem\AppData\Local\c68babac
File::
C:\Users\Arnhem\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\79efab09-25b9b0bc
C:\Users\Arnhem\Documents\My Received Files\xf-a2011-32bits.exe
C:\Users\Arnhem\Documents\My Received Files\xf-a2011-64bits.exe
DDS::
uStart Page = hxxp://www.searchqu.com//406
uWinlogon: Shell=C:\Users\Arnhem\AppData\Local\c68babac\X
uRun: [CreoLab] C:\ProgramData\gigwnhspvbda\lhrlltbf.exe


Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

CFScriptB-4.gif


Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe (let the tool to update itself if prompted).
Then post the resultant log. How's the system running?
 
ComboFix 11-10-18.01 - Arnhem 18/10/2011 15:43:04.3.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.61.1033.18.6139.4260 [GMT 2:00]
Running from: c:\users\Arnhem\Desktop\ComboFix.exe
Command switches used :: c:\users\Arnhem\Desktop\CFScript.txt
SP: Spybot - Search & Destroy *Disabled/Updated* {1EAF1D03-5480-F3B2-EB14-11F0F5EE2699}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Arnhem\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\79efab09-25b9b0bc"
"c:\users\Arnhem\Documents\My Received Files\xf-a2011-32bits.exe"
"c:\users\Arnhem\Documents\My Received Files\xf-a2011-64bits.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\gigwnhspvbda
c:\programdata\gigwnhspvbda\FRed32.dll
c:\programdata\gigwnhspvbda\instr.ini
c:\programdata\gigwnhspvbda\lhrlltbf.exe
c:\programdata\gigwnhspvbda\SmartGearlhrlltbf.exe
c:\programdata\gigwnhspvbda\spoof.avi
c:\users\All Users\gigwnhspvbda\FRed32.dll
c:\users\All Users\gigwnhspvbda\instr.ini
c:\users\All Users\gigwnhspvbda\lhrlltbf.exe
c:\users\All Users\gigwnhspvbda\SmartGearlhrlltbf.exe
c:\users\All Users\gigwnhspvbda\spoof.avi
c:\users\Arnhem\AppData\Local\c68babac
c:\users\Arnhem\AppData\Local\c68babac\@
c:\users\Arnhem\AppData\Local\c68babac\U\80000000.@
c:\users\Arnhem\AppData\Local\c68babac\U\800000cb.@
c:\users\Arnhem\AppData\Local\c68babac\X
c:\users\Arnhem\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\79efab09-25b9b0bc
c:\users\Arnhem\Documents\My Received Files\xf-a2011-32bits.exe
c:\users\Arnhem\Documents\My Received Files\xf-a2011-64bits.exe
c:\users\Arnhem\Downloads\Plogue Chipsounds Standalone VSTi v1.0
c:\users\Arnhem\Downloads\Plogue Chipsounds Standalone VSTi v1.0\PLGCHPSTDLONEVTIV10HLLWN_POT\Plogue_Chipsound\avaxhome.ws.nfo
c:\users\Arnhem\Downloads\Plogue Chipsounds Standalone VSTi v1.0\PLGCHPSTDLONEVTIV10HLLWN_POT\Plogue_Chipsound\peace-out.nfo
c:\users\Arnhem\Downloads\Plogue Chipsounds Standalone VSTi v1.0\PLGCHPSTDLONEVTIV10HLLWN_POT\Plogue_Chipsound\setup.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-09-18 to 2011-10-18 )))))))))))))))))))))))))))))))
.
.
2011-10-18 13:49 . 2011-10-18 13:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-18 13:38 . 2011-09-13 00:26 9049936 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{485D2325-B0FD-473F-9B24-504B41CA0349}\mpengine.dll
2011-10-17 19:21 . 2011-10-17 19:21 -------- d-----w- c:\program files (x86)\ESET
2011-10-17 19:19 . 2011-10-17 19:19 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-17 19:18 . 2011-10-17 19:18 -------- d-----w- c:\windows\system32\Macromed
2011-10-17 19:14 . 2011-10-17 19:14 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2011-10-17 19:04 . 2011-10-17 19:04 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-10-14 04:06 . 2011-10-14 04:06 -------- d-----w- c:\program files (x86)\ERUNT
2011-10-14 03:08 . 2011-10-17 08:12 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-10-14 03:08 . 2009-01-25 11:14 17272 ----a-w- c:\windows\system32\sdnclean64.exe
2011-10-14 03:08 . 2011-10-14 03:08 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2011-10-12 13:12 . 2011-08-17 05:32 613888 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-02 09:53 . 2011-10-02 09:53 -------- d-----w- c:\program files\CCleaner
2011-09-29 19:51 . 2011-09-29 19:51 -------- d-----w- c:\programdata\ATI
2011-09-29 19:51 . 2011-09-29 19:51 -------- d-----w- c:\program files (x86)\AMD APP
2011-09-29 19:51 . 2011-09-29 19:51 -------- d-----w- c:\program files\Common Files\ATI Technologies
2011-09-29 19:51 . 2011-09-29 19:51 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2011-09-29 19:42 . 2011-09-29 19:42 -------- d-----w- c:\program files (x86)\Battlelog Web Plugins
2011-09-29 18:31 . 2011-09-29 18:31 -------- d-----w- c:\programdata\EA Core
2011-09-29 18:30 . 2011-09-29 18:30 -------- d--h--w- c:\program files (x86)\Common Files\EAInstaller
2011-09-29 17:22 . 2011-09-29 17:22 -------- d-----w- c:\users\Arnhem\AppData\Roaming\Origin
2011-09-29 17:22 . 2011-09-29 17:22 -------- d-----w- c:\users\Arnhem\AppData\Local\Origin
2011-09-29 17:22 . 2011-09-29 18:31 -------- d-----w- c:\programdata\Electronic Arts
2011-09-29 17:22 . 2011-09-29 18:31 -------- d-----w- c:\programdata\Origin
2011-09-29 17:22 . 2011-09-29 17:24 -------- d-----w- c:\program files (x86)\Origin Games
2011-09-29 17:22 . 2011-09-29 17:22 -------- d-----w- c:\program files (x86)\Origin
2011-09-27 20:06 . 2011-09-27 20:06 -------- d-----w- c:\program files (x86)\Thugs at Bay
2011-09-27 19:35 . 2011-09-27 19:35 -------- d-----w- C:\Fraps
2011-09-27 17:40 . 2011-09-27 17:40 -------- d-----w- C:\UDK
2011-09-25 20:46 . 2011-09-25 20:46 -------- d-----w- c:\program files (x86)\Microsoft CAPICOM 2.1.0.2
2011-09-25 20:41 . 2011-09-25 20:41 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2011-09-25 19:50 . 2011-10-16 21:15 -------- d-----w- c:\users\Arnhem\AppData\Local\CutePDF Writer
2011-09-25 19:50 . 2011-09-25 19:50 -------- d-----w- c:\program files (x86)\GPLGS
2011-09-25 19:48 . 2011-09-25 19:48 -------- d-----w- c:\program files (x86)\Acro Software
2011-09-25 19:48 . 2009-11-05 06:40 85504 ----a-w- c:\windows\system32\cpwmon64.dll
2011-09-25 14:09 . 2011-09-25 14:09 -------- d-----w- c:\users\Arnhem\AppData\Roaming\UBitMenu
2011-09-25 14:02 . 2011-09-25 20:44 -------- d-----w- c:\program files (x86)\Microsoft Works
2011-09-25 13:59 . 2011-09-25 13:59 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2011-09-25 13:58 . 2011-09-25 13:58 -------- d-----w- c:\users\Arnhem\AppData\Local\Microsoft Help
2011-09-25 13:58 . 2011-10-13 01:01 -------- d-----w- c:\programdata\Microsoft Help
2011-09-25 13:56 . 2011-09-25 13:56 -------- d-----r- C:\MSOCache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-17 19:03 . 2011-02-08 02:05 544656 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-10-01 10:58 . 2011-07-03 23:59 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-10-01 10:58 . 2011-05-14 02:49 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-10-01 10:50 . 2011-05-14 02:49 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2011-09-29 18:30 . 2011-05-14 02:49 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-09-14 09:47 . 2011-09-14 09:47 60416 ----a-w- c:\windows\system32\OVDecode64.dll
2011-09-14 09:47 . 2011-09-14 09:47 53760 ----a-w- c:\windows\SysWow64\OVDecode.dll
2011-09-14 09:47 . 2011-09-14 09:47 16652288 ----a-w- c:\windows\system32\amdocl64.dll
2011-09-14 09:46 . 2011-09-14 09:46 13625856 ----a-w- c:\windows\SysWow64\amdocl.dll
2011-09-14 09:38 . 2011-09-14 09:38 44032 ----a-w- c:\windows\system32\amdoclcl64.dll
2011-09-14 09:38 . 2011-09-14 09:38 37376 ----a-w- c:\windows\SysWow64\amdoclcl.dll
2011-09-08 18:27 . 2011-09-08 18:27 10203648 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-09-08 17:59 . 2011-09-08 17:59 24229376 ----a-w- c:\windows\system32\atio6axx.dll
2011-09-08 17:39 . 2011-09-08 17:39 18534912 ----a-w- c:\windows\SysWow64\atioglxx.dll
2011-09-08 17:34 . 2011-09-08 17:34 151552 ----a-w- c:\windows\system32\atiapfxx.exe
2011-09-08 17:34 . 2011-05-25 03:07 732672 ----a-w- c:\windows\SysWow64\aticfx32.dll
2011-09-08 17:32 . 2011-05-25 03:06 862720 ----a-w- c:\windows\system32\aticfx64.dll
2011-09-08 17:30 . 2011-05-25 03:04 466944 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-09-08 17:30 . 2011-09-08 17:30 486912 ----a-w- c:\windows\system32\atieclxx.exe
2011-09-08 17:29 . 2011-09-08 17:29 204288 ----a-w- c:\windows\system32\atiesrxx.exe
2011-09-08 17:28 . 2011-09-08 17:28 120320 ----a-w- c:\windows\system32\atitmm64.dll
2011-09-08 17:28 . 2011-05-25 03:02 423424 ----a-w- c:\windows\system32\atipdl64.dll
2011-09-08 17:28 . 2011-09-08 17:28 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll
2011-09-08 17:28 . 2011-09-08 17:28 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
2011-09-08 17:28 . 2011-09-08 17:28 21504 ----a-w- c:\windows\system32\atimuixx.dll
2011-09-08 17:28 . 2011-09-08 17:28 59392 ----a-w- c:\windows\system32\atiedu64.dll
2011-09-08 17:28 . 2011-09-08 17:28 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2011-09-08 17:24 . 2011-05-25 02:58 4204032 ----a-w- c:\windows\SysWow64\atidxx32.dll
2011-09-08 17:18 . 2011-09-08 17:18 1113088 ----a-w- c:\windows\system32\atiumd6v.dll
2011-09-08 17:18 . 2011-09-08 17:18 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2011-09-08 17:18 . 2011-05-25 02:59 3888640 ----a-w- c:\windows\system32\atiumd6a.dll
2011-09-08 17:16 . 2009-07-13 21:59 4944896 ----a-w- c:\windows\system32\atidxx64.dll
2011-09-08 17:09 . 2011-09-08 17:09 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2011-09-08 17:09 . 2011-09-08 17:09 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2011-09-08 17:09 . 2011-09-08 17:09 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2011-09-08 17:09 . 2011-09-08 17:09 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2011-09-08 17:09 . 2011-09-08 17:09 8723456 ----a-w- c:\windows\system32\aticaldd64.dll
2011-09-08 17:08 . 2011-09-08 17:08 4064768 ----a-w- c:\windows\SysWow64\atiumdva.dll
2011-09-08 17:05 . 2011-09-08 17:05 7331840 ----a-w- c:\windows\SysWow64\aticaldd.dll
2011-09-08 17:05 . 2011-09-08 17:05 4289024 ----a-w- c:\windows\SysWow64\atiumdag.dll
2011-09-08 17:00 . 2011-05-25 02:33 5428736 ----a-w- c:\windows\system32\atiumd64.dll
2011-09-08 16:59 . 2011-05-25 02:19 58880 ----a-w- c:\windows\system32\coinst.dll
2011-09-08 16:53 . 2011-05-25 02:26 381952 ----a-w- c:\windows\system32\atiadlxx.dll
2011-09-08 16:53 . 2011-09-08 16:53 270336 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2011-09-08 16:52 . 2011-09-08 16:52 15360 ----a-w- c:\windows\system32\atig6pxx.dll
2011-09-08 16:52 . 2011-09-08 16:52 13312 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2011-09-08 16:52 . 2011-09-08 16:52 13312 ----a-w- c:\windows\system32\atiglpxx.dll
2011-09-08 16:52 . 2011-09-08 16:52 39936 ----a-w- c:\windows\system32\atig6txx.dll
2011-09-08 16:52 . 2011-09-08 16:52 32768 ----a-w- c:\windows\SysWow64\atigktxx.dll
2011-09-08 16:52 . 2011-09-08 16:52 310784 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-09-08 16:52 . 2011-05-25 02:24 40960 ----a-w- c:\windows\system32\atiuxp64.dll
2011-09-08 16:51 . 2011-05-25 02:24 31744 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2011-09-08 16:51 . 2011-05-25 02:24 38912 ----a-w- c:\windows\system32\atiu9p64.dll
2011-09-08 16:51 . 2011-05-25 02:24 29184 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2011-09-08 16:51 . 2011-09-08 16:51 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-09-08 16:51 . 2011-09-08 16:51 54784 ----a-w- c:\windows\system32\atimpc64.dll
2011-09-08 16:51 . 2011-09-08 16:51 54784 ----a-w- c:\windows\system32\amdpcom64.dll
2011-09-08 16:50 . 2011-09-08 16:50 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
2011-09-08 16:50 . 2011-09-08 16:50 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-10-17_08.27.08 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-10-30 15:38 . 2011-10-18 13:52 40846 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-10-18 13:52 38378 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-10-29 21:45 . 2011-10-18 13:52 13488 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-587842109-1465246950-3102458467-1001_UserData.bin
+ 2010-11-29 14:38 . 2011-10-18 13:50 62078 c:\windows\system32\config\systemprofile\AppData\Roaming\WTablet\Pen_Tablet.dat
- 2010-10-29 21:45 . 2011-10-17 08:28 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-10-29 21:45 . 2011-10-18 13:33 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-10-29 21:45 . 2011-10-17 08:28 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-10-29 21:45 . 2011-10-18 13:33 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-10-29 21:45 . 2011-10-18 13:33 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-10-29 21:45 . 2011-10-17 08:28 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-10-29 21:45 . 2011-10-17 08:28 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-10-29 21:45 . 2011-10-18 13:33 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-10-29 21:45 . 2011-10-18 13:33 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-10-29 21:45 . 2011-10-17 08:28 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-10-17 19:14 . 2011-10-17 19:14 32256 c:\windows\Installer\2472cab.msi
+ 2011-06-06 10:55 . 2011-06-06 10:55 73624 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\wow_helper.exe
+ 2011-06-06 10:55 . 2011-06-06 10:55 17304 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\ViewerPS.dll
+ 2011-06-06 10:55 . 2011-06-06 10:55 35736 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\reader_sl.exe
+ 2011-06-06 10:55 . 2011-06-06 10:55 88992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\PDFPrevHndlr.dll
+ 2011-06-06 10:55 . 2011-06-06 10:55 94608 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\eula.exe
+ 2011-06-06 10:55 . 2011-06-06 10:55 49064 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acrotextextractor.exe
+ 2011-06-06 10:55 . 2011-06-06 10:55 17824 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32Info.exe
+ 2011-06-06 10:55 . 2011-06-06 10:55 63912 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acroiehelpershim.dll
+ 2011-06-06 10:55 . 2011-06-06 10:55 64928 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroIEHelper.dll
+ 2011-06-06 10:55 . 2011-06-06 10:55 63384 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\Acrofx32.dll
+ 2011-10-18 13:50 . 2011-10-18 13:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-10-17 08:26 . 2011-10-17 08:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-10-18 13:50 . 2011-10-18 13:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-10-17 08:26 . 2011-10-17 08:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-10-17 19:19 . 2011-10-17 19:19 247968 c:\windows\SysWOW64\Macromed\Flash\FlashUtil11c_Plugin.exe
+ 2011-02-08 02:05 . 2011-10-17 19:03 214408 c:\windows\SysWOW64\javaws.exe
+ 2011-02-08 02:05 . 2011-10-17 19:03 173960 c:\windows\SysWOW64\javaw.exe
+ 2011-02-08 02:05 . 2011-10-17 19:03 173960 c:\windows\SysWOW64\java.exe
+ 2010-10-30 01:37 . 2011-10-17 15:12 312324 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:36 . 2011-10-17 08:12 664992 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-10-18 13:38 664992 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-10-17 08:12 125696 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2011-10-18 13:38 125696 c:\windows\system32\perfc009.dat
+ 2011-10-17 19:19 . 2011-10-17 19:19 461984 c:\windows\system32\Macromed\Flash\FlashUtil64_11_0_1_Plugin.exe
- 2009-07-14 05:01 . 2011-10-17 08:25 460212 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-10-18 13:49 460212 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-10-17 19:03 . 2011-10-17 19:03 180224 c:\windows\Installer\2472b54.msi
+ 2011-10-17 19:02 . 2011-10-17 19:02 941056 c:\windows\Installer\2472b46.msi
+ 2011-06-06 10:55 . 2011-06-06 10:55 249232 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\sqlite.dll
+ 2011-06-06 10:55 . 2011-06-06 10:55 394136 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\pdfshell.dll
+ 2011-06-06 10:55 . 2011-06-06 10:55 183696 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\nppdf32.dll
+ 2011-06-06 10:55 . 2011-06-06 10:55 104344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AiodLite.dll
+ 2011-06-06 10:55 . 2011-06-06 10:55 102808 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRdIF.dll
+ 2011-06-06 10:55 . 2011-06-06 10:55 755088 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroPDF.dll
+ 2011-06-06 10:55 . 2011-06-06 10:55 296344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acrobroker.exe
+ 2011-06-06 10:55 . 2011-06-06 10:55 205720 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\a3dutils.dll
+ 2011-10-18 13:32 . 2005-10-20 10:02 163328 c:\windows\ERDNT\AutoBackup\18-10-2011\ERDNT.EXE
+ 2011-10-17 19:19 . 2011-10-17 19:19 8522400 c:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
- 2011-02-11 12:33 . 2011-10-17 08:25 1640984 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-02-11 12:33 . 2011-10-18 13:49 1640984 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-06-06 20:45 . 2011-06-06 20:45 2318848 c:\windows\Installer\2472cf0.msi
+ 2011-06-06 10:55 . 2011-06-06 10:55 2215312 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\rt3d.dll
+ 2011-06-06 10:55 . 2011-06-06 10:55 6543768 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\authplay.dll
+ 2011-06-06 10:55 . 2011-06-06 10:55 1240992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AdobeCollabSync.exe
+ 2011-06-06 10:55 . 2011-06-06 10:55 1480600 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32.exe
+ 2011-10-18 13:32 . 2011-10-18 13:32 4075520 c:\windows\ERDNT\AutoBackup\18-10-2011\Users\00000002\UsrClass.dat
+ 2011-10-18 13:32 . 2011-10-18 13:32 2670592 c:\windows\ERDNT\AutoBackup\18-10-2011\Users\00000001\NTUSER.DAT
+ 2009-07-14 02:34 . 2011-10-18 13:48 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:34 . 2011-10-16 22:21 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2011-10-17 19:19 . 2011-10-17 19:19 11328672 c:\windows\system32\Macromed\Flash\NPSWF64_11_0_1.dll
+ 2010-11-22 10:19 . 2011-10-18 13:49 17003896 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-587842109-1465246950-3102458467-1001-12288.dat
+ 2011-09-05 21:51 . 2011-09-05 21:51 13135872 c:\windows\Installer\2472cf1.msp
+ 2011-06-06 10:55 . 2011-06-06 10:55 24731544 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Arnhem\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Arnhem\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Arnhem\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Arnhem\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-08-24 1242448]
"GameXN (update)"="c:\programdata\GameXN\GameXNGO.exe" [2011-09-09 347008]
"GameXN (news)"="c:\programdata\GameXN\GameXNGO.exe" [2011-09-09 347008]
"ccleaner"="c:\program files\CCleaner\CCleaner64.exe" [2011-09-23 4478784]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-08-18 421736]
"Net iD"="c:\program files (x86)\Net iD\iid.exe" [2011-03-21 87352]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-09-08 343168]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2011-10-05 3578272]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
c:\users\Arnhem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Dropbox.lnk - c:\users\Arnhem\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-11-17 1066536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SDWinLogon]
SDWinLogon.dll [BU]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-03-16 1436424]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [x]
R3 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2011-10-05 892336]
R3 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2011-10-05 955816]
R3 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2011-10-05 169624]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 SDHookDriver;Spybot-S&D 2 Hook Driver;c:\program files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [2011-10-05 48888]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 mi-raysat_3dsmax2011_32;mental ray 3.8 Satellite for Autodesk 3ds Max 2011 32-bit 32-bit;c:\program files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe [2010-03-10 86016]
S2 mi-raysat_3dsmax2011_64;mental ray 3.8 Satellite for Autodesk 3ds Max 2011 64-bit 64-bit;c:\program files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe [2010-03-10 86016]
S2 SDHookService;Spybot S&D 2 Live Protection Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDHookSvc.exe [2011-10-05 130976]
S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2010-10-13 5790064]
S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2010-10-13 487280]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
S3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\DRIVERS\OA001Ufd.sys [x]
S3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\DRIVERS\OA001Vid.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-18 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2011-10-14 13:46]
.
2011-10-17 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\program files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2011-10-14 13:46]
.
2011-10-17 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\program files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2011-10-14 13:46]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Arnhem\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Arnhem\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Arnhem\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Arnhem\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-09-25 1552168]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 2327952]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 83.255.245.11 193.150.193.150
FF - ProfilePath - c:\users\Arnhem\AppData\Roaming\Mozilla\Firefox\Profiles\bqyusmwu.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnG=Google+Search&q=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-587842109-1465246950-3102458467-1001\Software\SecuROM\License information*]
"datasecu"=hex:6a,96,86,0e,eb,a3,d5,66,46,da,43,bd,e2,78,82,01,19,27,6b,a6,d5,
7b,b0,21,7c,c3,48,79,be,e9,8d,a3,ff,71,33,df,f8,cd,2b,4e,08,d9,c1,33,a8,9c,\
"rkeysecu"=hex:c4,05,15,5f,42,ca,4d,5f,8a,58,b2,4a,be,1a,8b,96
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\windows\SysWOW64\RunDll32.exe
c:\program files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
.
**************************************************************************
.
Completion time: 2011-10-18 15:56:01 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-18 13:56
ComboFix2.txt 2011-10-17 18:57
ComboFix3.txt 2011-10-17 08:32
.
Pre-Run: 168,854,142,976 bytes free
Post-Run: 168,562,536,448 bytes free
.
- - End Of File - - 2058671FB8BE328A64B9900A86AB471D



The system runs as usual, no performance drops that are noticable. I had one pop up for codecs since the last log, when i use google i don't get redirected so that's excellent. The search engine from firefox start page is still Searchq and it's still added to IE as the default search bar (i'm guessing these are just things that need to be changed or removed, i just haven't done so because i don't want to mess anything up before we know what's going on)

other than the search engine thing, it's just a pop up that occurs infrequently.
 
Hi,

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • Please post contents of that file in your next reply with fresh dds.txt log.
 
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 10.0.0
Run by Arnhem at 19:54:00 on 2011-10-18
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.61.1033.18.6139.4259 [GMT 2:00]
.
SP: Spybot - Search & Destroy *Disabled/Updated* {1EAF1D03-5480-F3B2-EB14-11F0F5EE2699}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Program Files\Tablet\Pen\Pen_TouchService.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe
C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookSvc.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Net iD\iid.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Users\Arnhem\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\DllHost.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
TB: Web Accessibility Toolbar: {11352a67-0178-46b1-8855-d50b2f81c054} - C:\PROGRA~2\ACCESS~1\ACCESS~1.DLL
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [GameXN (update)] "C:\ProgramData\GameXN\GameXNGO.exe" /u
uRun: [GameXN (news)] "C:\ProgramData\GameXN\GameXNGO.exe" /n
uRun: [ccleaner] "C:\Program Files\CCleaner\CCleaner64.exe" /AUTO
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Net iD] "C:\Program Files (x86)\Net iD\iid.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\Users\Arnhem\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
StartupFolder: C:\Users\Arnhem\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Arnhem\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Arnhem\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
TCP: DhcpNameServer = 83.255.245.11 193.150.193.150
TCP: Interfaces\{833F4ED1-7FBC-4DF3-8CC7-6AF12719D1DC} : DhcpNameServer = 83.255.245.11 193.150.193.150
TCP: Interfaces\{D100012C-EB29-45AE-A97E-BFE9EA3FFDB6} : DhcpNameServer = 83.255.245.11 193.150.193.150
TCP: Interfaces\{D100012C-EB29-45AE-A97E-BFE9EA3FFDB6}\2556B64757D6E45445 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{D100012C-EB29-45AE-A97E-BFE9EA3FFDB6}\35B656A71647368696 : DhcpNameServer = 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
TB-X64: Web Accessibility Toolbar: {11352A67-0178-46B1-8855-D50B2F81C054} - C:\PROGRA~2\ACCESS~1\ACCESS~1.DLL
mRun-x64: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Net iD] "C:\Program Files (x86)\Net iD\iid.exe"
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Arnhem\AppData\Roaming\Mozilla\Firefox\Profiles\bqyusmwu.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnG=Google+Search&q=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npiidplg.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 SDHookDriver;Spybot-S&D 2 Hook Driver;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [2011-10-14 48888]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-10-18 366152]
R2 mi-raysat_3dsmax2011_32;mental ray 3.8 Satellite for Autodesk 3ds Max 2011 32-bit 32-bit;C:\Program Files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe [2010-3-10 86016]
R2 mi-raysat_3dsmax2011_64;mental ray 3.8 Satellite for Autodesk 3ds Max 2011 64-bit 64-bit;C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe [2010-3-10 86016]
R2 SDHookService;Spybot S&D 2 Live Protection Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookSvc.exe [2011-10-14 130976]
R2 TabletServicePen;TabletServicePen;C:\Program Files\Tablet\Pen\Pen_Tablet.exe [2010-11-26 5790064]
R2 TouchServicePen;Wacom Consumer Touch Service;C:\Program Files\Tablet\Pen\Pen_TouchService.exe [2010-11-26 487280]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;C:\Windows\system32\DRIVERS\OA001Ufd.sys --> C:\Windows\system32\DRIVERS\OA001Ufd.sys [?]
R3 OA001Vid;Creative Camera OA001 Function Driver;C:\Windows\system32\DRIVERS\OA001Vid.sys --> C:\Windows\system32\DRIVERS\OA001Vid.sys [?]
R3 wacmoumonitor;Wacom Mode Helper;C:\Windows\system32\DRIVERS\wacmoumonitor.sys --> C:\Windows\system32\DRIVERS\wacmoumonitor.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-3-16 1436424]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\system32\DRIVERS\netaapl64.sys --> C:\Windows\system32\DRIVERS\netaapl64.sys [?]
S3 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2011-10-14 892336]
S3 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2011-10-14 955816]
S3 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2011-10-14 169624]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-10-18 17:53:57 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{485D2325-B0FD-473F-9B24-504B41CA0349}\offreg.dll
2011-10-18 16:58:52 -------- d-----w- C:\Users\Arnhem\AppData\Roaming\Malwarebytes
2011-10-18 16:58:46 -------- d-----w- C:\ProgramData\Malwarebytes
2011-10-18 16:58:43 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-10-18 16:58:43 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-10-18 13:50:55 -------- d-sh--w- C:\$RECYCLE.BIN
2011-10-18 13:41:39 -------- d-----w- C:\ComboFix
2011-10-18 13:38:23 9049936 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{485D2325-B0FD-473F-9B24-504B41CA0349}\mpengine.dll
2011-10-18 02:43:43 -------- d-----w- C:\Users\Arnhem\AppData\Local\{8453C44F-756F-4197-8AE1-653FF6BEDEBF}
2011-10-18 02:42:38 -------- d-----w- C:\Users\Arnhem\AppData\Local\{122D52CA-42A7-45BA-86A6-B211E98FB969}
2011-10-17 19:21:07 -------- d-----w- C:\Program Files (x86)\ESET
2011-10-17 19:19:30 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-17 13:36:22 -------- d-----w- C:\Users\Arnhem\AppData\Local\{C7FD4943-6DA2-4B30-A77A-E3C441977D34}
2011-10-17 13:35:57 -------- d-----w- C:\Users\Arnhem\AppData\Local\{69153016-A4FD-45A5-A69B-585239C38082}
2011-10-17 08:16:31 98816 ----a-w- C:\Windows\sed.exe
2011-10-17 08:16:31 518144 ----a-w- C:\Windows\SWREG.exe
2011-10-17 08:16:31 256000 ----a-w- C:\Windows\PEV.exe
2011-10-17 08:16:31 208896 ----a-w- C:\Windows\MBR.exe
2011-10-14 03:08:50 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2011-10-14 03:08:38 17272 ----a-w- C:\Windows\System32\sdnclean64.exe
2011-10-14 03:08:35 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2011-10-13 20:33:32 -------- d-----w- C:\Users\Arnhem\AppData\Local\{C15863C8-C672-46AD-97F8-D577FF18B40F}
2011-10-13 20:32:58 -------- d-----w- C:\Users\Arnhem\AppData\Local\{E4ABF979-C0E5-4DDB-96C0-7ECB92570008}
2011-10-13 01:25:47 -------- d-----w- C:\Users\Arnhem\AppData\Local\{F60E279F-41FE-4B1C-9258-70D102459A7C}
2011-10-13 01:25:08 -------- d-----w- C:\Users\Arnhem\AppData\Local\{F1BDDAE4-2C4E-4214-A46E-22DB74F8AC14}
2011-10-12 16:21:14 -------- d-----w- C:\Users\Arnhem\AppData\Local\{CEA8F98E-1536-45A8-A87E-151A25DB4B25}
2011-10-12 16:20:50 -------- d-----w- C:\Users\Arnhem\AppData\Local\{70B6F2A3-275B-438A-AAB6-B4BEA9A8B775}
2011-10-12 13:12:45 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
2011-10-10 12:16:30 -------- d-----w- C:\Users\Arnhem\AppData\Local\{6A0A16FD-54B1-4E48-911C-81F7281C73BA}
2011-10-10 12:15:54 -------- d-----w- C:\Users\Arnhem\AppData\Local\{E6618734-5CEA-4840-A27E-CB8458DA7479}
2011-10-09 17:10:38 -------- d-----w- C:\Users\Arnhem\AppData\Local\{3F5C3F5B-5E25-4B86-90B4-CA5984C216F1}
2011-10-09 17:10:12 -------- d-----w- C:\Users\Arnhem\AppData\Local\{4119DE13-4778-4A50-A0E8-92FBB4CAA079}
2011-10-08 11:19:10 -------- d-----w- C:\Users\Arnhem\AppData\Local\{141915DC-0EAA-4918-91DD-72026851A830}
2011-10-08 11:18:47 -------- d-----w- C:\Users\Arnhem\AppData\Local\{11A75D34-32D4-47BF-8EF1-65AB72B92430}
2011-10-06 16:32:23 -------- d-----w- C:\Users\Arnhem\AppData\Local\{6B5CDBEF-E60E-40EA-B375-D5C5D5D5C022}
2011-10-06 16:32:00 -------- d-----w- C:\Users\Arnhem\AppData\Local\{D0FA8CC2-F669-4EB6-9D37-84C208DF8DB1}
2011-10-05 15:38:29 -------- d-----w- C:\Users\Arnhem\AppData\Local\{BE68F107-987A-41CF-86DE-6C303951F770}
2011-10-05 15:38:04 -------- d-----w- C:\Users\Arnhem\AppData\Local\{1B20D703-E7E5-463E-B8DF-E6E7FDAEBD14}
2011-10-05 01:04:46 -------- d-----w- C:\Users\Arnhem\AppData\Local\{C161C6AA-99FC-417B-B2DA-A73E6BE5C4A0}
2011-10-05 01:04:22 -------- d-----w- C:\Users\Arnhem\AppData\Local\{E77DC846-4CAF-49EF-853C-A42D1EFD734B}
2011-10-03 13:59:29 -------- d-----w- C:\Users\Arnhem\AppData\Local\{BEC77D5A-B595-46F7-9396-2E2867FF9B1B}
2011-10-03 13:59:04 -------- d-----w- C:\Users\Arnhem\AppData\Local\{B2F75C00-DBBB-432F-8080-F9612DC2EC59}
2011-10-02 09:53:39 -------- d-----w- C:\Program Files\CCleaner
2011-10-02 09:47:38 -------- d-----w- C:\Users\Arnhem\AppData\Local\{E42AF2C5-25B3-44E6-84C7-1BC5CFFC33CD}
2011-10-02 09:47:11 -------- d-----w- C:\Users\Arnhem\AppData\Local\{FFC03E53-CD63-45C3-A315-71FBF622AEA6}
2011-10-01 12:19:28 -------- d-----w- C:\Users\Arnhem\AppData\Local\{4DDC42B7-F24C-44D0-AF19-B12D1C43C1DC}
2011-10-01 12:18:52 -------- d-----w- C:\Users\Arnhem\AppData\Local\{A84943AB-A09D-433E-BA1F-B0B2064307C0}
2011-10-01 07:31:43 -------- d-----w- C:\Users\Arnhem\AppData\Local\{748085CF-77D2-46CE-B2D9-1AA9C0E45373}
2011-10-01 07:31:17 -------- d-----w- C:\Users\Arnhem\AppData\Local\{FB33D34F-2E42-454D-A997-7D1EA44E3BC6}
2011-09-30 13:43:31 -------- d-----w- C:\Users\Arnhem\AppData\Local\{A3A6DDFD-B5C6-4E66-AA12-8AA8DA41FB56}
2011-09-30 13:42:57 -------- d-----w- C:\Users\Arnhem\AppData\Local\{FDBAEBE9-A92D-4181-B55C-B683F389C364}
2011-09-30 08:09:07 -------- d-----w- C:\Users\Arnhem\AppData\Local\{661A534F-15EB-4168-9C2E-E899D191CFCA}
2011-09-30 08:08:43 -------- d-----w- C:\Users\Arnhem\AppData\Local\{B3AAB1B3-91B2-470C-A311-F7E3C4D85C00}
2011-09-29 19:51:17 -------- d-----w- C:\Program Files (x86)\AMD APP
2011-09-29 19:51:13 -------- d-----w- C:\Program Files\Common Files\ATI Technologies
2011-09-29 19:51:13 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies
2011-09-29 19:42:31 -------- d-----w- C:\Program Files (x86)\Battlelog Web Plugins
2011-09-29 18:31:37 -------- d-----w- C:\ProgramData\EA Core
2011-09-29 18:30:42 -------- d--h--w- C:\Program Files (x86)\Common Files\EAInstaller
2011-09-29 17:22:54 -------- d-----w- C:\Users\Arnhem\AppData\Roaming\Origin
2011-09-29 17:22:51 -------- d-----w- C:\Users\Arnhem\AppData\Local\Origin
2011-09-29 17:22:39 -------- d-----w- C:\ProgramData\Origin
2011-09-29 17:22:39 -------- d-----w- C:\ProgramData\Electronic Arts
2011-09-29 17:22:39 -------- d-----w- C:\Program Files (x86)\Origin Games
2011-09-29 17:22:27 -------- d-----w- C:\Program Files (x86)\Origin
2011-09-29 16:32:08 -------- d-----w- C:\Users\Arnhem\AppData\Local\{BBC5D151-3D43-4546-8FB5-275F1455AAC6}
2011-09-29 16:31:44 -------- d-----w- C:\Users\Arnhem\AppData\Local\{7060EBAB-9C44-4A31-B3CE-CE8C2AF9CC7D}
2011-09-28 08:32:09 -------- d-----w- C:\Users\Arnhem\AppData\Local\{CC97E64C-E406-485D-95CD-66D0DDE55459}
2011-09-28 08:31:36 -------- d-----w- C:\Users\Arnhem\AppData\Local\{B92BFC83-282F-4E0A-89F4-0B77E027AA46}
2011-09-28 05:56:48 -------- d-----w- C:\Users\Arnhem\AppData\Local\{AF92ACC8-6FA3-4EDF-8EF0-066A343928DA}
2011-09-28 05:56:26 -------- d-----w- C:\Users\Arnhem\AppData\Local\{82B6281D-4E0D-49D9-829F-66448031B576}
2011-09-27 20:06:45 -------- d-----w- C:\Program Files (x86)\Thugs at Bay
2011-09-27 19:35:41 -------- d-----w- C:\Fraps
2011-09-27 18:14:29 -------- d-----w- C:\Users\Arnhem\AppData\Local\{07ACAD1D-82C0-46C2-B6FE-DA18ED46F979}
2011-09-27 18:13:54 -------- d-----w- C:\Users\Arnhem\AppData\Local\{17434ADB-EF68-427E-B23D-C0D4CFE48D49}
2011-09-27 17:40:46 -------- d-----w- C:\UDK
2011-09-27 13:35:04 -------- d-----w- C:\Users\Arnhem\AppData\Local\{60F10B38-643A-4B27-A2C1-C9A0829EB3D4}
2011-09-27 13:34:39 -------- d-----w- C:\Users\Arnhem\AppData\Local\{E3B824C8-8362-4029-B525-25772C959FDD}
2011-09-26 14:23:10 -------- d-----w- C:\Users\Arnhem\AppData\Local\{9C0D7ED4-33F9-4568-B87D-068B840D0488}
2011-09-26 14:22:46 -------- d-----w- C:\Users\Arnhem\AppData\Local\{D80B1AFD-C29D-4709-9A86-8A7B8D8B4906}
2011-09-25 20:46:49 -------- d-----w- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
2011-09-25 19:50:56 -------- d-----w- C:\Users\Arnhem\AppData\Local\CutePDF Writer
2011-09-25 19:50:23 -------- d-----w- C:\Program Files (x86)\GPLGS
2011-09-25 19:48:42 85504 ----a-w- C:\Windows\System32\cpwmon64.dll
2011-09-25 19:48:42 -------- d-----w- C:\Program Files (x86)\Acro Software
2011-09-25 15:34:15 -------- d-----w- C:\Users\Arnhem\AppData\Local\{7E10DD6E-6A13-43FD-AD8A-C56BB87FCCF8}
2011-09-25 15:33:51 -------- d-----w- C:\Users\Arnhem\AppData\Local\{E05D64BB-4B42-45E9-A106-86DFF63D275D}
2011-09-25 14:09:50 -------- d-----w- C:\Users\Arnhem\AppData\Roaming\UBitMenu
2011-09-25 13:59:28 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
2011-09-25 13:58:44 -------- d-----w- C:\Users\Arnhem\AppData\Local\Microsoft Help
2011-09-25 09:34:14 -------- d-----w- C:\Users\Arnhem\AppData\Local\{9FE2D018-2B3D-4568-A1D8-52CAB9288E03}
2011-09-25 09:33:40 -------- d-----w- C:\Users\Arnhem\AppData\Local\{47AF762C-EC7B-4D6C-8E8C-6AA797D4AB89}
2011-09-25 03:47:17 -------- d-----w- C:\Users\Arnhem\AppData\Local\{1DBCA37A-C57B-437A-9094-CF18794EEE1C}
2011-09-25 03:47:02 -------- d-----w- C:\Users\Arnhem\AppData\Local\{072204B6-13F2-47F7-A137-61222C81D13F}
2011-09-23 00:56:40 -------- d-----w- C:\Users\Arnhem\AppData\Local\{E273B139-471D-4C4B-AF49-2FF77B132C5B}
2011-09-23 00:56:17 -------- d-----w- C:\Users\Arnhem\AppData\Local\{C95312FD-8388-4DF1-BA89-396E821DBB62}
2011-09-21 22:19:54 -------- d-----w- C:\Users\Arnhem\AppData\Local\{126677DF-1C24-4093-ADBA-DBF5C000182F}
2011-09-21 22:19:26 -------- d-----w- C:\Users\Arnhem\AppData\Local\{117D4F35-E655-4ACA-8865-168016EA1C8B}
2011-09-21 10:05:49 -------- d-----w- C:\Users\Arnhem\AppData\Local\{097EC7F2-EF06-49AD-B3D1-C0C7DC2CAE76}
2011-09-21 10:05:25 -------- d-----w- C:\Users\Arnhem\AppData\Local\{6B040E85-97AC-4F0E-A3E0-6BF7F7CDFF15}
2011-09-21 02:24:38 -------- d-----w- C:\Users\Arnhem\AppData\Local\{65BAB9A3-5150-4B46-8C77-2A4B26AE412F}
2011-09-21 02:24:03 -------- d-----w- C:\Users\Arnhem\AppData\Local\{539CF775-ACFA-4371-879F-7B6E0A44D83E}
2011-09-20 19:43:03 -------- d-----w- C:\Users\Arnhem\AppData\Local\{9AE85326-FB91-44E9-89A4-C80728857A14}
2011-09-20 19:42:47 -------- d-----w- C:\Users\Arnhem\AppData\Local\{4CF6F820-5953-4299-A930-4F2773899952}
2011-09-20 04:54:48 -------- d-----w- C:\Users\Arnhem\AppData\Local\{D9BAD932-EE65-40E7-BC85-48590B660297}
2011-09-20 04:54:14 -------- d-----w- C:\Users\Arnhem\AppData\Local\{F188A0D7-6AFB-44E1-9C5F-EF83929F4FC8}
2011-09-20 00:58:07 -------- d-----w- C:\Users\Arnhem\AppData\Local\{B63972DC-231D-4FAF-94B3-051295790ED4}
2011-09-20 00:57:34 -------- d-----w- C:\Users\Arnhem\AppData\Local\{EA80F7F3-3729-4CA7-8C39-1BA5984D218F}
2011-09-19 19:17:24 -------- d-----w- C:\Users\Arnhem\AppData\Local\{C5E95953-BE1A-46C7-BF3B-7D85A24638E7}
2011-09-19 19:16:51 -------- d-----w- C:\Users\Arnhem\AppData\Local\{833F29B3-4A8A-4423-9D5F-60E98A484EE6}
2011-09-19 08:00:26 -------- d-----w- C:\Users\Arnhem\AppData\Local\{E1ADE350-7CDF-4DB0-A037-205A1D147996}
2011-09-19 07:59:58 -------- d-----w- C:\Users\Arnhem\AppData\Local\{A0C16307-4563-42AB-9C77-DCAF1AE5CD3F}
2011-09-19 02:04:23 -------- d-----w- C:\Users\Arnhem\AppData\Local\{10A39B66-E3B6-43F1-807D-C92DB866C1F4}
2011-09-19 02:04:01 -------- d-----w- C:\Users\Arnhem\AppData\Local\{0AA02A5D-4943-4DCC-9430-E18AF8049A07}
.
==================== Find3M ====================
.
2011-10-17 19:03:32 544656 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-10-01 10:58:08 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2011-10-01 10:58:08 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2011-10-01 10:50:33 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2011-10-01 03:21:20 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-10-01 02:59:14 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-09-29 18:30:09 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2011-09-14 09:47:42 60416 ----a-w- C:\Windows\System32\OVDecode64.dll
2011-09-14 09:47:40 53760 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2011-09-14 09:47:10 16652288 ----a-w- C:\Windows\System32\amdocl64.dll
2011-09-14 09:46:58 13625856 ----a-w- C:\Windows\SysWow64\amdocl.dll
2011-09-14 09:38:30 44032 ----a-w- C:\Windows\System32\amdoclcl64.dll
2011-09-14 09:38:28 37376 ----a-w- C:\Windows\SysWow64\amdoclcl.dll
2011-09-08 18:27:22 10203648 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2011-09-08 17:59:44 24229376 ----a-w- C:\Windows\System32\atio6axx.dll
2011-09-08 17:39:44 18534912 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2011-09-08 17:34:20 151552 ----a-w- C:\Windows\System32\atiapfxx.exe
2011-09-08 17:34:10 732672 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2011-09-08 17:32:58 862720 ----a-w- C:\Windows\System32\aticfx64.dll
2011-09-08 17:30:38 466944 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2011-09-08 17:30:26 486912 ----a-w- C:\Windows\System32\atieclxx.exe
2011-09-08 17:29:56 204288 ----a-w- C:\Windows\System32\atiesrxx.exe
2011-09-08 17:28:54 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2011-09-08 17:28:38 423424 ----a-w- C:\Windows\System32\atipdl64.dll
2011-09-08 17:28:32 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll
2011-09-08 17:28:22 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll
2011-09-08 17:28:18 21504 ----a-w- C:\Windows\System32\atimuixx.dll
2011-09-08 17:28:14 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2011-09-08 17:28:10 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2011-09-08 17:24:38 4204032 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2011-09-08 17:18:56 1113088 ----a-w- C:\Windows\System32\atiumd6v.dll
2011-09-08 17:18:22 1828864 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
2011-09-08 17:18:08 3888640 ----a-w- C:\Windows\System32\atiumd6a.dll
2011-09-08 17:16:00 4944896 ----a-w- C:\Windows\System32\atidxx64.dll
2011-09-08 17:09:42 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2011-09-08 17:09:40 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2011-09-08 17:09:30 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2011-09-08 17:09:28 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2011-09-08 17:09:18 8723456 ----a-w- C:\Windows\System32\aticaldd64.dll
2011-09-08 17:08:24 4064768 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2011-09-08 17:05:52 7331840 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2011-09-08 17:05:44 4289024 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2011-09-08 17:00:02 5428736 ----a-w- C:\Windows\System32\atiumd64.dll
2011-09-08 16:59:48 58880 ----a-w- C:\Windows\System32\coinst.dll
2011-09-08 16:53:20 381952 ----a-w- C:\Windows\System32\atiadlxx.dll
2011-09-08 16:53:12 270336 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2011-09-08 16:52:58 15360 ----a-w- C:\Windows\System32\atig6pxx.dll
2011-09-08 16:52:56 13312 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2011-09-08 16:52:56 13312 ----a-w- C:\Windows\System32\atiglpxx.dll
2011-09-08 16:52:54 39936 ----a-w- C:\Windows\System32\atig6txx.dll
2011-09-08 16:52:46 32768 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2011-09-08 16:52:40 310784 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2011-09-08 16:52:00 40960 ----a-w- C:\Windows\System32\atiuxp64.dll
2011-09-08 16:51:54 31744 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2011-09-08 16:51:50 38912 ----a-w- C:\Windows\System32\atiu9p64.dll
2011-09-08 16:51:44 29184 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2011-09-08 16:51:12 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2011-09-08 16:51:02 54784 ----a-w- C:\Windows\System32\atimpc64.dll
2011-09-08 16:51:02 54784 ----a-w- C:\Windows\System32\amdpcom64.dll
2011-09-08 16:50:54 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2011-09-08 16:50:54 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2011-09-06 03:07:02 3134976 ----a-w- C:\Windows\System32\win32k.sys
2011-08-27 05:40:28 861184 ----a-w- C:\Windows\System32\oleaut32.dll
2011-08-27 05:40:28 331776 ----a-w- C:\Windows\System32\oleacc.dll
2011-08-27 04:43:07 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-08-27 04:43:06 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2011-08-20 05:45:20 1197568 ----a-w- C:\Windows\System32\wininet.dll
2011-08-20 05:41:16 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2011-08-20 04:38:10 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-08-20 04:35:20 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2011-08-20 04:20:23 482816 ----a-w- C:\Windows\System32\html.iec
2011-08-20 03:26:38 386048 ----a-w- C:\Windows\SysWow64\html.iec
2011-08-17 05:32:24 613888 ----a-w- C:\Windows\System32\psisdecd.dll
2011-08-17 05:27:46 75776 ----a-w- C:\Windows\System32\MSDvbNP.ax
2011-08-17 05:27:46 288256 ----a-w- C:\Windows\System32\MSNP.ax
2011-08-17 05:27:46 108032 ----a-w- C:\Windows\System32\psisrndr.ax
2011-08-17 05:27:46 104960 ----a-w- C:\Windows\System32\Mpeg2Data.ax
2011-08-17 04:26:02 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll
2011-08-17 04:22:23 72704 ----a-w- C:\Windows\SysWow64\Mpeg2Data.ax
2011-08-17 04:22:23 59904 ----a-w- C:\Windows\SysWow64\MSDvbNP.ax
2011-08-17 04:22:23 204288 ----a-w- C:\Windows\SysWow64\MSNP.ax
.
============= FINISH: 19:55:07.09 ===============


Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7974

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

18/10/2011 7:49:35 PM
mbam-log-2011-10-18 (19-49-31).txt

Scan type: Full scan (C:\|)
Objects scanned: 500720
Time elapsed: 45 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Qoobox\quarantine\C\Users\Arnhem\AppData\Local\c68babac\X.vir (Rootkit.Agent) -> No action taken.
c:\Qoobox\quarantine\C\Users\Arnhem\documents\my received files\xf-a2011-32bits.exe.vir (RiskWare.Tool.CK) -> No action taken.
c:\Qoobox\quarantine\C\Users\Arnhem\documents\my received files\xf-a2011-64bits.exe.vir (RiskWare.Tool.CK) -> No action taken.
 
Hi,

Please download the Registry Search tool by clicking on the
hard drive icon halfway down this page:
http://www.billsway.com/vbspage/
Save it to the desktop and run it. If you get an alert from your antivirus about scripting, choose to allow the script to run. Search for searchq and click OK. Post the logfile from the tool here for me.

Does the pop up appear on some specific sites only?
 
REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string "searchq" 19/10/2011 6:36:33 AM

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
"URL"="http://www.searchqu.com/web?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
"SuggestionsURL_JSON"="http://www.searchqu.com/suggest.php?src=ieb&appid=113&systemid=406&qu={searchTerms}&ft=json"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
"URL"="http://www.searchqu.com/web?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
"SuggestionsURL_JSON"="http://www.searchqu.com/suggest.php?src=ieb&appid=113&systemid=406&qu={searchTerms}&ft=json"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SearchquMediaBar_RASAPI32]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SearchquMediaBar_RASMANCS]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SetupDataMngr_searchqu_RASAPI32]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SetupDataMngr_searchqu_RASMANCS]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"

[HKEY_USERS\S-1-5-21-587842109-1465246950-3102458467-1001\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
"URL"="http://www.searchqu.com/web?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms}"

[HKEY_USERS\S-1-5-21-587842109-1465246950-3102458467-1001\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
"SuggestionsURL_JSON"="http://www.searchqu.com/suggest.php?src=ieb&appid=113&systemid=406&qu={searchTerms}&ft=json"


I haven't gotten the pop up all day. The pop up is not related to the browser i don't think. The pop up occurs on its own from the desktop sometimes.
 
Hi,

Open notepad and copy/paste the text in the quotebox below into it:

Code: 
Firefox::
FF - ProfilePath - c:\users\Arnhem\AppData\Roaming\Mozilla\Firefox\Profiles\bqyusmwu.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnG=Google+Search&q=
Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SearchquMediaBar_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SearchquMediaBar_RASMANCS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SetupDataMngr_searchqu_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SetupDataMngr_searchqu_RASMANCS]
[-HKEY_USERS\S-1-5-21-587842109-1465246950-3102458467-1001\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]


Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

CFScriptB-4.gif


Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe (let the tool to update itself if prompted).
Then post the resultant log and do a registry search like above.


Download aswMBR to your desktop. Double click the aswMBR.exe to run it
Click the Scan button to start scan

On completion of the scan click save log, save it to your desktop and post in your next reply
 
ComboFix 11-10-18.04 - Arnhem 19/10/2011 6:52.4.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.61.1033.18.6139.4331 [GMT 2:00]
Running from: c:\users\Arnhem\Desktop\ComboFix.exe
Command switches used :: c:\users\Arnhem\Desktop\CFScript.txt
SP: Spybot - Search & Destroy *Disabled/Updated* {1EAF1D03-5480-F3B2-EB14-11F0F5EE2699}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-09-19 to 2011-10-19 )))))))))))))))))))))))))))))))
.
.
2011-10-19 04:58 . 2011-10-19 04:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-18 23:27 . 2011-10-18 23:27 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{485D2325-B0FD-473F-9B24-504B41CA0349}\offreg.dll
2011-10-18 16:58 . 2011-10-18 16:58 -------- d-----w- c:\users\Arnhem\AppData\Roaming\Malwarebytes
2011-10-18 16:58 . 2011-10-18 16:58 -------- d-----w- c:\programdata\Malwarebytes
2011-10-18 16:58 . 2011-10-18 16:58 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-10-18 16:58 . 2011-08-31 15:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-18 13:38 . 2011-09-13 00:26 9049936 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{485D2325-B0FD-473F-9B24-504B41CA0349}\mpengine.dll
2011-10-17 19:21 . 2011-10-17 19:21 -------- d-----w- c:\program files (x86)\ESET
2011-10-17 19:19 . 2011-10-17 19:19 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-17 19:18 . 2011-10-17 19:18 -------- d-----w- c:\windows\system32\Macromed
2011-10-17 19:14 . 2011-10-17 19:14 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2011-10-17 19:04 . 2011-10-17 19:04 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-10-14 04:06 . 2011-10-14 04:06 -------- d-----w- c:\program files (x86)\ERUNT
2011-10-14 03:08 . 2011-10-17 08:12 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-10-14 03:08 . 2009-01-25 11:14 17272 ----a-w- c:\windows\system32\sdnclean64.exe
2011-10-14 03:08 . 2011-10-14 03:08 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2011-10-12 13:12 . 2011-08-17 05:32 613888 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-02 09:53 . 2011-10-02 09:53 -------- d-----w- c:\program files\CCleaner
2011-09-29 19:51 . 2011-09-29 19:51 -------- d-----w- c:\programdata\ATI
2011-09-29 19:51 . 2011-09-29 19:51 -------- d-----w- c:\program files (x86)\AMD APP
2011-09-29 19:51 . 2011-09-29 19:51 -------- d-----w- c:\program files\Common Files\ATI Technologies
2011-09-29 19:51 . 2011-09-29 19:51 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2011-09-29 19:42 . 2011-09-29 19:42 -------- d-----w- c:\program files (x86)\Battlelog Web Plugins
2011-09-29 18:31 . 2011-09-29 18:31 -------- d-----w- c:\programdata\EA Core
2011-09-29 18:30 . 2011-09-29 18:30 -------- d--h--w- c:\program files (x86)\Common Files\EAInstaller
2011-09-29 17:22 . 2011-09-29 17:22 -------- d-----w- c:\users\Arnhem\AppData\Roaming\Origin
2011-09-29 17:22 . 2011-09-29 17:22 -------- d-----w- c:\users\Arnhem\AppData\Local\Origin
2011-09-29 17:22 . 2011-09-29 18:31 -------- d-----w- c:\programdata\Electronic Arts
2011-09-29 17:22 . 2011-09-29 18:31 -------- d-----w- c:\programdata\Origin
2011-09-29 17:22 . 2011-09-29 17:24 -------- d-----w- c:\program files (x86)\Origin Games
2011-09-29 17:22 . 2011-09-29 17:22 -------- d-----w- c:\program files (x86)\Origin
2011-09-27 20:06 . 2011-09-27 20:06 -------- d-----w- c:\program files (x86)\Thugs at Bay
2011-09-27 19:35 . 2011-09-27 19:35 -------- d-----w- C:\Fraps
2011-09-27 17:40 . 2011-09-27 17:40 -------- d-----w- C:\UDK
2011-09-25 20:46 . 2011-09-25 20:46 -------- d-----w- c:\program files (x86)\Microsoft CAPICOM 2.1.0.2
2011-09-25 20:41 . 2011-09-25 20:41 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2011-09-25 19:50 . 2011-10-16 21:15 -------- d-----w- c:\users\Arnhem\AppData\Local\CutePDF Writer
2011-09-25 19:50 . 2011-09-25 19:50 -------- d-----w- c:\program files (x86)\GPLGS
2011-09-25 19:48 . 2011-09-25 19:48 -------- d-----w- c:\program files (x86)\Acro Software
2011-09-25 19:48 . 2009-11-05 06:40 85504 ----a-w- c:\windows\system32\cpwmon64.dll
2011-09-25 14:09 . 2011-09-25 14:09 -------- d-----w- c:\users\Arnhem\AppData\Roaming\UBitMenu
2011-09-25 14:02 . 2011-09-25 20:44 -------- d-----w- c:\program files (x86)\Microsoft Works
2011-09-25 13:59 . 2011-09-25 13:59 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2011-09-25 13:58 . 2011-09-25 13:58 -------- d-----w- c:\users\Arnhem\AppData\Local\Microsoft Help
2011-09-25 13:58 . 2011-10-13 01:01 -------- d-----w- c:\programdata\Microsoft Help
2011-09-25 13:56 . 2011-09-25 13:56 -------- d-----r- C:\MSOCache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-17 19:03 . 2011-02-08 02:05 544656 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-10-01 10:58 . 2011-07-03 23:59 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-10-01 10:58 . 2011-05-14 02:49 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-10-01 10:50 . 2011-05-14 02:49 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2011-09-29 18:30 . 2011-05-14 02:49 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-09-14 09:47 . 2011-09-14 09:47 60416 ----a-w- c:\windows\system32\OVDecode64.dll
2011-09-14 09:47 . 2011-09-14 09:47 53760 ----a-w- c:\windows\SysWow64\OVDecode.dll
2011-09-14 09:47 . 2011-09-14 09:47 16652288 ----a-w- c:\windows\system32\amdocl64.dll
2011-09-14 09:46 . 2011-09-14 09:46 13625856 ----a-w- c:\windows\SysWow64\amdocl.dll
2011-09-14 09:38 . 2011-09-14 09:38 44032 ----a-w- c:\windows\system32\amdoclcl64.dll
2011-09-14 09:38 . 2011-09-14 09:38 37376 ----a-w- c:\windows\SysWow64\amdoclcl.dll
2011-09-08 18:27 . 2011-09-08 18:27 10203648 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-09-08 17:59 . 2011-09-08 17:59 24229376 ----a-w- c:\windows\system32\atio6axx.dll
2011-09-08 17:39 . 2011-09-08 17:39 18534912 ----a-w- c:\windows\SysWow64\atioglxx.dll
2011-09-08 17:34 . 2011-09-08 17:34 151552 ----a-w- c:\windows\system32\atiapfxx.exe
2011-09-08 17:34 . 2011-05-25 03:07 732672 ----a-w- c:\windows\SysWow64\aticfx32.dll
2011-09-08 17:32 . 2011-05-25 03:06 862720 ----a-w- c:\windows\system32\aticfx64.dll
2011-09-08 17:30 . 2011-05-25 03:04 466944 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-09-08 17:30 . 2011-09-08 17:30 486912 ----a-w- c:\windows\system32\atieclxx.exe
2011-09-08 17:29 . 2011-09-08 17:29 204288 ----a-w- c:\windows\system32\atiesrxx.exe
2011-09-08 17:28 . 2011-09-08 17:28 120320 ----a-w- c:\windows\system32\atitmm64.dll
2011-09-08 17:28 . 2011-05-25 03:02 423424 ----a-w- c:\windows\system32\atipdl64.dll
2011-09-08 17:28 . 2011-09-08 17:28 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll
2011-09-08 17:28 . 2011-09-08 17:28 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
2011-09-08 17:28 . 2011-09-08 17:28 21504 ----a-w- c:\windows\system32\atimuixx.dll
2011-09-08 17:28 . 2011-09-08 17:28 59392 ----a-w- c:\windows\system32\atiedu64.dll
2011-09-08 17:28 . 2011-09-08 17:28 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2011-09-08 17:24 . 2011-05-25 02:58 4204032 ----a-w- c:\windows\SysWow64\atidxx32.dll
2011-09-08 17:18 . 2011-09-08 17:18 1113088 ----a-w- c:\windows\system32\atiumd6v.dll
2011-09-08 17:18 . 2011-09-08 17:18 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2011-09-08 17:18 . 2011-05-25 02:59 3888640 ----a-w- c:\windows\system32\atiumd6a.dll
2011-09-08 17:16 . 2009-07-13 21:59 4944896 ----a-w- c:\windows\system32\atidxx64.dll
2011-09-08 17:09 . 2011-09-08 17:09 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2011-09-08 17:09 . 2011-09-08 17:09 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2011-09-08 17:09 . 2011-09-08 17:09 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2011-09-08 17:09 . 2011-09-08 17:09 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2011-09-08 17:09 . 2011-09-08 17:09 8723456 ----a-w- c:\windows\system32\aticaldd64.dll
2011-09-08 17:08 . 2011-09-08 17:08 4064768 ----a-w- c:\windows\SysWow64\atiumdva.dll
2011-09-08 17:05 . 2011-09-08 17:05 7331840 ----a-w- c:\windows\SysWow64\aticaldd.dll
2011-09-08 17:05 . 2011-09-08 17:05 4289024 ----a-w- c:\windows\SysWow64\atiumdag.dll
2011-09-08 17:00 . 2011-05-25 02:33 5428736 ----a-w- c:\windows\system32\atiumd64.dll
2011-09-08 16:59 . 2011-05-25 02:19 58880 ----a-w- c:\windows\system32\coinst.dll
2011-09-08 16:53 . 2011-05-25 02:26 381952 ----a-w- c:\windows\system32\atiadlxx.dll
2011-09-08 16:53 . 2011-09-08 16:53 270336 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2011-09-08 16:52 . 2011-09-08 16:52 15360 ----a-w- c:\windows\system32\atig6pxx.dll
2011-09-08 16:52 . 2011-09-08 16:52 13312 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2011-09-08 16:52 . 2011-09-08 16:52 13312 ----a-w- c:\windows\system32\atiglpxx.dll
2011-09-08 16:52 . 2011-09-08 16:52 39936 ----a-w- c:\windows\system32\atig6txx.dll
2011-09-08 16:52 . 2011-09-08 16:52 32768 ----a-w- c:\windows\SysWow64\atigktxx.dll
2011-09-08 16:52 . 2011-09-08 16:52 310784 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-09-08 16:52 . 2011-05-25 02:24 40960 ----a-w- c:\windows\system32\atiuxp64.dll
2011-09-08 16:51 . 2011-05-25 02:24 31744 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2011-09-08 16:51 . 2011-05-25 02:24 38912 ----a-w- c:\windows\system32\atiu9p64.dll
2011-09-08 16:51 . 2011-05-25 02:24 29184 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2011-09-08 16:51 . 2011-09-08 16:51 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-09-08 16:51 . 2011-09-08 16:51 54784 ----a-w- c:\windows\system32\atimpc64.dll
2011-09-08 16:51 . 2011-09-08 16:51 54784 ----a-w- c:\windows\system32\amdpcom64.dll
2011-09-08 16:50 . 2011-09-08 16:50 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
2011-09-08 16:50 . 2011-09-08 16:50 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2011-10-18_13.50.57 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-10-30 15:38 . 2011-10-18 23:26 41466 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-10-18 23:26 38394 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-10-29 21:45 . 2011-10-18 17:53 13746 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-587842109-1465246950-3102458467-1001_UserData.bin
+ 2010-10-29 12:34 . 2011-10-18 15:30 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-10-29 12:34 . 2011-10-13 01:23 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-10-29 12:34 . 2011-10-13 01:23 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-10-29 12:34 . 2011-10-18 15:30 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-10-13 01:23 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-10-18 15:30 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-10-29 21:45 . 2011-10-18 23:25 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-10-29 21:45 . 2011-10-18 13:33 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-10-29 21:45 . 2011-10-18 23:25 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-10-29 21:45 . 2011-10-18 13:33 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-10-29 21:45 . 2011-10-18 23:25 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-10-29 21:45 . 2011-10-18 13:33 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-10-29 21:45 . 2011-10-19 04:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-10-29 21:45 . 2011-10-18 13:33 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-10-29 21:45 . 2011-10-18 13:33 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-10-29 21:45 . 2011-10-19 04:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-10-18 23:24 . 2011-10-18 23:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-10-18 13:50 . 2011-10-18 13:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-10-18 23:24 . 2011-10-18 23:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-10-18 13:50 . 2011-10-18 13:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:36 . 2011-10-19 00:58 664992 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-10-18 13:38 664992 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-10-19 00:58 125696 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2011-10-18 13:38 125696 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2011-10-18 20:01 460212 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2011-10-18 13:49 460212 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-10-18 23:25 . 2005-10-20 10:02 163328 c:\windows\ERDNT\AutoBackup\19-10-2011\ERDNT.EXE
+ 2011-02-11 12:33 . 2011-10-18 20:01 1640984 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-02-11 12:33 . 2011-10-18 13:49 1640984 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-10-18 23:25 . 2011-10-18 23:25 4075520 c:\windows\ERDNT\AutoBackup\19-10-2011\Users\00000002\UsrClass.dat
+ 2011-10-18 23:25 . 2011-10-18 23:25 2670592 c:\windows\ERDNT\AutoBackup\19-10-2011\Users\00000001\NTUSER.DAT
+ 2009-07-14 02:34 . 2011-10-18 15:46 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:34 . 2011-10-18 13:48 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2010-11-22 10:19 . 2011-10-18 20:01 17051115 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-587842109-1465246950-3102458467-1001-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Arnhem\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Arnhem\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Arnhem\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Arnhem\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-08-24 1242448]
"GameXN (update)"="c:\programdata\GameXN\GameXNGO.exe" [2011-09-09 347008]
"GameXN (news)"="c:\programdata\GameXN\GameXNGO.exe" [2011-09-09 347008]
"ccleaner"="c:\program files\CCleaner\CCleaner64.exe" [2011-09-23 4478784]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-08-18 421736]
"Net iD"="c:\program files (x86)\Net iD\iid.exe" [2011-03-21 87352]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-09-08 343168]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2011-10-05 3578272]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
c:\users\Arnhem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Dropbox.lnk - c:\users\Arnhem\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-11-17 1066536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SDWinLogon]
SDWinLogon.dll [BU]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 mi-raysat_3dsmax2011_32;mental ray 3.8 Satellite for Autodesk 3ds Max 2011 32-bit 32-bit;c:\program files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe [2010-03-10 86016]
R2 mi-raysat_3dsmax2011_64;mental ray 3.8 Satellite for Autodesk 3ds Max 2011 64-bit 64-bit;c:\program files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe [2010-03-10 86016]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-03-16 1436424]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [x]
R3 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2011-10-05 892336]
R3 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2011-10-05 955816]
R3 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2011-10-05 169624]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 SDHookDriver;Spybot-S&D 2 Hook Driver;c:\program files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [2011-10-05 48888]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 SDHookService;Spybot S&D 2 Live Protection Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDHookSvc.exe [2011-10-05 130976]
S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2010-10-13 5790064]
S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2010-10-13 487280]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
S3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\DRIVERS\OA001Ufd.sys [x]
S3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\DRIVERS\OA001Vid.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-18 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2011-10-14 13:46]
.
2011-10-17 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\program files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2011-10-14 13:46]
.
2011-10-17 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\program files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2011-10-14 13:46]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Arnhem\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Arnhem\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Arnhem\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Arnhem\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-09-25 1552168]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 2327952]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 83.255.245.11 193.150.193.150
FF - ProfilePath - c:\users\Arnhem\AppData\Roaming\Mozilla\Firefox\Profiles\bqyusmwu.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-587842109-1465246950-3102458467-1001\Software\SecuROM\License information*]
"datasecu"=hex:6a,96,86,0e,eb,a3,d5,66,46,da,43,bd,e2,78,82,01,19,27,6b,a6,d5,
7b,b0,21,7c,c3,48,79,be,e9,8d,a3,ff,71,33,df,f8,cd,2b,4e,08,d9,c1,33,a8,9c,\
"rkeysecu"=hex:c4,05,15,5f,42,ca,4d,5f,8a,58,b2,4a,be,1a,8b,96
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-10-19 07:01:35
ComboFix-quarantined-files.txt 2011-10-19 05:01
ComboFix2.txt 2011-10-18 13:56
ComboFix3.txt 2011-10-17 18:57
ComboFix4.txt 2011-10-17 08:32
.
Pre-Run: 167,059,075,072 bytes free
Post-Run: 167,005,581,312 bytes free
.
- - End Of File - - 14CE61A4C8693581F53080D4DE759811


aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-10-19 07:06:17
-----------------------------
07:06:17.506 OS Version: Windows x64 6.1.7600
07:06:17.506 Number of processors: 2 586 0x170A
07:06:17.507 ComputerName: STEEZ UserName:
07:06:18.821 Initialize success
07:06:49.943 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
07:06:49.945 Disk 0 Vendor: ST9500420ASG 0002SDM1 Size: 476940MB BusType: 11
07:06:51.957 Disk 0 MBR read successfully
07:06:51.959 Disk 0 MBR scan
07:06:51.961 Disk 0 Windows 7 default MBR code
07:06:51.964 Service scanning
07:06:53.149 Modules scanning
07:06:53.152 Disk 0 trace - called modules:
07:06:53.174 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
07:06:53.177 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006471060]
07:06:53.181 3 CLASSPNP.SYS[fffff8800189343f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8005ef1680]
07:06:53.184 Scan finished successfully
07:07:02.642 Disk 0 MBR has been saved successfully to "C:\Users\Arnhem\Desktop\MBR.dat"
07:07:02.642 The log file has been saved successfully to "C:\Users\Arnhem\Desktop\aswMBR.txt"
 
You must log in or register to reply here.
Back
Top