Rolandz

February 8, 2012

mmm i guess i have no choice but after all these months lol alright thanks again for everything and helping me for so long

February 2, 2012

oo ya

January 25, 2012

oo hey screen ive notice i been getting this error im not sure if its related to using combofix but i remember it did disable my autorun too i cant seem to uninstall certain programs or install a program

here a pic of me trying to uninstall smart6 and trying to install oblivion i get the same error in the detail

January 25, 2012

oo forgot zip

MBR.rar

January 25, 2012

Run date: 2012-01-25 02:59:23

-----------------------------

02:59:23.181 OS Version: Windows x64 6.1.7600

02:59:23.181 Number of processors: 8 586 0x1A05

02:59:23.181 ComputerName: ROLAND714 UserName: Roland

02:59:25.410 Initialize success

02:59:33.696 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1

02:59:33.697 Disk 0 Vendor: ST31000528AS CC3E Size: 953869MB BusType: 3

02:59:33.709 Disk 0 MBR read successfully

02:59:33.710 Disk 0 MBR scan

02:59:33.712 Disk 0 Windows 7 default MBR code

02:59:33.715 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 953867 MB offset 2048

02:59:33.718 Service scanning

02:59:34.793 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32

02:59:35.352 Modules scanning

02:59:35.354 Disk 0 trace - called modules:

02:59:35.373 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80044052c0]<<sptd.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys

02:59:35.375 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004788060]

02:59:35.378 3 CLASSPNP.SYS[fffff88001a1a43f] -> nt!IofCallDriver -> [0xfffffa80044f99b0]

02:59:35.380 5 ACPI.sys[fffff88000efe781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa8004522060]

02:59:35.384 \Driver\atapi[0xfffffa80044f7cb0] -> IRP_MJ_CREATE -> 0xfffffa80044052c0

02:59:35.387 Scan finished successfully

02:59:48.537 Disk 0 MBR has been saved successfully to "C:\Users\Roland\Desktop\Avlogs\MBR.dat"

02:59:48.542 The log file has been saved successfully to "C:\Users\Roland\Desktop\Avlogs\aswMBR.txt"

MBRCheck, version 1.2.3

Command-line:

Windows Version: Windows 7 Ultimate Edition

Windows Information: (build 7600), 64-bit

Base Board Manufacturer: Gigabyte Technology Co., Ltd.

BIOS Manufacturer: Award Software International, Inc.

System Manufacturer: Gigabyte Technology Co., Ltd.

System Product Name: X58-USB3

Logical Drives Mask: 0x0000003c

Kernel Drivers (total 194):

0x03012000 \SystemRoot\system32\ntoskrnl.exe

0x035EE000 \SystemRoot\system32\hal.dll

0x00BBE000 \SystemRoot\system32\kdcom.dll

0x00C65000 \SystemRoot\system32\mcupdate_GenuineIntel.dll

0x00CA9000 \SystemRoot\system32\PSHED.dll

0x00CBD000 \SystemRoot\system32\CLFS.SYS

0x00D1B000 \SystemRoot\system32\CI.dll

0x00E40000 \SystemRoot\system32\drivers\Wdf01000.sys

0x00EE4000 \SystemRoot\system32\drivers\WDFLDR.SYS

0x0104D000 \SystemRoot\System32\Drivers\sptd.sys

0x00EF3000 \SystemRoot\system32\DRIVERS\ACPI.sys

0x011B4000 \SystemRoot\system32\DRIVERS\WMILIB.SYS

0x011BD000 \SystemRoot\system32\DRIVERS\msisadrv.sys

0x011C7000 \SystemRoot\system32\DRIVERS\vdrvroot.sys

0x01000000 \SystemRoot\system32\DRIVERS\pci.sys

0x01033000 \SystemRoot\System32\drivers\partmgr.sys

0x011D4000 \SystemRoot\system32\DRIVERS\volmgr.sys

0x00F4A000 \SystemRoot\System32\drivers\volmgrx.sys

0x011E9000 \SystemRoot\system32\DRIVERS\pciide.sys

0x011F0000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS

0x00FA6000 \SystemRoot\System32\drivers\mountmgr.sys

0x00FC0000 \SystemRoot\system32\DRIVERS\atapi.sys

0x00FC9000 \SystemRoot\system32\DRIVERS\ataport.SYS

0x00FF3000 \SystemRoot\system32\drivers\amdxata.sys

0x00C00000 \SystemRoot\system32\drivers\fltmgr.sys

0x00E00000 \SystemRoot\system32\drivers\fileinfo.sys

0x0122F000 \SystemRoot\System32\Drivers\Ntfs.sys

0x01492000 \SystemRoot\System32\Drivers\msrpc.sys

0x014F0000 \SystemRoot\System32\Drivers\ksecdd.sys

0x0150A000 \SystemRoot\System32\Drivers\cng.sys

0x0157D000 \SystemRoot\System32\drivers\pcw.sys

0x0158E000 \SystemRoot\System32\Drivers\Fs_Rec.sys

0x016D0000 \SystemRoot\system32\drivers\ndis.sys

0x01600000 \SystemRoot\system32\drivers\NETIO.SYS

0x01660000 \SystemRoot\System32\Drivers\ksecpkg.sys

0x01802000 \SystemRoot\System32\drivers\tcpip.sys

0x01598000 \SystemRoot\System32\drivers\fwpkclnt.sys

0x0168B000 \SystemRoot\system32\DRIVERS\vmstorfl.sys

0x01400000 \SystemRoot\system32\DRIVERS\volsnap.sys

0x0169B000 \SystemRoot\System32\Drivers\spldr.sys

0x017C2000 \SystemRoot\System32\drivers\rdyboost.sys

0x016A3000 \SystemRoot\System32\Drivers\mup.sys

0x016B5000 \SystemRoot\System32\drivers\hwpolicy.sys

0x0144C000 \SystemRoot\System32\DRIVERS\fvevol.sys

0x015E2000 \SystemRoot\system32\DRIVERS\disk.sys

0x01A19000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS

0x01A7F000 \SystemRoot\system32\DRIVERS\dtsoftbus01.sys

0x01AC7000 \SystemRoot\system32\DRIVERS\cdrom.sys

0x01AF1000 \SystemRoot\System32\Drivers\Null.SYS

0x01AFA000 \SystemRoot\System32\Drivers\Beep.SYS

0x01B01000 \SystemRoot\System32\drivers\vga.sys

0x01B0F000 \SystemRoot\System32\drivers\VIDEOPRT.SYS

0x01B34000 \SystemRoot\System32\drivers\watchdog.sys

0x01B44000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0x01B4D000 \SystemRoot\system32\drivers\rdpencdd.sys

0x01B56000 \SystemRoot\system32\drivers\rdprefmp.sys

0x01B5F000 \SystemRoot\System32\Drivers\Msfs.SYS

0x01B6A000 \SystemRoot\System32\Drivers\Npfs.SYS

0x01B7B000 \SystemRoot\system32\DRIVERS\tdx.sys

0x01B99000 \SystemRoot\system32\DRIVERS\TDI.SYS

0x01BA6000 \SystemRoot\System32\DRIVERS\netbt.sys

0x06AF5000 \SystemRoot\system32\drivers\afd.sys

0x06B7E000 \SystemRoot\system32\drivers\ws2ifsl.sys

0x06B89000 \SystemRoot\system32\DRIVERS\wfplwf.sys

0x06B92000 \SystemRoot\system32\DRIVERS\pacer.sys

0x06BB8000 \SystemRoot\system32\DRIVERS\netbios.sys

0x06BC7000 \SystemRoot\system32\DRIVERS\wanarp.sys

0x06BE2000 \SystemRoot\system32\DRIVERS\termdd.sys

0x06A00000 \SystemRoot\system32\DRIVERS\rdbss.sys

0x06A51000 \SystemRoot\system32\drivers\nsiproxy.sys

0x06A5D000 \SystemRoot\system32\DRIVERS\mssmbios.sys

0x06A68000 \SystemRoot\System32\drivers\discache.sys

0x06CAC000 \SystemRoot\system32\drivers\csc.sys

0x06D2F000 \SystemRoot\System32\Drivers\dfsc.sys

0x06D4D000 \SystemRoot\system32\DRIVERS\blbdrive.sys

0x06D5E000 \SystemRoot\system32\DRIVERS\AppleCharger.sys

0x06D66000 \SystemRoot\system32\DRIVERS\tunnel.sys

0x06D8C000 \SystemRoot\system32\DRIVERS\intelppm.sys

0x06DA2000 \SystemRoot\system32\DRIVERS\nusb3xhc.sys

0x06DD3000 \SystemRoot\system32\DRIVERS\USBD.SYS

0x100B4000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys

0x10D18000 \SystemRoot\System32\Drivers\nvBridge.kmd

0x06E1E000 \SystemRoot\System32\drivers\dxgkrnl.sys

0x06F12000 \SystemRoot\System32\drivers\dxgmms1.sys

0x06F58000 \SystemRoot\system32\DRIVERS\usbuhci.sys

0x06F65000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

0x06FBB000 \SystemRoot\system32\DRIVERS\usbehci.sys

0x06FCC000 \SystemRoot\system32\DRIVERS\HDAudBus.sys

0x10D1A000 \SystemRoot\system32\DRIVERS\Rt64win7.sys

0x06FF0000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

0x10D9E000 \SystemRoot\System32\Drivers\ajhqqxm9.SYS

0x10000000 \SystemRoot\System32\Drivers\SCSIPORT.SYS

0x06E00000 \SystemRoot\system32\DRIVERS\wmiacpi.sys

0x06E09000 \SystemRoot\system32\DRIVERS\CompositeBus.sys

0x1002F000 \SystemRoot\system32\DRIVERS\AgileVpn.sys

0x10045000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

0x10069000 \SystemRoot\system32\DRIVERS\ndistapi.sys

0x10075000 \SystemRoot\system32\DRIVERS\ndiswan.sys

0x06DD5000 \SystemRoot\system32\DRIVERS\raspppoe.sys

0x06C00000 \SystemRoot\system32\DRIVERS\raspptp.sys

0x06C21000 \SystemRoot\system32\DRIVERS\rassstp.sys

0x100A4000 \SystemRoot\system32\DRIVERS\rdpbus.sys

0x10DED000 \SystemRoot\system32\DRIVERS\kbdclass.sys

0x06C3B000 \SystemRoot\system32\DRIVERS\mouclass.sys

0x06E19000 \SystemRoot\system32\DRIVERS\swenum.sys

0x06C4A000 \SystemRoot\system32\DRIVERS\ks.sys

0x100AF000 \SystemRoot\system32\drivers\WmBEnum.sys

0x06C8D000 \SystemRoot\system32\drivers\WmXlCore.sys

0x06A77000 \SystemRoot\system32\DRIVERS\umbus.sys

0x06A89000 \SystemRoot\system32\DRIVERS\nusb3hub.sys

0x074A2000 \SystemRoot\system32\DRIVERS\usbhub.sys

0x074FC000 \SystemRoot\System32\Drivers\NDProxy.SYS

0x08656000 \SystemRoot\system32\drivers\RTKVHD64.sys

0x08942000 \SystemRoot\system32\drivers\portcls.sys

0x0897F000 \SystemRoot\system32\drivers\drmk.sys

0x089A1000 \SystemRoot\system32\drivers\ksthunk.sys

0x000D0000 \SystemRoot\System32\win32k.sys

0x089A7000 \SystemRoot\System32\drivers\Dxapi.sys

0x089B3000 \SystemRoot\System32\Drivers\crashdmp.sys

0x089C1000 \SystemRoot\System32\Drivers\dump_dumpata.sys

0x089CD000 \SystemRoot\System32\Drivers\dump_atapi.sys

0x089D6000 \SystemRoot\System32\Drivers\dump_dumpfve.sys

0x0862B000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

0x08644000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

0x089E9000 \SystemRoot\system32\DRIVERS\kbdhid.sys

0x07511000 \SystemRoot\system32\DRIVERS\mouhid.sys

0x00520000 \SystemRoot\System32\TSDDD.dll

0x007D0000 \SystemRoot\System32\cdd.dll

0x0752C000 \SystemRoot\system32\drivers\luafv.sys

0x0754F000 \SystemRoot\system32\drivers\WudfPf.sys

0x07570000 \SystemRoot\system32\DRIVERS\lltdio.sys

0x07585000 \SystemRoot\system32\DRIVERS\rspndr.sys

0x02886000 \SystemRoot\system32\drivers\HTTP.sys

0x0294E000 \SystemRoot\system32\DRIVERS\bowser.sys

0x0296C000 \SystemRoot\System32\drivers\mpsdrv.sys

0x02984000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

0x029B1000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys

0x02800000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys

0x048B3000 \SystemRoot\system32\drivers\peauth.sys

0x04959000 \SystemRoot\System32\Drivers\secdrv.SYS

0x04964000 \SystemRoot\System32\DRIVERS\srvnet.sys

0x04991000 \SystemRoot\System32\drivers\tcpipreg.sys

0x04800000 \SystemRoot\System32\DRIVERS\srv2.sys

0x07400000 \SystemRoot\System32\DRIVERS\srv.sys

0x04867000 \??\C:\Windows\gdrv.sys

0x04870000 \SystemRoot\system32\drivers\WmVirHid.sys

0x049A3000 \SystemRoot\system32\DRIVERS\udfs.sys

0x0487D000 \??\C:\Windows\system32\drivers\mbam.sys

0x04887000 \SystemRoot\system32\DRIVERS\monitor.sys

0x04895000 \SystemRoot\system32\DRIVERS\usbccgp.sys

0x02823000 \SystemRoot\system32\DRIVERS\hidusb.sys

0x02831000 \??\C:\Program Files (x86)\Garena Plus\Room\safedrv.sys

0x049F7000 \??\C:\Windows\system32\Drivers\PROCEXP113.SYS

0x0283C000 \??\C:\Users\Roland\AppData\Local\Temp\aswMBR.sys

0x773F0000 \Windows\System32\ntdll.dll

0x47E60000 \Windows\System32\smss.exe

0xFF710000 \Windows\System32\apisetschema.dll

0xFF7D0000 \Windows\System32\autochk.exe

0xFF6B0000 \Windows\System32\Wldap32.dll

0xFF610000 \Windows\System32\clbcatq.dll

0xFF4E0000 \Windows\System32\rpcrt4.dll

0x775C0000 \Windows\System32\psapi.dll

0xFF410000 \Windows\System32\usp10.dll

0xFE680000 \Windows\System32\shell32.dll

0xFE5E0000 \Windows\System32\msvcrt.dll

0xFE570000 \Windows\System32\gdi32.dll

0x775B0000 \Windows\System32\normaliz.dll

0xFE4D0000 \Windows\System32\comdlg32.dll

0xFE2C0000 \Windows\System32\ole32.dll

0x771E0000 \Windows\System32\iertutil.dll

0xFE240000 \Windows\System32\shlwapi.dll

0xFE1C0000 \Windows\System32\difxapi.dll

0xFE0B0000 \Windows\System32\msctf.dll

0xFDFD0000 \Windows\System32\advapi32.dll

0x77080000 \Windows\System32\wininet.dll

0xFDEF0000 \Windows\System32\oleaut32.dll

0xFDD10000 \Windows\System32\setupapi.dll

0xFDCF0000 \Windows\System32\imagehlp.dll

0x76F60000 \Windows\System32\kernel32.dll

0x76E10000 \Windows\System32\urlmon.dll

0xFDCC0000 \Windows\System32\imm32.dll

0xFDC70000 \Windows\System32\ws2_32.dll

0xFDC50000 \Windows\System32\sechost.dll

0xFDC40000 \Windows\System32\lpk.dll

0x76D10000 \Windows\System32\user32.dll

0xFDC30000 \Windows\System32\nsi.dll

0xFDC10000 \Windows\System32\devobj.dll

0xFDAA0000 \Windows\System32\crypt32.dll

0xFDA30000 \Windows\System32\KernelBase.dll

0xFD9F0000 \Windows\System32\cfgmgr32.dll

0xFD950000 \Windows\System32\comctl32.dll

0xFD910000 \Windows\System32\wintrust.dll

0xFD900000 \Windows\System32\msasn1.dll

0x765E0000 \Windows\SysWOW64\normaliz.dll

Processes (total 66):

0 System Idle Process

4 System

320 C:\Windows\System32\smss.exe

456 csrss.exe

532 C:\Windows\System32\wininit.exe

556 csrss.exe

596 C:\Windows\System32\services.exe

616 C:\Windows\System32\lsass.exe

624 C:\Windows\System32\lsm.exe

736 C:\Windows\System32\winlogon.exe

768 C:\Windows\System32\svchost.exe

828 C:\Windows\System32\nvvsvc.exe

868 C:\Windows\System32\svchost.exe

952 C:\Windows\System32\svchost.exe

1000 C:\Windows\System32\svchost.exe

152 C:\Windows\System32\svchost.exe

1032 C:\Windows\System32\svchost.exe

1144 C:\Windows\System32\svchost.exe

1312 C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe

1324 C:\Windows\System32\nvvsvc.exe

1392 C:\Windows\System32\spoolsv.exe

1460 C:\Windows\System32\svchost.exe

1572 C:\Program Files (x86)\3d-io plugins\licensing_v2\ActiveLockServerV2.exe

1692 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

1736 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

1788 C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe

1824 C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe

1844 C:\Program Files\Bonjour\mDNSResponder.exe

1880 C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe

1976 C:\Windows\System32\taskhost.exe

2028 C:\Windows\System32\dwm.exe

1112 C:\Windows\explorer.exe

1504 C:\Windows\SysWOW64\PnkBstrA.exe

1508 C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe

2072 C:\Windows\System32\svchost.exe

2220 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

2372 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

3020 C:\Windows\System32\svchost.exe

2188 C:\Program Files\Logitech\Gaming Software\LWEMon.exe

3060 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

2204 C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

3236 C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe

3440 C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe

3448 C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

3484 C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe

3716 C:\Windows\System32\svchost.exe

3892 C:\Program Files\iPod\bin\iPodService.exe

3356 WmiPrvSE.exe

3376 C:\Windows\System32\SearchIndexer.exe

3520 C:\Program Files (x86)\Steam\Steam.exe

3160 C:\Windows\System32\SearchProtocolHost.exe

1964 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

3360 C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

3792 C:\Windows\System32\wuauclt.exe

2228 C:\Windows\System32\audiodg.exe

4680 C:\Windows\SysWOW64\svchost.exe

3804 C:\Program Files (x86)\GIGABYTE\smart6\timelock\AlarmClock.exe

2760 C:\Program Files (x86)\Mozilla Firefox\firefox.exe

2576 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

3860 C:\Windows\System32\SearchFilterHost.exe

4280 C:\Windows\System32\taskeng.exe

4056 C:\Windows\System32\VSSVC.exe

3888 C:\Windows\System32\svchost.exe

1856 C:\Users\Roland\Desktop\MBRCheck.exe

348 C:\Windows\System32\conhost.exe

3760 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)

PhysicalDrive0 Model Number: ST31000528AS, Rev: CC3E

Size Device Name MBR Status

--------------------------------------------

931 GB \\.\PhysicalDrive0 Windows 7 MBR code detected

SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79

Done!


MBRScan v1.0.7

OS			 : Windows 7  (64 bit)
PROCESSOR	  : Intel64 Family 6 Model 26 Stepping 5, GenuineIntel
BOOT		   : Normal Boot
DATE		   : 2012/01/25 (ISO 8601) at 02:58:58
________________________________________________________________________________

DISK		   : Device\Harddisk0\DR0 __ST31000528AS (CC3E)
BUS_TYPE	   : (0x03)  P-ATA
USE_PIO	    : NO
MAX_TRANSFER   : 128 Kb
ALIGNMENT_MASK : word aligned
________________________________________________________________________________

Device\Harddisk0\DR0    931.5 Go  [Fixed] ==> 7 MBR Code

MBR_MD5   : 3052532B4C38CBAF3FF716E7245E46D6
MBR_SHA1  : 545BE0FEA527CD2B8F103EE0F220F46DA1D3EE1E

Device\Harddisk0\Partition1    931.5 Go      0x07 NTFS / HPFS __ BOOTABLE __
________________________________________________________________________________


_______MBR   \Device\Harddisk0\DR0  

0x00000000   33 C0 8E D0 BC 00 7C 8E C0 8E D8 BE 00 7C BF 00   3À.Ð¼.|.À.Ø¾.|¿.
0x00000010   06 B9 00 02 FC F3 A4 50 68 1C 06 CB FB B9 04 00   .¹..üó¤Ph..Ëû¹..
0x00000020   BD BE 07 80 7E 00 00 7C 0B 0F 85 0E 01 83 C5 10   ½¾..~..|......Å.
0x00000030   E2 F1 CD 18 88 56 00 55 C6 46 11 05 C6 46 10 00   âñÍ..V.UÆF..ÆF..
0x00000040   B4 41 BB AA 55 CD 13 5D 72 0F 81 FB 55 AA 75 09   ´A»ªUÍ.]r..ûUªu.
0x00000050   F7 C1 01 00 74 03 FE 46 10 66 60 80 7E 10 00 74   ÷Á..t.þF.f`.~..t
0x00000060   26 66 68 00 00 00 00 66 FF 76 08 68 00 00 68 00   &fh....f.v.h..h.
0x00000070   7C 68 01 00 68 10 00 B4 42 8A 56 00 8B F4 CD 13   |h..h..´B.V..ôÍ.
0x00000080   9F 83 C4 10 9E EB 14 B8 01 02 BB 00 7C 8A 56 00   ..Ä..Ë.¸..».|.V.
0x00000090   8A 76 01 8A 4E 02 8A 6E 03 CD 13 66 61 73 1C FE   .v..N..n.Í.fas.þ
0x000000A0   4E 11 75 0C 80 7E 00 80 0F 84 8A 00 B2 80 EB 84   N.u..~......².Ë.
0x000000B0   55 32 E4 8A 56 00 CD 13 5D EB 9E 81 3E FE 7D 55   U2Ä.V.Í.]Ë..>þ}U
0x000000C0   AA 75 6E FF 76 00 E8 8D 00 75 17 FA B0 D1 E6 64   ªun.v.è..u.ú°ñÆd
0x000000D0   E8 83 00 B0 DF E6 60 E8 7C 00 B0 FF E6 64 E8 75   è..°ßÆ`è|.°.Ædèu
0x000000E0   00 FB B8 00 BB CD 1A 66 23 C0 75 3B 66 81 FB 54   .û¸.»Í.f#Àu;f.ûT
0x000000F0   43 50 41 75 32 81 F9 02 01 72 2C 66 68 07 BB 00   CPAu2.ù..r,fh.».
0x00000100   00 66 68 00 02 00 00 66 68 08 00 00 00 66 53 66   .fh....fh....fSf
0x00000110   53 66 55 66 68 00 00 00 00 66 68 00 7C 00 00 66   SfUfh....fh.|..f
0x00000120   61 68 00 00 07 CD 1A 5A 32 F6 EA 00 7C 00 00 CD   ah...Í.Z2öê.|..Í
0x00000130   18 A0 B7 07 EB 08 A0 B6 07 EB 03 A0 B5 07 32 E4   ..·.Ë..¶.Ë..µ.2Ä
0x00000140   05 00 07 8B F0 AC 3C 00 74 09 BB 07 00 B4 0E CD   ....Ð¬<.t.»..´.Í
0x00000150   10 EB F2 F4 EB FD 2B C9 E4 64 EB 00 24 02 E0 F8   .ËòôËý+ÉÄdË.$.ÀØ
0x00000160   24 02 C3 49 6E 76 61 6C 69 64 20 70 61 72 74 69   $.ÃInvalid parti
0x00000170   74 69 6F 6E 20 74 61 62 6C 65 00 45 72 72 6F 72   tion table.Error
0x00000180   20 6C 6F 61 64 69 6E 67 20 6F 70 65 72 61 74 69    loading operati
0x00000190   6E 67 20 73 79 73 74 65 6D 00 4D 69 73 73 69 6E   ng system.Missin
0x000001A0   67 20 6F 70 65 72 61 74 69 6E 67 20 73 79 73 74   g operating syst
0x000001B0   65 6D 00 00 00 63 7B 9A 72 81 D3 0B 00 00 80 20   em...c{.r.ó....
0x000001C0   21 00 07 FE FF FF 00 08 00 00 00 58 70 74 00 00   !..þ.......Xpt..
0x000001D0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001E0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA   ..............Uª

January 25, 2012

ooo na everywebsite except search websites i even got one off bleepingcomputer

ComboFix 12-01-23.02 - Roland 01/25/2012 2:04.11.8 - x64

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4094.1378 [GMT -5:00]

Running from: c:\users\Roland\Desktop\ComboFix.exe

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((( Files Created from 2011-12-25 to 2012-01-25 )))))))))))))))))))))))))))))))

.

2012-01-25 07:23 . 2012-01-25 07:23 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2012-01-25 07:23 . 2012-01-25 07:23 -------- d-----w- c:\users\Public\AppData\Local\temp

2012-01-25 07:23 . 2012-01-25 07:23 -------- d-----w- c:\users\Parker\AppData\Local\temp

2012-01-25 07:23 . 2012-01-25 07:23 -------- d-----w- c:\users\Parker.Roland714\AppData\Local\temp

2012-01-25 07:23 . 2012-01-25 07:23 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-01-25 07:23 . 2012-01-25 07:23 -------- d-----w- c:\users\AppData\AppData\Local\temp

2012-01-16 09:14 . 2012-01-24 20:04 25640 ----a-w- c:\windows\gdrv.sys

2012-01-16 02:53 . 2012-01-16 02:54 -------- d-----w- c:\programdata\WeCareReminder

2012-01-16 02:52 . 2012-01-16 02:52 279616 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys

2012-01-16 02:51 . 2012-01-16 02:52 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite

2012-01-08 18:06 . 2012-01-08 18:06 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll

2012-01-08 18:06 . 2012-01-08 18:06 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll

2012-01-08 18:06 . 2012-01-08 18:06 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll

2012-01-08 18:06 . 2012-01-08 18:06 43992 ----a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll

2011-12-28 21:22 . 2011-12-10 20:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-12-28 12:42 . 2011-12-28 12:42 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\DAEMON Tools Lite

2011-12-28 05:03 . 2012-01-16 02:52 -------- d-----w- c:\users\Roland\AppData\Roaming\OpenCandy

2011-12-28 04:59 . 2011-12-28 05:03 530488 ----a-w- c:\windows\system32\drivers\sptd.sys

2011-12-27 10:22 . 2011-12-27 10:22 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll

2011-12-27 10:22 . 2011-12-27 10:22 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll

2011-12-27 10:22 . 2011-12-27 10:22 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll

2011-12-27 10:22 . 2011-12-27 10:22 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll

2011-12-27 10:22 . 2011-12-27 10:22 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll

2011-12-27 10:22 . 2011-12-27 10:22 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll

2011-12-27 10:22 . 2011-12-27 10:22 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin.dll

2011-12-27 10:21 . 2011-12-27 10:22 -------- d-----w- c:\program files (x86)\QuickTime

2011-12-26 20:38 . 2011-12-26 20:38 -------- d-----w- C:\Down

2011-12-26 20:38 . 2011-12-26 20:38 -------- d-----w- C:\Perfect World Entertainment

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-01-24 20:04 . 2011-01-30 01:34 30528 ----a-w- c:\windows\GVTDrv64.sys

2012-01-02 19:43 . 2011-07-11 14:12 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr

2012-01-02 19:43 . 2011-07-11 13:56 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.exe

2011-12-20 09:24 . 2011-12-10 07:03 627600 ----a-w- c:\windows\system32\deployJava1.dll

2011-12-13 14:14 . 2011-12-11 19:37 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-12-11 19:40 . 2011-01-30 22:47 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

2011-11-25 22:53 . 2011-07-11 13:56 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0

2011-11-24 05:00 . 2011-12-18 13:09 3141632 ----a-w- c:\windows\system32\win32k.sys

2011-11-05 05:17 . 2011-12-18 13:06 2048 ----a-w- c:\windows\system32\tzres.dll

2011-11-05 04:30 . 2011-12-18 13:06 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2011-11-04 01:53 . 2011-12-19 08:15 2309120 ----a-w- c:\windows\system32\jscript9.dll

2011-11-04 01:44 . 2011-12-19 08:15 1390080 ----a-w- c:\windows\system32\wininet.dll

2011-11-04 01:44 . 2011-12-19 08:15 1493504 ----a-w- c:\windows\system32\inetcpl.cpl

2011-11-04 01:34 . 2011-12-19 08:15 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2011-11-03 22:47 . 2011-12-19 08:15 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll

2011-11-03 22:40 . 2011-12-19 08:15 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2011-11-03 22:39 . 2011-12-19 08:15 1127424 ----a-w- c:\windows\SysWow64\wininet.dll

2011-11-03 22:31 . 2011-12-19 08:15 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-17 221184]

"Akamai NetSession Interface"="c:\users\Roland\AppData\Local\Akamai\netsession_win.exe" [2011-12-23 3334432]

"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-11-10 3514176]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-15 375000]

"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-11-20 106496]

"EasyTuneVI"="c:\program files (x86)\GIGABYTE\ET6\ETcall.exe" [2007-07-26 20480]

"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"HideSCAHealth"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 mi-raysat_3dsMax2009_64;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 64-bit 64-bit;c:\program files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe [2010-06-16 86016]

R2 mi-raysat_3dsmax2010_64;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 64-bit 64-bit;c:\program files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe [2009-03-12 86016]

R2 mi-raysat_3dsmax2012_64;mental ray 3.9 Satellite for Autodesk 3ds Max 2012 64-bit - English 64-bit;c:\program files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [2011-02-23 86016]

R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [x]

R3 dump_wmimmc;dump_wmimmc;c:\gpotato\Rappelz\GameGuard\dump_wmimmc.sys [x]

R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]

R3 etdrv;etdrv;c:\windows\etdrv.sys [2011-05-19 25640]

R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-04-19 1431888]

R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2012-01-24 30528]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 X6va005;X6va005;c:\users\Roland\AppData\Local\Temp\0058E19.tmp [x]

S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]

S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [x]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]

S2 3d-io License Server v2.0;3d-io License Server v2.0;c:\program files (x86)\3d-io plugins\licensing_v2\ActiveLockServerV2.exe [2009-12-15 34816]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]

S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-15 223464]

S2 DES2 Service;DES2 Service for Energy Saving.;c:\program files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [2009-06-18 68136]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]

S2 Smart TimeLock;Smart TimeLock Service;c:\program files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [2009-10-14 114688]

S3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena Plus\Room\safedrv.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

Akamai REG_MULTI_SZ Akamai

.

--------- x86-64 -----------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-26 12681320]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = 127.0.0.1:9421

IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

TCP: DhcpNameServer = 10.1.10.1

CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\shell32.dll

FF - ProfilePath - c:\users\Roland\AppData\Roaming\Mozilla\Firefox\Profiles\onhgmeao.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2653012&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com/?l=dis&o=15784

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ytff-devicevm&type=IEBD&p=

.

- - - - ORPHANS REMOVED - - - -

.

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

AddRemove-Blender - c:\program files (x86)\Blender Foundation\Blender\uninstall.exe

AddRemove-L4D2SP - c:\users\Roland\Downloads\Left 4 Dead 2 V2.0.2.7 Full-Rip {blaze69}\Uninstall SP.exe

AddRemove-NSS - c:\program files (x86)\Norton Security Scan\Engine\3.1.1.6\InstWrap.exe

AddRemove-Oblivion mod manager_is1 - c:\program files (x86)\Bethesda Softworks\Oblivion\obmm\uninstall\unins000.exe

AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_bc2.exe

AddRemove-SystemRequirementsLab - c:\program files (x86)\SystemRequirementsLab\Uninstall.exe

AddRemove-_{53A908D4-99C6-469B-BC13-F4189F260742} - c:\program files (x86)\Corel\Corel Painter Essentials 4\MSILauncher {53A908D4-99C6-469B-BC13-F4189F260742}

AddRemove-{EAD475E8-14E5-4854-8AF5-CE6B4024237C}_is1 - c:\gpotato\Rappelz\unins000.exe

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]

"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_b427739.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va005]

"ImagePath"="\??\c:\users\Roland\AppData\Local\Temp\0058E19.tmp"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-2750241520-802747955-1049020851-1000\Software\SecuROM\License information*]

"datasecu"=hex:5f,73,18,50,7e,57,0d,84,32,1e,ab,a2,a5,3d,18,4b,4a,2f,fc,a8,c8,

4d,9c,ba,c3,a1,ff,df,30,3e,9c,87,cc,74,5b,6a,20,04,91,a4,c9,37,d0,c9,af,f7,\

"rkeysecu"=hex:e0,1a,df,22,d1,cd,73,a1,ec,fa,ae,e8,67,d1,90,4d

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\{47BF077C-44C6-42B1-8F88-ADE2585DD2ED}*]

@=hex:b1,5d,8e,62,5e,fa,cb,01

.

[HKEY_LOCAL_MACHINE\software\Classes\{97A98033-9FA1-4E80-A339-59787B43CC89}*]

@=hex:f3,d4,a9,62,5e,fa,cb,01

.

[HKEY_LOCAL_MACHINE\software\Classes\{A82EB336-567D-4F41-A63E-8113AD8B6903}*]

@=hex:ab,94,9c,5f,5e,fa,cb,01

.

[HKEY_LOCAL_MACHINE\software\Classes\{C4B20040-7D5A-4558-9E19-B7DF94366F97}*]

@=hex:d5,9d,ba,62,5e,fa,cb,01

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-01-25 02:30:27

ComboFix-quarantined-files.txt 2012-01-25 07:30

ComboFix2.txt 2012-01-15 19:18

.

Pre-Run: 200,636,526,592 bytes free

Post-Run: 200,756,965,376 bytes free

.

- - End Of File - - F521345DED4013A20A855A1FFF881CF3

January 19, 2012

oo alright here

January 14, 2012

alright done though im still getting redirect inside websites even youtube its a rare occurance though and never happens on google

January 5, 2012

ooo snap my bad here

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=eb7a94c27590d8428819fc08fc972c63

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-01-03 05:15:50

# local_time=2012-01-03 12:15:50 (-0500, Eastern Standard Time)

# country="United States"

# lang=1033

# osver=6.1.7600 NT

# compatibility_mode=5893 16776574 66 94 9345791 77126401 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=1042341

# found=0

# cleaned=0

# scan_time=27999

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=eb7a94c27590d8428819fc08fc972c63

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-01-04 11:29:28

# local_time=2012-01-04 06:29:28 (-0500, Eastern Standard Time)

# country="United States"

# lang=1033

# osver=6.1.7600 NT

# compatibility_mode=5893 16776574 66 94 9465421 77246031 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=1035369

# found=0

# cleaned=0

# scan_time=17186

Results of screen317's Security Check version 0.99.30

Windows 7 x64 (UAC is disabled!)

Internet Explorer 9

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

ESET Online Scanner v3

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Spybot - Search & Destroy

Java 6 Update 29

Java 7 Update 1

Java version out of date!

Adobe Reader X (10.1.1)

Mozilla Firefox 8.0.1 Firefox out of Date!

````````````````````````````````

Process Check:

objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe

ESET ESET Online Scanner OnlineScannerApp.exe

``````````End of Log````````````

December 30, 2011

aye aye the combo fix log was too long for the post 2nd time now have to attach :/

Malwarebytes Anti-Malware 1.60.0.1800

www.malwarebytes.org

Database version: v2011.12.30.01

Windows 7 x64 NTFS

Internet Explorer 9.0.8112.16421

Roland :: ROLAND714 [administrator]

12/30/2011 12:24:43 AM

mbam-log-2011-12-30 (00-24-43).txt

Scan type: Quick scan

Scan options disabled: P2P

Objects scanned: 241988

Time elapsed: 4 minute(s), 34 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

ComboFIX_LOG.txt

December 23, 2011

aye aye

im getting redirects on this website only when i click next page or so no redirects for google tho only way i can get to this thread is through my profile

December 19, 2011

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8399

Windows 6.1.7600

Internet Explorer 9.0.8112.16421

12/19/2011 1:43:17 PM

mbam-log-2011-12-19 (13-43-17).txt

Scan type: Quick scan

Objects scanned: 240162

Time elapsed: 4 minute(s), 39 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29

Run by Roland at 13:45:49 on 2011-12-19

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4094.2425 [GMT -5:00]

.

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\3d-io plugins\licensing_v2\ActiveLockServerV2.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\SysWOW64\svchost.exe -k Akamai

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe

C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe

C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe

C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe

C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe

C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe

C:\Program Files (x86)\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\SearchProtocolHost.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Logitech\Gaming Software\LWEMon.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe

C:\Users\Roland\AppData\Local\Akamai\netsession_win.exe

C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe

C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe

C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe

C:\Program Files (x86)\Steam\Steam.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uURLSearchHooks: SearchHook Class: {bc86e1ab-eda5-4059-938f-ce307b0c6f0a} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

uRun: [iSUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

uRun: [Akamai NetSession Interface] C:\Users\Roland\AppData\Local\Akamai\netsession_win.exe

mRun: [bCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"

mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRun: [EasyTuneVI] C:\Program Files (x86)\GIGABYTE\ET6\ETcall.exe

mRun: [iSUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start

mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe

mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start

mPolicies-explorer: HideSCAHealth = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 10.1.10.1

TCP: Interfaces\{7065DBAA-AEEC-4DE5-B3D4-E83D2D3C24FB} : DhcpNameServer = 10.1.10.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

mRun-x64: [bCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"

mRun-x64: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRun-x64: [EasyTuneVI] C:\Program Files (x86)\GIGABYTE\ET6\ETcall.exe

mRun-x64: [iSUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start

mRun-x64: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe

mRun-x64: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL

Hosts: 217.23.4.166 www.google-analytics.com.

Hosts: 217.23.4.166 ad-emea.doubleclick.net.

Hosts: 217.23.4.166 www.statcounter.com.

Hosts: 178.250.45.15 www.google-analytics.com.

Hosts: 178.250.45.15 ad-emea.doubleclick.net.

.

Note: multiple HOSTS entries found. Please refer to Attach.txt

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Roland\AppData\Roaming\Mozilla\Firefox\Profiles\onhgmeao.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2653012&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com/?l=dis&o=15784

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ytff-devicevm&type=IEBD&p=

FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll

FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: C:\Program Files\Dassault Systemes\3D XML Player\win_b64\code\bin32\NP3DXMLPlugin.dll

FF - plugin: C:\Users\Roland\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R1 AppleCharger;AppleCharger;C:\Windows\system32\DRIVERS\AppleCharger.sys --> C:\Windows\system32\DRIVERS\AppleCharger.sys [?]

R2 3d-io License Server v2.0;3d-io License Server v2.0;C:\Program Files (x86)\3d-io plugins\licensing_v2\ActiveLockServerV2.exe [2009-12-15 34816]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]

R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992]

R2 BCUService;Browser Configuration Utility Service;C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-15 223464]

R2 DES2 Service;DES2 Service for Energy Saving.;C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [2011-1-29 68136]

R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-8-15 2329480]

R2 mi-raysat_3dsMax2009_64;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 64-bit 64-bit;C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe [2010-6-16 86016]

R2 mi-raysat_3dsmax2010_64;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 64-bit 64-bit;C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe [2009-3-12 86016]

R2 mi-raysat_3dsmax2012_64;mental ray 3.9 Satellite for Autodesk 3ds Max 2012 64-bit - English 64-bit;C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [2011-2-22 86016]

R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-9 2255464]

R2 Smart TimeLock;Smart TimeLock Service;C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe [2011-1-29 114688]

R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]

R3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2011-1-29 30528]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]

S3 etdrv;etdrv;C:\Windows\etdrv.sys [2011-5-18 25640]

S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-2-1 1431888]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 30963576]

S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2011-12-19 08:33:13 367104 ----a-w- C:\Windows\System32\wcncsvc.dll

2011-12-19 08:33:13 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll

2011-12-18 13:09:35 27008 ----a-w- C:\Windows\System32\drivers\Diskdump.sys

2011-12-18 13:06:58 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2011-12-18 13:06:58 2048 ----a-w- C:\Windows\System32\tzres.dll

2011-12-18 07:13:59 -------- d-----w- C:\Users\Roland\AppData\Local\LogMeIn Hamachi

2011-12-18 07:13:34 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi

2011-12-18 06:34:58 -------- d-----w- C:\Users\Roland\AppData\Roaming\ScripterRon

2011-12-17 22:34:27 -------- d-----w- C:\Users\Roland\AppData\Local\{E650F8E4-5452-46D3-9101-425C89ED4914}

2011-12-17 22:34:15 -------- d-----w- C:\Users\Roland\AppData\Local\{428C00D8-053E-492E-850A-2F1DE01C647A}

2011-12-17 05:16:03 -------- d-----w- C:\Users\Roland\.NewTek

2011-12-17 04:57:29 -------- d-----w- C:\Program Files\NewTek

2011-12-17 03:46:48 -------- d-----w- C:\Program Files (x86)\Id soft

2011-12-15 18:37:40 -------- d-----w- C:\Program Files (x86)\Sierra

2011-12-14 07:21:55 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe

2011-12-14 04:27:11 74344 ----a-w- C:\Windows\System32\RtNicProp64.dll

2011-12-14 04:27:11 107624 ----a-w- C:\Windows\System32\RTNUninst64.dll

2011-12-14 04:15:58 65024 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ISBEW64.exe

2011-12-14 04:15:57 757760 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll

2011-12-14 04:15:57 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll

2011-12-14 04:15:57 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll

2011-12-14 04:15:57 204800 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll

2011-12-14 04:15:56 331908 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll

2011-12-14 04:15:56 200836 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll

2011-12-14 04:12:56 535656 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys

2011-12-13 20:03:43 -------- d-----w- C:\Users\Roland\AppData\Roaming\Unity

2011-12-13 19:57:09 -------- d-----w- C:\Users\Roland\AppData\Local\Unity

2011-12-11 21:27:01 13800 ----a-w- C:\Windows\System32\drivers\ssadwh.sys

2011-12-11 21:27:00 13288 ----a-w- C:\Windows\System32\drivers\ssadcm.sys

2011-12-11 21:26:36 -------- d-----w- C:\Program Files\SAMSUNG

2011-12-11 21:26:06 -------- d-----w- C:\ProgramData\Samsung

2011-12-11 19:40:35 476904 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\REN1B6.tmp

2011-12-11 19:37:56 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-12-10 07:03:56 627600 ----a-w- C:\Windows\System32\deployJava1.dll

2011-12-10 06:57:40 -------- d-----w- C:\Program Files (x86)\Santiago Orgaz

2011-12-10 01:25:54 -------- d-----w- C:\$RECYCLE.BIN

2011-12-10 01:06:13 98816 ----a-w- C:\Windows\sed.exe

2011-12-10 01:06:13 518144 ----a-w- C:\Windows\SWREG.exe

2011-12-10 01:06:13 256000 ----a-w- C:\Windows\PEV.exe

2011-12-10 01:06:13 208896 ----a-w- C:\Windows\MBR.exe

2011-12-09 11:24:21 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0

2011-12-07 16:05:39 -------- d-----w- C:\Program Files\AMD

2011-12-04 03:14:14 -------- d-----w- C:\Users\Roland\AppData\Roaming\Dropbox

2011-12-03 15:26:17 -------- d-----w- C:\Program Files (x86)\Common Files\AMD

2011-11-28 05:30:07 -------- d-----we C:\Windows\system64

2011-11-25 03:54:11 -------- d-----w- C:\Users\Roland\AppData\Roaming\bOOONNtxA0uc2iD

2011-11-25 03:54:07 -------- d-----w- C:\Users\Roland\AppData\Roaming\B77ffEL88gZqh

2011-11-25 03:54:06 -------- d-----w- C:\Users\Roland\AppData\Roaming\Z999gTTXq

2011-11-25 03:54:06 -------- d-----w- C:\Users\Roland\AppData\Roaming\oOONNtxxA0uS2bD

2011-11-25 03:54:02 -------- d-----w- C:\Users\Roland\AppData\Roaming\hooonGG4amH6WJf

2011-11-25 03:54:01 -------- d-----w- C:\Users\Roland\AppData\Roaming\qccSS1ibb3onGaH

2011-11-23 22:11:23 -------- d-----w- C:\Users\Roland\AppData\Local\SCE

2011-11-23 11:26:27 -------- d-----w- C:\Program Files (x86)\ATI Research Inc

2011-11-23 07:32:11 198656 ----a-w- C:\Windows\SysWow64\Comdlg32.ocx

2011-11-23 00:43:56 -------- d-----w- C:\Users\Roland\AppData\Local\{970492A1-4B99-42C9-B472-065740F9C9EB}

2011-11-23 00:43:45 -------- d-----w- C:\Users\Roland\AppData\Local\{72BB1DDD-B6CD-4918-B4F0-6A326666FEEB}

2011-11-22 23:57:32 -------- d-----w- C:\Program Files (x86)\98C23

2011-11-22 23:57:12 -------- d-----w- C:\Users\Roland\AppData\Roaming\xRRZZ9hTXwjUClB

2011-11-22 23:57:12 -------- d-----w- C:\Users\Roland\AppData\Roaming\NzzzPPNyxA1uS2b

2011-11-22 23:57:01 -------- d-----w- C:\Users\Roland\AppData\Roaming\rWWWJJ7dEL8gZqY

2011-11-22 23:57:00 -------- d-----w- C:\Users\Roland\AppData\Roaming\Q7ffEEL8gTZ

2011-11-22 23:57:00 -------- d-----w- C:\Users\Roland\AppData\Roaming\nttxxP0uuc1i

2011-11-22 23:56:58 -------- d-----w- C:\Users\Roland\AppData\Roaming\F8998

2011-11-22 23:56:33 -------- d-----w- C:\Users\Roland\AppData\Roaming\hFF44pmmG

2011-11-22 23:56:32 -------- d-----w- C:\Users\Roland\AppData\Roaming\LtttzPP0ycA1vDo

2011-11-22 23:44:12 -------- d-----w- C:\Users\Roland\AppData\Local\{A6DC21A5-2B27-4E2F-B232-6C4C7A69AF31}

2011-11-22 23:44:00 -------- d-----w- C:\Users\Roland\AppData\Local\{E3CE3080-C760-4059-898C-C90A69F9FF67}

2011-11-22 19:09:29 -------- d-----w- C:\ProgramData\PackfileExplorer

2011-11-22 05:17:51 -------- d-----w- C:\Users\Roland\AppData\Local\{2DFF5213-D589-4384-8E79-DCCCF551D886}

2011-11-22 05:17:39 -------- d-----w- C:\Users\Roland\AppData\Local\{F07369E6-E070-4933-A064-FAA912F188BC}

2011-11-21 23:55:28 -------- d-----w- C:\Users\Roland\AppData\Local\{996A5C83-A4EF-4178-91E5-F20154B3A7B1}

2011-11-21 23:55:15 -------- d-----w- C:\Users\Roland\AppData\Local\{9B229EAA-111E-45FE-B3CA-9C1734FB0C7A}

2011-11-21 04:41:47 -------- d-----w- C:\Users\Roland\AppData\Local\{60BDAFCE-9D24-45FC-814A-D96F2DEAA9AC}

2011-11-21 04:41:36 -------- d-----w- C:\Users\Roland\AppData\Local\{FB9064CD-8BFE-4D58-BB0E-6A7AB5A09D12}

2011-11-20 05:40:47 -------- d-----w- C:\Users\Roland\AppData\Roaming\Blender Foundation

2011-11-20 05:40:44 -------- d-----w- C:\Users\Roland\.thumbnails

.

==================== Find3M ====================

.

2011-12-19 18:33:26 30528 ----a-w- C:\Windows\GVTDrv64.sys

2011-12-19 18:33:11 25640 ----a-w- C:\Windows\gdrv.sys

2011-12-11 19:40:18 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2011-11-25 22:53:42 215128 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr

2011-11-25 22:53:42 215128 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe

2011-11-24 05:00:47 3141632 ----a-w- C:\Windows\System32\win32k.sys

2011-11-19 15:41:28 215128 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0

2011-11-04 01:53:39 2309120 ----a-w- C:\Windows\System32\jscript9.dll

2011-11-04 01:44:47 1390080 ----a-w- C:\Windows\System32\wininet.dll

2011-11-04 01:44:21 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl

2011-11-04 01:34:43 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2011-11-03 22:47:42 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll

2011-11-03 22:40:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2011-11-03 22:39:47 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll

2011-11-03 22:31:57 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-10-26 05:19:07 43520 ----a-w- C:\Windows\System32\csrsrv.dll

2011-10-15 06:25:12 723456 ----a-w- C:\Windows\System32\EncDec.dll

2011-10-15 05:48:52 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll

2011-09-29 16:24:44 1897328 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2011-09-28 22:45:42 15453832 ----a-w- C:\Windows\SysWow64\xlive.dll

2011-09-28 22:45:42 13642888 ----a-w- C:\Windows\SysWow64\xlivefnt.dll

.

============= FINISH: 13:48:06.35 ===============

Run date: 2011-12-19 13:44:54

-----------------------------

13:44:54.817 OS Version: Windows x64 6.1.7600

13:44:54.832 Number of processors: 8 586 0x1A05

13:44:54.832 ComputerName: ROLAND714 UserName: Roland

13:44:59.793 Initialize success

13:45:14.995 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1

13:45:14.995 Disk 0 Vendor: ST31000528AS CC3E Size: 953869MB BusType: 3

13:45:17.039 Disk 0 MBR read successfully

13:45:17.039 Disk 0 MBR scan

13:45:17.039 Disk 0 Windows 7 default MBR code

13:45:17.039 Service scanning

13:45:18.583 Modules scanning

13:45:18.583 Disk 0 trace - called modules:

13:45:18.583 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys

13:45:18.583 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80047b6060]

13:45:18.583 3 CLASSPNP.SYS[fffff880018bd43f] -> nt!IofCallDriver -> [0xfffffa8004539520]

13:45:18.583 5 ACPI.sys[fffff88000ef3781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa8004528060]

13:45:18.583 Scan finished successfully

13:45:30.595 Disk 0 MBR has been saved successfully to "C:\Users\Roland\Desktop\MBR.dat"

13:45:30.595 The log file has been saved successfully to "C:\Users\Roland\Desktop\aswMBR.txt"

MBR.rar

Attach.txt

December 18, 2011

ooh reformating isnt an option for me ill try the cleaning method

December 12, 2011

screen ya still with me

December 10, 2011

and here is the dds

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29

Run by Roland at 23:22:12 on 2011-12-09

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4094.1937 [GMT -5:00]

.

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\3d-io plugins\licensing_v2\ActiveLockServerV2.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\SysWOW64\svchost.exe -k Akamai

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe

C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe

C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe

C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe

C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe

C:\Program Files (x86)\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Logitech\Gaming Software\LWEMon.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\AlarmClock.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Program Files (x86)\Steam\Steam.exe

c:\program files (x86)\steam\steamapps\ramoneb\sourcesdk\bin\SDKLauncher.exe

c:\program files (x86)\steam\steamapps\ramoneb\sourcesdk\bin\source2009\bin\hlmv.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uURLSearchHooks: SearchHook Class: {bc86e1ab-eda5-4059-938f-ce307b0c6f0a} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL

BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

uRun: [iSUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized