Rolandz

aye thank you Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Database version: 8081 Windows 6.1.7600 Internet Explorer 9.0.8112.16421 11/7/2011 12:22:31 AM mbam-log-2011-11-07 (00-22-31).txt Scan type: Quick scan Objects scanned: 243381 Time elapsed: 8 minute(s), 25 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) ----------end--------------- ComboFix 11-11-07.02 - Roland 11/07/2011 0:38.1.8 - x64 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4094.2433 [GMT -5:00] Running from: c:\users\Roland\Desktop\ComboFix.exe SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\install.exe c:\program files (x86)\Internet Explorer\30C0.tmp c:\program files (x86)\Internet Explorer\618F.tmp c:\program files (x86)\Internet Explorer\7047.tmp c:\program files (x86)\Internet Explorer\B2CA.tmp c:\program files (x86)\Internet Explorer\C199.tmp c:\program files (x86)\Internet Explorer\E2E6.tmp c:\program files (x86)\Internet Explorer\EB28.tmp c:\program files (x86)\Internet Explorer\ED98.tmp c:\users\Parker.Roland714\AppData\Local\ffb55fff\U c:\users\Parker.Roland714\AppData\Local\ffb55fff\U\80000000.@ c:\users\Parker.Roland714\AppData\Local\ffb55fff\U\800000cb.@ c:\users\Parker.Roland714\AppData\Local\Microsoft\Windows\Temporary Internet Files\BrdfFromTextures.zip c:\users\Parker.Roland714\AppData\Local\Microsoft\Windows\Temporary Internet Files\BumpyGlossyMetal.zip c:\users\Parker.Roland714\AppData\Local\Microsoft\Windows\Temporary Internet Files\carpaint_texColor.zip c:\users\Parker.Roland714\AppData\Local\Microsoft\Windows\Temporary Internet Files\EdgeFuzz.zip c:\users\Parker.Roland714\AppData\Local\Microsoft\Windows\Temporary Internet Files\Grisaille.zip c:\users\Parker.Roland714\AppData\Local\Microsoft\Windows\Temporary Internet Files\lambSkin.zip c:\users\Parker.Roland714\AppData\Local\Microsoft\Windows\Temporary Internet Files\metalD.zip c:\users\Parker.Roland714\AppData\Local\Microsoft\Windows\Temporary Internet Files\reflections.zip c:\users\Parker.Roland714\AppData\Local\Microsoft\Windows\Temporary Internet Files\scene_uvds_skin.cgfx.zip c:\users\Parker.Roland714\AppData\Local\Microsoft\Windows\Temporary Internet Files\subcutaneous.zip c:\users\Parker.Roland714\AppData\Local\Microsoft\Windows\Temporary Internet Files\vbomb.zip c:\users\Parker.Roland714\AppData\Roaming\Mozilla\Firefox\Profiles\4en49548.default\extensions\{8472617a-6155-40ac-bffa-119e96323035} c:\users\Parker.Roland714\AppData\Roaming\Mozilla\Firefox\Profiles\4en49548.default\extensions\{8472617a-6155-40ac-bffa-119e96323035}\chrome\xulcache.jar c:\users\Parker.Roland714\AppData\Roaming\Mozilla\Firefox\Profiles\4en49548.default\extensions\{8472617a-6155-40ac-bffa-119e96323035}\defaults\preferences\xulcache.js c:\users\Parker.Roland714\AppData\Roaming\Mozilla\Firefox\Profiles\4en49548.default\extensions\{8472617a-6155-40ac-bffa-119e96323035}\install.rdf c:\users\Parker.Roland714\AppData\Roaming\Roaming c:\users\Parker.Roland714\AppData\Roaming\Roaming\Quest3D\ShipSimExtreme\channels.lst c:\users\Parker.Roland714\DATA308.BIN c:\users\Roland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Guard Online c:\users\Roland\AppData\Roaming\Mozilla\Firefox\Profiles\onhgmeao.default\extensions\{8472617a-6155-40ac-bffa-119e96323035} c:\users\Roland\AppData\Roaming\Mozilla\Firefox\Profiles\onhgmeao.default\extensions\{8472617a-6155-40ac-bffa-119e96323035}\chrome\xulcache.jar c:\users\Roland\AppData\Roaming\Mozilla\Firefox\Profiles\onhgmeao.default\extensions\{8472617a-6155-40ac-bffa-119e96323035}\defaults\preferences\xulcache.js c:\users\Roland\AppData\Roaming\Mozilla\Firefox\Profiles\onhgmeao.default\extensions\{8472617a-6155-40ac-bffa-119e96323035}\install.rdf c:\windows\assembly\tmp\U . . ((((((((((((((((((((((((( Files Created from 2011-10-07 to 2011-11-07 ))))))))))))))))))))))))))))))) . . . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-07 06:37 . 2011-01-30 01:34 30528 ----a-w- c:\windows\GVTDrv64.sys 2011-11-07 06:37 . 2011-01-30 01:34 25640 ----a-w- c:\windows\gdrv.sys 2011-10-01 06:15 . 2011-05-30 15:54 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-09-08 03:27 . 2011-09-08 03:27 0 ----a-w- c:\windows\DXT8511.tmp 2011-09-08 03:27 . 2011-09-08 03:27 0 ----a-w- c:\windows\DXT84B2.tmp 2011-09-08 03:27 . 2011-09-08 03:27 0 ----a-w- c:\windows\DXT82ED.tmp 2011-08-16 12:48 . 2011-09-06 13:26 8862544 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D1E5DF95-0E45-4CD4-A224-1E0E5572AFF6}\mpengine.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-17 221184] "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408] "msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-06-15 15141768] "Akamai NetSession Interface"="c:\users\Roland\AppData\Local\Akamai\netsession_win.exe" [2011-11-05 3293784] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-15 375000] "NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-11-20 106496] "EasyTuneVI"="c:\program files (x86)\GIGABYTE\ET6\ETcall.exe" [2007-07-26 20480] "ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920] "amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-08-19 421736] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R1 ksleovbm;ksleovbm;c:\windows\system32\drivers\ksleovbm.sys [x] R1 zjlxuskj;zjlxuskj;c:\windows\system32\drivers\zjlxuskj.sys [x] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152] R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [x] R3 dump_wmimmc;dump_wmimmc;c:\gpotato\Rappelz\GameGuard\dump_wmimmc.sys [x] R3 etdrv;etdrv;c:\windows\etdrv.sys [2011-05-19 25640] R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-04-19 1431888] R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena Plus\Room\safedrv.sys [x] R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2011-11-07 30528] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [x] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136] S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-15 223464] S2 DES2 Service;DES2 Service for Energy Saving.;c:\program files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [2009-06-18 68136] S2 Giraffic;Veoh Giraffic Video Accelerator;c:\program files (x86)\Giraffic\Veoh_GirafficWatchdog.exe [2011-09-19 2221200] S2 mi-raysat_3dsMax2009_64;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 64-bit 64-bit;c:\program files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe [2010-06-16 86016] S2 mi-raysat_3dsmax2012_64;mental ray 3.9 Satellite for Autodesk 3ds Max 2012 64-bit - English 64-bit;c:\program files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [2011-02-23 86016] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464] S2 Smart TimeLock;Smart TimeLock Service;c:\program files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [2009-10-14 114688] S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-01-27 2253688] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c1e9955f-2c99-11e0-a1dc-1c6f653e891a}] \shell\AutoRun\command - F:\OblivionLauncher.exe . Contents of the 'Scheduled Tasks' folder . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-26 10135584] "Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com/ IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 10.1.10.1 CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\shell32.dll FF - ProfilePath - c:\users\Roland\AppData\Roaming\Mozilla\Firefox\Profiles\onhgmeao.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2653012&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2653012&SearchSource=13 FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ytff-devicevm&type=IEBD&p= . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{cd90bf73-20f6-44ef-993d-bb920303bd2e} - (no file) Wow6432Node-HKU-Default-Run-AppleUpdate - c:\users\Parker.Roland714\AppData\Local\Apple Computer\AppleUpdate\Appleupdt32.exe WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) WebBrowser-{CD90BF73-20F6-44EF-993D-BB920303BD2E} - (no file) AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe AddRemove-Blender - c:\program files (x86)\Blender Foundation\Blender\uninstall.exe AddRemove-L4D2SP - c:\users\Roland\Downloads\Left 4 Dead 2 V2.0.2.7 Full-Rip {blaze69}\Uninstall SP.exe AddRemove-NSS - c:\program files (x86)\Norton Security Scan\Engine\3.1.1.6\InstWrap.exe AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_bc2.exe AddRemove-SystemRequirementsLab - c:\program files (x86)\SystemRequirementsLab\Uninstall.exe AddRemove-_{53A908D4-99C6-469B-BC13-F4189F260742} - c:\program files (x86)\Corel\Corel Painter Essentials 4\MSILauncher {53A908D4-99C6-469B-BC13-F4189F260742} AddRemove-{EAD475E8-14E5-4854-8AF5-CE6B4024237C}_is1 - c:\gpotato\Rappelz\unins000.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai] "ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_d71b4a3.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-2750241520-802747955-1049020851-1000\Software\SecuROM\License information*] "datasecu"=hex:b7,c4,ae,7c,56,78,a7,c5,b8,b5,d3,a9,38,9f,3b,6a,7a,27,41,9e,52, 65,32,8c,4d,e9,94,44,dc,8b,5e,14,64,58,19,66,3e,7a,26,df,39,98,01,63,6b,4d,\ "rkeysecu"=hex:16,9c,be,ed,91,41,cb,0f,88,80,e3,87,20,f8,fa,08 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{47BF077C-44C6-42B1-8F88-ADE2585DD2ED}*] @=hex:b1,5d,8e,62,5e,fa,cb,01 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{97A98033-9FA1-4E80-A339-59787B43CC89}*] @=hex:f3,d4,a9,62,5e,fa,cb,01 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{A82EB336-567D-4F41-A63E-8113AD8B6903}*] @=hex:ab,94,9c,5f,5e,fa,cb,01 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{C4B20040-7D5A-4558-9E19-B7DF94366F97}*] @=hex:d5,9d,ba,62,5e,fa,cb,01 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe c:\program files (x86)\Bonjour\mDNSResponder.exe c:\program files (x86)\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe c:\windows\SysWOW64\PnkBstrA.exe c:\program files (x86)\Giraffic\Veoh_Giraffic.exe c:\program files (x86)\GIGABYTE\Smart6\Timelock\AlarmClock.exe . ************************************************************************** . Completion time: 2011-11-07 02:03:32 - machine was rebooted ComboFix-quarantined-files.txt 2011-11-07 07:03 . Pre-Run: 226,900,037,632 bytes free Post-Run: 226,487,951,360 bytes free . - - End Of File - - 16A2FF411748EB9060C46EE543BC38B2 still getting redirects on goggle and svc still crazy it actually got worse if i cant hear from you tonight my internet is going to be disconnected for a good while a week and a half the most !

sorry to bump again but can anyone help me ill sum up the problem its a google redirect that i get on iexplorer and firefox tdss killer spybot malwarebytes kapersky and mcafee is unable to remove it and i believe my svc might be a bit higher than usual. yesterday a friend suggested i uninstall iexplorer and run spybot so that stopped the iexplorer processes but i think i may still have it if i turn it back on spybot only found cookies

is anyone able to help me i have tried everything even resetting router ill post the attach log if any available experts or vets can help me if they have time that would be great . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Ultimate Boot Device: \Device\HarddiskVolume1 Install Date: 1/29/2011 4:36:21 PM System Uptime: 10/28/2011 9:06:53 PM (1 hours ago) . Motherboard: Gigabyte Technology Co., Ltd. | | X58-USB3 Processor: Intel® Core i7 CPU 920 @ 2.67GHz | Socket 1366 | 2661/133mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 932 GiB total, 222.838 GiB free. D: is CDROM () F: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP1479: 10/15/2011 11:01:22 AM - Automatic creation RP1485: 10/16/2011 10:28:23 AM - Automatic creation RP1497: 10/17/2011 11:23:49 AM - Automatic creation RP1508: 10/18/2011 12:35:31 PM - Automatic creation RP1516: 10/19/2011 12:14:42 PM - Automatic creation RP1522: 10/20/2011 8:10:05 AM - Automatic creation RP1528: 10/21/2011 7:58:26 AM - Automatic creation RP1534: 10/22/2011 3:20:09 AM - Automatic creation RP1540: 10/23/2011 7:36:18 PM - Automatic creation RP1548: 10/24/2011 2:54:36 PM - Automatic creation RP1554: 10/25/2011 2:22:44 PM - Automatic creation RP1556: 10/25/2011 8:53:24 PM - Automatic creation RP1560: 10/27/2011 12:14:56 PM - Automatic creation RP1567: 10/28/2011 2:57:32 PM - Automatic creation RP1569: 10/28/2011 9:37:37 PM - Automatic creation . ==== Installed Programs ====================== . @BIOS Ver.2.06 3DS Max DDS Plug-In Adobe AIR Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Reader X (10.1.1) Adobe Shockwave Player 11.5 AIM 7 Akamai NetSession Interface Alien Breed 2: Assault Apple Application Support Apple Software Update Autodesk 3ds Max 8 Autodesk 3ds Max 8 Additional Maps and Materials Autodesk 3ds Max 8 Reference Files Autodesk Backburner 2012.0.0 Autodesk Crosswalk 2011.5 Autodesk Material Library 2012 Autodesk Material Library Base Resolution Image Library 2012 Autodesk Material Library Medium Resolution Image Library 2012 Autodesk Softimage Mod Tool 7.5 AutoGreen B09.1014.2 Battlefield: Bad Company 2 Bioshock Demo BLAZBLUE -CALAMITY TRIGGER- Blender (remove only) Borderlands Browser Configuration Utility Cellfactor Revolution Corel Painter Essentials 4 Counter-Strike: Source Counter-Strike: Source Beta Craft Director Studio Crazybump (remove only) D3DX10 DAEMON Tools Lite Dassault Systemes 3DVIA Printscreen DDS Thumbnail Viewer Dead Rising 2 Dead Space™ Definition update for Microsoft Office 2010 (KB982726) DES 2.0 Deus Ex Demo Devil May Cry 3 Special Edition Dogfighter Demo Download Updater (AOL LLC) Dual-Core Optimizer Duke Nukem Forever Easy Tune 6 B10.0420.1 ESET Online Scanner v3 Fallout 3 Fraps (remove only) Garena Plus Garry's Mod Gears of War GIMP 2.6.11 Grand Theft Auto IV Half-Life 2: Episode Two Hitman: Blood Money HxD Hex Editor version 1.7.7.0 Java Auto Updater Java 6 Update 22 Killing Floor Killing Floor SDK Lara Croft and the Guardian of Light Left 4 Dead 2 Left 4 Dead 2 Add-on Support Left 4 Dead 2 Authoring Tools Left 4 Dead 2 Standalone Patch™ Linux MultiMedia Studio (LMMS) LOST PLANET 2 Magicka Malwarebytes' Anti-Malware version 1.51.2.1300 Marmoset Toolbag 1.02 MediaCoder x64 2011-RC2 RC2 Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) Microsoft Games for Windows - LIVE Microsoft Games for Windows - LIVE Redistributable Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Groove MUI (English) 2010 Microsoft Office InfoPath MUI (English) 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Word MUI (English) 2010 Microsoft Silverlight Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Microsoft XNA Framework Redistributable 3.0 Microsoft XNA Framework Redistributable 3.1 Moonbase Alpha Mozilla Firefox 7.0.1 (x86 en-US) MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) NEC Electronics USB 3.0 Host Controller Driver Norton Security Scan Notepad++ NVIDIA 3D Vision Controller Driver NVIDIA Cg Toolkit 3.0 February 2011 NVIDIA FX Composer 2.5 Shader Debugger plugin NVIDIA PhysX Oblivion Oblivion mod manager 1.1.12 OblivionOnline ON_OFF Charge B10.0422.2 OpenAL OpenOffice.org 3.3 Pando Media Booster Portal 2 Portal 2 Authoring Tools - Beta PunkBuster Services Python 2.4.4 QuickTime RAGE Rappelz_US Realtek Ethernet Controller Driver For Windows 7 Realtek High Definition Audio Driver Red Faction: Guerrilla resident evil 4 REVOLUTiON CSM SourceSDK with Service Pack 3 Rockstar Games Social Club Safari Sculptris Alpha 6 Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Extended (KB2416472) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) SILENT HILL 4 Skype™ 5.3 Smart 6 B10.0422.1 SOFTIMAGE CROSSWALK 3.11 SOFTIMAGE XSI 6.01 Mod Tool Source SDK Base 2006 Source SDK Base 2007 Spiral Knights Star Wars: The Force Unleashed StudioCompiler v0.4A Super Street Fighter IV: Arcade Edition System Requirements Lab TeamViewer 6 Thumbplug TGA UE3Redist Unigine Sanctuary Demo v2.3 Unigine Tropics Demo v1.3 Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft Office 2010 (KB2494150) Veoh Giraffic Video Accelerator VLC media player 1.1.5 Warhammer® 40,000®: Dawn of War® II – Retribution™ Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Messenger Windows Live Photo Common Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack World of Tanks v.0.6.5 Worms Reloaded Demo x264vfw - H.264/MPEG-4 AVC codec (remove only) x264vfw - H.264/MPEG-4 AVC codec for x64 (remove only) xNormal 3.17.4 ZBrush 4 . ==== Event Viewer Messages From Past Week ======== . 10/28/2011 9:54:19 PM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file. 10/28/2011 9:07:08 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\SystemRoot\System32\Config\SOFTWARE' was corrupted and it has been recovered. Some data might have been lost. 10/28/2011 2:29:30 PM, Error: Service Control Manager [7001] - The MBAMService service depends on the MBAMProtector service which failed to start because of the following error: The system cannot find the file specified. 10/28/2011 2:29:30 PM, Error: Service Control Manager [7000] - The MBAMProtector service failed to start due to the following error: The system cannot find the file specified. 10/25/2011 8:25:18 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect. 10/25/2011 8:25:18 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 10/25/2011 8:25:06 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 10/25/2011 8:24:53 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 10/25/2011 8:24:47 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. 10/25/2011 8:24:47 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473536. 10/25/2011 3:46:52 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffffa80047ff7a7, 0x0000000000000000, 0x0000000077550000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 102511-64615-01. 10/25/2011 11:45:14 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the TeamViewer 6 service to connect. 10/25/2011 11:45:14 AM, Error: Service Control Manager [7000] - The TeamViewer 6 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 10/24/2011 4:16:54 AM, Error: Service Control Manager [7023] - The Superfetch service terminated with the following error: The authentication service is unknown. 10/24/2011 2:14:20 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting. 10/24/2011 2:10:38 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{783fc25a-2beb-11e0-9f7c-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{23591129-B7F5-4669-A630-6B5B9AFBF512}' was corrupted and it has been recovered. Some data might have been lost. 10/24/2011 2:08:55 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{783fc25a-2beb-11e0-9f7c-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{28F5FACD-5970-43E4-ACBE-E98334823AE8}' was corrupted and it has been recovered. Some data might have been lost. 10/24/2011 2:08:40 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy20. 10/24/2011 2:08:10 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{783fc25a-2beb-11e0-9f7c-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{AFB76FD3-CAC2-4DF7-B6E2-6F7DA85509B6}' was corrupted and it has been recovered. Some data might have been lost. 10/24/2011 2:01:49 PM, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}. The error: "5" Happened while starting this command: C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} 10/24/2011 2:00:04 PM, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}. The error: "5" Happened while starting this command: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding 10/24/2011 11:52:53 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{783fc25a-2beb-11e0-9f7c-806e6f6e6963}\System Volume Information\SystemRestore\New-software' was corrupted and it has been recovered. Some data might have been lost. 10/24/2011 11:45:31 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} 10/24/2011 11:44:49 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 10/24/2011 11:44:48 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 10/24/2011 11:44:43 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 10/24/2011 11:44:34 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 10/24/2011 11:44:15 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AppleCharger discache spldr Wanarpv6 10/24/2011 11:44:15 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 10/24/2011 11:44:11 AM, Error: Service Control Manager [7001] - The Windows Firewall service depends on the Windows Firewall Authorization Driver service which failed to start because of the following error: Cannot create a file when that file already exists. 10/24/2011 11:44:11 AM, Error: Service Control Manager [7000] - The Windows Firewall Authorization Driver service failed to start due to the following error: Cannot create a file when that file already exists. 10/23/2011 5:54:15 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy3. 10/23/2011 5:53:44 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{783fc25a-2beb-11e0-9f7c-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{2990BA32-50D8-425C-9297-DFD208C51F1C}' was corrupted and it has been recovered. Some data might have been lost. 10/23/2011 5:49:46 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{783fc25a-2beb-11e0-9f7c-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{D78167F6-3CC0-41BC-879F-C1B903C747EC}' was corrupted and it has been recovered. Some data might have been lost. 10/23/2011 5:49:32 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{783fc25a-2beb-11e0-9f7c-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{99BD0D92-5201-4E31-BDA1-89E0658B26BE}' was corrupted and it has been recovered. Some data might have been lost. 10/23/2011 5:49:14 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{783fc25a-2beb-11e0-9f7c-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{22E38E18-8B74-467B-88E6-D00326F11CB0}' was corrupted and it has been recovered. Some data might have been lost. 10/23/2011 5:48:04 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{783fc25a-2beb-11e0-9f7c-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{7F24ECE1-FC81-4FE0-9A3C-AFBCED0A9D09}' was corrupted and it has been recovered. Some data might have been lost. 10/23/2011 5:47:52 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy22. 10/23/2011 5:47:41 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{783fc25a-2beb-11e0-9f7c-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{84F51816-E4D9-4387-8252-AB68EF33B920}' was corrupted and it has been recovered. Some data might have been lost. 10/23/2011 5:47:19 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{783fc25a-2beb-11e0-9f7c-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{660CC457-2A91-4C5B-8601-55749452C3AA}' was corrupted and it has been recovered. Some data might have been lost. 10/23/2011 5:46:49 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{783fc25a-2beb-11e0-9f7c-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{7A4EA918-FA46-40C8-A39B-904FE9B78ADA}' was corrupted and it has been recovered. Some data might have been lost. 10/23/2011 5:45:43 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{783fc25a-2beb-11e0-9f7c-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{D36A48BE-BF54-4C76-A011-003619EF5EE1}' was corrupted and it has been recovered. Some data might have been lost. 10/23/2011 5:44:28 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{783fc25a-2beb-11e0-9f7c-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{1BC851A0-6022-4F66-9F42-7D56EC016685}' was corrupted and it has been recovered. Some data might have been lost. 10/21/2011 4:31:33 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{783fc25a-2beb-11e0-9f7c-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{49947332-C388-437A-9C4A-2D44128C3BB8}' was corrupted and it has been recovered. Some data might have been lost. 10/21/2011 4:27:34 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{783fc25a-2beb-11e0-9f7c-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{E24B685C-6970-49A2-AD76-15CA4E52A814}' was corrupted and it has been recovered. Some data might have been lost. 10/21/2011 4:27:22 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{783fc25a-2beb-11e0-9f7c-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{8C2AFEE9-6D19-4059-A748-EB3F8FC96A53}' was corrupted and it has been recovered. Some data might have been lost. 10/21/2011 4:27:05 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy5. 10/21/2011 4:27:03 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{783fc25a-2beb-11e0-9f7c-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{8E6F038E-778E-4FD4-9309-13D8F50FFA0C}' was corrupted and it has been recovered. Some data might have been lost. 10/21/2011 4:23:09 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{783fc25a-2beb-11e0-9f7c-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{AD9964EC-C84C-44F7-AED8-E2F4DA9E4A47}' was corrupted and it has been recovered. Some data might have been lost. 10/21/2011 4:22:57 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{783fc25a-2beb-11e0-9f7c-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{F49089B7-3B71-4D75-A3E3-809D8145EA0E}' was corrupted and it has been recovered. Some data might have been lost. 10/21/2011 4:22:40 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{783fc25a-2beb-11e0-9f7c-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{D93DD280-44E2-46FE-8522-1492F860A6D4}' was corrupted and it has been recovered. Some data might have been lost. 10/21/2011 4:21:35 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{783fc25a-2beb-11e0-9f7c-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{089355FA-1CB8-4C24-B2FA-9F2B6F8F01C6}' was corrupted and it has been recovered. Some data might have been lost. 10/21/2011 4:21:23 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy24. 10/21/2011 4:21:13 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{783fc25a-2beb-11e0-9f7c-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{612C5292-4D97-498B-B72F-20E7B3BEAA12}' was corrupted and it has been recovered. Some data might have been lost. 10/21/2011 4:20:55 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{783fc25a-2beb-11e0-9f7c-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{20A63B09-B3B6-4602-AB87-6E918A32C6D5}' was corrupted and it has been recovered. Some data might have been lost. 10/21/2011 4:20:27 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{783fc25a-2beb-11e0-9f7c-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{1E972ED4-2FE7-437F-B9A6-881B81CF0FC1}' was corrupted and it has been recovered. Some data might have been lost. 10/21/2011 4:19:26 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{783fc25a-2beb-11e0-9f7c-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{90F041D2-F423-4F69-B793-4D1995466595}' was corrupted and it has been recovered. Some data might have been lost. . ==== End Of File ===========================

Hello, I have a Reoccuring virus i got 3 times now on my computer the last two incidents was with a virus called guard online the program froze my computer (and i have a pretty good rig) so i couldn't do anything unless i was in safe mode i fixed it by doing a system restore in safe mode everything was fine after the 3rd time i did the same procedure but in the end there still was a problem long story short i hear advertisement in background, Google redirecting window explorer says it crashes and resets also high internet explorer process when it isn't running i decided to take action on my own using Kapersky McAfee it found Trojans and a few viruses but i still have the problem after scanning and now all my scans says it is clean i used Tdss it checks out clear and i unfortunately used cc cleaner before a friend suggested this forum here is the Malwarebyte scan at first it did find Trojans and such but now it scans clean even on full and i constantly get the message that it is blocking an ip using iexplorer i used ESET over night i have it as an attachment in the case it shouldn't be posted with this sorry for all the yapping If its unnecessary info im new here is the scan and dds program said i should keep the "Attach" doc unless requested o and sorry about my bad grammar Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Database version: 8039 Windows 6.1.7600 Internet Explorer 9.0.8112.16421 10/28/2011 9:16:41 PM mbam-log-2011-10-28 (21-16-41).txt Scan type: Quick scan Objects scanned: 243869 Time elapsed: 6 minute(s), 32 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_22 Run by Roland at 21:54:40 on 2011-10-28 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4094.1978 [GMT -4:00] . SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Windows\SysWOW64\svchost.exe -k Akamai C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe C:\Program Files (x86)\Bonjour\mDNSResponder.exe C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe C:\Program Files (x86)\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe C:\Windows\SysWOW64\PnkBstrA.exe C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\Explorer.EXE C:\Program Files (x86)\Giraffic\Veoh_Giraffic.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\Logitech\Gaming Software\LWEMon.exe C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\iPod\bin\iPodService.exe C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\AlarmClock.exe C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\SysWOW64\NOTEPAD.EXE C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\system32\NOTEPAD.EXE C:\Program Files (x86)\Steam\Steam.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\REGSVR32.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uURLSearchHooks: SearchHook Class: {bc86e1ab-eda5-4059-938f-ce307b0c6f0a} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll uURLSearchHooks: H - No File mWinlogon: Userinit=userinit.exe, BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File TB: {CD90BF73-20F6-44EF-993D-BB920303BD2E} - No File uRun: [iSUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized mRun: [bCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" mRun: [EasyTuneVI] C:\Program Files (x86)\GIGABYTE\ET6\ETcall.exe mRun: [iSUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent dRun: [AppleUpdate] C:\Users\Parker.Roland714\AppData\Local\Apple Computer\AppleUpdate\Appleupdt32.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 10.1.10.1 TCP: Interfaces\{1D4B6D87-0285-48B8-B515-7EB2FE6EB006} : DhcpNameServer = 10.1.10.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL BHO-X64: URLRedirectionBHO - No File BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File TB-X64: {CD90BF73-20F6-44EF-993D-BB920303BD2E} - No File mRun-x64: [bCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" mRun-x64: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" mRun-x64: [EasyTuneVI] C:\Program Files (x86)\GIGABYTE\ET6\ETcall.exe mRun-x64: [iSUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start mRun-x64: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRunOnce-x64: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Roland\AppData\Roaming\Mozilla\Firefox\Profiles\onhgmeao.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2653012&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2653012&SearchSource=13 FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ytff-devicevm&type=IEBD&p= FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll FF - plugin: C:\Program Files\Dassault Systemes\3D XML Player\win_b64\code\bin32\NP3DXMLPlugin.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll . ============= SERVICES / DRIVERS =============== . R1 AppleCharger;AppleCharger;C:\Windows\system32\DRIVERS\AppleCharger.sys --> C:\Windows\system32\DRIVERS\AppleCharger.sys [?] R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952] R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992] R2 BCUService;Browser Configuration Utility Service;C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-15 223464] R2 DES2 Service;DES2 Service for Energy Saving.;C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [2011-1-29 68136] R2 Giraffic;Veoh Giraffic Video Accelerator;C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe --service --> C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe --service [?] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-10-28 366152] R2 mi-raysat_3dsMax2009_64;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 64-bit 64-bit;C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe [2010-6-16 86016] R2 mi-raysat_3dsmax2012_64;mental ray 3.9 Satellite for Autodesk 3ds Max 2012 64-bit - English 64-bit;C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [2011-2-22 86016] R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-9 2255464] R2 Smart TimeLock;Smart TimeLock Service;C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe [2011-1-29 114688] R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-3-3 2253688] R3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2011-1-29 30528] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?] R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?] S3 etdrv;etdrv;C:\Windows\etdrv.sys [2011-5-19 25640] S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-2-1 1431888] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 30963576] S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] . =============== Created Last 30 ================ . 2011-10-29 01:09:37 -------- d-----w- C:\Users\Roland\AppData\Roaming\Malwarebytes 2011-10-29 01:09:30 -------- d-----w- C:\ProgramData\Malwarebytes 2011-10-29 01:09:26 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys 2011-10-29 01:09:26 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2011-10-29 01:08:16 -------- d-----w- C:\Users\Roland\AppData\Local\{89CA3340-5299-40C7-B96B-9B128AE02F06} 2011-10-29 01:08:04 -------- d-----w- C:\Users\Roland\AppData\Local\{A6A4C86A-4054-4D94-BE2E-E215A9CA696E} 2011-10-28 05:08:25 -------- d-----w- C:\Program Files (x86)\ESET 2011-10-28 03:22:24 -------- d-----w- C:\Users\Roland\AppData\Local\{30BBFEFB-7894-42E9-9212-70664F3C1243} 2011-10-28 03:22:10 -------- d-----w- C:\Users\Roland\AppData\Local\{B7414720-6C22-4EC3-A713-34B1207768CC} 2011-10-27 15:45:25 -------- d-----w- C:\Users\Roland\AppData\Local\{D66269FB-A39F-4595-8699-61D3B15E1399} 2011-10-27 15:45:13 -------- d-----w- C:\Users\Roland\AppData\Local\{587DE8EE-06F5-42FC-84B4-1F0194ADF218} 2011-10-27 15:27:31 -------- d-----w- C:\Users\Roland\AppData\Local\{D08C9496-FB15-4A16-8706-7E99CB246569} 2011-10-27 15:05:05 -------- d-----w- C:\Users\Roland\AppData\Local\{C738BDDB-05BC-4305-9418-E7FD73328126} 2011-10-26 05:19:33 -------- d-----w- C:\Users\Roland\AppData\Local\{FE356C77-6439-4D4C-9DAB-23F68D1A3403} 2011-10-26 00:40:02 -------- d-----w- C:\Program Files\CCleaner 2011-10-26 00:24:59 -------- d-----w- C:\Users\Roland\AppData\Local\{4288B5DA-D192-4B7D-8827-EFBA3DE4AFDA} 2011-10-26 00:24:15 -------- d-----w- C:\Users\Roland\AppData\Local\{3DF8EB54-F0D2-4A7A-881B-7A77E12144FC} 2011-10-25 17:54:50 -------- d-----w- C:\Users\Roland\AppData\Local\{2E33ADF1-456E-4439-BDA9-5E5C1C0C44C2} 2011-10-25 17:54:26 -------- d-----w- C:\Users\Roland\AppData\Local\{40E89937-91E1-4508-94CA-C0B26D601EAD} 2011-10-25 15:48:43 -------- d-----w- C:\Users\Roland\AppData\Local\{63A39937-408E-42CC-930B-579C1D4F02C4} 2011-10-24 18:09:30 -------- d-----w- C:\Users\Roland\AppData\Local\{A58ECF89-0D3D-4BE4-8799-ECFC708E90D6} 2011-10-24 18:09:03 -------- d-----w- C:\Users\Roland\AppData\Local\{4FECA722-1D37-4A3D-A308-725325ED849C} 2011-10-24 15:55:43 -------- d-----w- C:\Users\Roland\AppData\Local\{953C46E8-AF9E-41E8-81F2-ED594BF89A42} 2011-10-24 15:41:58 -------- d-----w- C:\Users\Roland\AppData\Roaming\A2b3n4HsKfLg 2011-10-24 15:41:48 -------- d-----w- C:\Users\Roland\AppData\Roaming\xEELL8ggRZhYXk 2011-10-24 15:41:43 -------- d-----w- C:\Users\Roland\AppData\Local\{5967DB0E-BBAB-4FBC-8C09-E41890D74748} 2011-10-24 15:41:12 -------- d-----w- C:\Users\Roland\AppData\Roaming\adWK7fRL9TqYeIr 2011-10-24 07:45:16 -------- d-sh--w- C:\Windows\System32\%APPDATA% 2011-10-23 17:34:02 -------- d-----w- C:\Users\Roland\AppData\Local\{F21977CC-14D9-47D7-AC17-CE92DC9B987F} 2011-10-23 17:33:50 -------- d-----w- C:\Users\Roland\AppData\Local\{ECF0C4C3-3B0F-4B38-BDEB-4DC7F8F062FD} 2011-10-22 06:26:21 -------- d-----w- C:\Users\Roland\AppData\Local\{1CF673D9-D909-4BB1-B3A6-6E21D37DE2F9} 2011-10-22 00:37:21 -------- d-----w- C:\Users\Roland\AppData\Local\{24134503-E169-4DD0-9725-0474E65D525B} 2011-10-21 14:32:30 -------- d-----w- C:\Users\Roland\AppData\Local\{81BED205-63DE-492C-9570-45F3037325E9} 2011-10-21 14:32:14 -------- d-----w- C:\Users\Roland\AppData\Local\{34416283-ACAF-4230-B748-C70E100BEF28} 2011-10-20 15:44:10 -------- d-----w- C:\Users\Roland\AppData\Local\{DCEED974-F9C4-4A83-ADBF-E626135CDE48} 2011-10-19 15:45:38 -------- d-----w- C:\Users\Roland\AppData\Local\{4315373D-9CDA-452E-9AEF-9A015CF177D8} 2011-10-19 15:45:27 -------- d-----w- C:\Users\Roland\AppData\Local\{DEAC15EE-207F-4C51-B3A3-373090352E2A} 2011-10-19 15:11:45 -------- d-----w- C:\Users\Roland\AppData\Local\{89EACDE3-B1AD-41CD-B7F4-760324867178} 2011-10-18 16:06:09 -------- d-----w- C:\Users\Roland\AppData\Local\{7F54C3F7-EA0E-45E8-8AF9-6063FCC04D29} 2011-10-18 16:05:58 -------- d-----w- C:\Users\Roland\AppData\Local\{BBA30D74-4A36-4A20-A046-8386D5ADAA2F} 2011-10-18 16:03:16 -------- d-----w- C:\Users\Roland\AppData\Local\{574485C6-C14D-4C9E-854B-8453F3E84C86} 2011-10-18 16:03:04 -------- d-----w- C:\Users\Roland\AppData\Local\{B82921D4-FFAA-42F3-8B61-F0B512C7C55A} 2011-10-18 15:18:21 -------- d-----w- C:\Users\Roland\AppData\Local\{679D4D9D-5F25-4AF3-A88A-544E11B715FE} 2011-10-18 15:18:10 -------- d-----w- C:\Users\Roland\AppData\Local\{90486E45-AA85-4D45-A583-089E92F5F44F} 2011-10-17 14:54:38 -------- d-----w- C:\Users\Roland\AppData\Local\{CB4D632A-7B2A-4457-AE39-C2404E29690E} 2011-10-17 14:54:26 -------- d-----w- C:\Users\Roland\AppData\Local\{72C7087A-C209-489C-B402-9EFF4F8EE876} 2011-10-16 15:42:51 -------- d-----w- C:\Users\Roland\AppData\Local\{5FA241E2-3559-4A5A-B36D-BA1787E876BB} 2011-10-16 15:42:39 -------- d-----w- C:\Users\Roland\AppData\Local\{184AA373-8639-441B-A888-A6D2882C0D03} 2011-10-15 14:33:00 -------- d-----w- C:\Users\Roland\AppData\Local\{CF5A7BD7-DE7D-4057-AF41-026D949DB6AC} 2011-10-15 14:16:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\jvv3n44am5JERqY 2011-10-15 14:15:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\vTXqjYeIrOtAu 2011-10-15 14:14:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\yS2oFpGaJdKfLhX 2011-10-15 14:13:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\vx1nHdZkt1n5E 2011-10-15 14:12:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\wW7E9ggTqYwIlNx 2011-10-15 14:11:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\PzNcDmJKRTClBzy 2011-10-15 14:10:53 -------- d-----w- C:\Users\Roland\AppData\Roaming\FD46W7EgqYwI 2011-10-15 14:09:57 -------- d-----w- C:\Users\Roland\AppData\Roaming\wUUCCellIBzPNx1 2011-10-15 14:08:58 -------- d-----w- C:\Users\Roland\AppData\Roaming\kXUUeOOPc1vFHJK 2011-10-15 14:07:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\YH6sJ77fELgThYw 2011-10-15 14:06:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\RAF69eybQRCN24f 2011-10-15 14:05:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\ZPyAuDoFG 2011-10-15 14:04:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\PZwrtSoHJ8hklP 2011-10-15 14:03:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\PN2sfjzSGKXrupW 2011-10-15 14:02:54 -------- d-----w- C:\Users\Roland\AppData\Roaming\yghkOPiFsKhePuF 2011-10-15 14:01:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\PPP00yccA1vD2nF 2011-10-15 14:00:59 -------- d-----w- C:\Users\Roland\AppData\Local\{355297DC-7A21-41B9-AE7A-AD06D91F3BBB} 2011-10-15 12:54:13 -------- d-----w- C:\Users\Roland\AppData\Roaming\xpppnG55aQHdW7 2011-10-15 12:53:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\SHd7R9TqYeIONx0 2011-10-15 12:52:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\TpG5Q6W8R 2011-10-15 12:51:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\FomWERYUOP12457 2011-10-15 12:50:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\yeIrOtAuSi3n4Q6 2011-10-15 12:49:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\zm5Q6WKR9TqjC 2011-10-15 12:48:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\jmWETCVB013asEq 2011-10-15 12:47:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\xGQ6W7E9TqYwVlN 2011-10-15 12:46:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\rllBzNx1v2b3GaJ 2011-10-15 12:45:58 -------- d-----w- C:\Users\Roland\AppData\Roaming\gbafjIOPSDHfZkt 2011-10-15 12:44:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\ksKfLTqYwIlNx0 2011-10-15 12:43:58 -------- d-----w- C:\Users\Roland\AppData\Roaming\KP0yAiDoFpHsJdL 2011-10-15 12:42:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\sS11iDoFa5W7E8q 2011-10-15 12:41:58 -------- d-----w- C:\Users\Roland\AppData\Roaming\rdKR9TqUeIrOyAu 2011-10-15 12:40:57 -------- d-----w- C:\Users\Roland\AppData\Roaming\XE8TqYwUrO 2011-10-15 12:39:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\Vc1DoGmsJfLgZYw 2011-10-15 12:38:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\ukBzNx0SibpQWRT 2011-10-15 12:37:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\ulBzNAuSo 2011-10-15 12:36:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\oLYlxcbnmWgZhkV 2011-10-15 12:35:58 -------- d-----w- C:\Users\Roland\AppData\Roaming\zPyAuSoFpGaJd 2011-10-15 12:34:58 -------- d-----w- C:\Users\Roland\AppData\Roaming\rcAA1v2n4m5J 2011-10-15 12:33:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\X3n4m5W7E8RhXkV 2011-10-15 12:32:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\X2b3n4Q6W7LgZ 2011-10-15 12:31:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\yXjeeItzPNcAv2b 2011-10-15 12:30:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\SVlt0c1v3n 2011-10-15 12:29:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\xb3n5Q6W7R9XjCk 2011-10-15 12:28:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\UDoFF4m5QER 2011-10-15 12:27:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\JIrNx0c1b3n4m6W 2011-10-15 12:26:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\TBOy0vi3n5Qd 2011-10-15 12:25:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\znLV16ZlDJkcH 2011-10-15 12:24:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\ZW7E8TqYkVlBx0c 2011-10-15 12:23:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\roGdLjrAi 2011-10-15 12:22:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\wlBzNyAuDo 2011-10-15 12:21:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\ylxuSiDoGaHsJfL 2011-10-15 12:20:58 -------- d-----w- C:\Users\Roland\AppData\Roaming\wxSFGJ89qe 2011-10-15 12:19:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\sKgZ9hYXjeItNAu 2011-10-15 12:18:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\YJLZCVB013 2011-10-15 12:17:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\E8R9TwUeIrPyA 2011-10-15 12:16:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\VmH55W7E8RqYwUe 2011-10-15 12:15:58 -------- d-----w- C:\Users\Roland\AppData\Roaming\V9XjeIzOyAuS 2011-10-15 12:14:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\PAD4Q89wlzxvbGJ 2011-10-15 12:13:58 -------- d-----w- C:\Users\Roland\AppData\Roaming\zuccS1i3nGa6sJf 2011-10-15 12:12:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\Pc2b3n4Q6W7EgZj 2011-10-15 12:11:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\STwUlBzNx1v2FpG 2011-10-15 12:10:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\ThXkeltPyAiDnpH 2011-10-15 12:09:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\z7E9TqYklxcbnmJ 2011-10-15 12:08:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\muopadfhjkOASFG 2011-10-15 12:07:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\uBBBtzzP0A1D 2011-10-15 12:06:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\ynG4Q6WfLTjCkrt 2011-10-15 12:05:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\S5Q6W7R9XjCkV 2011-10-15 12:04:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\TKqrcnJZVyndXzD 2011-10-15 12:03:57 -------- d-----w- C:\Users\Roland\AppData\Roaming\ib4m5QJ6KfZhX 2011-10-15 12:02:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\mXqjjUCeIB 2011-10-15 12:01:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\zKgwOuDa7TwOSoH 2011-10-15 12:00:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\ez0bn6fgYItSn6 2011-10-15 11:59:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\yv2bb3m5Q6W 2011-10-15 11:58:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\wF578qwetyiom 2011-10-15 11:57:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\sggTjCkVOtAuSiD 2011-10-15 11:56:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\YCeIrPy1v2b3m5Q 2011-10-15 11:55:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\xRqYwUetPyA 2011-10-15 11:54:58 -------- d-----w- C:\Users\Roland\AppData\Roaming\RKhCzxvbnHKLXCr 2011-10-15 11:53:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\jUeIrzONyx0uS2b 2011-10-15 11:52:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\vdghklzADF 2011-10-15 11:51:58 -------- d-----w- C:\Users\Roland\AppData\Roaming\PSS2mJdKR9TwClB 2011-10-15 11:50:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\Y5JdKfZhTXjeI 2011-10-15 11:49:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\xDooFm5W7E8RqYk 2011-10-15 11:48:57 -------- d-----w- C:\Users\Roland\AppData\Roaming\l0inmQERYUIN124 2011-10-15 11:47:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\jdKfZhXjClrPyAu 2011-10-15 11:46:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\kHsJE8RqhXU 2011-10-15 11:45:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\vviFpGaHdKfLgXj 2011-10-15 11:44:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\RQJd8ffR9hTXjCl 2011-10-15 11:43:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\yTqYwUrOtPc1v3n 2011-10-15 11:42:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\HLLgZjCkIVlNxu 2011-10-15 11:41:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\WS2b3m5aQJdK 2011-10-15 11:40:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\tHsJdLgZqhXUeOz 2011-10-15 11:39:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\tKLXCVN0ipasfZC 2011-10-15 11:38:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\zlzcvnmQKZ 2011-10-15 11:37:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\FjklPuSiDoGaHsJ 2011-10-15 11:36:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\R9eyinQKLXCVNSD 2011-10-15 11:35:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\RdKf9XUeIrP 2011-10-15 11:34:58 -------- d-----w- C:\Users\Roland\AppData\Roaming\tx0c2bD3pn4aHW7 2011-10-15 11:33:53 -------- d-----w- C:\Users\Roland\AppData\Roaming\YC2fVD805kvKt 2011-10-15 11:32:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\aYOSF8eiQYN48 2011-10-15 11:31:57 -------- d-----w- C:\Users\Roland\AppData\Roaming\uqUeIrOAuSiFpGa 2011-10-15 11:30:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\ZrrrzONtA0cSib3 2011-10-15 11:29:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\PsJd8R9TwUeIrP 2011-10-15 11:28:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\VH5JdLZhX 2011-10-15 11:27:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\PeByAvbnQWRTCVN 2011-10-15 11:26:58 -------- d-----w- C:\Users\Roland\AppData\Roaming\JyAiDoFpHQ7E 2011-10-15 11:25:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\oYCCIrOtPuS 2011-10-15 11:24:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\QQ6KfLhXjCk 2011-10-15 11:23:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\TsdRhwety 2011-10-15 11:22:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\WaHsKfLgZjCkVlN 2011-10-15 11:21:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\nSb3n5Q6W7LgXjC 2011-10-15 11:20:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\idgYUIP124 2011-10-15 11:19:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\sCkVltPuSiDoGaH 2011-10-15 11:18:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\rUeIrOx0v2b3 2011-10-15 11:17:58 -------- d-----w- C:\Users\Roland\AppData\Roaming\IGHJLZCrtyiaJgw 2011-10-15 11:16:58 -------- d-----w- C:\Users\Roland\AppData\Roaming\Qc2DpGaHsKfLgZj 2011-10-15 11:15:52 -------- d-----w- C:\Users\Roland\AppData\Roaming\xSGJZVyosRUPD58 2011-10-15 11:14:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\LO147qlcnJZVyos 2011-10-15 11:13:47 -------- d-----w- C:\Users\Roland\AppData\Roaming\ogUPDH8wtvm8Uym 2011-10-15 11:12:56 -------- d-----w- C:\Users\Roland\AppData\Roaming\ptPuiom6W7E8 2011-10-15 11:11:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\oam5W7E8RhXkVlB 2011-10-15 11:10:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\kNx0c1b3Gam 2011-10-15 11:09:58 -------- d-----w- C:\Users\Roland\AppData\Roaming\Voo4m5Q6E8RhXjC 2011-10-15 11:08:45 -------- d-----w- C:\Users\Roland\AppData\Roaming\cwIAoGdZUIPA235 2011-10-15 11:07:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\zOOtAuSiDp4Q6W7 2011-10-15 11:06:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\I8Uy4EwNb6Xz2Qh 2011-10-15 11:05:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\Wc1v3n4m5JdLgZh 2011-10-15 11:04:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\wTTZZjjYwk 2011-10-15 11:03:58 -------- d-----w- C:\Users\Roland\AppData\Roaming\J9wezcvbm 2011-10-15 11:02:57 -------- d-----w- C:\Users\Roland\AppData\Roaming\ifgjkzxuSi 2011-10-15 11:01:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\zCx3KqrSGKZOSGW 2011-10-15 11:00:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\WR9TwUeIrNx1v2b 2011-10-15 10:59:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\lBz0c1v2n 2011-10-15 10:58:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\LHsKfLgZjCIrOtP 2011-10-15 10:57:58 -------- d-----w- C:\Users\Roland\AppData\Roaming\WNc3mfZkBc3HdZk 2011-10-15 10:56:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\sDaKTwOuDa7TwO 2011-10-15 10:55:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\W023467E9TjC 2011-10-15 10:54:58 -------- d-----w- C:\Users\Roland\AppData\Roaming\WD2nFpHs7E8R9Yw 2011-10-15 10:53:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\SkVlBxP0c1v3F4m 2011-10-15 10:52:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\mIVrzNx0c2DpG 2011-10-15 10:51:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\VDoFpGsJdKfZhXj 2011-10-15 10:50:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\SPSDF578qwetyin 2011-10-15 10:49:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\C7E9TqYwIrOtPc1 2011-10-15 10:48:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\yJdKfZTwUeIrPy 2011-10-15 10:47:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\ksJdLgZYwUrOtPy 2011-10-15 10:46:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\NxuSiFpGaHdKLgX 2011-10-15 10:45:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\ElBzNyx1v2 2011-10-15 10:44:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\F3GaHsJfLgZhCkV 2011-10-15 10:43:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\Q89qeryub3n 2011-10-15 10:42:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\NRYwUVlBzNc1vo4 2011-10-15 10:41:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\A33naH5sJ7dL8Zq 2011-10-15 10:40:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\fvvSS2iibF3GaHK 2011-10-15 10:39:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\yuv2b4m5QdE 2011-10-15 10:38:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\YTqCVlBx0c1v345 2011-10-15 10:37:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\JupdTI03dgkADHL 2011-10-15 10:36:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\xZhXjClrPyA 2011-10-15 10:35:52 -------- d-----w- C:\Users\Roland\AppData\Roaming\WQdKfLgXY 2011-10-15 10:34:57 -------- d-----w- C:\Users\Roland\AppData\Roaming\Q5ssQQJ7dEK 2011-10-15 10:33:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\hJZVPva7RUziJRj 2011-10-15 10:32:57 -------- d-----w- C:\Users\Roland\AppData\Roaming\xZliHgeAm8VAm8C 2011-10-15 10:31:52 -------- d-----w- C:\Users\Roland\AppData\Roaming\KN3EV1Jw0Fdw0nd 2011-10-15 10:30:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\vePv4QgXlN 2011-10-15 10:29:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\xghklxcDoFa 2011-10-15 10:28:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\waJdKf9TqUeIrNx 2011-10-15 10:27:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\lnn4m5Q7E8R9 2011-10-15 10:26:58 -------- d-----w- C:\Users\Roland\AppData\Roaming\edWK7fRL9TqYeIr 2011-10-15 10:25:49 -------- d-----w- C:\Users\Roland\AppData\Roaming\RCelIBrzPyAuSoF 2011-10-15 06:34:56 -------- d-----w- C:\Users\Roland\AppData\Roaming\TibF3pnG5Q6W7R9 2011-10-15 06:33:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\hcSS11ivD 2011-10-15 06:32:56 -------- d-----w- C:\Users\Roland\AppData\Roaming\IIIIVrrlONtP0uS 2011-10-15 06:31:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\jyyycAA1ivDon4p 2011-10-15 06:30:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\aCwwkkIVrlONxPu 2011-10-15 06:29:57 -------- d-----w- C:\Users\Roland\AppData\Roaming\gxxPP0yycS1vDon 2011-10-15 06:28:56 -------- d-----w- C:\Users\Roland\AppData\Roaming\XPPNNyxxA1uS2bF 2011-10-15 06:27:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\FjYYYCwkIVrlOtP 2011-10-15 06:26:56 -------- d-----w- C:\Users\Roland\AppData\Roaming\QpppnGG4aQH6WKf 2011-10-15 06:25:56 -------- d-----w- C:\Users\Roland\AppData\Roaming\vbFF33pmG5aQ6dK 2011-10-15 06:24:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\GEEEL99gTZqjCwI 2011-10-15 06:23:58 -------- d-----w- C:\Users\Roland\AppData\Roaming\bnnFF4pmmHsQJd 2011-10-15 06:22:56 -------- d-----w- C:\Users\Roland\AppData\Roaming\u999hTTXqjUCkIr 2011-10-15 06:21:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\rKKK7ffEL9gTqjC 2011-10-15 06:20:55 -------- d-----w- C:\Users\Roland\AppData\Roaming\ZkkkIBBrzONyA0v 2011-10-15 06:19:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\nooonFF4amHsW7d 2011-10-15 06:18:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\j666dWWK7fRLgTq 2011-10-15 06:17:56 -------- d-----w- C:\Users\Roland\AppData\Roaming\sNNNtxxA0uS2b3p 2011-10-15 06:16:57 -------- d-----w- C:\Users\Roland\AppData\Roaming\WyyxxA00uvSi 2011-10-15 06:15:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\CzzzONNtxA0uS2b 2011-10-15 06:14:55 -------- d-----w- C:\Users\Roland\AppData\Roaming\aRRRL99gTXqYC 2011-10-15 06:13:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\JonnFF4am 2011-10-15 06:12:55 -------- d-----w- C:\Users\Roland\AppData\Roaming\TJ77ffEL8gTZhYw 2011-10-15 06:11:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\oxxxA11uvS2bFpm 2011-10-15 06:10:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\WmmmH55sWJ7dL8R 2011-10-15 06:09:54 -------- d-----w- C:\Users\Roland\AppData\Roaming\RpppnGG4aQH6WKf 2011-10-15 06:08:58 -------- d-----w- C:\Users\Roland\AppData\Roaming\bKKK8ggRZ9hXwjV 2011-10-15 06:07:57 -------- d-----w- C:\Users\Roland\AppData\Roaming\DNyyxxA0uvS2iFp 2011-10-15 06:06:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\vFFF3ppnG5 2011-10-15 06:05:55 -------- d-----w- C:\Users\Roland\AppData\Roaming\gQQQJ66dWK8fL9T 2011-10-15 06:04:56 -------- d-----w- C:\Users\Roland\AppData\Roaming\ZZZZ9hhYXwjUelB 2011-10-15 06:03:56 -------- d-----w- C:\Users\Roland\AppData\Roaming\RkkUUVrrlOtxPyc 2011-10-15 06:02:56 -------- d-----w- C:\Users\Roland\AppData\Roaming\ueekkIVrrONt 2011-10-15 06:01:56 -------- d-----w- C:\Users\Roland\AppData\Roaming\DwjjUUCelIBrPNx 2011-10-15 06:00:55 -------- d-----w- C:\Users\Roland\AppData\Roaming\NCCwwkIIVrlNtP0 2011-10-15 05:59:58 -------- d-----w- C:\Users\Roland\AppData\Roaming\nWWWJ77dE 2011-10-15 05:58:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\VaammH66sWJf 2011-10-15 05:58:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\d77ddEL88gZq 2011-10-14 14:59:55 -------- d-----w- C:\Users\Roland\AppData\Local\{7B9E4CA8-932D-44FF-9EB0-74A83B6ED29B} 2011-10-14 14:59:32 -------- d-----w- C:\Users\Roland\AppData\Local\{29CF7C1A-9B5F-462E-A43D-0D645B8D8071} 2011-10-14 14:11:49 -------- d-----w- C:\Users\Roland\AppData\Local\{5DE6E7A2-F2CC-4626-8C12-C0BEB29B2AAD} 2011-10-14 14:11:03 -------- d-----w- C:\Users\Roland\AppData\Local\{9787AA21-2C15-4B33-B991-44306A34CBAE} 2011-10-14 14:10:51 -------- d-----w- C:\Users\Roland\AppData\Local\{41424BCC-7177-4212-94E2-AD60680208DB} 2011-10-13 17:59:23 -------- d-----w- C:\Users\Roland\AppData\Local\{8D7FDA01-F2A4-4183-9DA6-0D9FAB837397} 2011-10-13 17:59:12 -------- d-----w- C:\Users\Roland\AppData\Local\{67304574-754A-4B08-91F8-7BBF101CC0B6} 2011-10-13 02:12:20 -------- d-----w- C:\Program Files (x86)\Doom 3 Demo 2011-10-11 13:15:14 -------- d-----w- C:\Users\Roland\AppData\Local\{50C9EAC4-0C7B-4AB0-9BDD-A1651A6C0E7E} 2011-10-11 13:15:02 -------- d-----w- C:\Users\Roland\AppData\Local\{820F60A8-C5BB-4770-A014-062D289D27F8} 2011-10-10 23:36:02 -------- d-----w- C:\Users\Roland\AppData\Local\{E184E76F-F975-4255-8FA0-721B0338391F} 2011-10-10 23:35:51 -------- d-----w- C:\Users\Roland\AppData\Local\{F6E0948B-31D3-4087-B709-1E7CFD7082DB} 2011-10-10 23:26:44 -------- d-----w- C:\Users\Roland\AppData\Local\{3BD10214-DF8F-456C-9FE0-11AB8CAB3FDD} 2011-10-10 23:26:31 -------- d-----w- C:\Users\Roland\AppData\Local\{06C43261-7962-4A69-8B4D-99868DA9C2B6} 2011-10-10 13:28:55 -------- d-----w- C:\Users\Roland\AppData\Local\{2BB92A6C-862B-4881-B80F-E4B3AFF7554D} 2011-10-10 13:28:41 -------- d-----w- C:\Users\Roland\AppData\Local\{18AE0EA8-0830-42A3-BF25-EFED3C46BAF4} 2011-10-09 23:25:45 -------- d-----w- C:\Users\Roland\AppData\Local\{2F0EB1D1-37ED-47AF-BC9A-B1BBF1CD176D} 2011-10-09 23:21:05 -------- d-----w- C:\Users\Roland\AppData\Local\{49E5965C-152B-4A39-A41B-419A6918B9E9} 2011-10-09 23:20:38 -------- d-----w- C:\Users\Roland\AppData\Local\{5A2815B1-178C-4914-864D-C6D17059B3A6} 2011-10-09 23:19:30 -------- d-----w- C:\ProgramData\NVIDIA Corporation 2011-10-09 13:28:35 -------- d-----w- C:\Users\Roland\AppData\Local\{CE9BDFAE-095D-4F41-A5D4-BE9B76D75AC9} 2011-10-09 06:15:57 -------- d-----w- C:\Users\Roland\AppData\Roaming\ZKgZhwUeI 2011-10-09 06:14:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\s5Q7KgZhXjetyuo 2011-10-09 06:13:58 -------- d-----w- C:\Users\Roland\AppData\Roaming\HkVrlONtx0c1b3n 2011-10-09 05:38:37 -------- d-----w- C:\Users\Roland\AppData\Roaming\bJ89wlzAS3adRTU 2011-10-09 05:37:58 -------- d-----w- C:\Users\Roland\AppData\Roaming\mETB136hkxb5W9Y 2011-10-09 05:36:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\lONxAv2iFp5Q6W7 2011-10-09 05:35:58 -------- d-----w- C:\Users\Roland\AppData\Roaming\Z9xpKYtDsqOi6Tr 2011-10-09 05:34:58 -------- d-----w- C:\Users\Roland\AppData\Roaming\xcbQZCybQRCN2aK 2011-10-09 05:33:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\oDFH78YePA24sdf 2011-10-09 05:32:41 -------- d-----w- C:\Users\Roland\AppData\Roaming\oOisZIup6RwrvmW 2011-10-09 05:31:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\uCeekIVrzONx 2011-10-09 05:30:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\SeeelBtzPNyAu 2011-10-09 05:29:51 -------- d-----w- C:\Users\Roland\AppData\Roaming\eEkcmgevQYPFEUx 2011-10-09 05:28:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\wn4QsKfLgZYwI 2011-10-09 05:27:58 -------- d-----w- C:\Users\Roland\AppData\Roaming\EZ9hXjVlBz 2011-10-09 05:26:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\vbaRYruDWql1s 2011-10-09 05:25:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\SaaaQQH6sWK7ELg 2011-10-09 05:24:55 -------- d-----w- C:\Users\Roland\AppData\Roaming\meIzNx0viFpGaHd 2011-10-09 05:23:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\afZkx1FsLhePiFQ 2011-10-09 05:22:29 -------- d-----w- C:\Users\Roland\AppData\Roaming\gUlBzNyAu2b 2011-10-09 05:21:56 -------- d-----w- C:\Users\Roland\AppData\Roaming\vkNvpHfXCVNuD46 2011-10-09 05:21:56 -------- d-----w- C:\Users\Roland\AppData\Roaming\UvFGHKLXCVN0ipa 2011-10-09 05:21:56 -------- d-----w- C:\Users\Roland\AppData\Roaming\UiGd9Yz0Da7Tkt2 2011-10-09 05:21:56 -------- d-----w- C:\Users\Roland\AppData\Roaming\DkySn6RqIx2Gs9Y 2011-10-09 05:21:52 -------- d-----w- C:\Users\Roland\AppData\Roaming\TrtcbnmWEThYwUr 2011-10-09 05:21:48 -------- d-----w- C:\Users\Roland\AppData\Roaming\HoFm5Q7EgZhXje 2011-10-09 05:21:06 -------- d-----w- C:\Users\Roland\AppData\Roaming\NpppmGG5sQJ6EKf 2011-10-09 05:21:05 -------- d-----w- C:\Users\Roland\AppData\Roaming\HRRZZ99hYXwUVlI 2011-10-09 05:21:04 -------- d-----w- C:\Users\Roland\AppData\Roaming\Z8ggTTZqh 2011-10-09 05:21:03 -------- d-----w- C:\Users\Roland\AppData\Roaming\D99ggTZZqjYwkV 2011-10-09 05:21:01 -------- d-----w- C:\Users\Roland\AppData\Roaming\mBBttzPPNyA1uD2 2011-10-09 05:21:00 -------- d-----w- C:\Users\Roland\AppData\Roaming\eOOOBBtzP0y 2011-10-09 05:19:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\x6KRgqCIzxu 2011-10-09 05:19:58 -------- d-----w- C:\Users\Roland\AppData\Roaming\mu2Fp5Jd8Z 2011-10-09 05:07:57 -------- d-----w- C:\Users\Roland\AppData\Roaming\xv2oobF33pG 2011-10-09 05:06:56 -------- d-----w- C:\Users\Roland\AppData\Roaming\FKgCzuDaKgwO 2011-10-09 05:05:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\zJ77ddEK8gRZhYw 2011-10-09 05:04:30 -------- d-----w- C:\Users\Roland\AppData\Roaming\wRyQeoZNQCiRNaw 2011-10-09 05:04:29 -------- d-----w- C:\Users\Roland\AppData\Roaming\hP5UDfz5q 2011-10-09 05:04:28 -------- d-----w- C:\Users\Roland\AppData\Roaming\wJqOvsRVNbQZCAp 2011-10-09 05:04:26 -------- d-----w- C:\Users\Roland\AppData\Roaming\wKgCVNcoH7 2011-10-09 05:04:23 -------- d-----w- C:\Users\Roland\AppData\Roaming\Z57ghjlzc 2011-10-09 05:04:22 -------- d-----w- C:\Users\Roland\AppData\Roaming\ZHsJdKgZh 2011-10-09 05:04:14 -------- d-----w- C:\Users\Roland\AppData\Roaming\ZRRL9TqCkVzNtA0 2011-10-09 05:04:13 -------- d-----w- C:\Users\Roland\AppData\Roaming\W111ivvD3on4aHW 2011-10-09 05:04:00 -------- d-----w- C:\Users\Roland\AppData\Roaming\A333pnnG5aQ6dK7 2011-10-09 05:02:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\koF4asJE8RqXkeO 2011-10-09 05:01:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\VWKK77fEL9gTqjC 2011-10-09 05:00:33 -------- d-----w- C:\Users\Roland\AppData\Roaming\ksQQJ7dEK8gR9hX 2011-10-09 04:59:57 -------- d-----w- C:\Users\Roland\AppData\Roaming\WttxAuSiDpGQ6W7 2011-10-09 04:58:48 -------- d-----w- C:\Users\Roland\AppData\Roaming\GmGG5aaQJdWK8R9 2011-10-09 04:57:57 -------- d-----w- C:\Users\Roland\AppData\Roaming\mPiGsLYrPiFsLYe 2011-10-09 04:56:56 -------- d-----w- C:\Users\Roland\AppData\Roaming\NB14dhexFJLCyp 2011-10-09 04:55:52 -------- d-----w- C:\Users\Roland\AppData\Roaming\sDErDEe2El2El2 2011-10-09 04:55:48 -------- d-----w- C:\Users\Roland\AppData\Roaming\HSoFp5Q6W8RhXjC 2011-10-09 04:55:46 -------- d-----w- C:\Users\Roland\AppData\Roaming\WOOOBBtzP0ycv2n 2011-10-09 04:55:46 -------- d-----w- C:\Users\Roland\AppData\Roaming\seellOBBtz0ycv2 2011-10-09 04:55:38 -------- d-----w- C:\Users\Roland\AppData\Roaming\F22b4m5Q6E8ZhXj 2011-10-09 04:55:37 -------- d-----w- C:\Users\Roland\AppData\Roaming\YvvDD2oonF4mHsQ 2011-10-09 04:55:26 -------- d-----w- C:\Users\Roland\AppData\Roaming\eiomWETYUOPSDF5 2011-10-09 04:55:22 -------- d-----w- C:\Users\Roland\AppData\Roaming\RWqryoWRV0258jz 2011-10-09 04:53:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\kFm5JdLgZYkeBPc 2011-10-09 03:48:13 -------- d-----we C:\Windows\system64 2011-10-08 21:01:46 -------- d-----w- C:\Users\Roland\AppData\Local\{98C12473-698B-430E-A252-2623BA14ABEB} 2011-10-08 21:01:30 -------- d-----w- C:\Users\Roland\AppData\Local\{76815F18-7392-45A5-8541-25B663C117A8} 2011-10-08 14:17:02 -------- d-----w- C:\Users\Roland\AppData\Local\{8D480536-9254-44E3-8065-538E6E554974} 2011-10-07 13:27:14 -------- d-----w- C:\Users\Roland\AppData\Local\{3249D2F8-D899-47AF-AD0A-8988CBD5B992} 2011-10-07 13:27:03 -------- d-----w- C:\Users\Roland\AppData\Local\{B2187755-7545-4793-9D37-7AAE10EC995F} 2011-10-06 16:09:04 -------- d-----w- C:\Users\Roland\AppData\Local\{E7A00E56-5801-4165-A06B-912E3302702B} 2011-10-06 16:08:37 -------- d-----w- C:\Users\Roland\AppData\Local\{89F0D3B8-034B-4324-8539-20ADDCC03D4B} 2011-10-06 13:14:41 -------- d-----w- C:\Users\Roland\AppData\Local\{360F269F-4137-4703-BFD1-14908A654D1E} 2011-10-06 13:14:30 -------- d-----w- C:\Users\Roland\AppData\Local\{63BA72DE-886B-405F-9BD2-964FA087EEE4} 2011-10-06 07:22:16 -------- d-----w- C:\Program Files\Paint.NET 2011-10-05 13:49:30 -------- d-----w- C:\Users\Roland\AppData\Local\{FA6C8180-5C45-4823-AF3E-966B0F4F21E5} 2011-10-05 13:49:19 -------- d-----w- C:\Users\Roland\AppData\Local\{11A33892-E832-40B4-8D4E-AA8839EC5FAF} 2011-10-04 10:15:54 -------- d-----w- C:\Users\Roland\AppData\Local\{81C8DD39-BD67-4D18-96B7-0D0C9CA8A916} 2011-10-04 10:15:39 -------- d-----w- C:\Users\Roland\AppData\Local\{3BE27911-D185-415B-8C46-97F280E5FC76} 2011-10-04 05:35:00 -------- d-----w- C:\Users\Roland\AppData\Local\Rockstar Games 2011-10-04 04:21:44 -------- d-----w- C:\Program Files (x86)\Rockstar Games 2011-10-04 03:56:43 -------- d-sh--w- C:\ProgramData\SecuROM 2011-10-03 14:06:53 -------- d-----w- C:\Users\Roland\AppData\Local\{2FE7F5F3-C47F-4F4D-988A-CA74C37D0470} 2011-10-03 14:06:41 -------- d-----w- C:\Users\Roland\AppData\Local\{77472460-DB09-4432-A938-8DA4D579B811} 2011-10-02 10:15:38 -------- d-----w- C:\Users\Roland\AppData\Local\{6AE7DDA7-F6C0-4D0C-838C-B56CA26407FA} 2011-10-02 10:15:27 -------- d-----w- C:\Users\Roland\AppData\Local\{262AD126-9A20-4305-B8C4-8BD096799DB0} 2011-10-01 20:13:27 -------- d-----w- C:\Users\Roland\AppData\Local\{16436249-52D6-47F2-9EC7-211483761F67} 2011-10-01 20:13:11 -------- d-----w- C:\Users\Roland\AppData\Local\{2556CA5B-9CC1-4B4F-ACC5-041A8200ECBC} 2011-10-01 05:40:41 -------- d-----w- C:\Users\Roland\AppData\Local\{1E1F1C9E-DB25-453B-A6B0-1D6E7C0FCB50} 2011-10-01 05:40:29 -------- d-----w- C:\Users\Roland\AppData\Local\{F5C30383-F08E-472F-BA4C-6CCDCFDA57DD} 2011-09-30 14:02:04 -------- d-----w- C:\Users\Roland\AppData\Roaming\GarenaPlus 2011-09-30 11:01:13 -------- d-----w- C:\Users\Roland\AppData\Local\{4D5BB985-DB2B-443E-90A7-D6284C8657D6} 2011-09-30 11:00:58 -------- d-----w- C:\Users\Roland\AppData\Local\{717FF133-1CE0-4C74-B656-609922ECE052} 2011-09-30 04:19:10 -------- d-----w- C:\Users\Roland\AppData\Local\{6E70EB53-7C28-47D1-ACDC-BD05704F91CA} 2011-09-30 04:18:47 -------- d-----w- C:\Users\Roland\AppData\Local\{DEC3BD6A-574E-4759-924C-ADB7E983647F} 2011-09-30 03:08:36 -------- d-----w- C:\Users\Roland\AppData\Local\{11B6DC41-5A7F-4375-A02A-AB8B61DF2C28} 2011-09-30 03:08:22 -------- d-----w- C:\Users\Roland\AppData\Local\{24EAB0F4-926B-4935-A749-36787F86FBD5} 2011-09-30 02:58:54 -------- d-----w- C:\Users\Roland\AppData\Local\{408C8FD7-999C-4816-885B-9D9ED443E01A} 2011-09-30 02:58:38 -------- d-----w- C:\Users\Roland\AppData\Local\{A6C07777-F206-4B70-92D6-B892D633C938} 2011-09-30 02:49:24 -------- d-----w- C:\Users\Roland\AppData\Local\{58A2E897-B735-486F-9B65-E9E5CEDF542A} 2011-09-30 02:49:10 -------- d-----w- C:\Users\Roland\AppData\Local\{D37C3217-ADA1-4A85-94E8-E5E0FA37A134} 2011-09-29 22:12:14 -------- d-----w- C:\Users\Roland\AppData\Local\{22F549EA-D65A-43B3-BDFA-F189D9516543} 2011-09-29 12:28:07 -------- d-----w- C:\Users\Roland\AppData\Local\{79D295CD-768C-4738-A81E-5316FE291D06} 2011-09-29 12:27:52 -------- d-----w- C:\Users\Roland\AppData\Local\{CAE255A7-5AD6-40EE-9CF0-7C94907D4F6D} . ==================== Find3M ==================== . 2011-10-29 01:07:55 30528 ----a-w- C:\Windows\GVTDrv64.sys 2011-10-29 01:07:39 25640 ----a-w- C:\Windows\gdrv.sys 2011-10-01 06:15:08 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2011-09-08 03:27:52 0 ----a-w- C:\Windows\DXT8511.tmp 2011-09-08 03:27:52 0 ----a-w- C:\Windows\DXT84B2.tmp 2011-09-08 03:27:52 0 ----a-w- C:\Windows\DXT82ED.tmp 2011-07-31 02:31:06 215128 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr 2011-07-31 02:31:06 215128 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe 2011-07-31 02:31:06 215128 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0 . ============= FINISH: 22:03:02.76 =============== should i provide the attach log from dds too? ET_log.txt