[Iexplorer process ,google redirect, &explorer crashes]

aye thank you

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8081

Windows 6.1.7600

Internet Explorer 9.0.8112.16421

11/7/2011 12:22:31 AM

mbam-log-2011-11-07 (00-22-31).txt

Scan type: Quick scan

Objects scanned: 243381

Time elapsed: 8 minute(s), 25 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

----------end---------------

ComboFix 11-11-07.02 - Roland 11/07/2011 0:38.1.8 - x64

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4094.2433 [GMT -5:00]

Running from: c:\users\Roland\Desktop\ComboFix.exe

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\install.exe

c:\program files (x86)\Internet Explorer\30C0.tmp

c:\program files (x86)\Internet Explorer\618F.tmp

c:\program files (x86)\Internet Explorer\7047.tmp

c:\program files (x86)\Internet Explorer\B2CA.tmp

c:\program files (x86)\Internet Explorer\C199.tmp

c:\program files (x86)\Internet Explorer\E2E6.tmp

c:\program files (x86)\Internet Explorer\EB28.tmp

c:\program files (x86)\Internet Explorer\ED98.tmp

c:\users\Parker.Roland714\AppData\Local\ffb55fff\U

c:\users\Parker.Roland714\AppData\Local\ffb55fff\U\80000000.@

c:\users\Parker.Roland714\AppData\Local\ffb55fff\U\800000cb.@

c:\users\Parker.Roland714\AppData\Local\Microsoft\Windows\Temporary Internet Files\BrdfFromTextures.zip

c:\users\Parker.Roland714\AppData\Local\Microsoft\Windows\Temporary Internet Files\BumpyGlossyMetal.zip

c:\users\Parker.Roland714\AppData\Local\Microsoft\Windows\Temporary Internet Files\carpaint_texColor.zip

c:\users\Parker.Roland714\AppData\Local\Microsoft\Windows\Temporary Internet Files\EdgeFuzz.zip

c:\users\Parker.Roland714\AppData\Local\Microsoft\Windows\Temporary Internet Files\Grisaille.zip

c:\users\Parker.Roland714\AppData\Local\Microsoft\Windows\Temporary Internet Files\lambSkin.zip

c:\users\Parker.Roland714\AppData\Local\Microsoft\Windows\Temporary Internet Files\metalD.zip

c:\users\Parker.Roland714\AppData\Local\Microsoft\Windows\Temporary Internet Files\reflections.zip

c:\users\Parker.Roland714\AppData\Local\Microsoft\Windows\Temporary Internet Files\scene_uvds_skin.cgfx.zip

c:\users\Parker.Roland714\AppData\Local\Microsoft\Windows\Temporary Internet Files\subcutaneous.zip

c:\users\Parker.Roland714\AppData\Local\Microsoft\Windows\Temporary Internet Files\vbomb.zip

c:\users\Parker.Roland714\AppData\Roaming\Mozilla\Firefox\Profiles\4en49548.default\extensions\{8472617a-6155-40ac-bffa-119e96323035}

c:\users\Parker.Roland714\AppData\Roaming\Mozilla\Firefox\Profiles\4en49548.default\extensions\{8472617a-6155-40ac-bffa-119e96323035}\chrome\xulcache.jar

c:\users\Parker.Roland714\AppData\Roaming\Mozilla\Firefox\Profiles\4en49548.default\extensions\{8472617a-6155-40ac-bffa-119e96323035}\defaults\preferences\xulcache.js

c:\users\Parker.Roland714\AppData\Roaming\Mozilla\Firefox\Profiles\4en49548.default\extensions\{8472617a-6155-40ac-bffa-119e96323035}\install.rdf

c:\users\Parker.Roland714\AppData\Roaming\Roaming

c:\users\Parker.Roland714\AppData\Roaming\Roaming\Quest3D\ShipSimExtreme\channels.lst

c:\users\Parker.Roland714\DATA308.BIN

c:\users\Roland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Guard Online

c:\users\Roland\AppData\Roaming\Mozilla\Firefox\Profiles\onhgmeao.default\extensions\{8472617a-6155-40ac-bffa-119e96323035}

c:\users\Roland\AppData\Roaming\Mozilla\Firefox\Profiles\onhgmeao.default\extensions\{8472617a-6155-40ac-bffa-119e96323035}\chrome\xulcache.jar

c:\users\Roland\AppData\Roaming\Mozilla\Firefox\Profiles\onhgmeao.default\extensions\{8472617a-6155-40ac-bffa-119e96323035}\defaults\preferences\xulcache.js

c:\users\Roland\AppData\Roaming\Mozilla\Firefox\Profiles\onhgmeao.default\extensions\{8472617a-6155-40ac-bffa-119e96323035}\install.rdf

c:\windows\assembly\tmp\U

.

.

((((((((((((((((((((((((( Files Created from 2011-10-07 to 2011-11-07 )))))))))))))))))))))))))))))))

.

.

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-07 06:37 . 2011-01-30 01:34 30528 ----a-w- c:\windows\GVTDrv64.sys

2011-11-07 06:37 . 2011-01-30 01:34 25640 ----a-w- c:\windows\gdrv.sys

2011-10-01 06:15 . 2011-05-30 15:54 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-09-08 03:27 . 2011-09-08 03:27 0 ----a-w- c:\windows\DXT8511.tmp

2011-09-08 03:27 . 2011-09-08 03:27 0 ----a-w- c:\windows\DXT84B2.tmp

2011-09-08 03:27 . 2011-09-08 03:27 0 ----a-w- c:\windows\DXT82ED.tmp

2011-08-16 12:48 . 2011-09-06 13:26 8862544 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D1E5DF95-0E45-4CD4-A224-1E0E5572AFF6}\mpengine.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-17 221184]

"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]

"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-06-15 15141768]

"Akamai NetSession Interface"="c:\users\Roland\AppData\Local\Akamai\netsession_win.exe" [2011-11-05 3293784]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-15 375000]

"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-11-20 106496]

"EasyTuneVI"="c:\program files (x86)\GIGABYTE\ET6\ETcall.exe" [2007-07-26 20480]

"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]

"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-08-19 421736]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R1 ksleovbm;ksleovbm;c:\windows\system32\drivers\ksleovbm.sys [x]

R1 zjlxuskj;zjlxuskj;c:\windows\system32\drivers\zjlxuskj.sys [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]

R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [x]

R3 dump_wmimmc;dump_wmimmc;c:\gpotato\Rappelz\GameGuard\dump_wmimmc.sys [x]

R3 etdrv;etdrv;c:\windows\etdrv.sys [2011-05-19 25640]

R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-04-19 1431888]

R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena Plus\Room\safedrv.sys [x]

R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2011-11-07 30528]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [x]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]

S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-15 223464]

S2 DES2 Service;DES2 Service for Energy Saving.;c:\program files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [2009-06-18 68136]

S2 Giraffic;Veoh Giraffic Video Accelerator;c:\program files (x86)\Giraffic\Veoh_GirafficWatchdog.exe [2011-09-19 2221200]

S2 mi-raysat_3dsMax2009_64;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 64-bit 64-bit;c:\program files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe [2010-06-16 86016]

S2 mi-raysat_3dsmax2012_64;mental ray 3.9 Satellite for Autodesk 3ds Max 2012 64-bit - English 64-bit;c:\program files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [2011-02-23 86016]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]

S2 Smart TimeLock;Smart TimeLock Service;c:\program files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [2009-10-14 114688]

S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-01-27 2253688]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

Akamai REG_MULTI_SZ Akamai

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c1e9955f-2c99-11e0-a1dc-1c6f653e891a}]

\shell\AutoRun\command - F:\OblivionLauncher.exe

.

Contents of the 'Scheduled Tasks' folder

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-26 10135584]

"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com/

IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 10.1.10.1

CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\shell32.dll

FF - ProfilePath - c:\users\Roland\AppData\Roaming\Mozilla\Firefox\Profiles\onhgmeao.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2653012&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2653012&SearchSource=13

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ytff-devicevm&type=IEBD&p=

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{cd90bf73-20f6-44ef-993d-bb920303bd2e} - (no file)

Wow6432Node-HKU-Default-Run-AppleUpdate - c:\users\Parker.Roland714\AppData\Local\Apple Computer\AppleUpdate\Appleupdt32.exe

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

WebBrowser-{CD90BF73-20F6-44EF-993D-BB920303BD2E} - (no file)

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

AddRemove-Blender - c:\program files (x86)\Blender Foundation\Blender\uninstall.exe

AddRemove-L4D2SP - c:\users\Roland\Downloads\Left 4 Dead 2 V2.0.2.7 Full-Rip {blaze69}\Uninstall SP.exe

AddRemove-NSS - c:\program files (x86)\Norton Security Scan\Engine\3.1.1.6\InstWrap.exe

AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_bc2.exe

AddRemove-SystemRequirementsLab - c:\program files (x86)\SystemRequirementsLab\Uninstall.exe

AddRemove-_{53A908D4-99C6-469B-BC13-F4189F260742} - c:\program files (x86)\Corel\Corel Painter Essentials 4\MSILauncher {53A908D4-99C6-469B-BC13-F4189F260742}

AddRemove-{EAD475E8-14E5-4854-8AF5-CE6B4024237C}_is1 - c:\gpotato\Rappelz\unins000.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]

"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_d71b4a3.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-2750241520-802747955-1049020851-1000\Software\SecuROM\License information*]

"datasecu"=hex:b7,c4,ae,7c,56,78,a7,c5,b8,b5,d3,a9,38,9f,3b,6a,7a,27,41,9e,52,

65,32,8c,4d,e9,94,44,dc,8b,5e,14,64,58,19,66,3e,7a,26,df,39,98,01,63,6b,4d,\

"rkeysecu"=hex:16,9c,be,ed,91,41,cb,0f,88,80,e3,87,20,f8,fa,08

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{47BF077C-44C6-42B1-8F88-ADE2585DD2ED}*]

@=hex:b1,5d,8e,62,5e,fa,cb,01

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{97A98033-9FA1-4E80-A339-59787B43CC89}*]

@=hex:f3,d4,a9,62,5e,fa,cb,01

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{A82EB336-567D-4F41-A63E-8113AD8B6903}*]

@=hex:ab,94,9c,5f,5e,fa,cb,01

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{C4B20040-7D5A-4558-9E19-B7DF94366F97}*]

@=hex:d5,9d,ba,62,5e,fa,cb,01

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe

c:\program files (x86)\Bonjour\mDNSResponder.exe

c:\program files (x86)\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe

c:\windows\SysWOW64\PnkBstrA.exe

c:\program files (x86)\Giraffic\Veoh_Giraffic.exe

c:\program files (x86)\GIGABYTE\Smart6\Timelock\AlarmClock.exe

.

**************************************************************************

.

Completion time: 2011-11-07 02:03:32 - machine was rebooted

ComboFix-quarantined-files.txt 2011-11-07 07:03

.

Pre-Run: 226,900,037,632 bytes free

Post-Run: 226,487,951,360 bytes free

.

- - End Of File - - 16A2FF411748EB9060C46EE543BC38B2

still getting redirects on goggle and svc still crazy it actually got worse

if i cant hear from you tonight my internet is going to be disconnected for a good while a week and a half the most !

[Iexplorer process ,google redirect, &explorer crashes]

sorry to bump again but can anyone help me

ill sum up the problem

its a google redirect that i get on iexplorer and firefox tdss killer spybot malwarebytes kapersky and mcafee is unable to remove it and i believe my svc might be a bit higher than usual. yesterday a friend suggested i uninstall iexplorer and run spybot so that stopped the iexplorer processes but i think i may still have it if i turn it back on spybot only found cookies

[Iexplorer process ,google redirect, &explorer crashes]

is anyone able to help me i have tried everything even resetting router ill post the attach log if any available experts or vets can help me if they have time that would be great

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume1

Install Date: 1/29/2011 4:36:21 PM

System Uptime: 10/28/2011 9:06:53 PM (1 hours ago)

.

Motherboard: Gigabyte Technology Co., Ltd. | | X58-USB3

Processor: Intel® Core i7 CPU 920 @ 2.67GHz | Socket 1366 | 2661/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 932 GiB total, 222.838 GiB free.

D: is CDROM ()

F: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP1479: 10/15/2011 11:01:22 AM - Automatic creation

RP1485: 10/16/2011 10:28:23 AM - Automatic creation

RP1497: 10/17/2011 11:23:49 AM - Automatic creation

RP1508: 10/18/2011 12:35:31 PM - Automatic creation

RP1516: 10/19/2011 12:14:42 PM - Automatic creation

RP1522: 10/20/2011 8:10:05 AM - Automatic creation

RP1528: 10/21/2011 7:58:26 AM - Automatic creation

RP1534: 10/22/2011 3:20:09 AM - Automatic creation

RP1540: 10/23/2011 7:36:18 PM - Automatic creation

RP1548: 10/24/2011 2:54:36 PM - Automatic creation

RP1554: 10/25/2011 2:22:44 PM - Automatic creation

RP1556: 10/25/2011 8:53:24 PM - Automatic creation

RP1560: 10/27/2011 12:14:56 PM - Automatic creation

RP1567: 10/28/2011 2:57:32 PM - Automatic creation

RP1569: 10/28/2011 9:37:37 PM - Automatic creation

.

==== Installed Programs ======================

.

@BIOS Ver.2.06

3DS Max DDS Plug-In

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader X (10.1.1)

Adobe Shockwave Player 11.5

AIM 7

Akamai NetSession Interface

Alien Breed 2: Assault

Apple Application Support

Apple Software Update

Autodesk 3ds Max 8

Autodesk 3ds Max 8 Additional Maps and Materials

Autodesk 3ds Max 8 Reference Files

Autodesk Backburner 2012.0.0

Autodesk Crosswalk 2011.5

Autodesk Material Library 2012

Autodesk Material Library Base Resolution Image Library 2012

Autodesk Material Library Medium Resolution Image Library 2012

Autodesk Softimage Mod Tool 7.5

AutoGreen B09.1014.2

Battlefield: Bad Company 2

Bioshock Demo

BLAZBLUE -CALAMITY TRIGGER-

Blender (remove only)

Borderlands

Browser Configuration Utility

Cellfactor Revolution

Corel Painter Essentials 4

Counter-Strike: Source

Counter-Strike: Source Beta

Craft Director Studio

Crazybump (remove only)

D3DX10

DAEMON Tools Lite

Dassault Systemes 3DVIA Printscreen

DDS Thumbnail Viewer

Dead Rising 2

Dead Space™

Definition update for Microsoft Office 2010 (KB982726)

DES 2.0

Deus Ex Demo

Devil May Cry 3 Special Edition

Dogfighter Demo

Download Updater (AOL LLC)

Dual-Core Optimizer

Duke Nukem Forever

Easy Tune 6 B10.0420.1

ESET Online Scanner v3

Fallout 3

Fraps (remove only)

Garena Plus

Garry's Mod

Gears of War

GIMP 2.6.11

Grand Theft Auto IV

Half-Life 2: Episode Two

Hitman: Blood Money

HxD Hex Editor version 1.7.7.0

Java Auto Updater

Java 6 Update 22

Killing Floor

Killing Floor SDK

Lara Croft and the Guardian of Light

Left 4 Dead 2

Left 4 Dead 2 Add-on Support

Left 4 Dead 2 Authoring Tools

Left 4 Dead 2 Standalone Patch™

Linux MultiMedia Studio (LMMS)

LOST PLANET 2

Magicka

Malwarebytes' Anti-Malware version 1.51.2.1300

Marmoset Toolbag 1.02

MediaCoder x64 2011-RC2 RC2

Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170)

Microsoft Games for Windows - LIVE

Microsoft Games for Windows - LIVE Redistributable

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

Microsoft XNA Framework Redistributable 3.0

Microsoft XNA Framework Redistributable 3.1

Moonbase Alpha

Mozilla Firefox 7.0.1 (x86 en-US)

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

NEC Electronics USB 3.0 Host Controller Driver

Norton Security Scan

Notepad++

NVIDIA 3D Vision Controller Driver

NVIDIA Cg Toolkit 3.0 February 2011

NVIDIA FX Composer 2.5 Shader Debugger plugin

NVIDIA PhysX

Oblivion

Oblivion mod manager 1.1.12

OblivionOnline

ON_OFF Charge B10.0422.2

OpenAL

OpenOffice.org 3.3

Pando Media Booster

Portal 2

Portal 2 Authoring Tools - Beta

PunkBuster Services

Python 2.4.4

QuickTime

RAGE

Rappelz_US

Realtek Ethernet Controller Driver For Windows 7

Realtek High Definition Audio Driver

Red Faction: Guerrilla

resident evil 4

REVOLUTiON CSM SourceSDK with Service Pack 3

Rockstar Games Social Club

Safari

Sculptris Alpha 6

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

SILENT HILL 4

Skype™ 5.3

Smart 6 B10.0422.1

SOFTIMAGE CROSSWALK 3.11

SOFTIMAGE XSI 6.01 Mod Tool

Source SDK Base 2006

Source SDK Base 2007

Spiral Knights

Star Wars: The Force Unleashed

StudioCompiler v0.4A

Super Street Fighter IV: Arcade Edition

System Requirements Lab

TeamViewer 6

Thumbplug TGA

UE3Redist

Unigine Sanctuary Demo v2.3

Unigine Tropics Demo v1.3

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft Office 2010 (KB2494150)

Veoh Giraffic Video Accelerator

VLC media player 1.1.5

Warhammer® 40,000®: Dawn of War® II – Retribution™

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Messenger

Windows Live Photo Common

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

World of Tanks v.0.6.5

Worms Reloaded Demo

x264vfw - H.264/MPEG-4 AVC codec (remove only)

x264vfw - H.264/MPEG-4 AVC codec for x64 (remove only)

xNormal 3.17.4

ZBrush 4

.

==== Event Viewer Messages From Past Week ========

.

10/28/2011 9:54:19 PM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.

10/28/2011 9:07:08 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\SystemRoot\System32\Config\SOFTWARE' was corrupted and it has been recovered. Some data might have been lost.

10/28/2011 2:29:30 PM, Error: Service Control Manager [7001] - The MBAMService service depends on the MBAMProtector service which failed to start because of the following error: The system cannot find the file specified.

10/28/2011 2:29:30 PM, Error: Service Control Manager [7000] - The MBAMProtector service failed to start due to the following error: The system cannot find the file specified.

10/25/2011 8:25:18 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

10/25/2011 8:25:18 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

10/25/2011 8:25:06 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

10/25/2011 8:24:53 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

10/25/2011 8:24:47 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

10/25/2011 8:24:47 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473536.

10/25/2011 3:46:52 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffffa80047ff7a7, 0x0000000000000000, 0x0000000077550000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 102511-64615-01.

10/25/2011 11:45:14 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the TeamViewer 6 service to connect.

10/25/2011 11:45:14 AM, Error: Service Control Manager [7000] - The TeamViewer 6 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

10/24/2011 4:16:54 AM, Error: Service Control Manager [7023] - The Superfetch service terminated with the following error: The authentication service is unknown.

10/24/2011 2:14:20 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.

10/24/2011 2:10:38 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{783fc25a-2beb-11e0-9f7c-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{23591129-B7F5-4669-A630-6B5B9AFBF512}' was corrupted and it has been recovered. Some data might have been lost.

10/24/2011 2:08:55 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{783fc25a-2beb-11e0-9f7c-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{28F5FACD-5970-43E4-ACBE-E98334823AE8}' was corrupted and it has been recovered. Some data might have been lost.

10/24/2011 2:08:40 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy20.

10/24/2011 2:08:10 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{783fc25a-2beb-11e0-9f7c-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{AFB76FD3-CAC2-4DF7-B6E2-6F7DA85509B6}' was corrupted and it has been recovered. Some data might have been lost.

10/24/2011 2:01:49 PM, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}. The error: "5" Happened while starting this command: C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

10/24/2011 2:00:04 PM, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}. The error: "5" Happened while starting this command: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding

10/24/2011 11:52:53 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{783fc25a-2beb-11e0-9f7c-806e6f6e6963}\System Volume Information\SystemRestore\New-software' was corrupted and it has been recovered. Some data might have been lost.

10/24/2011 11:45:31 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

10/24/2011 11:44:49 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

10/24/2011 11:44:48 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

10/24/2011 11:44:43 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

10/24/2011 11:44:34 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

10/24/2011 11:44:15 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AppleCharger discache spldr Wanarpv6

10/24/2011 11:44:15 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

10/24/2011 11:44:11 AM, Error: Service Control Manager [7001] - The Windows Firewall service depends on the Windows Firewall Authorization Driver service which failed to start because of the following error: Cannot create a file when that file already exists.

10/24/2011 11:44:11 AM, Error: Service Control Manager [7000] - The Windows Firewall Authorization Driver service failed to start due to the following error: Cannot create a file when that file already exists.

10/23/2011 5:54:15 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy3.

10/23/2011 5:53:44 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{783fc25a-2beb-11e0-9f7c-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{2990BA32-50D8-425C-9297-DFD208C51F1C}' was corrupted and it has been recovered. Some data might have been lost.

10/23/2011 5:49:46 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{783fc25a-2beb-11e0-9f7c-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{D78167F6-3CC0-41BC-879F-C1B903C747EC}' was corrupted and it has been recovered. Some data might have been lost.

10/23/2011 5:49:32 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{783fc25a-2beb-11e0-9f7c-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{99BD0D92-5201-4E31-BDA1-89E0658B26BE}' was corrupted and it has been recovered. Some data might have been lost.

10/23/2011 5:49:14 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{783fc25a-2beb-11e0-9f7c-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{22E38E18-8B74-467B-88E6-D00326F11CB0}' was corrupted and it has been recovered. Some data might have been lost.

10/23/2011 5:48:04 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{783fc25a-2beb-11e0-9f7c-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{7F24ECE1-FC81-4FE0-9A3C-AFBCED0A9D09}' was corrupted and it has been recovered. Some data might have been lost.

10/23/2011 5:47:52 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy22.

10/23/2011 5:47:41 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{783fc25a-2beb-11e0-9f7c-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{84F51816-E4D9-4387-8252-AB68EF33B920}' was corrupted and it has been recovered. Some data might have been lost.

10/23/2011 5:47:19 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{783fc25a-2beb-11e0-9f7c-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{660CC457-2A91-4C5B-8601-55749452C3AA}' was corrupted and it has been recovered. Some data might have been lost.

10/23/2011 5:46:49 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{783fc25a-2beb-11e0-9f7c-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{7A4EA918-FA46-40C8-A39B-904FE9B78ADA}' was corrupted and it has been recovered. Some data might have been lost.

10/23/2011 5:45:43 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{783fc25a-2beb-11e0-9f7c-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{D36A48BE-BF54-4C76-A011-003619EF5EE1}' was corrupted and it has been recovered. Some data might have been lost.

10/23/2011 5:44:28 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{783fc25a-2beb-11e0-9f7c-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{1BC851A0-6022-4F66-9F42-7D56EC016685}' was corrupted and it has been recovered. Some data might have been lost.

10/21/2011 4:31:33 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{783fc25a-2beb-11e0-9f7c-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{49947332-C388-437A-9C4A-2D44128C3BB8}' was corrupted and it has been recovered. Some data might have been lost.

10/21/2011 4:27:34 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{783fc25a-2beb-11e0-9f7c-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{E24B685C-6970-49A2-AD76-15CA4E52A814}' was corrupted and it has been recovered. Some data might have been lost.

10/21/2011 4:27:22 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{783fc25a-2beb-11e0-9f7c-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{8C2AFEE9-6D19-4059-A748-EB3F8FC96A53}' was corrupted and it has been recovered. Some data might have been lost.

10/21/2011 4:27:05 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy5.

10/21/2011 4:27:03 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{783fc25a-2beb-11e0-9f7c-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{8E6F038E-778E-4FD4-9309-13D8F50FFA0C}' was corrupted and it has been recovered. Some data might have been lost.

10/21/2011 4:23:09 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{783fc25a-2beb-11e0-9f7c-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{AD9964EC-C84C-44F7-AED8-E2F4DA9E4A47}' was corrupted and it has been recovered. Some data might have been lost.

10/21/2011 4:22:57 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{783fc25a-2beb-11e0-9f7c-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{F49089B7-3B71-4D75-A3E3-809D8145EA0E}' was corrupted and it has been recovered. Some data might have been lost.

10/21/2011 4:22:40 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{783fc25a-2beb-11e0-9f7c-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{D93DD280-44E2-46FE-8522-1492F860A6D4}' was corrupted and it has been recovered. Some data might have been lost.

10/21/2011 4:21:35 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{783fc25a-2beb-11e0-9f7c-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{089355FA-1CB8-4C24-B2FA-9F2B6F8F01C6}' was corrupted and it has been recovered. Some data might have been lost.

10/21/2011 4:21:23 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy24.

10/21/2011 4:21:13 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{783fc25a-2beb-11e0-9f7c-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{612C5292-4D97-498B-B72F-20E7B3BEAA12}' was corrupted and it has been recovered. Some data might have been lost.

10/21/2011 4:20:55 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{783fc25a-2beb-11e0-9f7c-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{20A63B09-B3B6-4602-AB87-6E918A32C6D5}' was corrupted and it has been recovered. Some data might have been lost.

10/21/2011 4:20:27 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{783fc25a-2beb-11e0-9f7c-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{1E972ED4-2FE7-437F-B9A6-881B81CF0FC1}' was corrupted and it has been recovered. Some data might have been lost.

10/21/2011 4:19:26 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{783fc25a-2beb-11e0-9f7c-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{90F041D2-F423-4F69-B793-4D1995466595}' was corrupted and it has been recovered. Some data might have been lost.

.

==== End Of File ===========================

[Iexplorer process ,google redirect, &explorer crashes]

Hello, I have a Reoccuring virus i got 3 times now on my computer the last two incidents was with a virus called guard online the program froze my computer (and i have a pretty good rig) so i couldn't do anything unless i was in safe mode i fixed it by doing a system restore in safe mode everything was fine after the 3rd time i did the same procedure but in the end there still was a problem long story short i hear advertisement in background, Google redirecting window explorer says it crashes and resets also high internet explorer process when it isn't running

i decided to take action on my own using Kapersky McAfee it found Trojans and a few viruses but i still have the problem after scanning and now all my scans says it is clean i used Tdss it checks out clear and i unfortunately used cc cleaner before a friend suggested this forum

here is the Malwarebyte scan at first it did find Trojans and such but now it scans clean even on full and i constantly get the message that it is blocking an ip using iexplorer

i used ESET over night i have it as an attachment in the case it shouldn't be posted with this sorry for all the yapping If its unnecessary info im new

here is the scan and dds program said i should keep the "Attach" doc unless requested

o and sorry about my bad grammar

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8039

Windows 6.1.7600

Internet Explorer 9.0.8112.16421

10/28/2011 9:16:41 PM

mbam-log-2011-10-28 (21-16-41).txt

Scan type: Quick scan

Objects scanned: 243869

Time elapsed: 6 minute(s), 32 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_22

Run by Roland at 21:54:40 on 2011-10-28

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4094.1978 [GMT -4:00]

.

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\SysWOW64\svchost.exe -k Akamai

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe

C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe

C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe

C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe

C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe

C:\Program Files (x86)\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Giraffic\Veoh_Giraffic.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Logitech\Gaming Software\LWEMon.exe

C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe

C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\AlarmClock.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\SysWOW64\NOTEPAD.EXE

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Program Files (x86)\Steam\Steam.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\REGSVR32.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uURLSearchHooks: SearchHook Class: {bc86e1ab-eda5-4059-938f-ce307b0c6f0a} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll

uURLSearchHooks: H - No File

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

TB: {CD90BF73-20F6-44EF-993D-BB920303BD2E} - No File

uRun: [iSUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized

mRun: [bCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"

mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRun: [EasyTuneVI] C:\Program Files (x86)\GIGABYTE\ET6\ETcall.exe

mRun: [iSUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start

mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

dRun: [AppleUpdate] C:\Users\Parker.Roland714\AppData\Local\Apple Computer\AppleUpdate\Appleupdt32.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 10.1.10.1

TCP: Interfaces\{1D4B6D87-0285-48B8-B515-7EB2FE6EB006} : DhcpNameServer = 10.1.10.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

TB-X64: {CD90BF73-20F6-44EF-993D-BB920303BD2E} - No File

mRun-x64: [bCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"

mRun-x64: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRun-x64: [EasyTuneVI] C:\Program Files (x86)\GIGABYTE\ET6\ETcall.exe

mRun-x64: [iSUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start

mRun-x64: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRunOnce-x64: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Roland\AppData\Roaming\Mozilla\Firefox\Profiles\onhgmeao.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2653012&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2653012&SearchSource=13

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ytff-devicevm&type=IEBD&p=

FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll

FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: C:\Program Files\Dassault Systemes\3D XML Player\win_b64\code\bin32\NP3DXMLPlugin.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R1 AppleCharger;AppleCharger;C:\Windows\system32\DRIVERS\AppleCharger.sys --> C:\Windows\system32\DRIVERS\AppleCharger.sys [?]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]

R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992]

R2 BCUService;Browser Configuration Utility Service;C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-15 223464]

R2 DES2 Service;DES2 Service for Energy Saving.;C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [2011-1-29 68136]

R2 Giraffic;Veoh Giraffic Video Accelerator;C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe --service --> C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe --service [?]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-10-28 366152]

R2 mi-raysat_3dsMax2009_64;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 64-bit 64-bit;C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe [2010-6-16 86016]

R2 mi-raysat_3dsmax2012_64;mental ray 3.9 Satellite for Autodesk 3ds Max 2012 64-bit - English 64-bit;C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [2011-2-22 86016]

R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-9 2255464]

R2 Smart TimeLock;Smart TimeLock Service;C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe [2011-1-29 114688]

R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-3-3 2253688]

R3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2011-1-29 30528]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]

S3 etdrv;etdrv;C:\Windows\etdrv.sys [2011-5-19 25640]

S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-2-1 1431888]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 30963576]

S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2011-10-29 01:09:37 -------- d-----w- C:\Users\Roland\AppData\Roaming\Malwarebytes

2011-10-29 01:09:30 -------- d-----w- C:\ProgramData\Malwarebytes

2011-10-29 01:09:26 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-10-29 01:09:26 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-10-29 01:08:16 -------- d-----w- C:\Users\Roland\AppData\Local\{89CA3340-5299-40C7-B96B-9B128AE02F06}

2011-10-29 01:08:04 -------- d-----w- C:\Users\Roland\AppData\Local\{A6A4C86A-4054-4D94-BE2E-E215A9CA696E}

2011-10-28 05:08:25 -------- d-----w- C:\Program Files (x86)\ESET

2011-10-28 03:22:24 -------- d-----w- C:\Users\Roland\AppData\Local\{30BBFEFB-7894-42E9-9212-70664F3C1243}

2011-10-28 03:22:10 -------- d-----w- C:\Users\Roland\AppData\Local\{B7414720-6C22-4EC3-A713-34B1207768CC}

2011-10-27 15:45:25 -------- d-----w- C:\Users\Roland\AppData\Local\{D66269FB-A39F-4595-8699-61D3B15E1399}

2011-10-27 15:45:13 -------- d-----w- C:\Users\Roland\AppData\Local\{587DE8EE-06F5-42FC-84B4-1F0194ADF218}

2011-10-27 15:27:31 -------- d-----w- C:\Users\Roland\AppData\Local\{D08C9496-FB15-4A16-8706-7E99CB246569}

2011-10-27 15:05:05 -------- d-----w- C:\Users\Roland\AppData\Local\{C738BDDB-05BC-4305-9418-E7FD73328126}

2011-10-26 05:19:33 -------- d-----w- C:\Users\Roland\AppData\Local\{FE356C77-6439-4D4C-9DAB-23F68D1A3403}

2011-10-26 00:40:02 -------- d-----w- C:\Program Files\CCleaner

2011-10-26 00:24:59 -------- d-----w- C:\Users\Roland\AppData\Local\{4288B5DA-D192-4B7D-8827-EFBA3DE4AFDA}

2011-10-26 00:24:15 -------- d-----w- C:\Users\Roland\AppData\Local\{3DF8EB54-F0D2-4A7A-881B-7A77E12144FC}

2011-10-25 17:54:50 -------- d-----w- C:\Users\Roland\AppData\Local\{2E33ADF1-456E-4439-BDA9-5E5C1C0C44C2}

2011-10-25 17:54:26 -------- d-----w- C:\Users\Roland\AppData\Local\{40E89937-91E1-4508-94CA-C0B26D601EAD}

2011-10-25 15:48:43 -------- d-----w- C:\Users\Roland\AppData\Local\{63A39937-408E-42CC-930B-579C1D4F02C4}

2011-10-24 18:09:30 -------- d-----w- C:\Users\Roland\AppData\Local\{A58ECF89-0D3D-4BE4-8799-ECFC708E90D6}

2011-10-24 18:09:03 -------- d-----w- C:\Users\Roland\AppData\Local\{4FECA722-1D37-4A3D-A308-725325ED849C}

2011-10-24 15:55:43 -------- d-----w- C:\Users\Roland\AppData\Local\{953C46E8-AF9E-41E8-81F2-ED594BF89A42}

2011-10-24 15:41:58 -------- d-----w- C:\Users\Roland\AppData\Roaming\A2b3n4HsKfLg

2011-10-24 15:41:48 -------- d-----w- C:\Users\Roland\AppData\Roaming\xEELL8ggRZhYXk

2011-10-24 15:41:43 -------- d-----w- C:\Users\Roland\AppData\Local\{5967DB0E-BBAB-4FBC-8C09-E41890D74748}

2011-10-24 15:41:12 -------- d-----w- C:\Users\Roland\AppData\Roaming\adWK7fRL9TqYeIr

2011-10-24 07:45:16 -------- d-sh--w- C:\Windows\System32\%APPDATA%

2011-10-23 17:34:02 -------- d-----w- C:\Users\Roland\AppData\Local\{F21977CC-14D9-47D7-AC17-CE92DC9B987F}

2011-10-23 17:33:50 -------- d-----w- C:\Users\Roland\AppData\Local\{ECF0C4C3-3B0F-4B38-BDEB-4DC7F8F062FD}

2011-10-22 06:26:21 -------- d-----w- C:\Users\Roland\AppData\Local\{1CF673D9-D909-4BB1-B3A6-6E21D37DE2F9}

2011-10-22 00:37:21 -------- d-----w- C:\Users\Roland\AppData\Local\{24134503-E169-4DD0-9725-0474E65D525B}

2011-10-21 14:32:30 -------- d-----w- C:\Users\Roland\AppData\Local\{81BED205-63DE-492C-9570-45F3037325E9}

2011-10-21 14:32:14 -------- d-----w- C:\Users\Roland\AppData\Local\{34416283-ACAF-4230-B748-C70E100BEF28}

2011-10-20 15:44:10 -------- d-----w- C:\Users\Roland\AppData\Local\{DCEED974-F9C4-4A83-ADBF-E626135CDE48}

2011-10-19 15:45:38 -------- d-----w- C:\Users\Roland\AppData\Local\{4315373D-9CDA-452E-9AEF-9A015CF177D8}

2011-10-19 15:45:27 -------- d-----w- C:\Users\Roland\AppData\Local\{DEAC15EE-207F-4C51-B3A3-373090352E2A}

2011-10-19 15:11:45 -------- d-----w- C:\Users\Roland\AppData\Local\{89EACDE3-B1AD-41CD-B7F4-760324867178}

2011-10-18 16:06:09 -------- d-----w- C:\Users\Roland\AppData\Local\{7F54C3F7-EA0E-45E8-8AF9-6063FCC04D29}

2011-10-18 16:05:58 -------- d-----w- C:\Users\Roland\AppData\Local\{BBA30D74-4A36-4A20-A046-8386D5ADAA2F}

2011-10-18 16:03:16 -------- d-----w- C:\Users\Roland\AppData\Local\{574485C6-C14D-4C9E-854B-8453F3E84C86}

2011-10-18 16:03:04 -------- d-----w- C:\Users\Roland\AppData\Local\{B82921D4-FFAA-42F3-8B61-F0B512C7C55A}

2011-10-18 15:18:21 -------- d-----w- C:\Users\Roland\AppData\Local\{679D4D9D-5F25-4AF3-A88A-544E11B715FE}

2011-10-18 15:18:10 -------- d-----w- C:\Users\Roland\AppData\Local\{90486E45-AA85-4D45-A583-089E92F5F44F}

2011-10-17 14:54:38 -------- d-----w- C:\Users\Roland\AppData\Local\{CB4D632A-7B2A-4457-AE39-C2404E29690E}

2011-10-17 14:54:26 -------- d-----w- C:\Users\Roland\AppData\Local\{72C7087A-C209-489C-B402-9EFF4F8EE876}

2011-10-16 15:42:51 -------- d-----w- C:\Users\Roland\AppData\Local\{5FA241E2-3559-4A5A-B36D-BA1787E876BB}

2011-10-16 15:42:39 -------- d-----w- C:\Users\Roland\AppData\Local\{184AA373-8639-441B-A888-A6D2882C0D03}

2011-10-15 14:33:00 -------- d-----w- C:\Users\Roland\AppData\Local\{CF5A7BD7-DE7D-4057-AF41-026D949DB6AC}

2011-10-15 14:16:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\jvv3n44am5JERqY

2011-10-15 14:15:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\vTXqjYeIrOtAu

2011-10-15 14:14:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\yS2oFpGaJdKfLhX

2011-10-15 14:13:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\vx1nHdZkt1n5E

2011-10-15 14:12:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\wW7E9ggTqYwIlNx

2011-10-15 14:11:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\PzNcDmJKRTClBzy

2011-10-15 14:10:53 -------- d-----w- C:\Users\Roland\AppData\Roaming\FD46W7EgqYwI

2011-10-15 14:09:57 -------- d-----w- C:\Users\Roland\AppData\Roaming\wUUCCellIBzPNx1

2011-10-15 14:08:58 -------- d-----w- C:\Users\Roland\AppData\Roaming\kXUUeOOPc1vFHJK

2011-10-15 14:07:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\YH6sJ77fELgThYw

2011-10-15 14:06:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\RAF69eybQRCN24f

2011-10-15 14:05:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\ZPyAuDoFG

2011-10-15 14:04:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\PZwrtSoHJ8hklP

2011-10-15 14:03:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\PN2sfjzSGKXrupW

2011-10-15 14:02:54 -------- d-----w- C:\Users\Roland\AppData\Roaming\yghkOPiFsKhePuF

2011-10-15 14:01:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\PPP00yccA1vD2nF

2011-10-15 14:00:59 -------- d-----w- C:\Users\Roland\AppData\Local\{355297DC-7A21-41B9-AE7A-AD06D91F3BBB}

2011-10-15 12:54:13 -------- d-----w- C:\Users\Roland\AppData\Roaming\xpppnG55aQHdW7

2011-10-15 12:53:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\SHd7R9TqYeIONx0

2011-10-15 12:52:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\TpG5Q6W8R

2011-10-15 12:51:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\FomWERYUOP12457

2011-10-15 12:50:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\yeIrOtAuSi3n4Q6

2011-10-15 12:49:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\zm5Q6WKR9TqjC

2011-10-15 12:48:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\jmWETCVB013asEq

2011-10-15 12:47:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\xGQ6W7E9TqYwVlN

2011-10-15 12:46:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\rllBzNx1v2b3GaJ

2011-10-15 12:45:58 -------- d-----w- C:\Users\Roland\AppData\Roaming\gbafjIOPSDHfZkt

2011-10-15 12:44:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\ksKfLTqYwIlNx0

2011-10-15 12:43:58 -------- d-----w- C:\Users\Roland\AppData\Roaming\KP0yAiDoFpHsJdL

2011-10-15 12:42:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\sS11iDoFa5W7E8q

2011-10-15 12:41:58 -------- d-----w- C:\Users\Roland\AppData\Roaming\rdKR9TqUeIrOyAu

2011-10-15 12:40:57 -------- d-----w- C:\Users\Roland\AppData\Roaming\XE8TqYwUrO

2011-10-15 12:39:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\Vc1DoGmsJfLgZYw

2011-10-15 12:38:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\ukBzNx0SibpQWRT

2011-10-15 12:37:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\ulBzNAuSo

2011-10-15 12:36:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\oLYlxcbnmWgZhkV

2011-10-15 12:35:58 -------- d-----w- C:\Users\Roland\AppData\Roaming\zPyAuSoFpGaJd

2011-10-15 12:34:58 -------- d-----w- C:\Users\Roland\AppData\Roaming\rcAA1v2n4m5J

2011-10-15 12:33:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\X3n4m5W7E8RhXkV

2011-10-15 12:32:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\X2b3n4Q6W7LgZ

2011-10-15 12:31:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\yXjeeItzPNcAv2b

2011-10-15 12:30:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\SVlt0c1v3n

2011-10-15 12:29:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\xb3n5Q6W7R9XjCk

2011-10-15 12:28:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\UDoFF4m5QER

2011-10-15 12:27:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\JIrNx0c1b3n4m6W

2011-10-15 12:26:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\TBOy0vi3n5Qd

2011-10-15 12:25:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\znLV16ZlDJkcH

2011-10-15 12:24:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\ZW7E8TqYkVlBx0c

2011-10-15 12:23:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\roGdLjrAi

2011-10-15 12:22:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\wlBzNyAuDo

2011-10-15 12:21:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\ylxuSiDoGaHsJfL

2011-10-15 12:20:58 -------- d-----w- C:\Users\Roland\AppData\Roaming\wxSFGJ89qe

2011-10-15 12:19:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\sKgZ9hYXjeItNAu

2011-10-15 12:18:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\YJLZCVB013

2011-10-15 12:17:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\E8R9TwUeIrPyA

2011-10-15 12:16:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\VmH55W7E8RqYwUe

2011-10-15 12:15:58 -------- d-----w- C:\Users\Roland\AppData\Roaming\V9XjeIzOyAuS

2011-10-15 12:14:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\PAD4Q89wlzxvbGJ

2011-10-15 12:13:58 -------- d-----w- C:\Users\Roland\AppData\Roaming\zuccS1i3nGa6sJf

2011-10-15 12:12:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\Pc2b3n4Q6W7EgZj

2011-10-15 12:11:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\STwUlBzNx1v2FpG

2011-10-15 12:10:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\ThXkeltPyAiDnpH

2011-10-15 12:09:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\z7E9TqYklxcbnmJ

2011-10-15 12:08:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\muopadfhjkOASFG

2011-10-15 12:07:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\uBBBtzzP0A1D

2011-10-15 12:06:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\ynG4Q6WfLTjCkrt

2011-10-15 12:05:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\S5Q6W7R9XjCkV

2011-10-15 12:04:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\TKqrcnJZVyndXzD

2011-10-15 12:03:57 -------- d-----w- C:\Users\Roland\AppData\Roaming\ib4m5QJ6KfZhX

2011-10-15 12:02:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\mXqjjUCeIB

2011-10-15 12:01:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\zKgwOuDa7TwOSoH

2011-10-15 12:00:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\ez0bn6fgYItSn6

2011-10-15 11:59:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\yv2bb3m5Q6W

2011-10-15 11:58:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\wF578qwetyiom

2011-10-15 11:57:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\sggTjCkVOtAuSiD

2011-10-15 11:56:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\YCeIrPy1v2b3m5Q

2011-10-15 11:55:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\xRqYwUetPyA

2011-10-15 11:54:58 -------- d-----w- C:\Users\Roland\AppData\Roaming\RKhCzxvbnHKLXCr

2011-10-15 11:53:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\jUeIrzONyx0uS2b

2011-10-15 11:52:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\vdghklzADF

2011-10-15 11:51:58 -------- d-----w- C:\Users\Roland\AppData\Roaming\PSS2mJdKR9TwClB

2011-10-15 11:50:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\Y5JdKfZhTXjeI

2011-10-15 11:49:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\xDooFm5W7E8RqYk

2011-10-15 11:48:57 -------- d-----w- C:\Users\Roland\AppData\Roaming\l0inmQERYUIN124

2011-10-15 11:47:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\jdKfZhXjClrPyAu

2011-10-15 11:46:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\kHsJE8RqhXU

2011-10-15 11:45:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\vviFpGaHdKfLgXj

2011-10-15 11:44:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\RQJd8ffR9hTXjCl

2011-10-15 11:43:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\yTqYwUrOtPc1v3n

2011-10-15 11:42:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\HLLgZjCkIVlNxu

2011-10-15 11:41:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\WS2b3m5aQJdK

2011-10-15 11:40:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\tHsJdLgZqhXUeOz

2011-10-15 11:39:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\tKLXCVN0ipasfZC

2011-10-15 11:38:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\zlzcvnmQKZ

2011-10-15 11:37:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\FjklPuSiDoGaHsJ

2011-10-15 11:36:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\R9eyinQKLXCVNSD

2011-10-15 11:35:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\RdKf9XUeIrP

2011-10-15 11:34:58 -------- d-----w- C:\Users\Roland\AppData\Roaming\tx0c2bD3pn4aHW7

2011-10-15 11:33:53 -------- d-----w- C:\Users\Roland\AppData\Roaming\YC2fVD805kvKt

2011-10-15 11:32:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\aYOSF8eiQYN48

2011-10-15 11:31:57 -------- d-----w- C:\Users\Roland\AppData\Roaming\uqUeIrOAuSiFpGa

2011-10-15 11:30:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\ZrrrzONtA0cSib3

2011-10-15 11:29:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\PsJd8R9TwUeIrP

2011-10-15 11:28:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\VH5JdLZhX

2011-10-15 11:27:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\PeByAvbnQWRTCVN

2011-10-15 11:26:58 -------- d-----w- C:\Users\Roland\AppData\Roaming\JyAiDoFpHQ7E

2011-10-15 11:25:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\oYCCIrOtPuS

2011-10-15 11:24:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\QQ6KfLhXjCk

2011-10-15 11:23:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\TsdRhwety

2011-10-15 11:22:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\WaHsKfLgZjCkVlN

2011-10-15 11:21:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\nSb3n5Q6W7LgXjC

2011-10-15 11:20:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\idgYUIP124

2011-10-15 11:19:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\sCkVltPuSiDoGaH

2011-10-15 11:18:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\rUeIrOx0v2b3

2011-10-15 11:17:58 -------- d-----w- C:\Users\Roland\AppData\Roaming\IGHJLZCrtyiaJgw

2011-10-15 11:16:58 -------- d-----w- C:\Users\Roland\AppData\Roaming\Qc2DpGaHsKfLgZj

2011-10-15 11:15:52 -------- d-----w- C:\Users\Roland\AppData\Roaming\xSGJZVyosRUPD58

2011-10-15 11:14:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\LO147qlcnJZVyos

2011-10-15 11:13:47 -------- d-----w- C:\Users\Roland\AppData\Roaming\ogUPDH8wtvm8Uym

2011-10-15 11:12:56 -------- d-----w- C:\Users\Roland\AppData\Roaming\ptPuiom6W7E8

2011-10-15 11:11:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\oam5W7E8RhXkVlB

2011-10-15 11:10:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\kNx0c1b3Gam

2011-10-15 11:09:58 -------- d-----w- C:\Users\Roland\AppData\Roaming\Voo4m5Q6E8RhXjC

2011-10-15 11:08:45 -------- d-----w- C:\Users\Roland\AppData\Roaming\cwIAoGdZUIPA235

2011-10-15 11:07:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\zOOtAuSiDp4Q6W7

2011-10-15 11:06:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\I8Uy4EwNb6Xz2Qh

2011-10-15 11:05:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\Wc1v3n4m5JdLgZh

2011-10-15 11:04:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\wTTZZjjYwk

2011-10-15 11:03:58 -------- d-----w- C:\Users\Roland\AppData\Roaming\J9wezcvbm

2011-10-15 11:02:57 -------- d-----w- C:\Users\Roland\AppData\Roaming\ifgjkzxuSi

2011-10-15 11:01:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\zCx3KqrSGKZOSGW

2011-10-15 11:00:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\WR9TwUeIrNx1v2b

2011-10-15 10:59:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\lBz0c1v2n

2011-10-15 10:58:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\LHsKfLgZjCIrOtP

2011-10-15 10:57:58 -------- d-----w- C:\Users\Roland\AppData\Roaming\WNc3mfZkBc3HdZk

2011-10-15 10:56:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\sDaKTwOuDa7TwO

2011-10-15 10:55:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\W023467E9TjC

2011-10-15 10:54:58 -------- d-----w- C:\Users\Roland\AppData\Roaming\WD2nFpHs7E8R9Yw

2011-10-15 10:53:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\SkVlBxP0c1v3F4m

2011-10-15 10:52:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\mIVrzNx0c2DpG

2011-10-15 10:51:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\VDoFpGsJdKfZhXj

2011-10-15 10:50:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\SPSDF578qwetyin

2011-10-15 10:49:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\C7E9TqYwIrOtPc1

2011-10-15 10:48:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\yJdKfZTwUeIrPy

2011-10-15 10:47:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\ksJdLgZYwUrOtPy

2011-10-15 10:46:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\NxuSiFpGaHdKLgX

2011-10-15 10:45:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\ElBzNyx1v2

2011-10-15 10:44:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\F3GaHsJfLgZhCkV

2011-10-15 10:43:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\Q89qeryub3n

2011-10-15 10:42:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\NRYwUVlBzNc1vo4

2011-10-15 10:41:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\A33naH5sJ7dL8Zq

2011-10-15 10:40:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\fvvSS2iibF3GaHK

2011-10-15 10:39:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\yuv2b4m5QdE

2011-10-15 10:38:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\YTqCVlBx0c1v345

2011-10-15 10:37:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\JupdTI03dgkADHL

2011-10-15 10:36:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\xZhXjClrPyA

2011-10-15 10:35:52 -------- d-----w- C:\Users\Roland\AppData\Roaming\WQdKfLgXY

2011-10-15 10:34:57 -------- d-----w- C:\Users\Roland\AppData\Roaming\Q5ssQQJ7dEK

2011-10-15 10:33:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\hJZVPva7RUziJRj

2011-10-15 10:32:57 -------- d-----w- C:\Users\Roland\AppData\Roaming\xZliHgeAm8VAm8C

2011-10-15 10:31:52 -------- d-----w- C:\Users\Roland\AppData\Roaming\KN3EV1Jw0Fdw0nd

2011-10-15 10:30:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\vePv4QgXlN

2011-10-15 10:29:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\xghklxcDoFa

2011-10-15 10:28:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\waJdKf9TqUeIrNx

2011-10-15 10:27:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\lnn4m5Q7E8R9

2011-10-15 10:26:58 -------- d-----w- C:\Users\Roland\AppData\Roaming\edWK7fRL9TqYeIr

2011-10-15 10:25:49 -------- d-----w- C:\Users\Roland\AppData\Roaming\RCelIBrzPyAuSoF

2011-10-15 06:34:56 -------- d-----w- C:\Users\Roland\AppData\Roaming\TibF3pnG5Q6W7R9

2011-10-15 06:33:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\hcSS11ivD

2011-10-15 06:32:56 -------- d-----w- C:\Users\Roland\AppData\Roaming\IIIIVrrlONtP0uS

2011-10-15 06:31:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\jyyycAA1ivDon4p

2011-10-15 06:30:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\aCwwkkIVrlONxPu

2011-10-15 06:29:57 -------- d-----w- C:\Users\Roland\AppData\Roaming\gxxPP0yycS1vDon

2011-10-15 06:28:56 -------- d-----w- C:\Users\Roland\AppData\Roaming\XPPNNyxxA1uS2bF

2011-10-15 06:27:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\FjYYYCwkIVrlOtP

2011-10-15 06:26:56 -------- d-----w- C:\Users\Roland\AppData\Roaming\QpppnGG4aQH6WKf

2011-10-15 06:25:56 -------- d-----w- C:\Users\Roland\AppData\Roaming\vbFF33pmG5aQ6dK

2011-10-15 06:24:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\GEEEL99gTZqjCwI

2011-10-15 06:23:58 -------- d-----w- C:\Users\Roland\AppData\Roaming\bnnFF4pmmHsQJd

2011-10-15 06:22:56 -------- d-----w- C:\Users\Roland\AppData\Roaming\u999hTTXqjUCkIr

2011-10-15 06:21:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\rKKK7ffEL9gTqjC

2011-10-15 06:20:55 -------- d-----w- C:\Users\Roland\AppData\Roaming\ZkkkIBBrzONyA0v

2011-10-15 06:19:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\nooonFF4amHsW7d

2011-10-15 06:18:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\j666dWWK7fRLgTq

2011-10-15 06:17:56 -------- d-----w- C:\Users\Roland\AppData\Roaming\sNNNtxxA0uS2b3p

2011-10-15 06:16:57 -------- d-----w- C:\Users\Roland\AppData\Roaming\WyyxxA00uvSi

2011-10-15 06:15:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\CzzzONNtxA0uS2b

2011-10-15 06:14:55 -------- d-----w- C:\Users\Roland\AppData\Roaming\aRRRL99gTXqYC

2011-10-15 06:13:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\JonnFF4am

2011-10-15 06:12:55 -------- d-----w- C:\Users\Roland\AppData\Roaming\TJ77ffEL8gTZhYw

2011-10-15 06:11:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\oxxxA11uvS2bFpm

2011-10-15 06:10:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\WmmmH55sWJ7dL8R

2011-10-15 06:09:54 -------- d-----w- C:\Users\Roland\AppData\Roaming\RpppnGG4aQH6WKf

2011-10-15 06:08:58 -------- d-----w- C:\Users\Roland\AppData\Roaming\bKKK8ggRZ9hXwjV

2011-10-15 06:07:57 -------- d-----w- C:\Users\Roland\AppData\Roaming\DNyyxxA0uvS2iFp

2011-10-15 06:06:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\vFFF3ppnG5

2011-10-15 06:05:55 -------- d-----w- C:\Users\Roland\AppData\Roaming\gQQQJ66dWK8fL9T

2011-10-15 06:04:56 -------- d-----w- C:\Users\Roland\AppData\Roaming\ZZZZ9hhYXwjUelB

2011-10-15 06:03:56 -------- d-----w- C:\Users\Roland\AppData\Roaming\RkkUUVrrlOtxPyc

2011-10-15 06:02:56 -------- d-----w- C:\Users\Roland\AppData\Roaming\ueekkIVrrONt

2011-10-15 06:01:56 -------- d-----w- C:\Users\Roland\AppData\Roaming\DwjjUUCelIBrPNx

2011-10-15 06:00:55 -------- d-----w- C:\Users\Roland\AppData\Roaming\NCCwwkIIVrlNtP0

2011-10-15 05:59:58 -------- d-----w- C:\Users\Roland\AppData\Roaming\nWWWJ77dE

2011-10-15 05:58:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\VaammH66sWJf

2011-10-15 05:58:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\d77ddEL88gZq

2011-10-14 14:59:55 -------- d-----w- C:\Users\Roland\AppData\Local\{7B9E4CA8-932D-44FF-9EB0-74A83B6ED29B}

2011-10-14 14:59:32 -------- d-----w- C:\Users\Roland\AppData\Local\{29CF7C1A-9B5F-462E-A43D-0D645B8D8071}

2011-10-14 14:11:49 -------- d-----w- C:\Users\Roland\AppData\Local\{5DE6E7A2-F2CC-4626-8C12-C0BEB29B2AAD}

2011-10-14 14:11:03 -------- d-----w- C:\Users\Roland\AppData\Local\{9787AA21-2C15-4B33-B991-44306A34CBAE}

2011-10-14 14:10:51 -------- d-----w- C:\Users\Roland\AppData\Local\{41424BCC-7177-4212-94E2-AD60680208DB}

2011-10-13 17:59:23 -------- d-----w- C:\Users\Roland\AppData\Local\{8D7FDA01-F2A4-4183-9DA6-0D9FAB837397}

2011-10-13 17:59:12 -------- d-----w- C:\Users\Roland\AppData\Local\{67304574-754A-4B08-91F8-7BBF101CC0B6}

2011-10-13 02:12:20 -------- d-----w- C:\Program Files (x86)\Doom 3 Demo

2011-10-11 13:15:14 -------- d-----w- C:\Users\Roland\AppData\Local\{50C9EAC4-0C7B-4AB0-9BDD-A1651A6C0E7E}

2011-10-11 13:15:02 -------- d-----w- C:\Users\Roland\AppData\Local\{820F60A8-C5BB-4770-A014-062D289D27F8}

2011-10-10 23:36:02 -------- d-----w- C:\Users\Roland\AppData\Local\{E184E76F-F975-4255-8FA0-721B0338391F}

2011-10-10 23:35:51 -------- d-----w- C:\Users\Roland\AppData\Local\{F6E0948B-31D3-4087-B709-1E7CFD7082DB}

2011-10-10 23:26:44 -------- d-----w- C:\Users\Roland\AppData\Local\{3BD10214-DF8F-456C-9FE0-11AB8CAB3FDD}

2011-10-10 23:26:31 -------- d-----w- C:\Users\Roland\AppData\Local\{06C43261-7962-4A69-8B4D-99868DA9C2B6}

2011-10-10 13:28:55 -------- d-----w- C:\Users\Roland\AppData\Local\{2BB92A6C-862B-4881-B80F-E4B3AFF7554D}

2011-10-10 13:28:41 -------- d-----w- C:\Users\Roland\AppData\Local\{18AE0EA8-0830-42A3-BF25-EFED3C46BAF4}

2011-10-09 23:25:45 -------- d-----w- C:\Users\Roland\AppData\Local\{2F0EB1D1-37ED-47AF-BC9A-B1BBF1CD176D}

2011-10-09 23:21:05 -------- d-----w- C:\Users\Roland\AppData\Local\{49E5965C-152B-4A39-A41B-419A6918B9E9}

2011-10-09 23:20:38 -------- d-----w- C:\Users\Roland\AppData\Local\{5A2815B1-178C-4914-864D-C6D17059B3A6}

2011-10-09 23:19:30 -------- d-----w- C:\ProgramData\NVIDIA Corporation

2011-10-09 13:28:35 -------- d-----w- C:\Users\Roland\AppData\Local\{CE9BDFAE-095D-4F41-A5D4-BE9B76D75AC9}

2011-10-09 06:15:57 -------- d-----w- C:\Users\Roland\AppData\Roaming\ZKgZhwUeI

2011-10-09 06:14:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\s5Q7KgZhXjetyuo

2011-10-09 06:13:58 -------- d-----w- C:\Users\Roland\AppData\Roaming\HkVrlONtx0c1b3n

2011-10-09 05:38:37 -------- d-----w- C:\Users\Roland\AppData\Roaming\bJ89wlzAS3adRTU

2011-10-09 05:37:58 -------- d-----w- C:\Users\Roland\AppData\Roaming\mETB136hkxb5W9Y

2011-10-09 05:36:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\lONxAv2iFp5Q6W7

2011-10-09 05:35:58 -------- d-----w- C:\Users\Roland\AppData\Roaming\Z9xpKYtDsqOi6Tr

2011-10-09 05:34:58 -------- d-----w- C:\Users\Roland\AppData\Roaming\xcbQZCybQRCN2aK

2011-10-09 05:33:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\oDFH78YePA24sdf

2011-10-09 05:32:41 -------- d-----w- C:\Users\Roland\AppData\Roaming\oOisZIup6RwrvmW

2011-10-09 05:31:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\uCeekIVrzONx

2011-10-09 05:30:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\SeeelBtzPNyAu

2011-10-09 05:29:51 -------- d-----w- C:\Users\Roland\AppData\Roaming\eEkcmgevQYPFEUx

2011-10-09 05:28:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\wn4QsKfLgZYwI

2011-10-09 05:27:58 -------- d-----w- C:\Users\Roland\AppData\Roaming\EZ9hXjVlBz

2011-10-09 05:26:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\vbaRYruDWql1s

2011-10-09 05:25:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\SaaaQQH6sWK7ELg

2011-10-09 05:24:55 -------- d-----w- C:\Users\Roland\AppData\Roaming\meIzNx0viFpGaHd

2011-10-09 05:23:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\afZkx1FsLhePiFQ

2011-10-09 05:22:29 -------- d-----w- C:\Users\Roland\AppData\Roaming\gUlBzNyAu2b

2011-10-09 05:21:56 -------- d-----w- C:\Users\Roland\AppData\Roaming\vkNvpHfXCVNuD46

2011-10-09 05:21:56 -------- d-----w- C:\Users\Roland\AppData\Roaming\UvFGHKLXCVN0ipa

2011-10-09 05:21:56 -------- d-----w- C:\Users\Roland\AppData\Roaming\UiGd9Yz0Da7Tkt2

2011-10-09 05:21:56 -------- d-----w- C:\Users\Roland\AppData\Roaming\DkySn6RqIx2Gs9Y

2011-10-09 05:21:52 -------- d-----w- C:\Users\Roland\AppData\Roaming\TrtcbnmWEThYwUr

2011-10-09 05:21:48 -------- d-----w- C:\Users\Roland\AppData\Roaming\HoFm5Q7EgZhXje

2011-10-09 05:21:06 -------- d-----w- C:\Users\Roland\AppData\Roaming\NpppmGG5sQJ6EKf

2011-10-09 05:21:05 -------- d-----w- C:\Users\Roland\AppData\Roaming\HRRZZ99hYXwUVlI

2011-10-09 05:21:04 -------- d-----w- C:\Users\Roland\AppData\Roaming\Z8ggTTZqh

2011-10-09 05:21:03 -------- d-----w- C:\Users\Roland\AppData\Roaming\D99ggTZZqjYwkV

2011-10-09 05:21:01 -------- d-----w- C:\Users\Roland\AppData\Roaming\mBBttzPPNyA1uD2

2011-10-09 05:21:00 -------- d-----w- C:\Users\Roland\AppData\Roaming\eOOOBBtzP0y

2011-10-09 05:19:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\x6KRgqCIzxu

2011-10-09 05:19:58 -------- d-----w- C:\Users\Roland\AppData\Roaming\mu2Fp5Jd8Z

2011-10-09 05:07:57 -------- d-----w- C:\Users\Roland\AppData\Roaming\xv2oobF33pG

2011-10-09 05:06:56 -------- d-----w- C:\Users\Roland\AppData\Roaming\FKgCzuDaKgwO

2011-10-09 05:05:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\zJ77ddEK8gRZhYw

2011-10-09 05:04:30 -------- d-----w- C:\Users\Roland\AppData\Roaming\wRyQeoZNQCiRNaw

2011-10-09 05:04:29 -------- d-----w- C:\Users\Roland\AppData\Roaming\hP5UDfz5q

2011-10-09 05:04:28 -------- d-----w- C:\Users\Roland\AppData\Roaming\wJqOvsRVNbQZCAp

2011-10-09 05:04:26 -------- d-----w- C:\Users\Roland\AppData\Roaming\wKgCVNcoH7

2011-10-09 05:04:23 -------- d-----w- C:\Users\Roland\AppData\Roaming\Z57ghjlzc

2011-10-09 05:04:22 -------- d-----w- C:\Users\Roland\AppData\Roaming\ZHsJdKgZh

2011-10-09 05:04:14 -------- d-----w- C:\Users\Roland\AppData\Roaming\ZRRL9TqCkVzNtA0

2011-10-09 05:04:13 -------- d-----w- C:\Users\Roland\AppData\Roaming\W111ivvD3on4aHW

2011-10-09 05:04:00 -------- d-----w- C:\Users\Roland\AppData\Roaming\A333pnnG5aQ6dK7

2011-10-09 05:02:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\koF4asJE8RqXkeO

2011-10-09 05:01:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\VWKK77fEL9gTqjC

2011-10-09 05:00:33 -------- d-----w- C:\Users\Roland\AppData\Roaming\ksQQJ7dEK8gR9hX

2011-10-09 04:59:57 -------- d-----w- C:\Users\Roland\AppData\Roaming\WttxAuSiDpGQ6W7

2011-10-09 04:58:48 -------- d-----w- C:\Users\Roland\AppData\Roaming\GmGG5aaQJdWK8R9

2011-10-09 04:57:57 -------- d-----w- C:\Users\Roland\AppData\Roaming\mPiGsLYrPiFsLYe

2011-10-09 04:56:56 -------- d-----w- C:\Users\Roland\AppData\Roaming\NB14dhexFJLCyp

2011-10-09 04:55:52 -------- d-----w- C:\Users\Roland\AppData\Roaming\sDErDEe2El2El2

2011-10-09 04:55:48 -------- d-----w- C:\Users\Roland\AppData\Roaming\HSoFp5Q6W8RhXjC

2011-10-09 04:55:46 -------- d-----w- C:\Users\Roland\AppData\Roaming\WOOOBBtzP0ycv2n

2011-10-09 04:55:46 -------- d-----w- C:\Users\Roland\AppData\Roaming\seellOBBtz0ycv2

2011-10-09 04:55:38 -------- d-----w- C:\Users\Roland\AppData\Roaming\F22b4m5Q6E8ZhXj

2011-10-09 04:55:37 -------- d-----w- C:\Users\Roland\AppData\Roaming\YvvDD2oonF4mHsQ

2011-10-09 04:55:26 -------- d-----w- C:\Users\Roland\AppData\Roaming\eiomWETYUOPSDF5

2011-10-09 04:55:22 -------- d-----w- C:\Users\Roland\AppData\Roaming\RWqryoWRV0258jz

2011-10-09 04:53:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\kFm5JdLgZYkeBPc

2011-10-09 03:48:13 -------- d-----we C:\Windows\system64

2011-10-08 21:01:46 -------- d-----w- C:\Users\Roland\AppData\Local\{98C12473-698B-430E-A252-2623BA14ABEB}

2011-10-08 21:01:30 -------- d-----w- C:\Users\Roland\AppData\Local\{76815F18-7392-45A5-8541-25B663C117A8}

2011-10-08 14:17:02 -------- d-----w- C:\Users\Roland\AppData\Local\{8D480536-9254-44E3-8065-538E6E554974}

2011-10-07 13:27:14 -------- d-----w- C:\Users\Roland\AppData\Local\{3249D2F8-D899-47AF-AD0A-8988CBD5B992}

2011-10-07 13:27:03 -------- d-----w- C:\Users\Roland\AppData\Local\{B2187755-7545-4793-9D37-7AAE10EC995F}

2011-10-06 16:09:04 -------- d-----w- C:\Users\Roland\AppData\Local\{E7A00E56-5801-4165-A06B-912E3302702B}

2011-10-06 16:08:37 -------- d-----w- C:\Users\Roland\AppData\Local\{89F0D3B8-034B-4324-8539-20ADDCC03D4B}

2011-10-06 13:14:41 -------- d-----w- C:\Users\Roland\AppData\Local\{360F269F-4137-4703-BFD1-14908A654D1E}

2011-10-06 13:14:30 -------- d-----w- C:\Users\Roland\AppData\Local\{63BA72DE-886B-405F-9BD2-964FA087EEE4}

2011-10-06 07:22:16 -------- d-----w- C:\Program Files\Paint.NET

2011-10-05 13:49:30 -------- d-----w- C:\Users\Roland\AppData\Local\{FA6C8180-5C45-4823-AF3E-966B0F4F21E5}

2011-10-05 13:49:19 -------- d-----w- C:\Users\Roland\AppData\Local\{11A33892-E832-40B4-8D4E-AA8839EC5FAF}

2011-10-04 10:15:54 -------- d-----w- C:\Users\Roland\AppData\Local\{81C8DD39-BD67-4D18-96B7-0D0C9CA8A916}

2011-10-04 10:15:39 -------- d-----w- C:\Users\Roland\AppData\Local\{3BE27911-D185-415B-8C46-97F280E5FC76}

2011-10-04 05:35:00 -------- d-----w- C:\Users\Roland\AppData\Local\Rockstar Games

2011-10-04 04:21:44 -------- d-----w- C:\Program Files (x86)\Rockstar Games

2011-10-04 03:56:43 -------- d-sh--w- C:\ProgramData\SecuROM

2011-10-03 14:06:53 -------- d-----w- C:\Users\Roland\AppData\Local\{2FE7F5F3-C47F-4F4D-988A-CA74C37D0470}

2011-10-03 14:06:41 -------- d-----w- C:\Users\Roland\AppData\Local\{77472460-DB09-4432-A938-8DA4D579B811}

2011-10-02 10:15:38 -------- d-----w- C:\Users\Roland\AppData\Local\{6AE7DDA7-F6C0-4D0C-838C-B56CA26407FA}

2011-10-02 10:15:27 -------- d-----w- C:\Users\Roland\AppData\Local\{262AD126-9A20-4305-B8C4-8BD096799DB0}

2011-10-01 20:13:27 -------- d-----w- C:\Users\Roland\AppData\Local\{16436249-52D6-47F2-9EC7-211483761F67}

2011-10-01 20:13:11 -------- d-----w- C:\Users\Roland\AppData\Local\{2556CA5B-9CC1-4B4F-ACC5-041A8200ECBC}

2011-10-01 05:40:41 -------- d-----w- C:\Users\Roland\AppData\Local\{1E1F1C9E-DB25-453B-A6B0-1D6E7C0FCB50}

2011-10-01 05:40:29 -------- d-----w- C:\Users\Roland\AppData\Local\{F5C30383-F08E-472F-BA4C-6CCDCFDA57DD}

2011-09-30 14:02:04 -------- d-----w- C:\Users\Roland\AppData\Roaming\GarenaPlus

2011-09-30 11:01:13 -------- d-----w- C:\Users\Roland\AppData\Local\{4D5BB985-DB2B-443E-90A7-D6284C8657D6}

2011-09-30 11:00:58 -------- d-----w- C:\Users\Roland\AppData\Local\{717FF133-1CE0-4C74-B656-609922ECE052}

2011-09-30 04:19:10 -------- d-----w- C:\Users\Roland\AppData\Local\{6E70EB53-7C28-47D1-ACDC-BD05704F91CA}

2011-09-30 04:18:47 -------- d-----w- C:\Users\Roland\AppData\Local\{DEC3BD6A-574E-4759-924C-ADB7E983647F}

2011-09-30 03:08:36 -------- d-----w- C:\Users\Roland\AppData\Local\{11B6DC41-5A7F-4375-A02A-AB8B61DF2C28}

2011-09-30 03:08:22 -------- d-----w- C:\Users\Roland\AppData\Local\{24EAB0F4-926B-4935-A749-36787F86FBD5}

2011-09-30 02:58:54 -------- d-----w- C:\Users\Roland\AppData\Local\{408C8FD7-999C-4816-885B-9D9ED443E01A}

2011-09-30 02:58:38 -------- d-----w- C:\Users\Roland\AppData\Local\{A6C07777-F206-4B70-92D6-B892D633C938}

2011-09-30 02:49:24 -------- d-----w- C:\Users\Roland\AppData\Local\{58A2E897-B735-486F-9B65-E9E5CEDF542A}

2011-09-30 02:49:10 -------- d-----w- C:\Users\Roland\AppData\Local\{D37C3217-ADA1-4A85-94E8-E5E0FA37A134}

2011-09-29 22:12:14 -------- d-----w- C:\Users\Roland\AppData\Local\{22F549EA-D65A-43B3-BDFA-F189D9516543}

2011-09-29 12:28:07 -------- d-----w- C:\Users\Roland\AppData\Local\{79D295CD-768C-4738-A81E-5316FE291D06}

2011-09-29 12:27:52 -------- d-----w- C:\Users\Roland\AppData\Local\{CAE255A7-5AD6-40EE-9CF0-7C94907D4F6D}

.

==================== Find3M ====================

.

2011-10-29 01:07:55 30528 ----a-w- C:\Windows\GVTDrv64.sys

2011-10-29 01:07:39 25640 ----a-w- C:\Windows\gdrv.sys

2011-10-01 06:15:08 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-09-08 03:27:52 0 ----a-w- C:\Windows\DXT8511.tmp

2011-09-08 03:27:52 0 ----a-w- C:\Windows\DXT84B2.tmp

2011-09-08 03:27:52 0 ----a-w- C:\Windows\DXT82ED.tmp

2011-07-31 02:31:06 215128 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr

2011-07-31 02:31:06 215128 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe

2011-07-31 02:31:06 215128 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0

.

============= FINISH: 22:03:02.76 ===============

should i provide the attach log from dds too?

ET_log.txt