Iexplorer process ,google redirect, &explorer crashes

[Rolandz]

Hello, I have a Reoccuring virus i got 3 times now on my computer the last two incidents was with a virus called guard online the program froze my computer (and i have a pretty good rig) so i couldn't do anything unless i was in safe mode i fixed it by doing a system restore in safe mode everything was fine after the 3rd time i did the same procedure but in the end there still was a problem long story short i hear advertisement in background, Google redirecting window explorer says it crashes and resets also high internet explorer process when it isn't running

i decided to take action on my own using Kapersky McAfee it found Trojans and a few viruses but i still have the problem after scanning and now all my scans says it is clean i used Tdss it checks out clear and i unfortunately used cc cleaner before a friend suggested this forum

here is the Malwarebyte scan at first it did find Trojans and such but now it scans clean even on full and i constantly get the message that it is blocking an ip using iexplorer

i used ESET over night i have it as an attachment in the case it shouldn't be posted with this sorry for all the yapping If its unnecessary info im new

here is the scan and dds program said i should keep the "Attach" doc unless requested

o and sorry about my bad grammar

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8039

Windows 6.1.7600

Internet Explorer 9.0.8112.16421

10/28/2011 9:16:41 PM

mbam-log-2011-10-28 (21-16-41).txt

Scan type: Quick scan

Objects scanned: 243869

Time elapsed: 6 minute(s), 32 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_22

Run by Roland at 21:54:40 on 2011-10-28

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4094.1978 [GMT -4:00]

.

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\SysWOW64\svchost.exe -k Akamai

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe

C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe

C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe

C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe

C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe

C:\Program Files (x86)\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Giraffic\Veoh_Giraffic.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Logitech\Gaming Software\LWEMon.exe

C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe

C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\AlarmClock.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\SysWOW64\NOTEPAD.EXE

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Program Files (x86)\Steam\Steam.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\REGSVR32.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uURLSearchHooks: SearchHook Class: {bc86e1ab-eda5-4059-938f-ce307b0c6f0a} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll

uURLSearchHooks: H - No File

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

TB: {CD90BF73-20F6-44EF-993D-BB920303BD2E} - No File

uRun: [iSUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized

mRun: [bCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"

mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRun: [EasyTuneVI] C:\Program Files (x86)\GIGABYTE\ET6\ETcall.exe

mRun: [iSUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start

mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

dRun: [AppleUpdate] C:\Users\Parker.Roland714\AppData\Local\Apple Computer\AppleUpdate\Appleupdt32.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 10.1.10.1

TCP: Interfaces\{1D4B6D87-0285-48B8-B515-7EB2FE6EB006} : DhcpNameServer = 10.1.10.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

TB-X64: {CD90BF73-20F6-44EF-993D-BB920303BD2E} - No File

mRun-x64: [bCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"

mRun-x64: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRun-x64: [EasyTuneVI] C:\Program Files (x86)\GIGABYTE\ET6\ETcall.exe

mRun-x64: [iSUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start

mRun-x64: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRunOnce-x64: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Roland\AppData\Roaming\Mozilla\Firefox\Profiles\onhgmeao.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2653012&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2653012&SearchSource=13

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ytff-devicevm&type=IEBD&p=

FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll

FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: C:\Program Files\Dassault Systemes\3D XML Player\win_b64\code\bin32\NP3DXMLPlugin.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R1 AppleCharger;AppleCharger;C:\Windows\system32\DRIVERS\AppleCharger.sys --> C:\Windows\system32\DRIVERS\AppleCharger.sys [?]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]

R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992]

R2 BCUService;Browser Configuration Utility Service;C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-15 223464]

R2 DES2 Service;DES2 Service for Energy Saving.;C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [2011-1-29 68136]

R2 Giraffic;Veoh Giraffic Video Accelerator;C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe --service --> C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe --service [?]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-10-28 366152]

R2 mi-raysat_3dsMax2009_64;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 64-bit 64-bit;C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe [2010-6-16 86016]

R2 mi-raysat_3dsmax2012_64;mental ray 3.9 Satellite for Autodesk 3ds Max 2012 64-bit - English 64-bit;C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [2011-2-22 86016]

R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-9 2255464]

R2 Smart TimeLock;Smart TimeLock Service;C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe [2011-1-29 114688]

R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-3-3 2253688]

R3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2011-1-29 30528]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]

S3 etdrv;etdrv;C:\Windows\etdrv.sys [2011-5-19 25640]

S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-2-1 1431888]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 30963576]

S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2011-10-29 01:09:37 -------- d-----w- C:\Users\Roland\AppData\Roaming\Malwarebytes

2011-10-29 01:09:30 -------- d-----w- C:\ProgramData\Malwarebytes

2011-10-29 01:09:26 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-10-29 01:09:26 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-10-29 01:08:16 -------- d-----w- C:\Users\Roland\AppData\Local\{89CA3340-5299-40C7-B96B-9B128AE02F06}

2011-10-29 01:08:04 -------- d-----w- C:\Users\Roland\AppData\Local\{A6A4C86A-4054-4D94-BE2E-E215A9CA696E}

2011-10-28 05:08:25 -------- d-----w- C:\Program Files (x86)\ESET

2011-10-28 03:22:24 -------- d-----w- C:\Users\Roland\AppData\Local\{30BBFEFB-7894-42E9-9212-70664F3C1243}

2011-10-28 03:22:10 -------- d-----w- C:\Users\Roland\AppData\Local\{B7414720-6C22-4EC3-A713-34B1207768CC}

2011-10-27 15:45:25 -------- d-----w- C:\Users\Roland\AppData\Local\{D66269FB-A39F-4595-8699-61D3B15E1399}

2011-10-27 15:45:13 -------- d-----w- C:\Users\Roland\AppData\Local\{587DE8EE-06F5-42FC-84B4-1F0194ADF218}

2011-10-27 15:27:31 -------- d-----w- C:\Users\Roland\AppData\Local\{D08C9496-FB15-4A16-8706-7E99CB246569}

2011-10-27 15:05:05 -------- d-----w- C:\Users\Roland\AppData\Local\{C738BDDB-05BC-4305-9418-E7FD73328126}

2011-10-26 05:19:33 -------- d-----w- C:\Users\Roland\AppData\Local\{FE356C77-6439-4D4C-9DAB-23F68D1A3403}

2011-10-26 00:40:02 -------- d-----w- C:\Program Files\CCleaner

2011-10-26 00:24:59 -------- d-----w- C:\Users\Roland\AppData\Local\{4288B5DA-D192-4B7D-8827-EFBA3DE4AFDA}

2011-10-26 00:24:15 -------- d-----w- C:\Users\Roland\AppData\Local\{3DF8EB54-F0D2-4A7A-881B-7A77E12144FC}

2011-10-25 17:54:50 -------- d-----w- C:\Users\Roland\AppData\Local\{2E33ADF1-456E-4439-BDA9-5E5C1C0C44C2}

2011-10-25 17:54:26 -------- d-----w- C:\Users\Roland\AppData\Local\{40E89937-91E1-4508-94CA-C0B26D601EAD}

2011-10-25 15:48:43 -------- d-----w- C:\Users\Roland\AppData\Local\{63A39937-408E-42CC-930B-579C1D4F02C4}

2011-10-24 18:09:30 -------- d-----w- C:\Users\Roland\AppData\Local\{A58ECF89-0D3D-4BE4-8799-ECFC708E90D6}

2011-10-24 18:09:03 -------- d-----w- C:\Users\Roland\AppData\Local\{4FECA722-1D37-4A3D-A308-725325ED849C}

2011-10-24 15:55:43 -------- d-----w- C:\Users\Roland\AppData\Local\{953C46E8-AF9E-41E8-81F2-ED594BF89A42}

2011-10-24 15:41:58 -------- d-----w- C:\Users\Roland\AppData\Roaming\A2b3n4HsKfLg

2011-10-24 15:41:48 -------- d-----w- C:\Users\Roland\AppData\Roaming\xEELL8ggRZhYXk

2011-10-24 15:41:43 -------- d-----w- C:\Users\Roland\AppData\Local\{5967DB0E-BBAB-4FBC-8C09-E41890D74748}

2011-10-24 15:41:12 -------- d-----w- C:\Users\Roland\AppData\Roaming\adWK7fRL9TqYeIr

2011-10-24 07:45:16 -------- d-sh--w- C:\Windows\System32\%APPDATA%

2011-10-23 17:34:02 -------- d-----w- C:\Users\Roland\AppData\Local\{F21977CC-14D9-47D7-AC17-CE92DC9B987F}

2011-10-23 17:33:50 -------- d-----w- C:\Users\Roland\AppData\Local\{ECF0C4C3-3B0F-4B38-BDEB-4DC7F8F062FD}

2011-10-22 06:26:21 -------- d-----w- C:\Users\Roland\AppData\Local\{1CF673D9-D909-4BB1-B3A6-6E21D37DE2F9}

2011-10-22 00:37:21 -------- d-----w- C:\Users\Roland\AppData\Local\{24134503-E169-4DD0-9725-0474E65D525B}

2011-10-21 14:32:30 -------- d-----w- C:\Users\Roland\AppData\Local\{81BED205-63DE-492C-9570-45F3037325E9}

2011-10-21 14:32:14 -------- d-----w- C:\Users\Roland\AppData\Local\{34416283-ACAF-4230-B748-C70E100BEF28}

2011-10-20 15:44:10 -------- d-----w- C:\Users\Roland\AppData\Local\{DCEED974-F9C4-4A83-ADBF-E626135CDE48}

2011-10-19 15:45:38 -------- d-----w- C:\Users\Roland\AppData\Local\{4315373D-9CDA-452E-9AEF-9A015CF177D8}

2011-10-19 15:45:27 -------- d-----w- C:\Users\Roland\AppData\Local\{DEAC15EE-207F-4C51-B3A3-373090352E2A}

2011-10-19 15:11:45 -------- d-----w- C:\Users\Roland\AppData\Local\{89EACDE3-B1AD-41CD-B7F4-760324867178}

2011-10-18 16:06:09 -------- d-----w- C:\Users\Roland\AppData\Local\{7F54C3F7-EA0E-45E8-8AF9-6063FCC04D29}

2011-10-18 16:05:58 -------- d-----w- C:\Users\Roland\AppData\Local\{BBA30D74-4A36-4A20-A046-8386D5ADAA2F}

2011-10-18 16:03:16 -------- d-----w- C:\Users\Roland\AppData\Local\{574485C6-C14D-4C9E-854B-8453F3E84C86}

2011-10-18 16:03:04 -------- d-----w- C:\Users\Roland\AppData\Local\{B82921D4-FFAA-42F3-8B61-F0B512C7C55A}

2011-10-18 15:18:21 -------- d-----w- C:\Users\Roland\AppData\Local\{679D4D9D-5F25-4AF3-A88A-544E11B715FE}

2011-10-18 15:18:10 -------- d-----w- C:\Users\Roland\AppData\Local\{90486E45-AA85-4D45-A583-089E92F5F44F}

2011-10-17 14:54:38 -------- d-----w- C:\Users\Roland\AppData\Local\{CB4D632A-7B2A-4457-AE39-C2404E29690E}

2011-10-17 14:54:26 -------- d-----w- C:\Users\Roland\AppData\Local\{72C7087A-C209-489C-B402-9EFF4F8EE876}

2011-10-16 15:42:51 -------- d-----w- C:\Users\Roland\AppData\Local\{5FA241E2-3559-4A5A-B36D-BA1787E876BB}

2011-10-16 15:42:39 -------- d-----w- C:\Users\Roland\AppData\Local\{184AA373-8639-441B-A888-A6D2882C0D03}

2011-10-15 14:33:00 -------- d-----w- C:\Users\Roland\AppData\Local\{CF5A7BD7-DE7D-4057-AF41-026D949DB6AC}

2011-10-15 14:16:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\jvv3n44am5JERqY

2011-10-15 14:15:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\vTXqjYeIrOtAu

2011-10-15 14:14:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\yS2oFpGaJdKfLhX

2011-10-15 14:13:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\vx1nHdZkt1n5E

2011-10-15 14:12:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\wW7E9ggTqYwIlNx

2011-10-15 14:11:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\PzNcDmJKRTClBzy

2011-10-15 14:10:53 -------- d-----w- C:\Users\Roland\AppData\Roaming\FD46W7EgqYwI

2011-10-15 14:09:57 -------- d-----w- C:\Users\Roland\AppData\Roaming\wUUCCellIBzPNx1

2011-10-15 14:08:58 -------- d-----w- C:\Users\Roland\AppData\Roaming\kXUUeOOPc1vFHJK

2011-10-15 14:07:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\YH6sJ77fELgThYw

2011-10-15 14:06:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\RAF69eybQRCN24f

2011-10-15 14:05:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\ZPyAuDoFG

2011-10-15 14:04:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\PZwrtSoHJ8hklP

2011-10-15 14:03:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\PN2sfjzSGKXrupW

2011-10-15 14:02:54 -------- d-----w- C:\Users\Roland\AppData\Roaming\yghkOPiFsKhePuF

2011-10-15 14:01:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\PPP00yccA1vD2nF

2011-10-15 14:00:59 -------- d-----w- C:\Users\Roland\AppData\Local\{355297DC-7A21-41B9-AE7A-AD06D91F3BBB}

2011-10-15 12:54:13 -------- d-----w- C:\Users\Roland\AppData\Roaming\xpppnG55aQHdW7

2011-10-15 12:53:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\SHd7R9TqYeIONx0

2011-10-15 12:52:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\TpG5Q6W8R

2011-10-15 12:51:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\FomWERYUOP12457

2011-10-15 12:50:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\yeIrOtAuSi3n4Q6

2011-10-15 12:49:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\zm5Q6WKR9TqjC

2011-10-15 12:48:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\jmWETCVB013asEq

2011-10-15 12:47:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\xGQ6W7E9TqYwVlN

2011-10-15 12:46:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\rllBzNx1v2b3GaJ

2011-10-15 12:45:58 -------- d-----w- C:\Users\Roland\AppData\Roaming\gbafjIOPSDHfZkt

2011-10-15 12:44:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\ksKfLTqYwIlNx0

2011-10-15 12:43:58 -------- d-----w- C:\Users\Roland\AppData\Roaming\KP0yAiDoFpHsJdL

2011-10-15 12:42:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\sS11iDoFa5W7E8q

2011-10-15 12:41:58 -------- d-----w- C:\Users\Roland\AppData\Roaming\rdKR9TqUeIrOyAu

2011-10-15 12:40:57 -------- d-----w- C:\Users\Roland\AppData\Roaming\XE8TqYwUrO

2011-10-15 12:39:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\Vc1DoGmsJfLgZYw

2011-10-15 12:38:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\ukBzNx0SibpQWRT

2011-10-15 12:37:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\ulBzNAuSo

2011-10-15 12:36:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\oLYlxcbnmWgZhkV

2011-10-15 12:35:58 -------- d-----w- C:\Users\Roland\AppData\Roaming\zPyAuSoFpGaJd

2011-10-15 12:34:58 -------- d-----w- C:\Users\Roland\AppData\Roaming\rcAA1v2n4m5J

2011-10-15 12:33:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\X3n4m5W7E8RhXkV

2011-10-15 12:32:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\X2b3n4Q6W7LgZ

2011-10-15 12:31:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\yXjeeItzPNcAv2b

2011-10-15 12:30:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\SVlt0c1v3n

2011-10-15 12:29:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\xb3n5Q6W7R9XjCk

2011-10-15 12:28:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\UDoFF4m5QER

2011-10-15 12:27:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\JIrNx0c1b3n4m6W

2011-10-15 12:26:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\TBOy0vi3n5Qd

2011-10-15 12:25:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\znLV16ZlDJkcH

2011-10-15 12:24:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\ZW7E8TqYkVlBx0c

2011-10-15 12:23:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\roGdLjrAi

2011-10-15 12:22:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\wlBzNyAuDo

2011-10-15 12:21:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\ylxuSiDoGaHsJfL

2011-10-15 12:20:58 -------- d-----w- C:\Users\Roland\AppData\Roaming\wxSFGJ89qe

2011-10-15 12:19:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\sKgZ9hYXjeItNAu

2011-10-15 12:18:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\YJLZCVB013

2011-10-15 12:17:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\E8R9TwUeIrPyA

2011-10-15 12:16:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\VmH55W7E8RqYwUe

2011-10-15 12:15:58 -------- d-----w- C:\Users\Roland\AppData\Roaming\V9XjeIzOyAuS

2011-10-15 12:14:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\PAD4Q89wlzxvbGJ

2011-10-15 12:13:58 -------- d-----w- C:\Users\Roland\AppData\Roaming\zuccS1i3nGa6sJf

2011-10-15 12:12:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\Pc2b3n4Q6W7EgZj

2011-10-15 12:11:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\STwUlBzNx1v2FpG

2011-10-15 12:10:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\ThXkeltPyAiDnpH

2011-10-15 12:09:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\z7E9TqYklxcbnmJ

2011-10-15 12:08:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\muopadfhjkOASFG

2011-10-15 12:07:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\uBBBtzzP0A1D

2011-10-15 12:06:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\ynG4Q6WfLTjCkrt

2011-10-15 12:05:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\S5Q6W7R9XjCkV

2011-10-15 12:04:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\TKqrcnJZVyndXzD

2011-10-15 12:03:57 -------- d-----w- C:\Users\Roland\AppData\Roaming\ib4m5QJ6KfZhX

2011-10-15 12:02:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\mXqjjUCeIB

2011-10-15 12:01:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\zKgwOuDa7TwOSoH

2011-10-15 12:00:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\ez0bn6fgYItSn6

2011-10-15 11:59:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\yv2bb3m5Q6W

2011-10-15 11:58:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\wF578qwetyiom

2011-10-15 11:57:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\sggTjCkVOtAuSiD

2011-10-15 11:56:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\YCeIrPy1v2b3m5Q

2011-10-15 11:55:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\xRqYwUetPyA

2011-10-15 11:54:58 -------- d-----w- C:\Users\Roland\AppData\Roaming\RKhCzxvbnHKLXCr

2011-10-15 11:53:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\jUeIrzONyx0uS2b

2011-10-15 11:52:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\vdghklzADF

2011-10-15 11:51:58 -------- d-----w- C:\Users\Roland\AppData\Roaming\PSS2mJdKR9TwClB

2011-10-15 11:50:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\Y5JdKfZhTXjeI

2011-10-15 11:49:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\xDooFm5W7E8RqYk

2011-10-15 11:48:57 -------- d-----w- C:\Users\Roland\AppData\Roaming\l0inmQERYUIN124

2011-10-15 11:47:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\jdKfZhXjClrPyAu

2011-10-15 11:46:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\kHsJE8RqhXU

2011-10-15 11:45:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\vviFpGaHdKfLgXj

2011-10-15 11:44:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\RQJd8ffR9hTXjCl

2011-10-15 11:43:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\yTqYwUrOtPc1v3n

2011-10-15 11:42:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\HLLgZjCkIVlNxu

2011-10-15 11:41:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\WS2b3m5aQJdK

2011-10-15 11:40:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\tHsJdLgZqhXUeOz

2011-10-15 11:39:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\tKLXCVN0ipasfZC

2011-10-15 11:38:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\zlzcvnmQKZ

2011-10-15 11:37:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\FjklPuSiDoGaHsJ

2011-10-15 11:36:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\R9eyinQKLXCVNSD

2011-10-15 11:35:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\RdKf9XUeIrP

2011-10-15 11:34:58 -------- d-----w- C:\Users\Roland\AppData\Roaming\tx0c2bD3pn4aHW7

2011-10-15 11:33:53 -------- d-----w- C:\Users\Roland\AppData\Roaming\YC2fVD805kvKt

2011-10-15 11:32:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\aYOSF8eiQYN48

2011-10-15 11:31:57 -------- d-----w- C:\Users\Roland\AppData\Roaming\uqUeIrOAuSiFpGa

2011-10-15 11:30:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\ZrrrzONtA0cSib3

2011-10-15 11:29:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\PsJd8R9TwUeIrP

2011-10-15 11:28:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\VH5JdLZhX

2011-10-15 11:27:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\PeByAvbnQWRTCVN

2011-10-15 11:26:58 -------- d-----w- C:\Users\Roland\AppData\Roaming\JyAiDoFpHQ7E

2011-10-15 11:25:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\oYCCIrOtPuS

2011-10-15 11:24:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\QQ6KfLhXjCk

2011-10-15 11:23:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\TsdRhwety

2011-10-15 11:22:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\WaHsKfLgZjCkVlN

2011-10-15 11:21:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\nSb3n5Q6W7LgXjC

2011-10-15 11:20:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\idgYUIP124

2011-10-15 11:19:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\sCkVltPuSiDoGaH

2011-10-15 11:18:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\rUeIrOx0v2b3

2011-10-15 11:17:58 -------- d-----w- C:\Users\Roland\AppData\Roaming\IGHJLZCrtyiaJgw

2011-10-15 11:16:58 -------- d-----w- C:\Users\Roland\AppData\Roaming\Qc2DpGaHsKfLgZj

2011-10-15 11:15:52 -------- d-----w- C:\Users\Roland\AppData\Roaming\xSGJZVyosRUPD58

2011-10-15 11:14:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\LO147qlcnJZVyos

2011-10-15 11:13:47 -------- d-----w- C:\Users\Roland\AppData\Roaming\ogUPDH8wtvm8Uym

2011-10-15 11:12:56 -------- d-----w- C:\Users\Roland\AppData\Roaming\ptPuiom6W7E8

2011-10-15 11:11:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\oam5W7E8RhXkVlB

2011-10-15 11:10:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\kNx0c1b3Gam

2011-10-15 11:09:58 -------- d-----w- C:\Users\Roland\AppData\Roaming\Voo4m5Q6E8RhXjC

2011-10-15 11:08:45 -------- d-----w- C:\Users\Roland\AppData\Roaming\cwIAoGdZUIPA235

2011-10-15 11:07:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\zOOtAuSiDp4Q6W7

2011-10-15 11:06:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\I8Uy4EwNb6Xz2Qh

2011-10-15 11:05:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\Wc1v3n4m5JdLgZh

2011-10-15 11:04:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\wTTZZjjYwk

2011-10-15 11:03:58 -------- d-----w- C:\Users\Roland\AppData\Roaming\J9wezcvbm

2011-10-15 11:02:57 -------- d-----w- C:\Users\Roland\AppData\Roaming\ifgjkzxuSi

2011-10-15 11:01:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\zCx3KqrSGKZOSGW

2011-10-15 11:00:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\WR9TwUeIrNx1v2b

2011-10-15 10:59:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\lBz0c1v2n

2011-10-15 10:58:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\LHsKfLgZjCIrOtP

2011-10-15 10:57:58 -------- d-----w- C:\Users\Roland\AppData\Roaming\WNc3mfZkBc3HdZk

2011-10-15 10:56:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\sDaKTwOuDa7TwO

2011-10-15 10:55:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\W023467E9TjC

2011-10-15 10:54:58 -------- d-----w- C:\Users\Roland\AppData\Roaming\WD2nFpHs7E8R9Yw

2011-10-15 10:53:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\SkVlBxP0c1v3F4m

2011-10-15 10:52:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\mIVrzNx0c2DpG

2011-10-15 10:51:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\VDoFpGsJdKfZhXj

2011-10-15 10:50:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\SPSDF578qwetyin

2011-10-15 10:49:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\C7E9TqYwIrOtPc1

2011-10-15 10:48:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\yJdKfZTwUeIrPy

2011-10-15 10:47:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\ksJdLgZYwUrOtPy

2011-10-15 10:46:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\NxuSiFpGaHdKLgX

2011-10-15 10:45:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\ElBzNyx1v2

2011-10-15 10:44:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\F3GaHsJfLgZhCkV

2011-10-15 10:43:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\Q89qeryub3n

2011-10-15 10:42:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\NRYwUVlBzNc1vo4

2011-10-15 10:41:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\A33naH5sJ7dL8Zq

2011-10-15 10:40:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\fvvSS2iibF3GaHK

2011-10-15 10:39:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\yuv2b4m5QdE

2011-10-15 10:38:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\YTqCVlBx0c1v345

2011-10-15 10:37:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\JupdTI03dgkADHL

2011-10-15 10:36:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\xZhXjClrPyA

2011-10-15 10:35:52 -------- d-----w- C:\Users\Roland\AppData\Roaming\WQdKfLgXY

2011-10-15 10:34:57 -------- d-----w- C:\Users\Roland\AppData\Roaming\Q5ssQQJ7dEK

2011-10-15 10:33:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\hJZVPva7RUziJRj

2011-10-15 10:32:57 -------- d-----w- C:\Users\Roland\AppData\Roaming\xZliHgeAm8VAm8C

2011-10-15 10:31:52 -------- d-----w- C:\Users\Roland\AppData\Roaming\KN3EV1Jw0Fdw0nd

2011-10-15 10:30:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\vePv4QgXlN

2011-10-15 10:29:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\xghklxcDoFa

2011-10-15 10:28:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\waJdKf9TqUeIrNx

2011-10-15 10:27:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\lnn4m5Q7E8R9

2011-10-15 10:26:58 -------- d-----w- C:\Users\Roland\AppData\Roaming\edWK7fRL9TqYeIr

2011-10-15 10:25:49 -------- d-----w- C:\Users\Roland\AppData\Roaming\RCelIBrzPyAuSoF

2011-10-15 06:34:56 -------- d-----w- C:\Users\Roland\AppData\Roaming\TibF3pnG5Q6W7R9

2011-10-15 06:33:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\hcSS11ivD

2011-10-15 06:32:56 -------- d-----w- C:\Users\Roland\AppData\Roaming\IIIIVrrlONtP0uS

2011-10-15 06:31:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\jyyycAA1ivDon4p

2011-10-15 06:30:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\aCwwkkIVrlONxPu

2011-10-15 06:29:57 -------- d-----w- C:\Users\Roland\AppData\Roaming\gxxPP0yycS1vDon

2011-10-15 06:28:56 -------- d-----w- C:\Users\Roland\AppData\Roaming\XPPNNyxxA1uS2bF

2011-10-15 06:27:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\FjYYYCwkIVrlOtP

2011-10-15 06:26:56 -------- d-----w- C:\Users\Roland\AppData\Roaming\QpppnGG4aQH6WKf

2011-10-15 06:25:56 -------- d-----w- C:\Users\Roland\AppData\Roaming\vbFF33pmG5aQ6dK

2011-10-15 06:24:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\GEEEL99gTZqjCwI

2011-10-15 06:23:58 -------- d-----w- C:\Users\Roland\AppData\Roaming\bnnFF4pmmHsQJd

2011-10-15 06:22:56 -------- d-----w- C:\Users\Roland\AppData\Roaming\u999hTTXqjUCkIr

2011-10-15 06:21:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\rKKK7ffEL9gTqjC

2011-10-15 06:20:55 -------- d-----w- C:\Users\Roland\AppData\Roaming\ZkkkIBBrzONyA0v

2011-10-15 06:19:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\nooonFF4amHsW7d

2011-10-15 06:18:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\j666dWWK7fRLgTq

2011-10-15 06:17:56 -------- d-----w- C:\Users\Roland\AppData\Roaming\sNNNtxxA0uS2b3p

2011-10-15 06:16:57 -------- d-----w- C:\Users\Roland\AppData\Roaming\WyyxxA00uvSi

2011-10-15 06:15:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\CzzzONNtxA0uS2b

2011-10-15 06:14:55 -------- d-----w- C:\Users\Roland\AppData\Roaming\aRRRL99gTXqYC

2011-10-15 06:13:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\JonnFF4am

2011-10-15 06:12:55 -------- d-----w- C:\Users\Roland\AppData\Roaming\TJ77ffEL8gTZhYw

2011-10-15 06:11:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\oxxxA11uvS2bFpm

2011-10-15 06:10:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\WmmmH55sWJ7dL8R

2011-10-15 06:09:54 -------- d-----w- C:\Users\Roland\AppData\Roaming\RpppnGG4aQH6WKf

2011-10-15 06:08:58 -------- d-----w- C:\Users\Roland\AppData\Roaming\bKKK8ggRZ9hXwjV

2011-10-15 06:07:57 -------- d-----w- C:\Users\Roland\AppData\Roaming\DNyyxxA0uvS2iFp

2011-10-15 06:06:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\vFFF3ppnG5

2011-10-15 06:05:55 -------- d-----w- C:\Users\Roland\AppData\Roaming\gQQQJ66dWK8fL9T

2011-10-15 06:04:56 -------- d-----w- C:\Users\Roland\AppData\Roaming\ZZZZ9hhYXwjUelB

2011-10-15 06:03:56 -------- d-----w- C:\Users\Roland\AppData\Roaming\RkkUUVrrlOtxPyc

2011-10-15 06:02:56 -------- d-----w- C:\Users\Roland\AppData\Roaming\ueekkIVrrONt

2011-10-15 06:01:56 -------- d-----w- C:\Users\Roland\AppData\Roaming\DwjjUUCelIBrPNx

2011-10-15 06:00:55 -------- d-----w- C:\Users\Roland\AppData\Roaming\NCCwwkIIVrlNtP0

2011-10-15 05:59:58 -------- d-----w- C:\Users\Roland\AppData\Roaming\nWWWJ77dE

2011-10-15 05:58:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\VaammH66sWJf

2011-10-15 05:58:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\d77ddEL88gZq

2011-10-14 14:59:55 -------- d-----w- C:\Users\Roland\AppData\Local\{7B9E4CA8-932D-44FF-9EB0-74A83B6ED29B}

2011-10-14 14:59:32 -------- d-----w- C:\Users\Roland\AppData\Local\{29CF7C1A-9B5F-462E-A43D-0D645B8D8071}

2011-10-14 14:11:49 -------- d-----w- C:\Users\Roland\AppData\Local\{5DE6E7A2-F2CC-4626-8C12-C0BEB29B2AAD}

2011-10-14 14:11:03 -------- d-----w- C:\Users\Roland\AppData\Local\{9787AA21-2C15-4B33-B991-44306A34CBAE}

2011-10-14 14:10:51 -------- d-----w- C:\Users\Roland\AppData\Local\{41424BCC-7177-4212-94E2-AD60680208DB}

2011-10-13 17:59:23 -------- d-----w- C:\Users\Roland\AppData\Local\{8D7FDA01-F2A4-4183-9DA6-0D9FAB837397}

2011-10-13 17:59:12 -------- d-----w- C:\Users\Roland\AppData\Local\{67304574-754A-4B08-91F8-7BBF101CC0B6}

2011-10-13 02:12:20 -------- d-----w- C:\Program Files (x86)\Doom 3 Demo

2011-10-11 13:15:14 -------- d-----w- C:\Users\Roland\AppData\Local\{50C9EAC4-0C7B-4AB0-9BDD-A1651A6C0E7E}

2011-10-11 13:15:02 -------- d-----w- C:\Users\Roland\AppData\Local\{820F60A8-C5BB-4770-A014-062D289D27F8}

2011-10-10 23:36:02 -------- d-----w- C:\Users\Roland\AppData\Local\{E184E76F-F975-4255-8FA0-721B0338391F}

2011-10-10 23:35:51 -------- d-----w- C:\Users\Roland\AppData\Local\{F6E0948B-31D3-4087-B709-1E7CFD7082DB}

2011-10-10 23:26:44 -------- d-----w- C:\Users\Roland\AppData\Local\{3BD10214-DF8F-456C-9FE0-11AB8CAB3FDD}

2011-10-10 23:26:31 -------- d-----w- C:\Users\Roland\AppData\Local\{06C43261-7962-4A69-8B4D-99868DA9C2B6}

2011-10-10 13:28:55 -------- d-----w- C:\Users\Roland\AppData\Local\{2BB92A6C-862B-4881-B80F-E4B3AFF7554D}

2011-10-10 13:28:41 -------- d-----w- C:\Users\Roland\AppData\Local\{18AE0EA8-0830-42A3-BF25-EFED3C46BAF4}

2011-10-09 23:25:45 -------- d-----w- C:\Users\Roland\AppData\Local\{2F0EB1D1-37ED-47AF-BC9A-B1BBF1CD176D}

2011-10-09 23:21:05 -------- d-----w- C:\Users\Roland\AppData\Local\{49E5965C-152B-4A39-A41B-419A6918B9E9}

2011-10-09 23:20:38 -------- d-----w- C:\Users\Roland\AppData\Local\{5A2815B1-178C-4914-864D-C6D17059B3A6}

2011-10-09 23:19:30 -------- d-----w- C:\ProgramData\NVIDIA Corporation

2011-10-09 13:28:35 -------- d-----w- C:\Users\Roland\AppData\Local\{CE9BDFAE-095D-4F41-A5D4-BE9B76D75AC9}

2011-10-09 06:15:57 -------- d-----w- C:\Users\Roland\AppData\Roaming\ZKgZhwUeI

2011-10-09 06:14:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\s5Q7KgZhXjetyuo

2011-10-09 06:13:58 -------- d-----w- C:\Users\Roland\AppData\Roaming\HkVrlONtx0c1b3n

2011-10-09 05:38:37 -------- d-----w- C:\Users\Roland\AppData\Roaming\bJ89wlzAS3adRTU

2011-10-09 05:37:58 -------- d-----w- C:\Users\Roland\AppData\Roaming\mETB136hkxb5W9Y

2011-10-09 05:36:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\lONxAv2iFp5Q6W7

2011-10-09 05:35:58 -------- d-----w- C:\Users\Roland\AppData\Roaming\Z9xpKYtDsqOi6Tr

2011-10-09 05:34:58 -------- d-----w- C:\Users\Roland\AppData\Roaming\xcbQZCybQRCN2aK

2011-10-09 05:33:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\oDFH78YePA24sdf

2011-10-09 05:32:41 -------- d-----w- C:\Users\Roland\AppData\Roaming\oOisZIup6RwrvmW

2011-10-09 05:31:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\uCeekIVrzONx

2011-10-09 05:30:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\SeeelBtzPNyAu

2011-10-09 05:29:51 -------- d-----w- C:\Users\Roland\AppData\Roaming\eEkcmgevQYPFEUx

2011-10-09 05:28:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\wn4QsKfLgZYwI

2011-10-09 05:27:58 -------- d-----w- C:\Users\Roland\AppData\Roaming\EZ9hXjVlBz

2011-10-09 05:26:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\vbaRYruDWql1s

2011-10-09 05:25:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\SaaaQQH6sWK7ELg

2011-10-09 05:24:55 -------- d-----w- C:\Users\Roland\AppData\Roaming\meIzNx0viFpGaHd

2011-10-09 05:23:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\afZkx1FsLhePiFQ

2011-10-09 05:22:29 -------- d-----w- C:\Users\Roland\AppData\Roaming\gUlBzNyAu2b

2011-10-09 05:21:56 -------- d-----w- C:\Users\Roland\AppData\Roaming\vkNvpHfXCVNuD46

2011-10-09 05:21:56 -------- d-----w- C:\Users\Roland\AppData\Roaming\UvFGHKLXCVN0ipa

2011-10-09 05:21:56 -------- d-----w- C:\Users\Roland\AppData\Roaming\UiGd9Yz0Da7Tkt2

2011-10-09 05:21:56 -------- d-----w- C:\Users\Roland\AppData\Roaming\DkySn6RqIx2Gs9Y

2011-10-09 05:21:52 -------- d-----w- C:\Users\Roland\AppData\Roaming\TrtcbnmWEThYwUr

2011-10-09 05:21:48 -------- d-----w- C:\Users\Roland\AppData\Roaming\HoFm5Q7EgZhXje

2011-10-09 05:21:06 -------- d-----w- C:\Users\Roland\AppData\Roaming\NpppmGG5sQJ6EKf

2011-10-09 05:21:05 -------- d-----w- C:\Users\Roland\AppData\Roaming\HRRZZ99hYXwUVlI

2011-10-09 05:21:04 -------- d-----w- C:\Users\Roland\AppData\Roaming\Z8ggTTZqh

2011-10-09 05:21:03 -------- d-----w- C:\Users\Roland\AppData\Roaming\D99ggTZZqjYwkV

2011-10-09 05:21:01 -------- d-----w- C:\Users\Roland\AppData\Roaming\mBBttzPPNyA1uD2

2011-10-09 05:21:00 -------- d-----w- C:\Users\Roland\AppData\Roaming\eOOOBBtzP0y

2011-10-09 05:19:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\x6KRgqCIzxu

2011-10-09 05:19:58 -------- d-----w- C:\Users\Roland\AppData\Roaming\mu2Fp5Jd8Z

2011-10-09 05:07:57 -------- d-----w- C:\Users\Roland\AppData\Roaming\xv2oobF33pG

2011-10-09 05:06:56 -------- d-----w- C:\Users\Roland\AppData\Roaming\FKgCzuDaKgwO

2011-10-09 05:05:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\zJ77ddEK8gRZhYw

2011-10-09 05:04:30 -------- d-----w- C:\Users\Roland\AppData\Roaming\wRyQeoZNQCiRNaw

2011-10-09 05:04:29 -------- d-----w- C:\Users\Roland\AppData\Roaming\hP5UDfz5q

2011-10-09 05:04:28 -------- d-----w- C:\Users\Roland\AppData\Roaming\wJqOvsRVNbQZCAp

2011-10-09 05:04:26 -------- d-----w- C:\Users\Roland\AppData\Roaming\wKgCVNcoH7

2011-10-09 05:04:23 -------- d-----w- C:\Users\Roland\AppData\Roaming\Z57ghjlzc

2011-10-09 05:04:22 -------- d-----w- C:\Users\Roland\AppData\Roaming\ZHsJdKgZh

2011-10-09 05:04:14 -------- d-----w- C:\Users\Roland\AppData\Roaming\ZRRL9TqCkVzNtA0

2011-10-09 05:04:13 -------- d-----w- C:\Users\Roland\AppData\Roaming\W111ivvD3on4aHW

2011-10-09 05:04:00 -------- d-----w- C:\Users\Roland\AppData\Roaming\A333pnnG5aQ6dK7

2011-10-09 05:02:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\koF4asJE8RqXkeO

2011-10-09 05:01:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\VWKK77fEL9gTqjC

2011-10-09 05:00:33 -------- d-----w- C:\Users\Roland\AppData\Roaming\ksQQJ7dEK8gR9hX

2011-10-09 04:59:57 -------- d-----w- C:\Users\Roland\AppData\Roaming\WttxAuSiDpGQ6W7

2011-10-09 04:58:48 -------- d-----w- C:\Users\Roland\AppData\Roaming\GmGG5aaQJdWK8R9

2011-10-09 04:57:57 -------- d-----w- C:\Users\Roland\AppData\Roaming\mPiGsLYrPiFsLYe

2011-10-09 04:56:56 -------- d-----w- C:\Users\Roland\AppData\Roaming\NB14dhexFJLCyp

2011-10-09 04:55:52 -------- d-----w- C:\Users\Roland\AppData\Roaming\sDErDEe2El2El2

2011-10-09 04:55:48 -------- d-----w- C:\Users\Roland\AppData\Roaming\HSoFp5Q6W8RhXjC

2011-10-09 04:55:46 -------- d-----w- C:\Users\Roland\AppData\Roaming\WOOOBBtzP0ycv2n

2011-10-09 04:55:46 -------- d-----w- C:\Users\Roland\AppData\Roaming\seellOBBtz0ycv2

2011-10-09 04:55:38 -------- d-----w- C:\Users\Roland\AppData\Roaming\F22b4m5Q6E8ZhXj

2011-10-09 04:55:37 -------- d-----w- C:\Users\Roland\AppData\Roaming\YvvDD2oonF4mHsQ

2011-10-09 04:55:26 -------- d-----w- C:\Users\Roland\AppData\Roaming\eiomWETYUOPSDF5

2011-10-09 04:55:22 -------- d-----w- C:\Users\Roland\AppData\Roaming\RWqryoWRV0258jz

2011-10-09 04:53:59 -------- d-----w- C:\Users\Roland\AppData\Roaming\kFm5JdLgZYkeBPc

2011-10-09 03:48:13 -------- d-----we C:\Windows\system64

2011-10-08 21:01:46 -------- d-----w- C:\Users\Roland\AppData\Local\{98C12473-698B-430E-A252-2623BA14ABEB}

2011-10-08 21:01:30 -------- d-----w- C:\Users\Roland\AppData\Local\{76815F18-7392-45A5-8541-25B663C117A8}

2011-10-08 14:17:02 -------- d-----w- C:\Users\Roland\AppData\Local\{8D480536-9254-44E3-8065-538E6E554974}

2011-10-07 13:27:14 -------- d-----w- C:\Users\Roland\AppData\Local\{3249D2F8-D899-47AF-AD0A-8988CBD5B992}

2011-10-07 13:27:03 -------- d-----w- C:\Users\Roland\AppData\Local\{B2187755-7545-4793-9D37-7AAE10EC995F}

2011-10-06 16:09:04 -------- d-----w- C:\Users\Roland\AppData\Local\{E7A00E56-5801-4165-A06B-912E3302702B}

2011-10-06 16:08:37 -------- d-----w- C:\Users\Roland\AppData\Local\{89F0D3B8-034B-4324-8539-20ADDCC03D4B}

2011-10-06 13:14:41 -------- d-----w- C:\Users\Roland\AppData\Local\{360F269F-4137-4703-BFD1-14908A654D1E}

2011-10-06 13:14:30 -------- d-----w- C:\Users\Roland\AppData\Local\{63BA72DE-886B-405F-9BD2-964FA087EEE4}

2011-10-06 07:22:16 -------- d-----w- C:\Program Files\Paint.NET

2011-10-05 13:49:30 -------- d-----w- C:\Users\Roland\AppData\Local\{FA6C8180-5C45-4823-AF3E-966B0F4F21E5}

2011-10-05 13:49:19 -------- d-----w- C:\Users\Roland\AppData\Local\{11A33892-E832-40B4-8D4E-AA8839EC5FAF}

2011-10-04 10:15:54 -------- d-----w- C:\Users\Roland\AppData\Local\{81C8DD39-BD67-4D18-96B7-0D0C9CA8A916}

2011-10-04 10:15:39 -------- d-----w- C:\Users\Roland\AppData\Local\{3BE27911-D185-415B-8C46-97F280E5FC76}

2011-10-04 05:35:00 -------- d-----w- C:\Users\Roland\AppData\Local\Rockstar Games

2011-10-04 04:21:44 -------- d-----w- C:\Program Files (x86)\Rockstar Games

2011-10-04 03:56:43 -------- d-sh--w- C:\ProgramData\SecuROM

2011-10-03 14:06:53 -------- d-----w- C:\Users\Roland\AppData\Local\{2FE7F5F3-C47F-4F4D-988A-CA74C37D0470}

2011-10-03 14:06:41 -------- d-----w- C:\Users\Roland\AppData\Local\{77472460-DB09-4432-A938-8DA4D579B811}

2011-10-02 10:15:38 -------- d-----w- C:\Users\Roland\AppData\Local\{6AE7DDA7-F6C0-4D0C-838C-B56CA26407FA}

2011-10-02 10:15:27 -------- d-----w- C:\Users\Roland\AppData\Local\{262AD126-9A20-4305-B8C4-8BD096799DB0}

2011-10-01 20:13:27 -------- d-----w- C:\Users\Roland\AppData\Local\{16436249-52D6-47F2-9EC7-211483761F67}

2011-10-01 20:13:11 -------- d-----w- C:\Users\Roland\AppData\Local\{2556CA5B-9CC1-4B4F-ACC5-041A8200ECBC}

2011-10-01 05:40:41 -------- d-----w- C:\Users\Roland\AppData\Local\{1E1F1C9E-DB25-453B-A6B0-1D6E7C0FCB50}

2011-10-01 05:40:29 -------- d-----w- C:\Users\Roland\AppData\Local\{F5C30383-F08E-472F-BA4C-6CCDCFDA57DD}

2011-09-30 14:02:04 -------- d-----w- C:\Users\Roland\AppData\Roaming\GarenaPlus

2011-09-30 11:01:13 -------- d-----w- C:\Users\Roland\AppData\Local\{4D5BB985-DB2B-443E-90A7-D6284C8657D6}

2011-09-30 11:00:58 -------- d-----w- C:\Users\Roland\AppData\Local\{717FF133-1CE0-4C74-B656-609922ECE052}

2011-09-30 04:19:10 -------- d-----w- C:\Users\Roland\AppData\Local\{6E70EB53-7C28-47D1-ACDC-BD05704F91CA}

2011-09-30 04:18:47 -------- d-----w- C:\Users\Roland\AppData\Local\{DEC3BD6A-574E-4759-924C-ADB7E983647F}

2011-09-30 03:08:36 -------- d-----w- C:\Users\Roland\AppData\Local\{11B6DC41-5A7F-4375-A02A-AB8B61DF2C28}

2011-09-30 03:08:22 -------- d-----w- C:\Users\Roland\AppData\Local\{24EAB0F4-926B-4935-A749-36787F86FBD5}

2011-09-30 02:58:54 -------- d-----w- C:\Users\Roland\AppData\Local\{408C8FD7-999C-4816-885B-9D9ED443E01A}

2011-09-30 02:58:38 -------- d-----w- C:\Users\Roland\AppData\Local\{A6C07777-F206-4B70-92D6-B892D633C938}

2011-09-30 02:49:24 -------- d-----w- C:\Users\Roland\AppData\Local\{58A2E897-B735-486F-9B65-E9E5CEDF542A}

2011-09-30 02:49:10 -------- d-----w- C:\Users\Roland\AppData\Local\{D37C3217-ADA1-4A85-94E8-E5E0FA37A134}

2011-09-29 22:12:14 -------- d-----w- C:\Users\Roland\AppData\Local\{22F549EA-D65A-43B3-BDFA-F189D9516543}

2011-09-29 12:28:07 -------- d-----w- C:\Users\Roland\AppData\Local\{79D295CD-768C-4738-A81E-5316FE291D06}

2011-09-29 12:27:52 -------- d-----w- C:\Users\Roland\AppData\Local\{CAE255A7-5AD6-40EE-9CF0-7C94907D4F6D}

.

==================== Find3M ====================

.

2011-10-29 01:07:55 30528 ----a-w- C:\Windows\GVTDrv64.sys

2011-10-29 01:07:39 25640 ----a-w- C:\Windows\gdrv.sys

2011-10-01 06:15:08 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-09-08 03:27:52 0 ----a-w- C:\Windows\DXT8511.tmp

2011-09-08 03:27:52 0 ----a-w- C:\Windows\DXT84B2.tmp

2011-09-08 03:27:52 0 ----a-w- C:\Windows\DXT82ED.tmp

2011-07-31 02:31:06 215128 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr

2011-07-31 02:31:06 215128 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe

2011-07-31 02:31:06 215128 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0

.

============= FINISH: 22:03:02.76 ===============

should i provide the attach log from dds too?

ET_log.txt

[Rolandz]

is anyone able to help me i have tried everything even resetting router ill post the attach log if any available experts or vets can help me if they have time that would be great

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume1

Install Date: 1/29/2011 4:36:21 PM

System Uptime: 10/28/2011 9:06:53 PM (1 hours ago)

.

Motherboard: Gigabyte Technology Co., Ltd. | | X58-USB3

Processor: Intel® Core i7 CPU 920 @ 2.67GHz | Socket 1366 | 2661/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 932 GiB total, 222.838 GiB free.

D: is CDROM ()

F: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP1479: 10/15/2011 11:01:22 AM - Automatic creation

RP1485: 10/16/2011 10:28:23 AM - Automatic creation

RP1497: 10/17/2011 11:23:49 AM - Automatic creation

RP1508: 10/18/2011 12:35:31 PM - Automatic creation

RP1516: 10/19/2011 12:14:42 PM - Automatic creation

RP1522: 10/20/2011 8:10:05 AM - Automatic creation

RP1528: 10/21/2011 7:58:26 AM - Automatic creation

RP1534: 10/22/2011 3:20:09 AM - Automatic creation

RP1540: 10/23/2011 7:36:18 PM - Automatic creation

RP1548: 10/24/2011 2:54:36 PM - Automatic creation

RP1554: 10/25/2011 2:22:44 PM - Automatic creation

RP1556: 10/25/2011 8:53:24 PM - Automatic creation

RP1560: 10/27/2011 12:14:56 PM - Automatic creation

RP1567: 10/28/2011 2:57:32 PM - Automatic creation

RP1569: 10/28/2011 9:37:37 PM - Automatic creation

.

==== Installed Programs ======================

.

@BIOS Ver.2.06

3DS Max DDS Plug-In

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader X (10.1.1)

Adobe Shockwave Player 11.5

AIM 7

Akamai NetSession Interface

Alien Breed 2: Assault

Apple Application Support

Apple Software Update

Autodesk 3ds Max 8

Autodesk 3ds Max 8 Additional Maps and Materials

Autodesk 3ds Max 8 Reference Files

Autodesk Backburner 2012.0.0

Autodesk Crosswalk 2011.5

Autodesk Material Library 2012

Autodesk Material Library Base Resolution Image Library 2012

Autodesk Material Library Medium Resolution Image Library 2012

Autodesk Softimage Mod Tool 7.5

AutoGreen B09.1014.2

Battlefield: Bad Company 2

Bioshock Demo

BLAZBLUE -CALAMITY TRIGGER-

Blender (remove only)

Borderlands

Browser Configuration Utility

Cellfactor Revolution

Corel Painter Essentials 4

Counter-Strike: Source

Counter-Strike: Source Beta

Craft Director Studio

Crazybump (remove only)

D3DX10

DAEMON Tools Lite

Dassault Systemes 3DVIA Printscreen

DDS Thumbnail Viewer

Dead Rising 2

Dead Space™

Definition update for Microsoft Office 2010 (KB982726)

DES 2.0

Deus Ex Demo

Devil May Cry 3 Special Edition

Dogfighter Demo

Download Updater (AOL LLC)

Dual-Core Optimizer

Duke Nukem Forever

Easy Tune 6 B10.0420.1

ESET Online Scanner v3

Fallout 3

Fraps (remove only)

Garena Plus

Garry's Mod

Gears of War

GIMP 2.6.11

Grand Theft Auto IV

Half-Life 2: Episode Two

Hitman: Blood Money

HxD Hex Editor version 1.7.7.0

Java Auto Updater

Java 6 Update 22

Killing Floor

Killing Floor SDK

Lara Croft and the Guardian of Light

Left 4 Dead 2

Left 4 Dead 2 Add-on Support

Left 4 Dead 2 Authoring Tools

Left 4 Dead 2 Standalone Patch™

Linux MultiMedia Studio (LMMS)

LOST PLANET 2

Magicka

Malwarebytes' Anti-Malware version 1.51.2.1300

Marmoset Toolbag 1.02

MediaCoder x64 2011-RC2 RC2

Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170)

Microsoft Games for Windows - LIVE

Microsoft Games for Windows - LIVE Redistributable

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

Microsoft XNA Framework Redistributable 3.0

Microsoft XNA Framework Redistributable 3.1

Moonbase Alpha

Mozilla Firefox 7.0.1 (x86 en-US)

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

NEC Electronics USB 3.0 Host Controller Driver

Norton Security Scan

Notepad++

NVIDIA 3D Vision Controller Driver

NVIDIA Cg Toolkit 3.0 February 2011

NVIDIA FX Composer 2.5 Shader Debugger plugin

NVIDIA PhysX

Oblivion

Oblivion mod manager 1.1.12

OblivionOnline

ON_OFF Charge B10.0422.2

OpenAL

OpenOffice.org 3.3

Pando Media Booster

Portal 2

Portal 2 Authoring Tools - Beta

PunkBuster Services

Python 2.4.4

QuickTime

RAGE

Rappelz_US

Realtek Ethernet Controller Driver For Windows 7

Realtek High Definition Audio Driver

Red Faction: Guerrilla

resident evil 4

REVOLUTiON CSM SourceSDK with Service Pack 3

Rockstar Games Social Club

Safari

Sculptris Alpha 6

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

SILENT HILL 4

Skype™ 5.3

Smart 6 B10.0422.1

SOFTIMAGE CROSSWALK 3.11

SOFTIMAGE XSI 6.01 Mod Tool

Source SDK Base 2006

Source SDK Base 2007

Spiral Knights

Star Wars: The Force Unleashed

StudioCompiler v0.4A

Super Street Fighter IV: Arcade Edition

System Requirements Lab

TeamViewer 6

Thumbplug TGA

UE3Redist

Unigine Sanctuary Demo v2.3

Unigine Tropics Demo v1.3

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft Office 2010 (KB2494150)

Veoh Giraffic Video Accelerator

VLC media player 1.1.5

Warhammer® 40,000®: Dawn of War® II – Retribution™

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Messenger

Windows Live Photo Common

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

World of Tanks v.0.6.5

Worms Reloaded Demo

x264vfw - H.264/MPEG-4 AVC codec (remove only)

x264vfw - H.264/MPEG-4 AVC codec for x64 (remove only)

xNormal 3.17.4

ZBrush 4

.

==== Event Viewer Messages From Past Week ========

.

10/28/2011 9:54:19 PM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.

10/28/2011 9:07:08 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\SystemRoot\System32\Config\SOFTWARE' was corrupted and it has been recovered. Some data might have been lost.

10/28/2011 2:29:30 PM, Error: Service Control Manager [7001] - The MBAMService service depends on the MBAMProtector service which failed to start because of the following error: The system cannot find the file specified.

10/28/2011 2:29:30 PM, Error: Service Control Manager [7000] - The MBAMProtector service failed to start due to the following error: The system cannot find the file specified.

10/25/2011 8:25:18 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

10/25/2011 8:25:18 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

10/25/2011 8:25:06 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

10/25/2011 8:24:53 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

10/25/2011 8:24:47 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

10/25/2011 8:24:47 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473536.

10/25/2011 3:46:52 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffffa80047ff7a7, 0x0000000000000000, 0x0000000077550000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 102511-64615-01.

10/25/2011 11:45:14 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the TeamViewer 6 service to connect.

10/25/2011 11:45:14 AM, Error: Service Control Manager [7000] - The TeamViewer 6 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

10/24/2011 4:16:54 AM, Error: Service Control Manager [7023] - The Superfetch service terminated with the following error: The authentication service is unknown.

10/24/2011 2:14:20 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.

10/24/2011 2:10:38 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{783fc25a-2beb-11e0-9f7c-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{23591129-B7F5-4669-A630-6B5B9AFBF512}' was corrupted and it has been recovered. Some data might have been lost.

10/24/2011 2:08:55 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{783fc25a-2beb-11e0-9f7c-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{28F5FACD-5970-43E4-ACBE-E98334823AE8}' was corrupted and it has been recovered. Some data might have been lost.

10/24/2011 2:08:40 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy20.

10/24/2011 2:08:10 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{783fc25a-2beb-11e0-9f7c-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{AFB76FD3-CAC2-4DF7-B6E2-6F7DA85509B6}' was corrupted and it has been recovered. Some data might have been lost.

10/24/2011 2:01:49 PM, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}. The error: "5" Happened while starting this command: C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

10/24/2011 2:00:04 PM, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}. The error: "5" Happened while starting this command: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding

10/24/2011 11:52:53 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{783fc25a-2beb-11e0-9f7c-806e6f6e6963}\System Volume Information\SystemRestore\New-software' was corrupted and it has been recovered. Some data might have been lost.

10/24/2011 11:45:31 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

10/24/2011 11:44:49 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

10/24/2011 11:44:48 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

10/24/2011 11:44:43 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

10/24/2011 11:44:34 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

10/24/2011 11:44:15 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AppleCharger discache spldr Wanarpv6

10/24/2011 11:44:15 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

10/24/2011 11:44:11 AM, Error: Service Control Manager [7001] - The Windows Firewall service depends on the Windows Firewall Authorization Driver service which failed to start because of the following error: Cannot create a file when that file already exists.

10/24/2011 11:44:11 AM, Error: Service Control Manager [7000] - The Windows Firewall Authorization Driver service failed to start due to the following error: Cannot create a file when that file already exists.

10/23/2011 5:54:15 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy3.

10/23/2011 5:53:44 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{783fc25a-2beb-11e0-9f7c-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{2990BA32-50D8-425C-9297-DFD208C51F1C}' was corrupted and it has been recovered. Some data might have been lost.

10/23/2011 5:49:46 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{783fc25a-2beb-11e0-9f7c-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{D78167F6-3CC0-41BC-879F-C1B903C747EC}' was corrupted and it has been recovered. Some data might have been lost.

10/23/2011 5:49:32 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{783fc25a-2beb-11e0-9f7c-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{99BD0D92-5201-4E31-BDA1-89E0658B26BE}' was corrupted and it has been recovered. Some data might have been lost.

10/23/2011 5:49:14 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{783fc25a-2beb-11e0-9f7c-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{22E38E18-8B74-467B-88E6-D00326F11CB0}' was corrupted and it has been recovered. Some data might have been lost.

10/23/2011 5:48:04 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{783fc25a-2beb-11e0-9f7c-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{7F24ECE1-FC81-4FE0-9A3C-AFBCED0A9D09}' was corrupted and it has been recovered. Some data might have been lost.

10/23/2011 5:47:52 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy22.

10/23/2011 5:47:41 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{783fc25a-2beb-11e0-9f7c-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{84F51816-E4D9-4387-8252-AB68EF33B920}' was corrupted and it has been recovered. Some data might have been lost.

10/23/2011 5:47:19 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{783fc25a-2beb-11e0-9f7c-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{660CC457-2A91-4C5B-8601-55749452C3AA}' was corrupted and it has been recovered. Some data might have been lost.

10/23/2011 5:46:49 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{783fc25a-2beb-11e0-9f7c-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{7A4EA918-FA46-40C8-A39B-904FE9B78ADA}' was corrupted and it has been recovered. Some data might have been lost.

10/23/2011 5:45:43 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{783fc25a-2beb-11e0-9f7c-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{D36A48BE-BF54-4C76-A011-003619EF5EE1}' was corrupted and it has been recovered. Some data might have been lost.

10/23/2011 5:44:28 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{783fc25a-2beb-11e0-9f7c-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{1BC851A0-6022-4F66-9F42-7D56EC016685}' was corrupted and it has been recovered. Some data might have been lost.

10/21/2011 4:31:33 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{783fc25a-2beb-11e0-9f7c-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{49947332-C388-437A-9C4A-2D44128C3BB8}' was corrupted and it has been recovered. Some data might have been lost.

10/21/2011 4:27:34 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{783fc25a-2beb-11e0-9f7c-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{E24B685C-6970-49A2-AD76-15CA4E52A814}' was corrupted and it has been recovered. Some data might have been lost.

10/21/2011 4:27:22 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{783fc25a-2beb-11e0-9f7c-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{8C2AFEE9-6D19-4059-A748-EB3F8FC96A53}' was corrupted and it has been recovered. Some data might have been lost.

10/21/2011 4:27:05 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy5.

10/21/2011 4:27:03 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{783fc25a-2beb-11e0-9f7c-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{8E6F038E-778E-4FD4-9309-13D8F50FFA0C}' was corrupted and it has been recovered. Some data might have been lost.

10/21/2011 4:23:09 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{783fc25a-2beb-11e0-9f7c-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{AD9964EC-C84C-44F7-AED8-E2F4DA9E4A47}' was corrupted and it has been recovered. Some data might have been lost.

10/21/2011 4:22:57 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{783fc25a-2beb-11e0-9f7c-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{F49089B7-3B71-4D75-A3E3-809D8145EA0E}' was corrupted and it has been recovered. Some data might have been lost.

10/21/2011 4:22:40 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{783fc25a-2beb-11e0-9f7c-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{D93DD280-44E2-46FE-8522-1492F860A6D4}' was corrupted and it has been recovered. Some data might have been lost.

10/21/2011 4:21:35 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{783fc25a-2beb-11e0-9f7c-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{089355FA-1CB8-4C24-B2FA-9F2B6F8F01C6}' was corrupted and it has been recovered. Some data might have been lost.

10/21/2011 4:21:23 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy24.

10/21/2011 4:21:13 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{783fc25a-2beb-11e0-9f7c-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{612C5292-4D97-498B-B72F-20E7B3BEAA12}' was corrupted and it has been recovered. Some data might have been lost.

10/21/2011 4:20:55 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{783fc25a-2beb-11e0-9f7c-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{20A63B09-B3B6-4602-AB87-6E918A32C6D5}' was corrupted and it has been recovered. Some data might have been lost.

10/21/2011 4:20:27 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{783fc25a-2beb-11e0-9f7c-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{1E972ED4-2FE7-437F-B9A6-881B81CF0FC1}' was corrupted and it has been recovered. Some data might have been lost.

10/21/2011 4:19:26 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{783fc25a-2beb-11e0-9f7c-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{90F041D2-F423-4F69-B793-4D1995466595}' was corrupted and it has been recovered. Some data might have been lost.

.

==== End Of File ===========================

[Rolandz]

sorry to bump again but can anyone help me

ill sum up the problem

its a google redirect that i get on iexplorer and firefox tdss killer spybot malwarebytes kapersky and mcafee is unable to remove it and i believe my svc might be a bit higher than usual. yesterday a friend suggested i uninstall iexplorer and run spybot so that stopped the iexplorer processes but i think i may still have it if i turn it back on spybot only found cookies

[screen317]

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

• When the tool is finished, it will produce a report for you.
  
• Please post the contents of C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

[Rolandz]

aye thank you

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8081

Windows 6.1.7600

Internet Explorer 9.0.8112.16421

11/7/2011 12:22:31 AM

mbam-log-2011-11-07 (00-22-31).txt

Scan type: Quick scan

Objects scanned: 243381

Time elapsed: 8 minute(s), 25 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

----------end---------------

ComboFix 11-11-07.02 - Roland 11/07/2011 0:38.1.8 - x64

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4094.2433 [GMT -5:00]

Running from: c:\users\Roland\Desktop\ComboFix.exe

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\install.exe

c:\program files (x86)\Internet Explorer\30C0.tmp

c:\program files (x86)\Internet Explorer\618F.tmp

c:\program files (x86)\Internet Explorer\7047.tmp

c:\program files (x86)\Internet Explorer\B2CA.tmp

c:\program files (x86)\Internet Explorer\C199.tmp

c:\program files (x86)\Internet Explorer\E2E6.tmp

c:\program files (x86)\Internet Explorer\EB28.tmp

c:\program files (x86)\Internet Explorer\ED98.tmp

c:\users\Parker.Roland714\AppData\Local\ffb55fff\U

c:\users\Parker.Roland714\AppData\Local\ffb55fff\U\80000000.@

c:\users\Parker.Roland714\AppData\Local\ffb55fff\U\800000cb.@

c:\users\Parker.Roland714\AppData\Local\Microsoft\Windows\Temporary Internet Files\BrdfFromTextures.zip

c:\users\Parker.Roland714\AppData\Local\Microsoft\Windows\Temporary Internet Files\BumpyGlossyMetal.zip

c:\users\Parker.Roland714\AppData\Local\Microsoft\Windows\Temporary Internet Files\carpaint_texColor.zip

c:\users\Parker.Roland714\AppData\Local\Microsoft\Windows\Temporary Internet Files\EdgeFuzz.zip

c:\users\Parker.Roland714\AppData\Local\Microsoft\Windows\Temporary Internet Files\Grisaille.zip

c:\users\Parker.Roland714\AppData\Local\Microsoft\Windows\Temporary Internet Files\lambSkin.zip

c:\users\Parker.Roland714\AppData\Local\Microsoft\Windows\Temporary Internet Files\metalD.zip

c:\users\Parker.Roland714\AppData\Local\Microsoft\Windows\Temporary Internet Files\reflections.zip

c:\users\Parker.Roland714\AppData\Local\Microsoft\Windows\Temporary Internet Files\scene_uvds_skin.cgfx.zip

c:\users\Parker.Roland714\AppData\Local\Microsoft\Windows\Temporary Internet Files\subcutaneous.zip

c:\users\Parker.Roland714\AppData\Local\Microsoft\Windows\Temporary Internet Files\vbomb.zip

c:\users\Parker.Roland714\AppData\Roaming\Mozilla\Firefox\Profiles\4en49548.default\extensions\{8472617a-6155-40ac-bffa-119e96323035}

c:\users\Parker.Roland714\AppData\Roaming\Mozilla\Firefox\Profiles\4en49548.default\extensions\{8472617a-6155-40ac-bffa-119e96323035}\chrome\xulcache.jar

c:\users\Parker.Roland714\AppData\Roaming\Mozilla\Firefox\Profiles\4en49548.default\extensions\{8472617a-6155-40ac-bffa-119e96323035}\defaults\preferences\xulcache.js

c:\users\Parker.Roland714\AppData\Roaming\Mozilla\Firefox\Profiles\4en49548.default\extensions\{8472617a-6155-40ac-bffa-119e96323035}\install.rdf

c:\users\Parker.Roland714\AppData\Roaming\Roaming

c:\users\Parker.Roland714\AppData\Roaming\Roaming\Quest3D\ShipSimExtreme\channels.lst

c:\users\Parker.Roland714\DATA308.BIN

c:\users\Roland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Guard Online

c:\users\Roland\AppData\Roaming\Mozilla\Firefox\Profiles\onhgmeao.default\extensions\{8472617a-6155-40ac-bffa-119e96323035}

c:\users\Roland\AppData\Roaming\Mozilla\Firefox\Profiles\onhgmeao.default\extensions\{8472617a-6155-40ac-bffa-119e96323035}\chrome\xulcache.jar

c:\users\Roland\AppData\Roaming\Mozilla\Firefox\Profiles\onhgmeao.default\extensions\{8472617a-6155-40ac-bffa-119e96323035}\defaults\preferences\xulcache.js

c:\users\Roland\AppData\Roaming\Mozilla\Firefox\Profiles\onhgmeao.default\extensions\{8472617a-6155-40ac-bffa-119e96323035}\install.rdf

c:\windows\assembly\tmp\U

.

.

((((((((((((((((((((((((( Files Created from 2011-10-07 to 2011-11-07 )))))))))))))))))))))))))))))))

.

.

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-07 06:37 . 2011-01-30 01:34 30528 ----a-w- c:\windows\GVTDrv64.sys

2011-11-07 06:37 . 2011-01-30 01:34 25640 ----a-w- c:\windows\gdrv.sys

2011-10-01 06:15 . 2011-05-30 15:54 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-09-08 03:27 . 2011-09-08 03:27 0 ----a-w- c:\windows\DXT8511.tmp

2011-09-08 03:27 . 2011-09-08 03:27 0 ----a-w- c:\windows\DXT84B2.tmp

2011-09-08 03:27 . 2011-09-08 03:27 0 ----a-w- c:\windows\DXT82ED.tmp

2011-08-16 12:48 . 2011-09-06 13:26 8862544 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D1E5DF95-0E45-4CD4-A224-1E0E5572AFF6}\mpengine.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-17 221184]

"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]

"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-06-15 15141768]

"Akamai NetSession Interface"="c:\users\Roland\AppData\Local\Akamai\netsession_win.exe" [2011-11-05 3293784]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-15 375000]

"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-11-20 106496]

"EasyTuneVI"="c:\program files (x86)\GIGABYTE\ET6\ETcall.exe" [2007-07-26 20480]

"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]

"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-08-19 421736]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R1 ksleovbm;ksleovbm;c:\windows\system32\drivers\ksleovbm.sys [x]

R1 zjlxuskj;zjlxuskj;c:\windows\system32\drivers\zjlxuskj.sys [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]

R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [x]

R3 dump_wmimmc;dump_wmimmc;c:\gpotato\Rappelz\GameGuard\dump_wmimmc.sys [x]

R3 etdrv;etdrv;c:\windows\etdrv.sys [2011-05-19 25640]

R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-04-19 1431888]

R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena Plus\Room\safedrv.sys [x]

R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2011-11-07 30528]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [x]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]

S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-15 223464]

S2 DES2 Service;DES2 Service for Energy Saving.;c:\program files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [2009-06-18 68136]

S2 Giraffic;Veoh Giraffic Video Accelerator;c:\program files (x86)\Giraffic\Veoh_GirafficWatchdog.exe [2011-09-19 2221200]

S2 mi-raysat_3dsMax2009_64;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 64-bit 64-bit;c:\program files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe [2010-06-16 86016]

S2 mi-raysat_3dsmax2012_64;mental ray 3.9 Satellite for Autodesk 3ds Max 2012 64-bit - English 64-bit;c:\program files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [2011-02-23 86016]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]

S2 Smart TimeLock;Smart TimeLock Service;c:\program files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [2009-10-14 114688]

S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-01-27 2253688]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

Akamai REG_MULTI_SZ Akamai

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c1e9955f-2c99-11e0-a1dc-1c6f653e891a}]

\shell\AutoRun\command - F:\OblivionLauncher.exe

.

Contents of the 'Scheduled Tasks' folder

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-26 10135584]

"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com/

IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 10.1.10.1

CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\shell32.dll

FF - ProfilePath - c:\users\Roland\AppData\Roaming\Mozilla\Firefox\Profiles\onhgmeao.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2653012&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2653012&SearchSource=13

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ytff-devicevm&type=IEBD&p=

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{cd90bf73-20f6-44ef-993d-bb920303bd2e} - (no file)

Wow6432Node-HKU-Default-Run-AppleUpdate - c:\users\Parker.Roland714\AppData\Local\Apple Computer\AppleUpdate\Appleupdt32.exe

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

WebBrowser-{CD90BF73-20F6-44EF-993D-BB920303BD2E} - (no file)

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

AddRemove-Blender - c:\program files (x86)\Blender Foundation\Blender\uninstall.exe

AddRemove-L4D2SP - c:\users\Roland\Downloads\Left 4 Dead 2 V2.0.2.7 Full-Rip {blaze69}\Uninstall SP.exe

AddRemove-NSS - c:\program files (x86)\Norton Security Scan\Engine\3.1.1.6\InstWrap.exe

AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_bc2.exe

AddRemove-SystemRequirementsLab - c:\program files (x86)\SystemRequirementsLab\Uninstall.exe

AddRemove-_{53A908D4-99C6-469B-BC13-F4189F260742} - c:\program files (x86)\Corel\Corel Painter Essentials 4\MSILauncher {53A908D4-99C6-469B-BC13-F4189F260742}

AddRemove-{EAD475E8-14E5-4854-8AF5-CE6B4024237C}_is1 - c:\gpotato\Rappelz\unins000.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]

"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_d71b4a3.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-2750241520-802747955-1049020851-1000\Software\SecuROM\License information*]

"datasecu"=hex:b7,c4,ae,7c,56,78,a7,c5,b8,b5,d3,a9,38,9f,3b,6a,7a,27,41,9e,52,

65,32,8c,4d,e9,94,44,dc,8b,5e,14,64,58,19,66,3e,7a,26,df,39,98,01,63,6b,4d,\

"rkeysecu"=hex:16,9c,be,ed,91,41,cb,0f,88,80,e3,87,20,f8,fa,08

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{47BF077C-44C6-42B1-8F88-ADE2585DD2ED}*]

@=hex:b1,5d,8e,62,5e,fa,cb,01

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{97A98033-9FA1-4E80-A339-59787B43CC89}*]

@=hex:f3,d4,a9,62,5e,fa,cb,01

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{A82EB336-567D-4F41-A63E-8113AD8B6903}*]

@=hex:ab,94,9c,5f,5e,fa,cb,01

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{C4B20040-7D5A-4558-9E19-B7DF94366F97}*]

@=hex:d5,9d,ba,62,5e,fa,cb,01

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe

c:\program files (x86)\Bonjour\mDNSResponder.exe

c:\program files (x86)\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe

c:\windows\SysWOW64\PnkBstrA.exe

c:\program files (x86)\Giraffic\Veoh_Giraffic.exe

c:\program files (x86)\GIGABYTE\Smart6\Timelock\AlarmClock.exe

.

**************************************************************************

.

Completion time: 2011-11-07 02:03:32 - machine was rebooted

ComboFix-quarantined-files.txt 2011-11-07 07:03

.

Pre-Run: 226,900,037,632 bytes free

Post-Run: 226,487,951,360 bytes free

.

- - End Of File - - 16A2FF411748EB9060C46EE543BC38B2

still getting redirects on goggle and svc still crazy it actually got worse

if i cant hear from you tonight my internet is going to be disconnected for a good while a week and a half the most !

[screen317]

Hi,

• Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  
• Execute the file TDSSKiller.exe by double-clicking on it.
  
• Wait for the scan and disinfection process to be over.
  
• When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Grab a fresh copy of ComboFix, run it, and post its log.

Post a fresh DDS log.

[Rolandz]

aye aye

ComboFix 11-11-15.06 - Roland 11/15/2011 21:46:31.2.8 - x64

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4094.2843 [GMT -5:00]

Running from: c:\users\Roland\Desktop\ComboFix.exe

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2011-10-16 to 2011-11-16 )))))))))))))))))))))))))))))))

.

.

2011-11-16 03:34 . 2011-11-16 03:34 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2011-11-16 03:34 . 2011-11-16 03:34 -------- d-----w- c:\users\Parker.Roland714\AppData\Local\temp

2011-11-16 03:34 . 2011-11-16 03:34 -------- d-----w- c:\users\Parker\AppData\Local\temp

2011-11-16 03:34 . 2011-11-16 03:34 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-11-13 05:13 . 2011-11-13 05:13 -------- d-----w- C:\Noesis

2011-11-07 08:56 . 2011-11-07 08:56 -------- d-----w- c:\programdata\3d-io

2011-11-07 08:56 . 2011-11-07 08:56 -------- d-----w- c:\program files (x86)\3d-io plugins

2011-11-04 00:40 . 2011-11-16 01:53 -------- d-----w- c:\users\Roland\AppData\Local\Akamai

2011-11-02 07:27 . 2011-11-02 07:27 -------- d-----w- c:\program files (x86)\ESET

2011-10-29 20:26 . 2011-10-29 21:05 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy

2011-10-29 20:26 . 2011-10-29 21:02 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2011-10-29 03:51 . 2011-10-29 03:51 -------- d-----w- c:\users\Roland\Smoke_Victory

2011-10-26 00:40 . 2011-10-26 00:40 -------- d-----w- c:\program files\CCleaner

2011-10-25 22:21 . 2011-10-26 05:17 -------- d-----w- c:\programdata\McAfee

2011-10-24 15:41 . 2011-10-24 15:41 -------- d-----w- c:\users\Roland\AppData\Roaming\A2b3n4HsKfLg

2011-10-24 15:41 . 2011-10-24 15:41 -------- d-----w- c:\users\Roland\AppData\Roaming\adWK7fRL9TqYeIr

2011-10-24 08:28 . 2011-10-24 08:28 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\Cp5JEg9YXUlzNAv

2011-10-24 08:27 . 2011-10-24 08:27 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\V7dEL8gRZhXkVlB

2011-10-24 08:13 . 2011-10-24 08:13 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\cuvDD2ob4pm5sJd

2011-10-24 08:12 . 2011-10-24 08:12 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\RJJJ6ddEK8fR9h

2011-10-24 08:12 . 2011-10-24 08:12 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\LCCCeekIBrzOyx0

2011-10-24 08:12 . 2011-10-24 08:12 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\DsssWJJ7fEL8TZh

2011-10-24 08:12 . 2011-10-24 08:12 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\CgggRZZ9hYXwUV

2011-10-24 08:11 . 2011-10-24 08:11 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\K9hhTTXqjUCeIBz

2011-10-24 08:11 . 2011-10-24 08:11 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\yEEL8gTZqhCwUr

2011-10-24 08:11 . 2011-10-24 08:11 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\l7dEEL8gZqhXwUe

2011-10-24 08:11 . 2011-10-24 08:11 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\QYCwwUUrlOBx0c

2011-10-24 08:11 . 2011-10-24 08:11 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\JIIBrzPNyx1uSoF

2011-10-24 08:11 . 2011-10-24 08:11 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\J1iivD3onF4aHsW

2011-10-24 08:11 . 2011-10-24 08:11 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\q1uvS2obFpGaJdK

2011-10-24 08:11 . 2011-10-24 08:11 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\EivD3onF4m

2011-10-24 08:11 . 2011-10-24 08:11 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\GobF3pmG5Q6W8R9

2011-10-24 08:11 . 2011-10-24 08:11 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\cD33onF4a

2011-10-24 08:11 . 2011-10-24 08:11 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\sZqjjCCwIVrONx

2011-10-24 08:09 . 2011-10-24 08:09 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\AUCekIBrz

2011-10-24 08:08 . 2011-10-24 08:08 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\FNttxxA0ucS2

2011-10-24 08:07 . 2011-10-24 08:07 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\SELL88gTZqhYCkV

2011-10-24 08:06 . 2011-10-24 08:06 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\CyyccA11uvDob4

2011-10-24 08:05 . 2011-10-24 08:05 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\CSSS2iibF3pn5aH

2011-10-24 08:04 . 2011-10-24 08:04 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\HyxAAuuS2ob3m5a

2011-10-24 08:03 . 2011-10-24 08:03 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\EG5aQH6dW7

2011-10-24 08:02 . 2011-10-24 08:02 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\WL9gTZqjYwIrOtP

2011-10-24 08:01 . 2011-10-24 08:01 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\VZ9hhXXjUeIr

2011-10-24 08:00 . 2011-10-24 08:00 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\IvvDD3oonF4m

2011-10-24 07:59 . 2011-10-24 07:59 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\mQQJJ6dK8f

2011-10-24 07:58 . 2011-10-24 07:58 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\YtxxAA0ucS2iD3n

2011-10-24 07:57 . 2011-10-24 07:57 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\cUUUCCelIBrzNyA

2011-10-24 07:56 . 2011-10-24 07:56 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\zGG44amHH6

2011-10-24 07:55 . 2011-10-24 07:55 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\OaQJJ6dW8f

2011-10-24 07:54 . 2011-10-24 07:54 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\Z9hYXwjUVlBz

2011-10-24 07:54 . 2011-10-24 07:54 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\ppnG5aQH6W7R9Tq

2011-10-24 07:54 . 2011-10-24 07:54 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\pmG5sQJ6d

2011-10-24 07:54 . 2011-10-24 07:54 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\JbD3pnG4aHsKfLg

2011-10-24 07:54 . 2011-10-24 07:54 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\CIBrzPNyx1v2b3m

2011-10-24 07:54 . 2011-10-24 07:54 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\eCwkUVrlOtPySiD

2011-10-24 07:54 . 2011-10-24 07:54 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\ThTXqjUCeIrOyAu

2011-10-24 07:54 . 2011-10-24 07:54 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\B0yycS1iv3on4

2011-10-24 07:54 . 2011-10-24 07:54 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\QzzPNyxA1uS

2011-10-24 07:54 . 2011-10-24 07:54 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\drrllOBBtxPyc1i

2011-10-24 07:54 . 2011-10-24 07:54 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\mffEL9gTZqYCk

2011-10-24 07:54 . 2011-10-24 07:54 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\j111uvvD2o

2011-10-24 07:54 . 2011-10-24 07:54 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\vgggRZZqhYXkUVl

2011-10-24 07:52 . 2011-10-24 07:52 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\dKK88fRZ9hTXwUe

2011-10-24 07:52 . 2011-10-24 07:52 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\fssQQJ7dEK8gR9Y

2011-10-24 07:52 . 2011-10-24 07:52 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\OGGG4aaQH6

2011-10-24 07:52 . 2011-10-24 07:52 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\J5aaQQH6dWK7RLg

2011-10-24 07:52 . 2011-10-24 07:52 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\bmmHH5sQQJdEKgR

2011-10-24 07:52 . 2011-10-24 07:52 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\lCwkkVVrOBtP

2011-10-24 07:52 . 2011-10-24 07:52 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\hUCekIBrzNx0v2b

2011-10-24 07:52 . 2011-10-24 07:52 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\CkUVrlOBtPySiDo

2011-10-24 07:52 . 2011-10-24 07:52 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\gcS2ibD3pGaHsKf

2011-10-24 07:52 . 2011-10-24 07:52 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\suvDDooF4pGsJdK

2011-10-24 07:52 . 2011-10-24 07:52 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\bnFF4amH5WJ7E8

2011-10-24 07:52 . 2011-10-24 07:52 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\GF33pnG5aH6dKfL

2011-10-24 07:52 . 2011-10-24 07:52 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\BPNNyyxA1uvSob3

2011-10-24 07:50 . 2011-10-24 07:50 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\p8fRL9hTXjCkBzN

2011-10-24 07:49 . 2011-10-24 07:49 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\xPPNyxxA1uvSob

2011-10-24 07:48 . 2011-10-24 07:48 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\GkUUVVelOBtz0yA

2011-10-24 07:47 . 2011-10-24 07:47 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\hH55ssQJ7dEK8R9

2011-10-24 07:46 . 2011-10-24 07:46 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\e888gRRZqhYXkUe

2011-10-24 07:45 . 2011-10-24 07:45 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\G22iibD33pG4aHs

2011-10-24 07:44 . 2011-10-24 07:44 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\US2ibD3pn4Q6W7E

2011-10-24 07:43 . 2011-10-24 07:43 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\dWJ7fEL8gZhCkVl

2011-10-24 07:42 . 2011-10-24 07:42 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\m33oonFF4am5s

2011-10-24 07:41 . 2011-10-24 07:41 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\EaaaQJJ6dWK8RLh

2011-10-19 04:15 . 2011-10-19 04:20 -------- d-----w- c:\users\Roland\AppData\Roaming\Notepad++

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-16 03:41 . 2011-01-30 01:34 30528 ----a-w- c:\windows\GVTDrv64.sys

2011-11-16 03:41 . 2011-01-30 01:34 25640 ----a-w- c:\windows\gdrv.sys

2011-10-01 06:15 . 2011-05-30 15:54 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-09-28 22:45 . 2011-09-28 22:45 15453832 ----a-w- c:\windows\SysWow64\xlive.dll

2011-09-28 22:45 . 2011-09-28 22:45 13642888 ----a-w- c:\windows\SysWow64\xlivefnt.dll

2011-09-08 03:27 . 2011-09-08 03:27 0 ----a-w- c:\windows\DXT8511.tmp

2011-09-08 03:27 . 2011-09-08 03:27 0 ----a-w- c:\windows\DXT84B2.tmp

2011-09-08 03:27 . 2011-09-08 03:27 0 ----a-w- c:\windows\DXT82ED.tmp

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-17 221184]

"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]

"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-06-15 15141768]

"Akamai NetSession Interface"="c:\users\Roland\AppData\Local\Akamai\netsession_win.exe" [2011-11-15 3303000]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-15 375000]

"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-11-20 106496]

"EasyTuneVI"="c:\program files (x86)\GIGABYTE\ET6\ETcall.exe" [2007-07-26 20480]

"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]

"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-08-19 421736]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R1 ksleovbm;ksleovbm;c:\windows\system32\drivers\ksleovbm.sys [x]

R1 zjlxuskj;zjlxuskj;c:\windows\system32\drivers\zjlxuskj.sys [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [x]

R3 dump_wmimmc;dump_wmimmc;c:\gpotato\Rappelz\GameGuard\dump_wmimmc.sys [x]

R3 etdrv;etdrv;c:\windows\etdrv.sys [2011-05-19 25640]

R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-04-19 1431888]

R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena Plus\Room\safedrv.sys [x]

R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2011-11-16 30528]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [x]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]

S2 3d-io License Server v2.0;3d-io License Server v2.0;c:\program files (x86)\3d-io plugins\licensing_v2\ActiveLockServerV2.exe [2009-12-15 34816]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]

S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-15 223464]

S2 DES2 Service;DES2 Service for Energy Saving.;c:\program files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [2009-06-18 68136]

S2 mi-raysat_3dsMax2009_64;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 64-bit 64-bit;c:\program files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe [2010-06-16 86016]

S2 mi-raysat_3dsmax2012_64;mental ray 3.9 Satellite for Autodesk 3ds Max 2012 64-bit - English 64-bit;c:\program files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [2011-02-23 86016]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]

S2 Smart TimeLock;Smart TimeLock Service;c:\program files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [2009-10-14 114688]

S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-01-27 2253688]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

Akamai REG_MULTI_SZ Akamai

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-26 10135584]

"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com/

IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 10.1.10.1

CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\shell32.dll

FF - ProfilePath - c:\users\Roland\AppData\Roaming\Mozilla\Firefox\Profiles\onhgmeao.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2653012&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2653012&SearchSource=13

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ytff-devicevm&type=IEBD&p=

.

- - - - ORPHANS REMOVED - - - -

.

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

AddRemove-Blender - c:\program files (x86)\Blender Foundation\Blender\uninstall.exe

AddRemove-L4D2SP - c:\users\Roland\Downloads\Left 4 Dead 2 V2.0.2.7 Full-Rip {blaze69}\Uninstall SP.exe

AddRemove-NSS - c:\program files (x86)\Norton Security Scan\Engine\3.1.1.6\InstWrap.exe

AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_bc2.exe

AddRemove-SystemRequirementsLab - c:\program files (x86)\SystemRequirementsLab\Uninstall.exe

AddRemove-_{53A908D4-99C6-469B-BC13-F4189F260742} - c:\program files (x86)\Corel\Corel Painter Essentials 4\MSILauncher {53A908D4-99C6-469B-BC13-F4189F260742}

AddRemove-{EAD475E8-14E5-4854-8AF5-CE6B4024237C}_is1 - c:\gpotato\Rappelz\unins000.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]

"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_3c5db2f.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-2750241520-802747955-1049020851-1000\Software\SecuROM\License information*]

"datasecu"=hex:b7,c4,ae,7c,56,78,a7,c5,b8,b5,d3,a9,38,9f,3b,6a,7a,27,41,9e,52,

65,32,8c,4d,e9,94,44,dc,8b,5e,14,64,58,19,66,3e,7a,26,df,39,98,01,63,6b,4d,\

"rkeysecu"=hex:16,9c,be,ed,91,41,cb,0f,88,80,e3,87,20,f8,fa,08

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{47BF077C-44C6-42B1-8F88-ADE2585DD2ED}*]

@=hex:b1,5d,8e,62,5e,fa,cb,01

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{97A98033-9FA1-4E80-A339-59787B43CC89}*]

@=hex:f3,d4,a9,62,5e,fa,cb,01

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{A82EB336-567D-4F41-A63E-8113AD8B6903}*]

@=hex:ab,94,9c,5f,5e,fa,cb,01

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{C4B20040-7D5A-4558-9E19-B7DF94366F97}*]

@=hex:d5,9d,ba,62,5e,fa,cb,01

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe

c:\program files (x86)\Bonjour\mDNSResponder.exe

c:\program files (x86)\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe

c:\windows\SysWOW64\PnkBstrA.exe

c:\program files (x86)\GIGABYTE\Smart6\Timelock\AlarmClock.exe

c:\program files (x86)\Steam\Steam.exe

c:\program files (x86)\steam\steamapps\ramoneb\sourcesdk\bin\SDKLauncher.exe

c:\program files (x86)\steam\steamapps\ramoneb\sourcesdk\bin\source2009\bin\hlmv.exe

.

**************************************************************************

.

Completion time: 2011-11-15 23:04:24 - machine was rebooted

ComboFix-quarantined-files.txt 2011-11-16 04:04

ComboFix2.txt 2011-11-07 07:03

.

Pre-Run: 317,682,085,888 bytes free

Post-Run: 317,273,100,288 bytes free

.

- - End Of File - - 131218699097B055A2D9A1BE63CA797F

21:28:49.0106 3900 TDSS rootkit removing tool 2.6.18.0 Nov 11 2011 15:47:15

21:28:49.0409 3900 ============================================================

21:28:49.0409 3900 Current date / time: 2011/11/15 21:28:49.0409

21:28:49.0409 3900 SystemInfo:

21:28:49.0409 3900

21:28:49.0409 3900 OS Version: 6.1.7600 ServicePack: 0.0

21:28:49.0409 3900 Product type: Workstation

21:28:49.0410 3900 ComputerName: ROLAND714

21:28:49.0410 3900 UserName: Roland

21:28:49.0410 3900 Windows directory: C:\Windows

21:28:49.0410 3900 System windows directory: C:\Windows

21:28:49.0410 3900 Running under WOW64

21:28:49.0410 3900 Processor architecture: Intel x64

21:28:49.0410 3900 Number of processors: 8

21:28:49.0410 3900 Page size: 0x1000

21:28:49.0410 3900 Boot type: Normal boot

21:28:49.0410 3900 ============================================================

21:28:50.0623 3900 Initialize success

21:28:51.0391 3160 ============================================================

21:28:51.0391 3160 Scan started

21:28:51.0391 3160 Mode: Manual;

21:28:51.0391 3160 ============================================================

21:28:54.0285 3160 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys

21:28:54.0290 3160 1394ohci - ok

21:28:54.0341 3160 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys

21:28:54.0344 3160 ACPI - ok

21:28:54.0363 3160 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys

21:28:54.0364 3160 AcpiPmi - ok

21:28:54.0392 3160 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

21:28:54.0396 3160 adp94xx - ok

21:28:54.0431 3160 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

21:28:54.0435 3160 adpahci - ok

21:28:54.0451 3160 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

21:28:54.0454 3160 adpu320 - ok

21:28:54.0508 3160 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys

21:28:54.0513 3160 AFD - ok

21:28:54.0527 3160 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys

21:28:54.0529 3160 agp440 - ok

21:28:54.0550 3160 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys

21:28:54.0551 3160 aliide - ok

21:28:54.0567 3160 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys

21:28:54.0569 3160 amdide - ok

21:28:54.0581 3160 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

21:28:54.0582 3160 AmdK8 - ok

21:28:54.0594 3160 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

21:28:54.0595 3160 AmdPPM - ok

21:28:54.0607 3160 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys

21:28:54.0609 3160 amdsata - ok

21:28:54.0621 3160 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

21:28:54.0622 3160 amdsbs - ok

21:28:54.0642 3160 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys

21:28:54.0643 3160 amdxata - ok

21:28:54.0664 3160 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys

21:28:54.0666 3160 AppID - ok

21:28:54.0723 3160 AppleCharger (a632d9ea15f37d2605a7fcaf3892ec96) C:\Windows\system32\DRIVERS\AppleCharger.sys

21:28:54.0724 3160 AppleCharger - ok

21:28:54.0745 3160 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

21:28:54.0747 3160 arc - ok

21:28:54.0764 3160 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

21:28:54.0765 3160 arcsas - ok

21:28:54.0783 3160 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

21:28:54.0784 3160 AsyncMac - ok

21:28:54.0799 3160 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys

21:28:54.0800 3160 atapi - ok

21:28:54.0825 3160 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

21:28:54.0830 3160 b06bdrv - ok

21:28:54.0842 3160 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

21:28:54.0844 3160 b57nd60a - ok

21:28:54.0866 3160 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

21:28:54.0867 3160 Beep - ok

21:28:54.0902 3160 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

21:28:54.0903 3160 blbdrive - ok

21:28:54.0972 3160 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys

21:28:54.0983 3160 bowser - ok

21:28:54.0996 3160 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

21:28:54.0997 3160 BrFiltLo - ok

21:28:55.0010 3160 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

21:28:55.0011 3160 BrFiltUp - ok

21:28:55.0021 3160 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

21:28:55.0024 3160 Brserid - ok

21:28:55.0031 3160 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

21:28:55.0032 3160 BrSerWdm - ok

21:28:55.0055 3160 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

21:28:55.0057 3160 BrUsbMdm - ok

21:28:55.0073 3160 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

21:28:55.0074 3160 BrUsbSer - ok

21:28:55.0081 3160 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

21:28:55.0082 3160 BTHMODEM - ok

21:28:55.0115 3160 catchme - ok

21:28:55.0140 3160 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

21:28:55.0142 3160 cdfs - ok

21:28:55.0155 3160 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys

21:28:55.0157 3160 cdrom - ok

21:28:55.0165 3160 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

21:28:55.0166 3160 circlass - ok

21:28:55.0213 3160 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

21:28:55.0217 3160 CLFS - ok

21:28:55.0238 3160 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

21:28:55.0239 3160 CmBatt - ok

21:28:55.0251 3160 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys

21:28:55.0252 3160 cmdide - ok

21:28:55.0275 3160 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys

21:28:55.0279 3160 CNG - ok

21:28:55.0299 3160 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

21:28:55.0300 3160 Compbatt - ok

21:28:55.0319 3160 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys

21:28:55.0320 3160 CompositeBus - ok

21:28:55.0339 3160 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

21:28:55.0340 3160 crcdisk - ok

21:28:55.0458 3160 CrystalSysInfo (5228b7a738dc90a06ae4f4a7412cb1e9) C:\Program Files\MediaCoder\SysInfoX64.sys

21:28:55.0459 3160 CrystalSysInfo - ok

21:28:55.0474 3160 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys

21:28:55.0479 3160 CSC - ok

21:28:55.0533 3160 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys

21:28:55.0535 3160 DfsC - ok

21:28:55.0545 3160 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

21:28:55.0546 3160 discache - ok

21:28:55.0568 3160 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

21:28:55.0570 3160 Disk - ok

21:28:55.0617 3160 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

21:28:55.0617 3160 drmkaud - ok

21:28:55.0660 3160 dtsoftbus01 (fb9bef3401ee5ecc2603311b9c64f44a) C:\Windows\system32\DRIVERS\dtsoftbus01.sys

21:28:55.0662 3160 dtsoftbus01 - ok

21:28:55.0674 3160 dump_wmimmc - ok

21:28:55.0739 3160 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys

21:28:55.0757 3160 DXGKrnl - ok

21:28:55.0816 3160 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

21:28:55.0872 3160 ebdrv - ok

21:28:55.0903 3160 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

21:28:55.0908 3160 elxstor - ok

21:28:55.0924 3160 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys

21:28:55.0927 3160 ErrDev - ok

21:28:55.0990 3160 etdrv (84486624268e078255bc7aa47f0960bc) C:\Windows\etdrv.sys

21:28:55.0991 3160 etdrv - ok

21:28:56.0001 3160 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

21:28:56.0004 3160 exfat - ok

21:28:56.0027 3160 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

21:28:56.0029 3160 fastfat - ok

21:28:56.0045 3160 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

21:28:56.0046 3160 fdc - ok

21:28:56.0065 3160 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

21:28:56.0066 3160 FileInfo - ok

21:28:56.0075 3160 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

21:28:56.0076 3160 Filetrace - ok

21:28:56.0093 3160 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

21:28:56.0094 3160 flpydisk - ok

21:28:56.0118 3160 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys

21:28:56.0121 3160 FltMgr - ok

21:28:56.0136 3160 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

21:28:56.0137 3160 FsDepends - ok

21:28:56.0145 3160 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

21:28:56.0146 3160 Fs_Rec - ok

21:28:56.0159 3160 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys

21:28:56.0163 3160 fvevol - ok

21:28:56.0170 3160 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

21:28:56.0171 3160 gagp30kx - ok

21:28:56.0200 3160 gdrv (7907e14f9bcf3a4689c9a74a1a873cb6) C:\Windows\gdrv.sys

21:28:56.0201 3160 gdrv - ok

21:28:56.0257 3160 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

21:28:56.0258 3160 GEARAspiWDM - ok

21:28:56.0371 3160 GGSAFERDriver - ok

21:28:56.0419 3160 GVTDrv64 (8126331fbd4ed29eb3b356f9c905064d) C:\Windows\GVTDrv64.sys

21:28:56.0421 3160 GVTDrv64 - ok

21:28:56.0457 3160 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys

21:28:56.0458 3160 hamachi - ok

21:28:56.0475 3160 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

21:28:56.0476 3160 hcw85cir - ok

21:28:56.0527 3160 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys

21:28:56.0530 3160 HdAudAddService - ok

21:28:56.0549 3160 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys

21:28:56.0551 3160 HDAudBus - ok

21:28:56.0593 3160 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

21:28:56.0594 3160 HidBatt - ok

21:28:56.0601 3160 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

21:28:56.0602 3160 HidBth - ok

21:28:56.0609 3160 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

21:28:56.0610 3160 HidIr - ok

21:28:56.0675 3160 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys

21:28:56.0676 3160 HidUsb - ok

21:28:56.0709 3160 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys

21:28:56.0710 3160 HpSAMD - ok

21:28:56.0744 3160 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys

21:28:56.0751 3160 HTTP - ok

21:28:56.0768 3160 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys

21:28:56.0769 3160 hwpolicy - ok

21:28:56.0778 3160 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys

21:28:56.0779 3160 i8042prt - ok

21:28:56.0804 3160 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys

21:28:56.0809 3160 iaStorV - ok

21:28:56.0824 3160 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

21:28:56.0826 3160 iirsp - ok

21:28:56.0899 3160 IntcAzAudAddService (163f94ebf8f8a98616a6b804af08d736) C:\Windows\system32\drivers\RTKVHD64.sys

21:28:56.0938 3160 IntcAzAudAddService - ok

21:28:56.0988 3160 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys

21:28:56.0990 3160 intelide - ok

21:28:57.0016 3160 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

21:28:57.0017 3160 intelppm - ok

21:28:57.0026 3160 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys

21:28:57.0028 3160 IPMIDRV - ok

21:28:57.0035 3160 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

21:28:57.0037 3160 IPNAT - ok

21:28:57.0071 3160 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

21:28:57.0071 3160 IRENUM - ok

21:28:57.0079 3160 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys

21:28:57.0079 3160 isapnp - ok

21:28:57.0119 3160 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys

21:28:57.0123 3160 iScsiPrt - ok

21:28:57.0138 3160 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

21:28:57.0139 3160 kbdclass - ok

21:28:57.0146 3160 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys

21:28:57.0147 3160 kbdhid - ok

21:28:57.0160 3160 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys

21:28:57.0162 3160 KSecDD - ok

21:28:57.0178 3160 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys

21:28:57.0180 3160 KSecPkg - ok

21:28:57.0196 3160 ksleovbm - ok

21:28:57.0210 3160 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

21:28:57.0211 3160 ksthunk - ok

21:28:57.0242 3160 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

21:28:57.0243 3160 lltdio - ok

21:28:57.0254 3160 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

21:28:57.0255 3160 LSI_FC - ok

21:28:57.0262 3160 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

21:28:57.0264 3160 LSI_SAS - ok

21:28:57.0270 3160 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

21:28:57.0272 3160 LSI_SAS2 - ok

21:28:57.0279 3160 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

21:28:57.0280 3160 LSI_SCSI - ok

21:28:57.0294 3160 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

21:28:57.0296 3160 luafv - ok

21:28:57.0304 3160 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

21:28:57.0305 3160 megasas - ok

21:28:57.0315 3160 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

21:28:57.0318 3160 MegaSR - ok

21:28:57.0355 3160 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

21:28:57.0357 3160 Modem - ok

21:28:57.0371 3160 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

21:28:57.0371 3160 monitor - ok

21:28:57.0381 3160 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

21:28:57.0383 3160 mouclass - ok

21:28:57.0394 3160 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

21:28:57.0395 3160 mouhid - ok

21:28:57.0414 3160 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys

21:28:57.0415 3160 mountmgr - ok

21:28:57.0423 3160 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys

21:28:57.0426 3160 mpio - ok

21:28:57.0436 3160 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

21:28:57.0438 3160 mpsdrv - ok

21:28:57.0458 3160 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys

21:28:57.0460 3160 MRxDAV - ok

21:28:57.0502 3160 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys

21:28:57.0504 3160 mrxsmb - ok

21:28:57.0549 3160 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys

21:28:57.0552 3160 mrxsmb10 - ok

21:28:57.0564 3160 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys

21:28:57.0567 3160 mrxsmb20 - ok

21:28:57.0574 3160 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys

21:28:57.0575 3160 msahci - ok

21:28:57.0595 3160 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys

21:28:57.0597 3160 msdsm - ok

21:28:57.0620 3160 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

21:28:57.0621 3160 Msfs - ok

21:28:57.0637 3160 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

21:28:57.0638 3160 mshidkmdf - ok

21:28:57.0648 3160 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys

21:28:57.0649 3160 msisadrv - ok

21:28:57.0664 3160 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

21:28:57.0665 3160 MSKSSRV - ok

21:28:57.0680 3160 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

21:28:57.0681 3160 MSPCLOCK - ok

21:28:57.0694 3160 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

21:28:57.0695 3160 MSPQM - ok

21:28:57.0718 3160 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys

21:28:57.0722 3160 MsRPC - ok

21:28:57.0739 3160 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys

21:28:57.0740 3160 mssmbios - ok

21:28:57.0756 3160 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

21:28:57.0757 3160 MSTEE - ok

21:28:57.0768 3160 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

21:28:57.0769 3160 MTConfig - ok

21:28:57.0813 3160 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

21:28:57.0815 3160 Mup - ok

21:28:57.0847 3160 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

21:28:57.0850 3160 NativeWifiP - ok

21:28:57.0890 3160 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys

21:28:57.0899 3160 NDIS - ok

21:28:57.0920 3160 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

21:28:57.0921 3160 NdisCap - ok

21:28:57.0943 3160 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

21:28:57.0944 3160 NdisTapi - ok

21:28:57.0951 3160 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys

21:28:57.0952 3160 Ndisuio - ok

21:28:57.0966 3160 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys

21:28:57.0968 3160 NdisWan - ok

21:28:57.0983 3160 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys

21:28:57.0984 3160 NDProxy - ok

21:28:58.0001 3160 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

21:28:58.0003 3160 NetBIOS - ok

21:28:58.0020 3160 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys

21:28:58.0023 3160 NetBT - ok

21:28:58.0050 3160 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

21:28:58.0051 3160 nfrd960 - ok

21:28:58.0064 3160 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

21:28:58.0066 3160 Npfs - ok

21:28:58.0100 3160 NPPTNT2 - ok

21:28:58.0119 3160 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

21:28:58.0120 3160 nsiproxy - ok

21:28:58.0154 3160 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys

21:28:58.0179 3160 Ntfs - ok

21:28:58.0190 3160 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

21:28:58.0191 3160 Null - ok

21:28:58.0231 3160 nusb3hub (a7127e86f9ffe2a53e271b56b2c4cedf) C:\Windows\system32\DRIVERS\nusb3hub.sys

21:28:58.0232 3160 nusb3hub - ok

21:28:58.0248 3160 nusb3xhc (49bbec6f48d5f9284b03abf3a959b19b) C:\Windows\system32\DRIVERS\nusb3xhc.sys

21:28:58.0250 3160 nusb3xhc - ok

21:28:58.0462 3160 nvlddmkm (cc1efea1f0ab17e59bd4b5baff3e5cb0) C:\Windows\system32\DRIVERS\nvlddmkm.sys

21:28:58.0646 3160 nvlddmkm - ok

21:28:58.0664 3160 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys

21:28:58.0666 3160 nvraid - ok

21:28:58.0675 3160 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys

21:28:58.0677 3160 nvstor - ok

21:28:58.0699 3160 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys

21:28:58.0701 3160 nv_agp - ok

21:28:58.0708 3160 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys

21:28:58.0709 3160 ohci1394 - ok

21:28:58.0725 3160 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

21:28:58.0726 3160 Parport - ok

21:28:58.0738 3160 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys

21:28:58.0739 3160 partmgr - ok

21:28:58.0752 3160 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys

21:28:58.0755 3160 pci - ok

21:28:58.0768 3160 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys

21:28:58.0769 3160 pciide - ok

21:28:58.0791 3160 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

21:28:58.0793 3160 pcmcia - ok

21:28:58.0836 3160 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

21:28:58.0837 3160 pcw - ok

21:28:58.0858 3160 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

21:28:58.0865 3160 PEAUTH - ok

21:28:58.0962 3160 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys

21:28:58.0965 3160 PptpMiniport - ok

21:28:58.0971 3160 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

21:28:58.0972 3160 Processor - ok

21:28:58.0997 3160 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys

21:28:58.0998 3160 Psched - ok

21:28:59.0029 3160 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

21:28:59.0054 3160 ql2300 - ok

21:28:59.0063 3160 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

21:28:59.0064 3160 ql40xx - ok

21:28:59.0086 3160 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

21:28:59.0087 3160 QWAVEdrv - ok

21:28:59.0101 3160 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

21:28:59.0102 3160 RasAcd - ok

21:28:59.0137 3160 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

21:28:59.0138 3160 RasAgileVpn - ok

21:28:59.0154 3160 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys

21:28:59.0156 3160 Rasl2tp - ok

21:28:59.0172 3160 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

21:28:59.0174 3160 RasPppoe - ok

21:28:59.0185 3160 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

21:28:59.0186 3160 RasSstp - ok

21:28:59.0202 3160 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys

21:28:59.0205 3160 rdbss - ok

21:28:59.0220 3160 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

21:28:59.0221 3160 rdpbus - ok

21:28:59.0230 3160 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

21:28:59.0231 3160 RDPCDD - ok

21:28:59.0240 3160 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys

21:28:59.0242 3160 RDPDR - ok

21:28:59.0301 3160 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

21:28:59.0302 3160 RDPENCDD - ok

21:28:59.0317 3160 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

21:28:59.0317 3160 RDPREFMP - ok

21:28:59.0325 3160 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys

21:28:59.0328 3160 RDPWD - ok

21:28:59.0341 3160 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys

21:28:59.0343 3160 rdyboost - ok

21:28:59.0365 3160 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

21:28:59.0366 3160 rspndr - ok

21:28:59.0407 3160 RTL8167 (7ea8d2eb9bbfd2ab8a3117a1e96d3b3a) C:\Windows\system32\DRIVERS\Rt64win7.sys

21:28:59.0410 3160 RTL8167 - ok

21:28:59.0428 3160 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys

21:28:59.0429 3160 s3cap - ok

21:28:59.0437 3160 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys

21:28:59.0438 3160 sbp2port - ok

21:28:59.0463 3160 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys

21:28:59.0464 3160 scfilter - ok

21:28:59.0481 3160 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

21:28:59.0483 3160 secdrv - ok

21:28:59.0503 3160 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

21:28:59.0504 3160 Serenum - ok

21:28:59.0511 3160 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

21:28:59.0512 3160 Serial - ok

21:28:59.0527 3160 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

21:28:59.0529 3160 sermouse - ok

21:28:59.0548 3160 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys

21:28:59.0549 3160 sffdisk - ok

21:28:59.0562 3160 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys

21:28:59.0563 3160 sffp_mmc - ok

21:28:59.0571 3160 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys

21:28:59.0572 3160 sffp_sd - ok

21:28:59.0580 3160 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

21:28:59.0581 3160 sfloppy - ok

21:28:59.0591 3160 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

21:28:59.0592 3160 SiSRaid2 - ok

21:28:59.0599 3160 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

21:28:59.0600 3160 SiSRaid4 - ok

21:28:59.0608 3160 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

21:28:59.0609 3160 Smb - ok

21:28:59.0631 3160 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

21:28:59.0632 3160 spldr - ok

21:28:59.0682 3160 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys

21:28:59.0686 3160 srv - ok

21:28:59.0733 3160 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys

21:28:59.0737 3160 srv2 - ok

21:28:59.0786 3160 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys

21:28:59.0788 3160 srvnet - ok

21:28:59.0797 3160 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

21:28:59.0798 3160 stexstor - ok

21:28:59.0816 3160 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys

21:28:59.0817 3160 storflt - ok

21:28:59.0824 3160 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys

21:28:59.0825 3160 storvsc - ok

21:28:59.0836 3160 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys

21:28:59.0837 3160 swenum - ok

21:28:59.0913 3160 Tcpip (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\drivers\tcpip.sys

21:28:59.0946 3160 Tcpip - ok

21:28:59.0988 3160 TCPIP6 (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\DRIVERS\tcpip.sys

21:29:00.0002 3160 TCPIP6 - ok

21:29:00.0019 3160 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys

21:29:00.0021 3160 tcpipreg - ok

21:29:00.0037 3160 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

21:29:00.0039 3160 TDPIPE - ok

21:29:00.0050 3160 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

21:29:00.0051 3160 TDTCP - ok

21:29:00.0072 3160 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys

21:29:00.0074 3160 tdx - ok

21:29:00.0110 3160 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys

21:29:00.0112 3160 TermDD - ok

21:29:00.0130 3160 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys

21:29:00.0131 3160 tssecsrv - ok

21:29:00.0146 3160 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys

21:29:00.0147 3160 tunnel - ok

21:29:00.0154 3160 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

21:29:00.0156 3160 uagp35 - ok

21:29:00.0168 3160 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys

21:29:00.0172 3160 udfs - ok

21:29:00.0183 3160 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys

21:29:00.0185 3160 uliagpkx - ok

21:29:00.0201 3160 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys

21:29:00.0203 3160 umbus - ok

21:29:00.0219 3160 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

21:29:00.0220 3160 UmPass - ok

21:29:00.0238 3160 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys

21:29:00.0240 3160 usbccgp - ok

21:29:00.0247 3160 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys

21:29:00.0249 3160 usbcir - ok

21:29:00.0263 3160 usbehci (df9f9afc9aaabd8ed47975d44e38169a) C:\Windows\system32\DRIVERS\usbehci.sys

21:29:00.0264 3160 usbehci - ok

21:29:00.0276 3160 usbhub (372a91bc3c6603080a793880b0873785) C:\Windows\system32\DRIVERS\usbhub.sys

21:29:00.0279 3160 usbhub - ok

21:29:00.0296 3160 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys

21:29:00.0297 3160 usbohci - ok

21:29:00.0324 3160 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

21:29:00.0325 3160 usbprint - ok

21:29:00.0370 3160 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

21:29:00.0371 3160 usbscan - ok

21:29:00.0393 3160 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS

21:29:00.0395 3160 USBSTOR - ok

21:29:00.0402 3160 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys

21:29:00.0404 3160 usbuhci - ok

21:29:00.0415 3160 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys

21:29:00.0416 3160 vdrvroot - ok

21:29:00.0424 3160 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

21:29:00.0425 3160 vga - ok

21:29:00.0431 3160 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

21:29:00.0432 3160 VgaSave - ok

21:29:00.0447 3160 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys

21:29:00.0455 3160 vhdmp - ok

21:29:00.0470 3160 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys

21:29:00.0471 3160 viaide - ok

21:29:00.0479 3160 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys

21:29:00.0482 3160 vmbus - ok

21:29:00.0488 3160 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys

21:29:00.0489 3160 VMBusHID - ok

21:29:00.0505 3160 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys

21:29:00.0506 3160 volmgr - ok

21:29:00.0522 3160 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys

21:29:00.0526 3160 volmgrx - ok

21:29:00.0541 3160 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys

21:29:00.0544 3160 volsnap - ok

21:29:00.0563 3160 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

21:29:00.0565 3160 vsmraid - ok

21:29:00.0584 3160 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys

21:29:00.0585 3160 vwifibus - ok

21:29:00.0601 3160 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

21:29:00.0602 3160 WacomPen - ok

21:29:00.0618 3160 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

21:29:00.0620 3160 WANARP - ok

21:29:00.0623 3160 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

21:29:00.0623 3160 Wanarpv6 - ok

21:29:00.0645 3160 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

21:29:00.0646 3160 Wd - ok

21:29:00.0669 3160 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

21:29:00.0676 3160 Wdf01000 - ok

21:29:00.0698 3160 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

21:29:00.0699 3160 WfpLwf - ok

21:29:00.0711 3160 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

21:29:00.0712 3160 WIMMount - ok

21:29:00.0781 3160 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys

21:29:00.0783 3160 WinUsb - ok

21:29:00.0821 3160 WmBEnum (680a7846370000d20d7e74917d5b7936) C:\Windows\system32\drivers\WmBEnum.sys

21:29:00.0822 3160 WmBEnum - ok

21:29:00.0856 3160 WmFilter (14c35ba8189c6f65d839163aa285e954) C:\Windows\system32\drivers\WmFilter.sys

21:29:00.0857 3160 WmFilter - ok

21:29:00.0872 3160 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys

21:29:00.0873 3160 WmiAcpi - ok

21:29:00.0889 3160 WmVirHid (8488dd91a3ee54a8e29f02ad7bb8201e) C:\Windows\system32\drivers\WmVirHid.sys

21:29:00.0890 3160 WmVirHid - ok

21:29:00.0903 3160 WmXlCore (14802b3a30aa849c97cb968ccc813bf3) C:\Windows\system32\drivers\WmXlCore.sys

21:29:00.0904 3160 WmXlCore - ok

21:29:00.0923 3160 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

21:29:00.0932 3160 ws2ifsl - ok

21:29:00.0954 3160 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys

21:29:00.0955 3160 WudfPf - ok

21:29:00.0969 3160 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys

21:29:00.0971 3160 WUDFRd - ok

21:29:00.0990 3160 zjlxuskj - ok

21:29:01.0002 3160 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

21:29:01.0010 3160 \Device\Harddisk0\DR0 - ok

21:29:01.0018 3160 Boot (0x1200) (860c0c7a50aedfcc59972bfb3aa9a22d) \Device\Harddisk0\DR0\Partition0

21:29:01.0019 3160 \Device\Harddisk0\DR0\Partition0 - ok

21:29:01.0019 3160 ============================================================

21:29:01.0019 3160 Scan finished

21:29:01.0019 3160 ============================================================

21:29:01.0026 1236 Detected object count: 0

21:29:01.0026 1236 Actual detected object count: 0

i need to post asap for some reason my browser keeps closing this is recent since i start the combo fix today ill post dds next 1

[Rolandz]

mm sorry i forgot how i got the dds again i thought it was mb that generated that log but i've done 2 scans now i only get the smaller log

[screen317]

Hi,

My apologies for the delay.

Please update MBAM, run a Quick Scan, and post its log. Then grab a fresh copy of ComboFix, run it, and post its log.

[Rolandz]

aye aye no problemo

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8206

Windows 6.1.7600

Internet Explorer 9.0.8112.16421

11/21/2011 11:30:12 AM

mbam-log-2011-11-21 (11-30-12).txt

Scan type: Full scan (C:\|)

Objects scanned: 1168086

Time elapsed: 2 hour(s), 44 minute(s), 53 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

ComboFix 11-11-22.03 - Roland 11/22/2011 20:27:13.3.8 - x64

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4094.2344 [GMT -5:00]

Running from: c:\users\Roland\Downloads\ComboFix.exe

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\LP

c:\program files (x86)\LP\91AF\1341.tmp

c:\program files (x86)\LP\91AF\1AD1.tmp

c:\program files (x86)\LP\91AF\2413.tmp

c:\program files (x86)\LP\91AF\9B95.tmp

c:\windows\system32\consrv.dll

c:\windows\System64

.

.

((((((((((((((((((((((((( Files Created from 2011-10-23 to 2011-11-23 )))))))))))))))))))))))))))))))

.

.

2011-11-23 02:17 . 2011-11-23 02:17 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2011-11-23 02:17 . 2011-11-23 02:17 -------- d-----w- c:\users\Parker\AppData\Local\temp

2011-11-23 02:17 . 2011-11-23 02:17 -------- d-----w- c:\users\Parker.Roland714\AppData\Local\temp

2011-11-23 02:17 . 2011-11-23 02:17 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-11-22 23:57 . 2011-11-23 00:43 -------- d-----w- c:\program files (x86)\98C23

2011-11-22 19:09 . 2011-11-22 19:09 -------- d-----w- c:\programdata\PackfileExplorer

2011-11-20 05:40 . 2011-11-20 05:40 -------- d-----w- c:\users\Roland\AppData\Roaming\Blender Foundation

2011-11-20 05:40 . 2011-11-20 05:40 -------- d-----w- c:\users\Roland\.thumbnails

2011-11-16 04:28 . 2011-11-16 04:28 -------- d-----w- c:\programdata\Malwarebytes

2011-11-16 04:28 . 2011-11-16 04:28 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-11-13 05:13 . 2011-11-13 05:13 -------- d-----w- C:\Noesis

2011-11-07 08:56 . 2011-11-20 03:18 -------- d-----w- c:\programdata\3d-io

2011-11-07 08:56 . 2011-11-20 04:19 -------- d-----w- c:\program files (x86)\3d-io plugins

2011-11-04 00:40 . 2011-11-18 01:25 -------- d-----w- c:\users\Roland\AppData\Local\Akamai

2011-11-02 07:27 . 2011-11-02 07:27 -------- d-----w- c:\program files (x86)\ESET

2011-10-29 20:26 . 2011-10-29 21:05 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy

2011-10-29 20:26 . 2011-10-29 21:02 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2011-10-29 03:51 . 2011-10-29 03:51 -------- d-----w- c:\users\Roland\Smoke_Victory

2011-10-26 00:40 . 2011-10-26 00:40 -------- d-----w- c:\program files\CCleaner

2011-10-25 22:21 . 2011-10-26 05:17 -------- d-----w- c:\programdata\McAfee

2011-10-24 15:42 . 2011-10-24 15:42 -------- d-----w- c:\users\Roland\AppData\Roaming\CIrNA1vS2FpGaJd

2011-10-24 15:42 . 2011-10-24 15:42 -------- d-----w- c:\users\Roland\AppData\Roaming\CL9hTXqjUeIrOy

2011-10-24 15:42 . 2011-10-24 15:42 -------- d-----w- c:\users\Roland\AppData\Roaming\bcS1ibD3oGaHsJ

2011-10-24 15:42 . 2011-10-24 15:42 -------- d-----w- c:\users\Roland\AppData\Roaming\At0c1b3n4m6W7Lg

2011-10-24 15:41 . 2011-10-24 15:41 -------- d-----w- c:\users\Roland\AppData\Roaming\A2b3n4HsKfLg

2011-10-24 15:41 . 2011-10-24 15:41 -------- d-----w- c:\users\Roland\AppData\Roaming\adWK7fRL9TqYeIr

2011-10-24 08:28 . 2011-10-24 08:28 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\Cp5JEg9YXUlzNAv

2011-10-24 08:27 . 2011-10-24 08:27 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\V7dEL8gRZhXkVlB

2011-10-24 08:13 . 2011-10-24 08:13 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\cuvDD2ob4pm5sJd

2011-10-24 08:12 . 2011-10-24 08:12 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\RJJJ6ddEK8fR9h

2011-10-24 08:12 . 2011-10-24 08:12 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\LCCCeekIBrzOyx0

2011-10-24 08:12 . 2011-10-24 08:12 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\DsssWJJ7fEL8TZh

2011-10-24 08:12 . 2011-10-24 08:12 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\CgggRZZ9hYXwUV

2011-10-24 08:11 . 2011-10-24 08:11 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\K9hhTTXqjUCeIBz

2011-10-24 08:11 . 2011-10-24 08:11 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\yEEL8gTZqhCwUr

2011-10-24 08:11 . 2011-10-24 08:11 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\l7dEEL8gZqhXwUe

2011-10-24 08:11 . 2011-10-24 08:11 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\QYCwwUUrlOBx0c

2011-10-24 08:11 . 2011-10-24 08:11 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\JIIBrzPNyx1uSoF

2011-10-24 08:11 . 2011-10-24 08:11 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\J1iivD3onF4aHsW

2011-10-24 08:11 . 2011-10-24 08:11 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\q1uvS2obFpGaJdK

2011-10-24 08:11 . 2011-10-24 08:11 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\EivD3onF4m

2011-10-24 08:11 . 2011-10-24 08:11 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\GobF3pmG5Q6W8R9

2011-10-24 08:11 . 2011-10-24 08:11 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\cD33onF4a

2011-10-24 08:11 . 2011-10-24 08:11 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\sZqjjCCwIVrONx

2011-10-24 08:09 . 2011-10-24 08:09 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\AUCekIBrz

2011-10-24 08:08 . 2011-10-24 08:08 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\FNttxxA0ucS2

2011-10-24 08:07 . 2011-10-24 08:07 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\SELL88gTZqhYCkV

2011-10-24 08:06 . 2011-10-24 08:06 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\CyyccA11uvDob4

2011-10-24 08:05 . 2011-10-24 08:05 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\CSSS2iibF3pn5aH

2011-10-24 08:04 . 2011-10-24 08:04 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\HyxAAuuS2ob3m5a

2011-10-24 08:03 . 2011-10-24 08:03 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\EG5aQH6dW7

2011-10-24 08:02 . 2011-10-24 08:02 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\WL9gTZqjYwIrOtP

2011-10-24 08:01 . 2011-10-24 08:01 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\VZ9hhXXjUeIr

2011-10-24 08:00 . 2011-10-24 08:00 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\IvvDD3oonF4m

2011-10-24 07:59 . 2011-10-24 07:59 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\mQQJJ6dK8f

2011-10-24 07:58 . 2011-10-24 07:58 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\YtxxAA0ucS2iD3n

2011-10-24 07:57 . 2011-10-24 07:57 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\cUUUCCelIBrzNyA

2011-10-24 07:56 . 2011-10-24 07:56 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\zGG44amHH6

2011-10-24 07:55 . 2011-10-24 07:55 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\OaQJJ6dW8f

2011-10-24 07:54 . 2011-10-24 07:54 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\Z9hYXwjUVlBz

2011-10-24 07:54 . 2011-10-24 07:54 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\ppnG5aQH6W7R9Tq

2011-10-24 07:54 . 2011-10-24 07:54 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\pmG5sQJ6d

2011-10-24 07:54 . 2011-10-24 07:54 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\JbD3pnG4aHsKfLg

2011-10-24 07:54 . 2011-10-24 07:54 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\CIBrzPNyx1v2b3m

2011-10-24 07:54 . 2011-10-24 07:54 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\eCwkUVrlOtPySiD

2011-10-24 07:54 . 2011-10-24 07:54 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\ThTXqjUCeIrOyAu

2011-10-24 07:54 . 2011-10-24 07:54 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\B0yycS1iv3on4

2011-10-24 07:54 . 2011-10-24 07:54 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\QzzPNyxA1uS

2011-10-24 07:54 . 2011-10-24 07:54 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\drrllOBBtxPyc1i

2011-10-24 07:54 . 2011-10-24 07:54 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\mffEL9gTZqYCk

2011-10-24 07:54 . 2011-10-24 07:54 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\j111uvvD2o

2011-10-24 07:54 . 2011-10-24 07:54 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\vgggRZZqhYXkUVl

2011-10-24 07:52 . 2011-10-24 07:52 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\dKK88fRZ9hTXwUe

2011-10-24 07:52 . 2011-10-24 07:52 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\fssQQJ7dEK8gR9Y

2011-10-24 07:52 . 2011-10-24 07:52 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\OGGG4aaQH6

2011-10-24 07:52 . 2011-10-24 07:52 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\J5aaQQH6dWK7RLg

2011-10-24 07:52 . 2011-10-24 07:52 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\bmmHH5sQQJdEKgR

2011-10-24 07:52 . 2011-10-24 07:52 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\lCwkkVVrOBtP

2011-10-24 07:52 . 2011-10-24 07:52 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\hUCekIBrzNx0v2b

2011-10-24 07:52 . 2011-10-24 07:52 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\CkUVrlOBtPySiDo

2011-10-24 07:52 . 2011-10-24 07:52 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\gcS2ibD3pGaHsKf

2011-10-24 07:52 . 2011-10-24 07:52 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\suvDDooF4pGsJdK

2011-10-24 07:52 . 2011-10-24 07:52 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\bnFF4amH5WJ7E8

2011-10-24 07:52 . 2011-10-24 07:52 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\GF33pnG5aH6dKfL

2011-10-24 07:52 . 2011-10-24 07:52 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\BPNNyyxA1uvSob3

2011-10-24 07:50 . 2011-10-24 07:50 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\p8fRL9hTXjCkBzN

2011-10-24 07:49 . 2011-10-24 07:49 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\xPPNyxxA1uvSob

2011-10-24 07:48 . 2011-10-24 07:48 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\GkUUVVelOBtz0yA

2011-10-24 07:47 . 2011-10-24 07:47 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\hH55ssQJ7dEK8R9

2011-10-24 07:46 . 2011-10-24 07:46 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\e888gRRZqhYXkUe

2011-10-24 07:45 . 2011-10-24 07:45 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\G22iibD33pG4aHs

2011-10-24 07:44 . 2011-10-24 07:44 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\US2ibD3pn4Q6W7E

2011-10-24 07:43 . 2011-10-24 07:43 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\dWJ7fEL8gZhCkVl

2011-10-24 07:42 . 2011-10-24 07:42 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\m33oonFF4am5s

2011-10-24 07:41 . 2011-10-24 07:41 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\EaaaQJJ6dWK8RLh

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-23 02:21 . 2011-01-30 01:34 30528 ----a-w- c:\windows\GVTDrv64.sys

2011-11-23 02:21 . 2011-01-30 01:34 25640 ----a-w- c:\windows\gdrv.sys

2011-11-19 15:41 . 2011-07-11 14:12 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr

2011-11-19 15:41 . 2011-07-11 13:56 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.exe

2011-11-19 15:40 . 2011-07-11 13:56 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0

2011-10-01 06:15 . 2011-05-30 15:54 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-09-28 22:45 . 2011-09-28 22:45 15453832 ----a-w- c:\windows\SysWow64\xlive.dll

2011-09-28 22:45 . 2011-09-28 22:45 13642888 ----a-w- c:\windows\SysWow64\xlivefnt.dll

2011-09-08 03:27 . 2011-09-08 03:27 0 ----a-w- c:\windows\DXT8511.tmp

2011-09-08 03:27 . 2011-09-08 03:27 0 ----a-w- c:\windows\DXT84B2.tmp

2011-09-08 03:27 . 2011-09-08 03:27 0 ----a-w- c:\windows\DXT82ED.tmp

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-17 221184]

"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-06-15 15141768]

"Akamai NetSession Interface"="c:\users\Roland\AppData\Local\Akamai\netsession_win.exe" [2011-11-17 3303000]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-15 375000]

"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-11-20 106496]

"EasyTuneVI"="c:\program files (x86)\GIGABYTE\ET6\ETcall.exe" [2007-07-26 20480]

"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]

"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-08-19 421736]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"HideSCAHealth"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R1 ksleovbm;ksleovbm;c:\windows\system32\drivers\ksleovbm.sys [x]

R1 zjlxuskj;zjlxuskj;c:\windows\system32\drivers\zjlxuskj.sys [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [x]

R3 dump_wmimmc;dump_wmimmc;c:\gpotato\Rappelz\GameGuard\dump_wmimmc.sys [x]

R3 etdrv;etdrv;c:\windows\etdrv.sys [2011-05-19 25640]

R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-04-19 1431888]

R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena Plus\Room\safedrv.sys [x]

R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2011-11-23 30528]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [x]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]

S2 3d-io License Server v2.0;3d-io License Server v2.0;c:\program files (x86)\3d-io plugins\licensing_v2\ActiveLockServerV2.exe [2009-12-15 34816]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]

S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-15 223464]

S2 DES2 Service;DES2 Service for Energy Saving.;c:\program files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [2009-06-18 68136]

S2 mi-raysat_3dsMax2009_64;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 64-bit 64-bit;c:\program files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe [2010-06-16 86016]

S2 mi-raysat_3dsmax2010_64;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 64-bit 64-bit;c:\program files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe [2009-03-12 86016]

S2 mi-raysat_3dsmax2012_64;mental ray 3.9 Satellite for Autodesk 3ds Max 2012 64-bit - English 64-bit;c:\program files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [2011-02-23 86016]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]

S2 Smart TimeLock;Smart TimeLock Service;c:\program files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [2009-10-14 114688]

S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-01-27 2253688]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

Akamai REG_MULTI_SZ Akamai

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-26 10135584]

"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]

"combofix"="c:\combofix\CF12511.3XE" [2009-07-14 344576]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com/

IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 10.1.10.1

CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\shell32.dll

FF - ProfilePath - c:\users\Roland\AppData\Roaming\Mozilla\Firefox\Profiles\onhgmeao.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2653012&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2653012&SearchSource=13

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ytff-devicevm&type=IEBD&p=

.

- - - - ORPHANS REMOVED - - - -

.

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

AddRemove-Blender - c:\program files (x86)\Blender Foundation\Blender\uninstall.exe

AddRemove-L4D2SP - c:\users\Roland\Downloads\Left 4 Dead 2 V2.0.2.7 Full-Rip {blaze69}\Uninstall SP.exe

AddRemove-NSS - c:\program files (x86)\Norton Security Scan\Engine\3.1.1.6\InstWrap.exe

AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_bc2.exe

AddRemove-SystemRequirementsLab - c:\program files (x86)\SystemRequirementsLab\Uninstall.exe

AddRemove-_{53A908D4-99C6-469B-BC13-F4189F260742} - c:\program files (x86)\Corel\Corel Painter Essentials 4\MSILauncher {53A908D4-99C6-469B-BC13-F4189F260742}

AddRemove-{EAD475E8-14E5-4854-8AF5-CE6B4024237C}_is1 - c:\gpotato\Rappelz\unins000.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]

"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_d768ebc.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-2750241520-802747955-1049020851-1000\Software\SecuROM\License information*]

"datasecu"=hex:b7,c4,ae,7c,56,78,a7,c5,b8,b5,d3,a9,38,9f,3b,6a,7a,27,41,9e,52,

65,32,8c,4d,e9,94,44,dc,8b,5e,14,64,58,19,66,3e,7a,26,df,39,98,01,63,6b,4d,\

"rkeysecu"=hex:16,9c,be,ed,91,41,cb,0f,88,80,e3,87,20,f8,fa,08

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{47BF077C-44C6-42B1-8F88-ADE2585DD2ED}*]

@=hex:b1,5d,8e,62,5e,fa,cb,01

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{97A98033-9FA1-4E80-A339-59787B43CC89}*]

@=hex:f3,d4,a9,62,5e,fa,cb,01

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{A82EB336-567D-4F41-A63E-8113AD8B6903}*]

@=hex:ab,94,9c,5f,5e,fa,cb,01

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{C4B20040-7D5A-4558-9E19-B7DF94366F97}*]

@=hex:d5,9d,ba,62,5e,fa,cb,01

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe

c:\program files (x86)\Bonjour\mDNSResponder.exe

c:\program files (x86)\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe

c:\windows\SysWOW64\PnkBstrA.exe

c:\program files (x86)\GIGABYTE\Smart6\Timelock\AlarmClock.exe

.

**************************************************************************

.

Completion time: 2011-11-22 21:44:45 - machine was rebooted

ComboFix-quarantined-files.txt 2011-11-23 02:44

ComboFix2.txt 2011-11-16 04:04

.

Pre-Run: 308,894,740,480 bytes free

Post-Run: 306,652,872,704 bytes free

.

- - End Of File - - 1E53317788E4DEF6D9534FE842FBD803

[Rolandz]

getting another problem as well now i have popups and i keep getting a error everytime i try to turn my firewall on it just wont let me also i keep getting infected by av guard 2012 every now and again

[Rolandz]

hey screen

ya still with me i m getting a new complication each day av programs that auto download like av guard and win7 2012 av gotta keep using malwarebyte & combofix everyday

and i still cannot turn on my firewall the normal window doesnt show and when i clicked recommended settings and i get "windows firewall can't change some of your settings Error code 0x800742c

[screen317]

Hi,

Again my apologies for the delay.

Please update MBAM, run a Quick Scan, and post its log. Grab a fresh copy of ComboFix, run it, and post its log.

The Kaspersky Rescue Disk is a bootable CD based version of Kaspersky Antivirus.

The download is in ISO format.

If you are not sure how to burn an image, please read How to write a CD/DVD image or ISO. If you need a FREE utility to burn the ISO image, download and use ImgBurn.

Download the Kaspersky Rescue Disk:

http://rescuedisk.kaspersky-labs.com/rescuedisk/updatable/ .

• Burn the Kaspersky Rescue Disk ISO image to CD.
  
• Insert the Kaspersky Rescue Disk CD into your CD/DVD drive and boot the computer (you may need to change the boot sequence in your system's BIOS to boot from the CD/DVD drive).
  
• Follow the instructions in the initial text screen to press Enter to start Kaspersky AntiVirus.
  
• Select your language (or wait a few seconds for the default English to load).
  
• Your screen may go blank for several minutes while the program loads.
  
• After the Kaspersky Rescue Disk loads, the database will be updated (if you have network connectivity)
  • Click the Update tab to view the update progress.
    
  • When the update has completed, click the Scan tab.

  [*]Place a checkmark in all the available drives to scan the entire system.

  [*]Click the "Security level" option, and select options.

  • Make sure "All Files" is selected
    
  • Under "Scan of compound files" ensure all options are selected and click the OK button.

  [*]Click the "On threat detection" option

  • Select "Do not prompt", "Disinfect", and "Delete if disinfection fails".

  [*]Click the "Start scan" button.

  [*]When the scan has completed, click the Reports button.

  • Click the Save button, and select your System drive (normally your C: drive)
    
  • In the "File name" box, name the file krd-log and click the Save button.
    
  • Click Close to close the Reports window.

  [*]Click the Exit button to close the Rescue Disk program and confirm.

  In the lower left of the screen, left-click the red K button, select Logout, and confirm.

  [*]The computer will shut down.

  [*]Restart the computer and reboot normally.

  [*]Please post the log (krd-log.txt) in your next reply.

[Rolandz]

ooh heey no problem but hey im having the hardest trouble trying to get into my bios to change the boot sequence i dunno what but any F key i press goes to a boot menu that only has the option of going windows or a memory registry edit something something

so i only got the combo fix and the malwarebyte atm

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8298

Windows 6.1.7600

Internet Explorer 9.0.8112.16421

12/3/2011 12:39:56 PM

mbam-log-2011-12-03 (12-39-56).txt

Scan type: Quick scan

Objects scanned: 236424

Time elapsed: 3 minute(s), 51 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

[Rolandz]

heh sorry forsome reason the combofix log is waay to long for the post i will have to attach

[Rolandz]

oo here

combofix.txt

[screen317]

Hi,

Please delete your copy of ComboFix, download the latest version from here, and save it to your Desktop. Do not run it yet.

Next, please open Notepad - don't use any other text editor than notepad or the script will fail.

Copy/paste the text in the box below into Notepad:

Driver::
ksleovbm
zjlxuskj

Save this as CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new DDS log.

-screen317

[Rolandz]

alright oh and here is the scan i had one pop up so far though

ill give the combofix scan after

Objects Scan: completed 5 minutes ago (events: 71, objects: 3622838, time: 08:05:51)

12/9/11 11:28 AM Task started

12/9/11 11:29 AM Detected: Rootkit.Boot.SST.a /dev/sda

12/9/11 11:29 AM Untreated: Rootkit.Boot.SST.a /dev/sda Postponed

12/9/11 12:18 PM Detected: Exploit.Java.CVE-2010-0840.fb /mnt/MountedDevices/PD-0BD38172-0000000000100000/Users/Roland/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/26/4549b0da-5d6747a6/photo/Zoom.class

12/9/11 12:18 PM Detected: Exploit.Java.CVE-2010-0840.fb /mnt/MountedDevices/PD-0BD38172-0000000000100000/Users/Roland/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/39/65409e7-16c5bb6c/photo/Zoom.class

12/9/11 12:18 PM Detected: Exploit.Java.CVE-2010-4452.a /mnt/MountedDevices/PD-0BD38172-0000000000100000/Users/Roland/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/62/5024297e-52010181

12/9/11 12:18 PM Untreated: Exploit.Java.CVE-2010-0840.fb /mnt/MountedDevices/PD-0BD38172-0000000000100000/Users/Roland/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/26/4549b0da-5d6747a6/photo/Zoom.class Postponed

12/9/11 12:18 PM Untreated: Exploit.Java.CVE-2010-0840.fb /mnt/MountedDevices/PD-0BD38172-0000000000100000/Users/Roland/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/39/65409e7-16c5bb6c/photo/Zoom.class Postponed

12/9/11 12:18 PM Untreated: Exploit.Java.CVE-2010-4452.a /mnt/MountedDevices/PD-0BD38172-0000000000100000/Users/Roland/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/62/5024297e-52010181 Postponed

12/9/11 12:18 PM Detected: Exploit.Java.CVE-2010-4452.a /mnt/MountedDevices/PD-0BD38172-0000000000100000/Users/Roland/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/62/5024297e-72eb7fce

12/9/11 12:18 PM Untreated: Exploit.Java.CVE-2010-4452.a /mnt/MountedDevices/PD-0BD38172-0000000000100000/Users/Roland/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/62/5024297e-72eb7fce Postponed

12/9/11 12:48 PM Processing error /mnt/MountedDevices/PD-0BD38172-0000000000100000/Users/Roland/Downloads/BlazBlue_Continuum_Shift.rar/BlazBlue Continuum Shift/bbcs/game.rar Read error

12/9/11 12:48 PM Processing error /mnt/MountedDevices/PD-0BD38172-0000000000100000/Users/Roland/Downloads/BlazBlue_Continuum_Shift.rar/BlazBlue Continuum Shift/bbcs/typex_loader_2009_12_29_13_35.7z Read error

12/9/11 12:49 PM Processing error /mnt/MountedDevices/PD-0BD38172-0000000000100000/Users/Roland/Downloads/vehicles valkyrie(1).rar/valkyrie_mira.rar Read error

12/9/11 12:49 PM Processing error /mnt/MountedDevices/PD-0BD38172-0000000000100000/Users/Roland/Downloads/vehicles valkyrie(1).rar/valkyrie.rar Read error

12/9/11 12:49 PM Processing error /mnt/MountedDevices/PD-0BD38172-0000000000100000/Users/Roland/Downloads/vehicles valkyrie.rar/valkyrie_inquisitor.rar Read error

12/9/11 12:49 PM Processing error /mnt/MountedDevices/PD-0BD38172-0000000000100000/Users/Roland/Downloads/vehicles valkyrie.rar Read error

12/9/11 12:49 PM Processing error /mnt/MountedDevices/PD-0BD38172-0000000000100000/Users/Roland/Downloads/Skyrim - Voices.rar.part/Skyrim - Voices.bsa Read error

12/9/11 12:49 PM Processing error /mnt/MountedDevices/PD-0BD38172-0000000000100000/Users/Roland/Downloads/Skyrim - Voices.rar.part Read error

12/9/11 12:56 PM Processing error /mnt/MountedDevices/PD-0BD38172-0000000000100000/Users/Roland/Downloads/Skyrim/Data2.rar/Skyrim - Sounds.bsa Read error

12/9/11 12:56 PM Processing error /mnt/MountedDevices/PD-0BD38172-0000000000100000/Users/Roland/Downloads/Skyrim/Data2.rar Read error

12/9/11 12:57 PM Processing error /mnt/MountedDevices/PD-0BD38172-0000000000100000/Users/Roland/Downloads/Skyrim/Data1.rar Read error

12/9/11 1:19 PM Detected: Backdoor.Win32.ZAccess.aug C:/Windows/assembly/GAC_32/Desktop.ini

12/9/11 1:19 PM Untreated: Backdoor.Win32.ZAccess.aug C:/Windows/assembly/GAC_32/Desktop.ini Postponed

12/9/11 1:20 PM Detected: Backdoor.Win64.ZAccess.aj C:/Windows/assembly/GAC_64/Desktop.ini

12/9/11 1:20 PM Untreated: Backdoor.Win64.ZAccess.aj C:/Windows/assembly/GAC_64/Desktop.ini Postponed

12/9/11 1:21 PM Detected: Trojan-Downloader.Win32.Agent.gyak C:/Windows/assembly/temp/U/80000032.@

12/9/11 1:21 PM Untreated: Trojan-Downloader.Win32.Agent.gyak C:/Windows/assembly/temp/U/80000032.@ Postponed

12/9/11 5:47 PM Processing error C:/Program Files (x86)/Eidos/Deus EX humanrevolution/bigfile000.rar Read error

12/9/11 5:48 PM Processing error C:/Program Files (x86)/Eidos/Deus EX humanrevolution/bigfile001.rar Read error

12/9/11 5:49 PM Processing error C:/Program Files (x86)/Eidos/Deus EX humanrevolution/bigfile002.rar Read error

12/9/11 6:36 PM Detected: Exploit.Java.CVE-2010-0840.fb C:/Users/Roland/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/26/4549b0da-5d6747a6/photo/Zoom.class

12/9/11 6:36 PM Detected: Exploit.Java.CVE-2010-0840.fb C:/Users/Roland/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/39/65409e7-16c5bb6c/photo/Zoom.class

12/9/11 6:36 PM Untreated: Exploit.Java.CVE-2010-0840.fb C:/Users/Roland/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/26/4549b0da-5d6747a6/photo/Zoom.class Postponed

12/9/11 6:36 PM Untreated: Exploit.Java.CVE-2010-0840.fb C:/Users/Roland/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/39/65409e7-16c5bb6c/photo/Zoom.class Postponed

12/9/11 6:36 PM Detected: Exploit.Java.CVE-2010-4452.a C:/Users/Roland/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/62/5024297e-52010181

12/9/11 6:36 PM Detected: Exploit.Java.CVE-2010-4452.a C:/Users/Roland/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/62/5024297e-72eb7fce

12/9/11 6:36 PM Untreated: Exploit.Java.CVE-2010-4452.a C:/Users/Roland/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/62/5024297e-52010181 Postponed

12/9/11 6:36 PM Untreated: Exploit.Java.CVE-2010-4452.a C:/Users/Roland/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/62/5024297e-72eb7fce Postponed

12/9/11 7:06 PM Processing error C:/Users/Roland/Downloads/3dsmax8/Installs/3dsMaxRefFiles/3dsMax8_reffiles.msi/Cabs.ref.cab Read error

12/9/11 7:06 PM Processing error C:/Users/Roland/Downloads/3dsmax8/Installs/3dsMaxRefFiles/3dsMax8_reffiles.msi Read error

12/9/11 7:06 PM Processing error C:/Users/Roland/Downloads/The Elder Scrolls IV Oblivion+Expansions/Oblivion.iso/data2.cab Read error

12/9/11 7:06 PM Processing error C:/Users/Roland/Downloads/The Elder Scrolls IV Oblivion+Expansions/Oblivion.iso Read error

12/9/11 7:06 PM Processing error C:/Users/Roland/Downloads/The Elder Scrolls IV Oblivion+Expansions/SI_KOTN.iso/Knights of The Nine/Oblivion - Knights of the Nine.exe Read error

12/9/11 7:06 PM Processing error C:/Users/Roland/Downloads/The Elder Scrolls IV Oblivion+Expansions/SI_KOTN.iso/Knights of The Nine/Oblivion - Thieves Den.exe Read error

12/9/11 7:06 PM Processing error C:/Users/Roland/Downloads/The Elder Scrolls IV Oblivion+Expansions/SI_KOTN.iso/Setup/data2.cab Read error

12/9/11 7:06 PM Processing error C:/Users/Roland/Downloads/The Elder Scrolls IV Oblivion+Expansions/SI_KOTN.iso/Setup/data3.cab Read error

12/9/11 7:06 PM Processing error C:/Users/Roland/Downloads/The Elder Scrolls IV Oblivion+Expansions/SI_KOTN.iso Read error

12/9/11 7:06 PM Processing error C:/Users/Roland/Downloads/Skyrim - Voices.rar.part/Skyrim - Voices.bsa Read error

12/9/11 7:06 PM Processing error C:/Users/Roland/Downloads/Skyrim - Voices.rar.part Read error

12/9/11 7:13 PM Processing error C:/Users/Roland/Downloads/Skyrim/Data2.rar/Skyrim - Sounds.bsa Read error

12/9/11 7:13 PM Processing error C:/Users/Roland/Downloads/Skyrim/Data2.rar Read error

12/9/11 7:13 PM Processing error C:/Users/Roland/Downloads/Skyrim/Data1.rar Read error

12/9/11 7:32 PM Detected: Exploit.Java.CVE-2010-0840.fb /mnt/MountedDevices/PD-0BD38172-0000000000100000/Users/Roland/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/26/4549b0da-5d6747a6/photo/Zoom.class

12/9/11 7:34 PM Deleted: Exploit.Java.CVE-2010-0840.fb /mnt/MountedDevices/PD-0BD38172-0000000000100000/Users/Roland/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/26/4549b0da-5d6747a6

12/9/11 7:34 PM Detected: Exploit.Java.CVE-2010-0840.fb /mnt/MountedDevices/PD-0BD38172-0000000000100000/Users/Roland/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/39/65409e7-16c5bb6c/photo/Zoom.class

12/9/11 7:34 PM Deleted: Exploit.Java.CVE-2010-0840.fb /mnt/MountedDevices/PD-0BD38172-0000000000100000/Users/Roland/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/39/65409e7-16c5bb6c

12/9/11 7:34 PM Detected: Exploit.Java.CVE-2010-4452.a /mnt/MountedDevices/PD-0BD38172-0000000000100000/Users/Roland/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/62/5024297e-52010181

12/9/11 7:34 PM Deleted: Exploit.Java.CVE-2010-4452.a /mnt/MountedDevices/PD-0BD38172-0000000000100000/Users/Roland/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/62/5024297e-52010181

12/9/11 7:34 PM Detected: Exploit.Java.CVE-2010-4452.a /mnt/MountedDevices/PD-0BD38172-0000000000100000/Users/Roland/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/62/5024297e-72eb7fce

12/9/11 7:34 PM Deleted: Exploit.Java.CVE-2010-4452.a /mnt/MountedDevices/PD-0BD38172-0000000000100000/Users/Roland/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/62/5024297e-72eb7fce

12/9/11 7:34 PM Detected: Backdoor.Win32.ZAccess.aug C:/Windows/assembly/GAC_32/Desktop.ini

12/9/11 7:34 PM Deleted: Backdoor.Win32.ZAccess.aug C:/Windows/assembly/GAC_32/Desktop.ini

12/9/11 7:34 PM Detected: Backdoor.Win64.ZAccess.aj C:/Windows/assembly/GAC_64/Desktop.ini

12/9/11 7:34 PM Deleted: Backdoor.Win64.ZAccess.aj C:/Windows/assembly/GAC_64/Desktop.ini

12/9/11 7:34 PM Detected: Trojan-Downloader.Win32.Agent.gyak C:/Windows/assembly/temp/U/80000032.@

12/9/11 7:34 PM Deleted: Trojan-Downloader.Win32.Agent.gyak C:/Windows/assembly/temp/U/80000032.@

12/9/11 7:34 PM Detected: Rootkit.Boot.SST.a /dev/sda

12/9/11 7:34 PM Disinfected: Rootkit.Boot.SST.a /dev/sda

12/9/11 7:34 PM Disinfected: Rootkit.Boot.SST.a /dev/sda

12/9/11 7:34 PM Task completed

[Rolandz]

alright here is the combo fix

ComboFix 11-12-09.04 - Roland 12/09/2011 20:10:19.7.8 - x64

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4094.2581 [GMT -5:00]

Running from: c:\users\Roland\Desktop\ComboFi3x.exe

Command switches used :: c:\users\Roland\Desktop\CFScript.txt

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_ksleovbm

-------\Service_zjlxuskj

.

.

((((((((((((((((((((((((( Files Created from 2011-11-10 to 2011-12-10 )))))))))))))))))))))))))))))))

.

.

2011-12-10 01:23 . 2011-12-10 01:23 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2011-12-10 01:23 . 2011-12-10 01:23 -------- d-----w- c:\users\Public\AppData\Local\temp

2011-12-10 01:23 . 2011-12-10 01:23 -------- d-----w- c:\users\Parker.Roland714\AppData\Local\temp

2011-12-10 01:23 . 2011-12-10 01:23 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-12-10 01:23 . 2011-12-10 01:23 -------- d-----w- c:\users\AppData\AppData\Local\temp

2011-12-10 01:23 . 2011-12-10 01:23 -------- d-----w- c:\users\Parker\AppData\Local\temp

2011-12-09 11:24 . 2011-12-09 19:47 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0

2011-12-08 16:59 . 2011-12-08 16:59 -------- d-----w- c:\program files (x86)\Common Files\Java

2011-12-07 16:05 . 2011-12-07 16:05 -------- d-----w- c:\program files\AMD

2011-12-04 03:16 . 2011-12-04 04:26 -------- d-----r- c:\users\Roland\Dropbox

2011-12-03 20:22 . 2011-12-03 20:22 -------- d-----w- c:\program files (x86)\ImgBurn

2011-12-03 20:22 . 2011-12-03 20:22 -------- d-----w- c:\program files (x86)\Ask.com

2011-12-03 15:26 . 2011-12-03 15:26 -------- d-----w- c:\program files (x86)\Common Files\AMD

2011-11-28 05:30 . 2011-11-28 05:30 -------- d-----we c:\windows\system64

2011-11-25 03:54 . 2011-11-25 03:54 -------- d-----w- c:\users\Roland\AppData\Roaming\B77ffEL88gZqh

2011-11-23 22:11 . 2011-11-23 22:11 -------- d-----w- c:\users\Roland\AppData\Local\SCE

2011-11-23 11:26 . 2011-11-23 11:26 -------- d-----w- c:\program files (x86)\ATI Research Inc

2011-11-23 07:32 . 2001-05-21 16:46 198656 ----a-w- c:\windows\SysWow64\Comdlg32.ocx

2011-11-22 23:57 . 2011-11-23 00:43 -------- d-----w- c:\program files (x86)\98C23

2011-11-22 19:09 . 2011-11-22 19:09 -------- d-----w- c:\programdata\PackfileExplorer

2011-11-20 05:40 . 2011-11-20 05:40 -------- d-----w- c:\users\Roland\AppData\Roaming\Blender Foundation

2011-11-20 05:40 . 2011-11-20 05:40 -------- d-----w- c:\users\Roland\.thumbnails

2011-11-16 04:28 . 2011-11-16 04:28 -------- d-----w- c:\programdata\Malwarebytes

2011-11-16 04:28 . 2011-11-16 04:28 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-11-13 05:13 . 2011-11-13 05:13 -------- d-----w- C:\Noesis

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-12-10 01:25 . 2011-01-30 01:34 25640 ----a-w- c:\windows\gdrv.sys

2011-12-10 00:50 . 2011-01-30 01:34 30528 ----a-w- c:\windows\GVTDrv64.sys

2011-11-25 22:53 . 2011-07-11 14:12 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr

2011-11-25 22:53 . 2011-07-11 13:56 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.exe

2011-11-23 22:15 . 2011-05-30 15:54 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-11-19 15:41 . 2011-07-11 13:56 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0

2011-10-03 10:06 . 2011-01-30 22:47 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

2011-09-28 22:45 . 2011-09-28 22:45 15453832 ----a-w- c:\windows\SysWow64\xlive.dll

2011-09-28 22:45 . 2011-09-28 22:45 13642888 ----a-w- c:\windows\SysWow64\xlivefnt.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

2011-11-18 00:29 1515688 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-11-18 1515688]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-17 221184]

"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-06-15 15141768]

"Akamai NetSession Interface"="c:\users\Roland\AppData\Local\Akamai\netsession_win.exe" [2011-11-17 3303000]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-15 375000]

"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-11-20 106496]

"EasyTuneVI"="c:\program files (x86)\GIGABYTE\ET6\ETcall.exe" [2007-07-26 20480]

"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]

"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-08-19 421736]

"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2011-11-18 901800]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"HideSCAHealth"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [x]

R3 dump_wmimmc;dump_wmimmc;c:\gpotato\Rappelz\GameGuard\dump_wmimmc.sys [x]

R3 etdrv;etdrv;c:\windows\etdrv.sys [2011-05-19 25640]

R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-04-19 1431888]

R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena Plus\Room\safedrv.sys [x]

R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2011-12-10 30528]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [x]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]

S2 3d-io License Server v2.0;3d-io License Server v2.0;c:\program files (x86)\3d-io plugins\licensing_v2\ActiveLockServerV2.exe [2009-12-15 34816]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]

S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-15 223464]

S2 DES2 Service;DES2 Service for Energy Saving.;c:\program files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [2009-06-18 68136]

S2 mi-raysat_3dsMax2009_64;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 64-bit 64-bit;c:\program files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe [2010-06-16 86016]

S2 mi-raysat_3dsmax2010_64;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 64-bit 64-bit;c:\program files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe [2009-03-12 86016]

S2 mi-raysat_3dsmax2012_64;mental ray 3.9 Satellite for Autodesk 3ds Max 2012 64-bit - English 64-bit;c:\program files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [2011-02-23 86016]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]

S2 Smart TimeLock;Smart TimeLock Service;c:\program files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [2009-10-14 114688]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

Akamai REG_MULTI_SZ Akamai

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-26 10135584]

"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]

"combofix"="c:\combofi3x\CF23494.3XE" [2009-07-14 344576]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com/

IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

TCP: DhcpNameServer = 10.1.10.1

CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\shell32.dll

FF - ProfilePath - c:\users\Roland\AppData\Roaming\Mozilla\Firefox\Profiles\onhgmeao.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2653012&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com/?l=dis&o=15784

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ytff-devicevm&type=IEBD&p=

.

- - - - ORPHANS REMOVED - - - -

.

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

AddRemove-Blender - c:\program files (x86)\Blender Foundation\Blender\uninstall.exe

AddRemove-L4D2SP - c:\users\Roland\Downloads\Left 4 Dead 2 V2.0.2.7 Full-Rip {blaze69}\Uninstall SP.exe

AddRemove-NSS - c:\program files (x86)\Norton Security Scan\Engine\3.1.1.6\InstWrap.exe

AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_bc2.exe

AddRemove-SystemRequirementsLab - c:\program files (x86)\SystemRequirementsLab\Uninstall.exe

AddRemove-_{53A908D4-99C6-469B-BC13-F4189F260742} - c:\program files (x86)\Corel\Corel Painter Essentials 4\MSILauncher {53A908D4-99C6-469B-BC13-F4189F260742}

AddRemove-{EAD475E8-14E5-4854-8AF5-CE6B4024237C}_is1 - c:\gpotato\Rappelz\unins000.exe

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]

"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_d768ebc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-2750241520-802747955-1049020851-1000\Software\SecuROM\License information*]

"datasecu"=hex:5f,73,18,50,7e,57,0d,84,32,1e,ab,a2,a5,3d,18,4b,4a,2f,fc,a8,c8,

4d,9c,ba,c3,a1,ff,df,30,3e,9c,87,cc,74,5b,6a,20,04,91,a4,c9,37,d0,c9,af,f7,\

"rkeysecu"=hex:e0,1a,df,22,d1,cd,73,a1,ec,fa,ae,e8,67,d1,90,4d

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\{47BF077C-44C6-42B1-8F88-ADE2585DD2ED}*]

@=hex:b1,5d,8e,62,5e,fa,cb,01

.

[HKEY_LOCAL_MACHINE\software\Classes\{97A98033-9FA1-4E80-A339-59787B43CC89}*]

@=hex:f3,d4,a9,62,5e,fa,cb,01

.

[HKEY_LOCAL_MACHINE\software\Classes\{A82EB336-567D-4F41-A63E-8113AD8B6903}*]

@=hex:ab,94,9c,5f,5e,fa,cb,01

.

[HKEY_LOCAL_MACHINE\software\Classes\{C4B20040-7D5A-4558-9E19-B7DF94366F97}*]

@=hex:d5,9d,ba,62,5e,fa,cb,01

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe

c:\program files (x86)\Bonjour\mDNSResponder.exe

c:\program files (x86)\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe

c:\windows\SysWOW64\PnkBstrA.exe

c:\program files (x86)\GIGABYTE\Smart6\Timelock\AlarmClock.exe

.

**************************************************************************

.

Completion time: 2011-12-09 20:33:06 - machine was rebooted

ComboFix-quarantined-files.txt 2011-12-10 01:33

ComboFix2.txt 2011-12-03 19:12

.

Pre-Run: 315,306,049,536 bytes free

Post-Run: 316,799,815,680 bytes free

.

- - End Of File - - 7D46EC9C4BD46D0525290318838BAFE1

[Rolandz]

and here is the dds

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29

Run by Roland at 23:22:12 on 2011-12-09

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4094.1937 [GMT -5:00]

.

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\3d-io plugins\licensing_v2\ActiveLockServerV2.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\SysWOW64\svchost.exe -k Akamai

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe

C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe

C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe

C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe

C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe

C:\Program Files (x86)\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Logitech\Gaming Software\LWEMon.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\AlarmClock.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Program Files (x86)\Steam\Steam.exe

c:\program files (x86)\steam\steamapps\ramoneb\sourcesdk\bin\SDKLauncher.exe

c:\program files (x86)\steam\steamapps\ramoneb\sourcesdk\bin\source2009\bin\hlmv.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uURLSearchHooks: SearchHook Class: {bc86e1ab-eda5-4059-938f-ce307b0c6f0a} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL

BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

uRun: [iSUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized

uRun: [Akamai NetSession Interface] C:\Users\Roland\AppData\Local\Akamai\netsession_win.exe

mRun: [bCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"

mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRun: [EasyTuneVI] C:\Program Files (x86)\GIGABYTE\ET6\ETcall.exe

mRun: [iSUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start

mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe

mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mPolicies-explorer: HideSCAHealth = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 10.1.10.1

TCP: Interfaces\{1D4B6D87-0285-48B8-B515-7EB2FE6EB006} : DhcpNameServer = 10.1.10.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

BHO-X64: Ask Toolbar BHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

mRun-x64: [bCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"

mRun-x64: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRun-x64: [EasyTuneVI] C:\Program Files (x86)\GIGABYTE\ET6\ETcall.exe

mRun-x64: [iSUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start

mRun-x64: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe

mRun-x64: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL

Hosts: 217.23.4.166 www.google-analytics.com.

Hosts: 217.23.4.166 ad-emea.doubleclick.net.

Hosts: 217.23.4.166 www.statcounter.com.

Hosts: 178.250.45.15 www.google-analytics.com.

Hosts: 178.250.45.15 ad-emea.doubleclick.net.

.

Note: multiple HOSTS entries found. Please refer to Attach.txt

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Roland\AppData\Roaming\Mozilla\Firefox\Profiles\onhgmeao.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2653012&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com/?l=dis&o=15784

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ytff-devicevm&type=IEBD&p=

FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll

FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: C:\Program Files\Dassault Systemes\3D XML Player\win_b64\code\bin32\NP3DXMLPlugin.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R1 AppleCharger;AppleCharger;C:\Windows\system32\DRIVERS\AppleCharger.sys --> C:\Windows\system32\DRIVERS\AppleCharger.sys [?]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]

R2 3d-io License Server v2.0;3d-io License Server v2.0;C:\Program Files (x86)\3d-io plugins\licensing_v2\ActiveLockServerV2.exe [2009-12-15 34816]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]

R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992]

R2 BCUService;Browser Configuration Utility Service;C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-15 223464]

R2 DES2 Service;DES2 Service for Energy Saving.;C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [2011-1-29 68136]

R2 mi-raysat_3dsMax2009_64;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 64-bit 64-bit;C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe [2010-6-16 86016]

R2 mi-raysat_3dsmax2010_64;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 64-bit 64-bit;C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe [2009-3-12 86016]

R2 mi-raysat_3dsmax2012_64;mental ray 3.9 Satellite for Autodesk 3ds Max 2012 64-bit - English 64-bit;C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [2011-2-22 86016]

R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-9 2255464]

R2 Smart TimeLock;Smart TimeLock Service;C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe [2011-1-29 114688]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]

S3 etdrv;etdrv;C:\Windows\etdrv.sys [2011-5-18 25640]

S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-2-1 1431888]

S3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2011-1-29 30528]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 30963576]

S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2011-12-10 01:25:54 -------- d-----w- C:\$RECYCLE.BIN

2011-12-10 01:06:13 98816 ----a-w- C:\Windows\sed.exe

2011-12-10 01:06:13 518144 ----a-w- C:\Windows\SWREG.exe

2011-12-10 01:06:13 256000 ----a-w- C:\Windows\PEV.exe

2011-12-10 01:06:13 208896 ----a-w- C:\Windows\MBR.exe

2011-12-09 11:24:21 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0

2011-12-07 16:05:39 -------- d-----w- C:\Program Files\AMD

2011-12-04 03:16:16 -------- d-----r- C:\Users\Roland\Dropbox

2011-12-04 03:14:14 -------- d-----w- C:\Users\Roland\AppData\Roaming\Dropbox

2011-12-03 20:22:34 -------- d-----w- C:\Program Files (x86)\Ask.com

2011-12-03 15:26:17 -------- d-----w- C:\Program Files (x86)\Common Files\AMD

2011-11-28 05:30:07 -------- d-----we C:\Windows\system64

2011-11-25 03:54:11 -------- d-----w- C:\Users\Roland\AppData\Roaming\bOOONNtxA0uc2iD

2011-11-25 03:54:07 -------- d-----w- C:\Users\Roland\AppData\Roaming\B77ffEL88gZqh

2011-11-25 03:54:06 -------- d-----w- C:\Users\Roland\AppData\Roaming\Z999gTTXq

2011-11-25 03:54:06 -------- d-----w- C:\Users\Roland\AppData\Roaming\oOONNtxxA0uS2bD

2011-11-25 03:54:02 -------- d-----w- C:\Users\Roland\AppData\Roaming\hooonGG4amH6WJf

2011-11-25 03:54:01 -------- d-----w- C:\Users\Roland\AppData\Roaming\qccSS1ibb3onGaH

2011-11-23 22:11:23 -------- d-----w- C:\Users\Roland\AppData\Local\SCE

2011-11-23 11:26:27 -------- d-----w- C:\Program Files (x86)\ATI Research Inc

2011-11-23 07:32:11 198656 ----a-w- C:\Windows\SysWow64\Comdlg32.ocx

2011-11-23 00:43:56 -------- d-----w- C:\Users\Roland\AppData\Local\{970492A1-4B99-42C9-B472-065740F9C9EB}

2011-11-23 00:43:45 -------- d-----w- C:\Users\Roland\AppData\Local\{72BB1DDD-B6CD-4918-B4F0-6A326666FEEB}

2011-11-22 23:57:32 -------- d-----w- C:\Program Files (x86)\98C23

2011-11-22 23:57:12 -------- d-----w- C:\Users\Roland\AppData\Roaming\xRRZZ9hTXwjUClB

2011-11-22 23:57:12 -------- d-----w- C:\Users\Roland\AppData\Roaming\NzzzPPNyxA1uS2b

2011-11-22 23:57:01 -------- d-----w- C:\Users\Roland\AppData\Roaming\rWWWJJ7dEL8gZqY

2011-11-22 23:57:00 -------- d-----w- C:\Users\Roland\AppData\Roaming\Q7ffEEL8gTZ

2011-11-22 23:57:00 -------- d-----w- C:\Users\Roland\AppData\Roaming\nttxxP0uuc1i

2011-11-22 23:56:58 -------- d-----w- C:\Users\Roland\AppData\Roaming\F8998

2011-11-22 23:56:33 -------- d-----w- C:\Users\Roland\AppData\Roaming\hFF44pmmG

2011-11-22 23:56:32 -------- d-----w- C:\Users\Roland\AppData\Roaming\LtttzPP0ycA1vDo

2011-11-22 23:44:12 -------- d-----w- C:\Users\Roland\AppData\Local\{A6DC21A5-2B27-4E2F-B232-6C4C7A69AF31}

2011-11-22 23:44:00 -------- d-----w- C:\Users\Roland\AppData\Local\{E3CE3080-C760-4059-898C-C90A69F9FF67}

2011-11-22 19:09:29 -------- d-----w- C:\ProgramData\PackfileExplorer

2011-11-22 05:17:51 -------- d-----w- C:\Users\Roland\AppData\Local\{2DFF5213-D589-4384-8E79-DCCCF551D886}

2011-11-22 05:17:39 -------- d-----w- C:\Users\Roland\AppData\Local\{F07369E6-E070-4933-A064-FAA912F188BC}

2011-11-21 23:55:28 -------- d-----w- C:\Users\Roland\AppData\Local\{996A5C83-A4EF-4178-91E5-F20154B3A7B1}

2011-11-21 23:55:15 -------- d-----w- C:\Users\Roland\AppData\Local\{9B229EAA-111E-45FE-B3CA-9C1734FB0C7A}

2011-11-21 04:41:47 -------- d-----w- C:\Users\Roland\AppData\Local\{60BDAFCE-9D24-45FC-814A-D96F2DEAA9AC}

2011-11-21 04:41:36 -------- d-----w- C:\Users\Roland\AppData\Local\{FB9064CD-8BFE-4D58-BB0E-6A7AB5A09D12}

2011-11-20 05:40:47 -------- d-----w- C:\Users\Roland\AppData\Roaming\Blender Foundation

2011-11-20 05:40:44 -------- d-----w- C:\Users\Roland\.thumbnails

2011-11-18 15:20:53 -------- d-----w- C:\Users\Roland\AppData\Local\{BBD44097-D831-4095-9668-127CE80111DC}

2011-11-18 15:20:41 -------- d-----w- C:\Users\Roland\AppData\Local\{EFD83BF7-46DA-4998-993B-C80AD390A6E8}

2011-11-17 15:23:53 -------- d-----w- C:\Users\Roland\AppData\Local\{B453F33A-9799-4D89-ADE4-C891A8E1F66E}

2011-11-17 15:23:42 -------- d-----w- C:\Users\Roland\AppData\Local\{0D0676A1-63E4-41C2-9E35-835580156DD8}

2011-11-16 20:24:46 -------- d-----w- C:\Users\Roland\AppData\Local\{471E149C-C6CD-47DE-B89D-73D702623698}

2011-11-16 04:28:40 -------- d-----w- C:\Users\Roland\AppData\Roaming\Malwarebytes

2011-11-16 04:28:27 -------- d-----w- C:\ProgramData\Malwarebytes

2011-11-16 04:28:23 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-11-16 03:41:32 -------- d-----w- C:\Users\Roland\AppData\Local\{C860DD10-5E0E-47BE-AA39-C1E031E9615B}

2011-11-16 03:41:21 -------- d-----w- C:\Users\Roland\AppData\Local\{523C39FF-6CEA-4A67-A093-FBD73984B03E}

2011-11-15 15:53:17 -------- d-----w- C:\Users\Roland\AppData\Local\{B0DACA34-50A0-47A5-894C-731FBCCCD5FF}

2011-11-15 15:53:06 -------- d-----w- C:\Users\Roland\AppData\Local\{E4854E13-9794-4825-8072-85A784532839}

2011-11-13 05:13:22 -------- d-----w- C:\Noesis

2011-11-12 14:10:40 -------- d-----w- C:\Users\Roland\AppData\Local\{CB1EBE4B-1130-40A6-B93E-6B164E5CE76C}

2011-11-11 13:51:09 -------- d-----w- C:\Users\Roland\AppData\Local\{2BC32B14-98FB-4E96-9856-B3B607ED1404}

2011-11-10 16:24:07 -------- d-----w- C:\Users\Roland\AppData\Local\{41EE2908-BC0A-477B-BD2E-C18CA9FE949A}

.

==================== Find3M ====================

.

2011-12-10 01:25:37 25640 ----a-w- C:\Windows\gdrv.sys

2011-12-10 00:50:46 30528 ----a-w- C:\Windows\GVTDrv64.sys

2011-11-25 22:53:42 215128 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr

2011-11-25 22:53:42 215128 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe

2011-11-23 22:15:44 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-11-19 15:41:28 215128 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0

2011-10-03 10:06:03 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2011-09-28 22:45:42 15453832 ----a-w- C:\Windows\SysWow64\xlive.dll

2011-09-28 22:45:42 13642888 ----a-w- C:\Windows\SysWow64\xlivefnt.dll

.

============= FINISH: 23:23:26.11 ===============

[Rolandz]

screen ya still with me

[screen317]

Hi,

Again my apologies for the delay.

I'm afraid I have bad news.

Your logs reveal a backdoor trojan. A backdoor severely compromises system integrity.

A compromised system may allow illicit network connections, disabling of security software, modifying critical system files and collection and transmiission of personal identifiable information without your consent.

I recommend that you disconnect this PC from the Internet immediately, and only reconnect to download any tools that are required. If you do any banking or other financial transactions on the PC or it if it contains any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. If it were on my PC I would not hesitate for a moment to do so. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

Should you decide not to follow that advice, we will of course do our best to clean the computer of any infections that we can see but, as I already stated, we can in no way guarantee it to be trustworthy.

Should you have any questions, please feel free to ask.

Let me know what you decide.

[Rolandz]

ooh reformating isnt an option for me ill try the cleaning method

[screen317]

Hi,

Okay. First let's try a few scans to see where we are.

Update MBAM, run a Quick Scan, and post its log. Post a fresh DDS log.

• Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  
• Execute the file TDSSKiller.exe by double-clicking on it.
  
• Wait for the scan and disinfection process to be over.
  
• When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) ( 511KB ) to your desktop. Double click the aswMBR.exe to run it

• Click the "Scan" button to start scan.
  
• Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time)
  
• Please post the contents of that log in your next reply.
  

There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

Also grab a fresh copy of ComboFix, run it, and post its log.

[Rolandz]

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8399

Windows 6.1.7600

Internet Explorer 9.0.8112.16421

12/19/2011 1:43:17 PM

mbam-log-2011-12-19 (13-43-17).txt

Scan type: Quick scan

Objects scanned: 240162

Time elapsed: 4 minute(s), 39 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29

Run by Roland at 13:45:49 on 2011-12-19

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4094.2425 [GMT -5:00]

.

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\3d-io plugins\licensing_v2\ActiveLockServerV2.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\SysWOW64\svchost.exe -k Akamai

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe

C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe

C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe

C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe

C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe

C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe

C:\Program Files (x86)\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\SearchProtocolHost.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Logitech\Gaming Software\LWEMon.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe

C:\Users\Roland\AppData\Local\Akamai\netsession_win.exe

C:\Users\Roland\AppData\Local\Akamai\netsession_win.exe

C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe

C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe

C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe

C:\Program Files (x86)\Steam\Steam.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uURLSearchHooks: SearchHook Class: {bc86e1ab-eda5-4059-938f-ce307b0c6f0a} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

uRun: [iSUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

uRun: [Akamai NetSession Interface] C:\Users\Roland\AppData\Local\Akamai\netsession_win.exe

mRun: [bCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"

mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRun: [EasyTuneVI] C:\Program Files (x86)\GIGABYTE\ET6\ETcall.exe

mRun: [iSUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start

mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe

mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start

mPolicies-explorer: HideSCAHealth = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 10.1.10.1

TCP: Interfaces\{7065DBAA-AEEC-4DE5-B3D4-E83D2D3C24FB} : DhcpNameServer = 10.1.10.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

mRun-x64: [bCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"

mRun-x64: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRun-x64: [EasyTuneVI] C:\Program Files (x86)\GIGABYTE\ET6\ETcall.exe

mRun-x64: [iSUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start

mRun-x64: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe

mRun-x64: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL

Hosts: 217.23.4.166 www.google-analytics.com.

Hosts: 217.23.4.166 ad-emea.doubleclick.net.

Hosts: 217.23.4.166 www.statcounter.com.

Hosts: 178.250.45.15 www.google-analytics.com.

Hosts: 178.250.45.15 ad-emea.doubleclick.net.

.

Note: multiple HOSTS entries found. Please refer to Attach.txt

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Roland\AppData\Roaming\Mozilla\Firefox\Profiles\onhgmeao.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2653012&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com/?l=dis&o=15784

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ytff-devicevm&type=IEBD&p=

FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll

FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: C:\Program Files\Dassault Systemes\3D XML Player\win_b64\code\bin32\NP3DXMLPlugin.dll

FF - plugin: C:\Users\Roland\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R1 AppleCharger;AppleCharger;C:\Windows\system32\DRIVERS\AppleCharger.sys --> C:\Windows\system32\DRIVERS\AppleCharger.sys [?]

R2 3d-io License Server v2.0;3d-io License Server v2.0;C:\Program Files (x86)\3d-io plugins\licensing_v2\ActiveLockServerV2.exe [2009-12-15 34816]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]

R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992]

R2 BCUService;Browser Configuration Utility Service;C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-15 223464]

R2 DES2 Service;DES2 Service for Energy Saving.;C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [2011-1-29 68136]

R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-8-15 2329480]

R2 mi-raysat_3dsMax2009_64;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 64-bit 64-bit;C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe [2010-6-16 86016]

R2 mi-raysat_3dsmax2010_64;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 64-bit 64-bit;C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe [2009-3-12 86016]

R2 mi-raysat_3dsmax2012_64;mental ray 3.9 Satellite for Autodesk 3ds Max 2012 64-bit - English 64-bit;C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [2011-2-22 86016]

R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-9 2255464]

R2 Smart TimeLock;Smart TimeLock Service;C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe [2011-1-29 114688]

R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]

R3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2011-1-29 30528]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]

S3 etdrv;etdrv;C:\Windows\etdrv.sys [2011-5-18 25640]

S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-2-1 1431888]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 30963576]

S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2011-12-19 08:33:13 367104 ----a-w- C:\Windows\System32\wcncsvc.dll

2011-12-19 08:33:13 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll

2011-12-18 13:09:35 27008 ----a-w- C:\Windows\System32\drivers\Diskdump.sys

2011-12-18 13:06:58 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2011-12-18 13:06:58 2048 ----a-w- C:\Windows\System32\tzres.dll

2011-12-18 07:13:59 -------- d-----w- C:\Users\Roland\AppData\Local\LogMeIn Hamachi

2011-12-18 07:13:34 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi

2011-12-18 06:34:58 -------- d-----w- C:\Users\Roland\AppData\Roaming\ScripterRon

2011-12-17 22:34:27 -------- d-----w- C:\Users\Roland\AppData\Local\{E650F8E4-5452-46D3-9101-425C89ED4914}

2011-12-17 22:34:15 -------- d-----w- C:\Users\Roland\AppData\Local\{428C00D8-053E-492E-850A-2F1DE01C647A}

2011-12-17 05:16:03 -------- d-----w- C:\Users\Roland\.NewTek

2011-12-17 04:57:29 -------- d-----w- C:\Program Files\NewTek

2011-12-17 03:46:48 -------- d-----w- C:\Program Files (x86)\Id soft

2011-12-15 18:37:40 -------- d-----w- C:\Program Files (x86)\Sierra

2011-12-14 07:21:55 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe

2011-12-14 04:27:11 74344 ----a-w- C:\Windows\System32\RtNicProp64.dll

2011-12-14 04:27:11 107624 ----a-w- C:\Windows\System32\RTNUninst64.dll

2011-12-14 04:15:58 65024 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ISBEW64.exe

2011-12-14 04:15:57 757760 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll

2011-12-14 04:15:57 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll

2011-12-14 04:15:57 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll

2011-12-14 04:15:57 204800 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll

2011-12-14 04:15:56 331908 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll

2011-12-14 04:15:56 200836 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll

2011-12-14 04:12:56 535656 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys

2011-12-13 20:03:43 -------- d-----w- C:\Users\Roland\AppData\Roaming\Unity

2011-12-13 19:57:09 -------- d-----w- C:\Users\Roland\AppData\Local\Unity

2011-12-11 21:27:01 13800 ----a-w- C:\Windows\System32\drivers\ssadwh.sys

2011-12-11 21:27:00 13288 ----a-w- C:\Windows\System32\drivers\ssadcm.sys

2011-12-11 21:26:36 -------- d-----w- C:\Program Files\SAMSUNG

2011-12-11 21:26:06 -------- d-----w- C:\ProgramData\Samsung

2011-12-11 19:40:35 476904 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\REN1B6.tmp

2011-12-11 19:37:56 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-12-10 07:03:56 627600 ----a-w- C:\Windows\System32\deployJava1.dll

2011-12-10 06:57:40 -------- d-----w- C:\Program Files (x86)\Santiago Orgaz

2011-12-10 01:25:54 -------- d-----w- C:\$RECYCLE.BIN

2011-12-10 01:06:13 98816 ----a-w- C:\Windows\sed.exe

2011-12-10 01:06:13 518144 ----a-w- C:\Windows\SWREG.exe

2011-12-10 01:06:13 256000 ----a-w- C:\Windows\PEV.exe

2011-12-10 01:06:13 208896 ----a-w- C:\Windows\MBR.exe

2011-12-09 11:24:21 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0

2011-12-07 16:05:39 -------- d-----w- C:\Program Files\AMD

2011-12-04 03:14:14 -------- d-----w- C:\Users\Roland\AppData\Roaming\Dropbox

2011-12-03 15:26:17 -------- d-----w- C:\Program Files (x86)\Common Files\AMD

2011-11-28 05:30:07 -------- d-----we C:\Windows\system64

2011-11-25 03:54:11 -------- d-----w- C:\Users\Roland\AppData\Roaming\bOOONNtxA0uc2iD

2011-11-25 03:54:07 -------- d-----w- C:\Users\Roland\AppData\Roaming\B77ffEL88gZqh

2011-11-25 03:54:06 -------- d-----w- C:\Users\Roland\AppData\Roaming\Z999gTTXq

2011-11-25 03:54:06 -------- d-----w- C:\Users\Roland\AppData\Roaming\oOONNtxxA0uS2bD

2011-11-25 03:54:02 -------- d-----w- C:\Users\Roland\AppData\Roaming\hooonGG4amH6WJf

2011-11-25 03:54:01 -------- d-----w- C:\Users\Roland\AppData\Roaming\qccSS1ibb3onGaH

2011-11-23 22:11:23 -------- d-----w- C:\Users\Roland\AppData\Local\SCE

2011-11-23 11:26:27 -------- d-----w- C:\Program Files (x86)\ATI Research Inc

2011-11-23 07:32:11 198656 ----a-w- C:\Windows\SysWow64\Comdlg32.ocx

2011-11-23 00:43:56 -------- d-----w- C:\Users\Roland\AppData\Local\{970492A1-4B99-42C9-B472-065740F9C9EB}

2011-11-23 00:43:45 -------- d-----w- C:\Users\Roland\AppData\Local\{72BB1DDD-B6CD-4918-B4F0-6A326666FEEB}

2011-11-22 23:57:32 -------- d-----w- C:\Program Files (x86)\98C23

2011-11-22 23:57:12 -------- d-----w- C:\Users\Roland\AppData\Roaming\xRRZZ9hTXwjUClB

2011-11-22 23:57:12 -------- d-----w- C:\Users\Roland\AppData\Roaming\NzzzPPNyxA1uS2b

2011-11-22 23:57:01 -------- d-----w- C:\Users\Roland\AppData\Roaming\rWWWJJ7dEL8gZqY

2011-11-22 23:57:00 -------- d-----w- C:\Users\Roland\AppData\Roaming\Q7ffEEL8gTZ

2011-11-22 23:57:00 -------- d-----w- C:\Users\Roland\AppData\Roaming\nttxxP0uuc1i

2011-11-22 23:56:58 -------- d-----w- C:\Users\Roland\AppData\Roaming\F8998

2011-11-22 23:56:33 -------- d-----w- C:\Users\Roland\AppData\Roaming\hFF44pmmG

2011-11-22 23:56:32 -------- d-----w- C:\Users\Roland\AppData\Roaming\LtttzPP0ycA1vDo

2011-11-22 23:44:12 -------- d-----w- C:\Users\Roland\AppData\Local\{A6DC21A5-2B27-4E2F-B232-6C4C7A69AF31}

2011-11-22 23:44:00 -------- d-----w- C:\Users\Roland\AppData\Local\{E3CE3080-C760-4059-898C-C90A69F9FF67}

2011-11-22 19:09:29 -------- d-----w- C:\ProgramData\PackfileExplorer

2011-11-22 05:17:51 -------- d-----w- C:\Users\Roland\AppData\Local\{2DFF5213-D589-4384-8E79-DCCCF551D886}

2011-11-22 05:17:39 -------- d-----w- C:\Users\Roland\AppData\Local\{F07369E6-E070-4933-A064-FAA912F188BC}

2011-11-21 23:55:28 -------- d-----w- C:\Users\Roland\AppData\Local\{996A5C83-A4EF-4178-91E5-F20154B3A7B1}

2011-11-21 23:55:15 -------- d-----w- C:\Users\Roland\AppData\Local\{9B229EAA-111E-45FE-B3CA-9C1734FB0C7A}

2011-11-21 04:41:47 -------- d-----w- C:\Users\Roland\AppData\Local\{60BDAFCE-9D24-45FC-814A-D96F2DEAA9AC}

2011-11-21 04:41:36 -------- d-----w- C:\Users\Roland\AppData\Local\{FB9064CD-8BFE-4D58-BB0E-6A7AB5A09D12}

2011-11-20 05:40:47 -------- d-----w- C:\Users\Roland\AppData\Roaming\Blender Foundation

2011-11-20 05:40:44 -------- d-----w- C:\Users\Roland\.thumbnails

.

==================== Find3M ====================

.

2011-12-19 18:33:26 30528 ----a-w- C:\Windows\GVTDrv64.sys

2011-12-19 18:33:11 25640 ----a-w- C:\Windows\gdrv.sys

2011-12-11 19:40:18 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2011-11-25 22:53:42 215128 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr

2011-11-25 22:53:42 215128 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe

2011-11-24 05:00:47 3141632 ----a-w- C:\Windows\System32\win32k.sys

2011-11-19 15:41:28 215128 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0

2011-11-04 01:53:39 2309120 ----a-w- C:\Windows\System32\jscript9.dll

2011-11-04 01:44:47 1390080 ----a-w- C:\Windows\System32\wininet.dll

2011-11-04 01:44:21 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl

2011-11-04 01:34:43 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2011-11-03 22:47:42 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll

2011-11-03 22:40:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2011-11-03 22:39:47 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll

2011-11-03 22:31:57 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-10-26 05:19:07 43520 ----a-w- C:\Windows\System32\csrsrv.dll

2011-10-15 06:25:12 723456 ----a-w- C:\Windows\System32\EncDec.dll

2011-10-15 05:48:52 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll

2011-09-29 16:24:44 1897328 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2011-09-28 22:45:42 15453832 ----a-w- C:\Windows\SysWow64\xlive.dll

2011-09-28 22:45:42 13642888 ----a-w- C:\Windows\SysWow64\xlivefnt.dll

.

============= FINISH: 13:48:06.35 ===============

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software

Run date: 2011-12-19 13:44:54

-----------------------------

13:44:54.817 OS Version: Windows x64 6.1.7600

13:44:54.832 Number of processors: 8 586 0x1A05

13:44:54.832 ComputerName: ROLAND714 UserName: Roland

13:44:59.793 Initialize success

13:45:14.995 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1

13:45:14.995 Disk 0 Vendor: ST31000528AS CC3E Size: 953869MB BusType: 3

13:45:17.039 Disk 0 MBR read successfully

13:45:17.039 Disk 0 MBR scan

13:45:17.039 Disk 0 Windows 7 default MBR code

13:45:17.039 Service scanning

13:45:18.583 Modules scanning

13:45:18.583 Disk 0 trace - called modules:

13:45:18.583 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys

13:45:18.583 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80047b6060]

13:45:18.583 3 CLASSPNP.SYS[fffff880018bd43f] -> nt!IofCallDriver -> [0xfffffa8004539520]

13:45:18.583 5 ACPI.sys[fffff88000ef3781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa8004528060]

13:45:18.583 Scan finished successfully

13:45:30.595 Disk 0 MBR has been saved successfully to "C:\Users\Roland\Desktop\MBR.dat"

13:45:30.595 The log file has been saved successfully to "C:\Users\Roland\Desktop\aswMBR.txt"

MBR.rar

Attach.txt