[A] System Check -- possible virus

Inactive
By TheBreah
Feb 14, 2012
Topic Status:
Not open for further replies.
  1. I have the same error while running several programs. The message that appears is:

    ".... oleaccrc.dll is corrupt and unreadable."

    Any kind of help would be much appreciated.

    Thank you in advance.

    __________________

    Malwarebytes' Anti-Malware 1.51.1.1800
    www.malwarebytes.org

    Database version: 912021403

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    14-02-2012 17:00:50
    mbam-log-2012-02-14 (17-00-50).txt

    Scan type: Quick scan
    Objects scanned: 292608
    Time elapsed: 7 minute(s), 13 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    ________________

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-02-14 17:09:50
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-7 Maxtor_6Y080M0 rev.YAR512W0
    Running: 8zz695zi.exe; Driver: C:\DOCUME~1\PE11FF~1.BRE\LOCALS~1\Temp\pgpyikoc.sys


    ---- System - GMER 1.0.15 ----

    SSDT spgj.sys ZwEnumerateKey [0xF72A5CA2]
    SSDT spgj.sys ZwEnumerateValueKey [0xF72A6030]

    ---- Devices - GMER 1.0.15 ----

    Device \Driver\atapi \Device\Ide\IdePort0 [F71DBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdePort1 [F71DBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdePort2 [F71DBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-7 [F71DBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdePort3 [F71DBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdePort4 [F71DBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdePort5 [F71DBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdeDeviceP4T0L0-16 [F71DBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\ay8s61om \Device\Scsi\ay8s61om1Port6Path0Target0Lun0 89ACC500
    Device \Driver\ay8s61om \Device\Scsi\ay8s61om1 89ACC500
    Device \Driver\ay8s61om \Device\Scsi\ay8s61om1Port6Path0Target1Lun0 89ACC500
    Device \FileSystem\Ntfs \Ntfs 89E751F8

    AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
    AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys

    ---- EOF - GMER 1.0.15 ----

    _____________

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
    Run by Pe at 17:11:21 on 2012-02-14
    Microsoft Windows XP Professional 5.1.2600.3.1252.351.1033.18.2046.1185 [GMT 0:00]
    .
    AV: PC Cleaner Pro *Disabled/Updated* {737A8864-C2D9-4337-B49A-B5E35815B9BB}
    AV: ESET NOD32 Antivirus 3.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS2\system32\Ati2evxx.exe
    C:\WINDOWS2\system32\svchost.exe -k DcomLaunch
    svchost.exe
    C:\WINDOWS2\system32\svchost.exe -k WudfServiceGroup
    C:\WINDOWS2\system32\Ati2evxx.exe
    C:\WINDOWS2\system32\svchost.exe -k netsvcs
    svchost.exe
    C:\WINDOWS2\system32\spoolsv.exe
    C:\WINDOWS2\Explorer.EXE
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    C:\WINDOWS2\system32\RunDLL32.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    F:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    svchost.exe
    C:\WINDOWS2\system32\AEADISRV.EXE
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    f:\2\Malwarebytes' Anti-Malware\mbamservice.exe
    F:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    f:\Program Files\CDBurnerXP\NMSAccessU.exe
    C:\WINDOWS2\system32\HPZipm12.exe
    C:\WINDOWS2\system32\PnkBstrA.exe
    svchost.exe
    C:\WINDOWS2\system32\svchost.exe -k imgsvc
    F:\Program Files\Xobni\XobniService.exe
    C:\WINDOWS2\System32\svchost.exe -k HTTPFilter
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\WINDOWS2\system32\wscntfy.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://eu.ask.com/?l=dis&o=102866&gct=hp
    uSearch Page = hxxp://search.live.com
    mStart Page = hxxp://www.google.com
    uInternet Settings,ProxyOverride = *.local
    mSearchAssistant = hxxp://search.live.com/sphome.aspx
    uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: Searchqu Toolbar: {7ff99715-3016-4381-84ce-e4e4c9673020} - Searchqu Toolbar
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: Bandoo IE Plugin: {eb5cee80-030a-4ed8-8e20-454e9c68380f} - BandooIEPlugin Class
    TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
    TB: Searchqu Toolbar: {7ff99715-3016-4381-84ce-e4e4c9673020} -
    TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    mRun: [SoundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray
    mRun: [PD0630 STISvc] RunDLL32.exe P0630Pin.dll,RunDLL32EP 513
    mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
    mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
    mRun: [StartCCC] "f:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
    dRun: [CTFMON.EXE] c:\windows2\system32\CTFMON.EXE
    dRunOnce: [!SearchquFF] RUNDLL32.EXE c:\windows2\temp\search~1\INSTAL~1.DLL,_SetFFAssets http://www.searchqu.com/403,Web Search,WebSearch,http://www.searchqu.com/web?src=ffb&systemid=403&q=,
    uPolicies-explorer: NoInstrumentation = 1
    IE: E&xportar para o Microsoft Excel - c:\progra~2\micros~3\office12\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~3\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~3\office12\REFIEBAR.DLL
    Trusted Zone: forgottenhonor.com\www
    DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
    DPF: {41564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab
    DPF: {5B54751C-0EDB-4CAE-816C-65BCED3FF819} - hxxp://game.heroesandgenerals.com/retox.ocx
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1231871237906
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {9BD3C5C6-BCBA-47BF-9CC0-0D5D3E117DE1} - hxxp://www.bravearms.com/razor/plugins/WebMediaPlayer.cab
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    TCP: DhcpNameServer = 212.113.164.58 212.113.164.57
    TCP: Interfaces\{724B9139-EDF2-419B-BEDC-0D5794E34DA5} : DhcpNameServer = 212.113.164.58 212.113.164.57
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~2\common~1\skype\SKYPE4~1.DLL
    Notify: AtiExtEvent - Ati2evxx.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows2\system32\WPDShServiceObj.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\pe.breah-7959170b3\application data\mozilla\firefox\profiles\ybxr1hhq.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.maisfutebol.iol.pt/
    FF - prefs.js: keyword.URL - hxxp://startsear.ch/?aff=1&q=
    FF - plugin: c:\documents and settings\all users.windows2\application data\id software\quakelive\npquakezero.dll
    FF - plugin: c:\documents and settings\pe.breah-7959170b3\application data\mozilla\firefox\profiles\ybxr1hhq.default\extensions\npretoxlive@live.heroesandgenerals.com\plugins\npretoxlive.dll
    FF - plugin: c:\documents and settings\pe.breah-7959170b3\application data\mozilla\firefox\profiles\ybxr1hhq.default\extensions\npretoxstable@stable.heroesandgenerals.com\plugins\npretoxstable.dll
    FF - plugin: c:\documents and settings\pe.breah-7959170b3\application data\mozilla\firefox\profiles\ybxr1hhq.default\extensions\webmediaplayer@3gstudiosinc.com\plugins\npWebMediaPlayer.dll
    FF - plugin: c:\documents and settings\pe.breah-7959170b3\application data\mozilla\plugins\np-mswmp.dll
    FF - plugin: c:\documents and settings\pe.breah-7959170b3\application data\mozilla\plugins\npoctoshape.dll
    FF - plugin: c:\documents and settings\pe.breah-7959170b3\local settings\application data\google\update\1.3.21.99\npGoogleUpdate3.dll
    FF - plugin: c:\program files\3g studios\web media client\npWebMediaClient.dll
    FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
    FF - plugin: c:\program files\microsoft\office live\npOLW.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npvsharetvplg.dll
    FF - plugin: f:\program files\quicktime\plugins\npqtplugin.dll
    FF - plugin: f:\program files\quicktime\plugins\npqtplugin2.dll
    FF - plugin: f:\program files\quicktime\plugins\npqtplugin3.dll
    FF - plugin: f:\program files\quicktime\plugins\npqtplugin4.dll
    FF - plugin: f:\program files\quicktime\plugins\npqtplugin5.dll
    FF - plugin: f:\program files\quicktime\plugins\npqtplugin6.dll
    FF - plugin: f:\program files\quicktime\plugins\npqtplugin7.dll
    FF - plugin: f:\program files\veetle\player\npvlc.dll
    FF - plugin: f:\program files\veetle\plugins\npVeetle.dll
    FF - plugin: f:\program files\veetle\vlcbroadcast\npvbp.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 epfwtdir;epfwtdir;c:\windows2\system32\drivers\epfwtdir.sys [2008-2-20 35168]
    R2 ekrn;Eset Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-10-7 472280]
    R2 MBAMService;MBAMService;f:\2\malwarebytes' anti-malware\mbamservice.exe [2012-2-12 366640]
    R2 XobniService;XobniService;f:\program files\xobni\XobniService.exe [2009-11-20 55016]
    R3 MBAMProtector;MBAMProtector;c:\windows2\system32\drivers\mbam.sys [2010-12-10 22712]
    R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows2\system32\drivers\seehcri.sys [2009-11-23 27632]
    S2 gupdate1c98bb8b2aea58;Google Update Service (gupdate1c98bb8b2aea58);c:\program files\google\update\GoogleUpdate.exe [2009-2-10 133104]
    S2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max Design 2009 32-bit 32-bit; [x]
    S3 Ambfilt;Ambfilt;c:\windows2\system32\drivers\Ambfilt.sys [2010-7-7 1691480]
    S3 atidgllk;atidgllk;c:\program files\winflash\atidgllk.sys [2010-7-7 12048]
    S3 cpuz132;cpuz132;\??\c:\docume~1\pe11ff~1.bre\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\pe11ff~1.bre\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
    S3 ggflt;SEMC USB Flash Driver Filter;c:\windows2\system32\drivers\ggflt.sys [2009-11-23 13224]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-2-10 133104]
    S3 P0630VID;Creative WebCam Live!;c:\windows2\system32\drivers\P0630Vid.sys [2010-2-25 91841]
    S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows2\system32\drivers\s0017bus.sys [2009-11-23 86824]
    S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows2\system32\drivers\s0017mdfl.sys [2009-11-23 15016]
    S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows2\system32\drivers\s0017mdm.sys [2009-11-23 114600]
    S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows2\system32\drivers\s0017mgmt.sys [2009-11-23 108328]
    S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows2\system32\drivers\s0017nd5.sys [2009-11-23 26024]
    S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows2\system32\drivers\s0017obex.sys [2009-11-23 104616]
    S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows2\system32\drivers\s0017unic.sys [2009-11-23 109736]
    .
    =============== File Associations ===============
    .
    .txt=
    .
    =============== Created Last 30 ================
    .
    2012-02-14 16:03:31 -------- d-----w- c:\documents and settings\all users.windows2\application data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
    2012-02-14 15:35:54 -------- d-----w- c:\program files\Dll-Files.com Fixer
    2012-02-14 15:28:05 -------- d-----w- c:\documents and settings\pe.breah-7959170b3\application data\dll-files.com
    2012-02-14 15:23:01 -------- d-----w- c:\program files\Uniblue
    2012-02-14 15:08:03 -------- d-----w- c:\documents and settings\all users.windows2\application data\SpeedyPC Software
    2012-02-13 17:14:30 -------- d-----w- c:\program files\Ask.com
    2012-02-13 17:14:27 -------- d-----w- c:\documents and settings\pe.breah-7959170b3\local settings\application data\AskToolbar
    2012-02-13 17:14:16 -------- d-----w- c:\documents and settings\pe.breah-7959170b3\local settings\application data\APN
    2012-02-13 16:53:56 -------- d-----w- C:\cmdcons
    2012-02-13 16:49:45 98816 ----a-w- c:\windows2\sed.exe
    2012-02-13 16:49:45 518144 ----a-w- c:\windows2\SWREG.exe
    2012-02-13 16:49:45 256000 ----a-w- c:\windows2\PEV.exe
    2012-02-13 16:49:45 208896 ----a-w- c:\windows2\MBR.exe
    2012-02-13 16:49:09 -------- d-s---w- C:\ComboFix
    2012-02-13 12:53:11 -------- d-----w- c:\documents and settings\pe.breah-7959170b3\application data\Registry Mechanic
    2012-02-13 12:41:01 -------- d-----w- c:\program files\common files\PC Tools
    2012-02-13 12:35:41 -------- d-----w- C:\RegistryCleanEasy
    2012-02-13 12:35:41 -------- d-----w- c:\documents and settings\all users.windows2\application data\RegistryCleanEasy
    2012-02-13 11:41:13 -------- d-----w- c:\documents and settings\pe.breah-7959170b3\AppData
    2012-02-13 11:32:01 -------- d-----w- c:\documents and settings\pe.breah-7959170b3\application data\PCPro
    2012-02-13 11:32:01 -------- d-----w- c:\documents and settings\pe.breah-7959170b3\application data\PC Cleaners
    2012-02-13 11:31:42 5276432 ----a-w- c:\windows2\uninst.exe
    2012-02-13 11:31:38 -------- d-----w- c:\program files\PC Cleaners
    2012-02-13 11:31:38 -------- d-----w- c:\documents and settings\all users.windows2\application data\PC1Data
    2012-02-12 23:44:22 41272 ----a-w- c:\windows2\system32\drivers\mbamswissarmy.sys
    2012-02-12 23:13:39 -------- d-----w- c:\windows2\system32\wbem\repository\FS
    2012-02-12 23:13:39 -------- d-----w- c:\windows2\system32\wbem\Repository
    2012-02-12 22:58:44 -------- d-----w- c:\program files\Enigma Software Group
    2012-02-06 09:52:18 592824 ----a-w- c:\program files\mozilla firefox\gkmedias.dll
    2012-02-06 09:52:18 43960 ----a-w- c:\program files\mozilla firefox\mozglue.dll
    2012-02-06 09:50:17 26176 ---ha-w- c:\windows2\system32\hamachi.sys
    2012-01-31 18:52:01 -------- d-----w- c:\documents and settings\pe.breah-7959170b3\local settings\application data\Heroes and Generals
    .
    ==================== Find3M ====================
    .
    2012-02-01 21:14:34 138520 ----a-w- c:\windows2\system32\drivers\PnkBstrK.sys
    2012-02-01 21:11:40 234536 ----a-w- c:\windows2\system32\PnkBstrB.xtr
    2012-02-01 21:11:40 234536 ----a-w- c:\windows2\system32\PnkBstrB.exe
    2012-01-31 15:34:16 234536 ----a-w- c:\windows2\system32\PnkBstrB.ex0
    2012-01-17 15:01:54 139152 -c--a-w- c:\documents and settings\pe.breah-7959170b3\application data\PnkBstrK.sys
    2011-12-13 11:01:00 1698408 ----a-w- c:\windows2\RtlExUpd.dll
    2011-11-25 21:57:19 293376 ----a-w- c:\windows2\system32\winsrv.dll
    2011-11-23 13:25:32 1859584 ----a-w- c:\windows2\system32\win32k.sys
    2011-11-18 12:35:08 60416 ----a-w- c:\windows2\system32\packager.exe
    2006-05-03 09:06:54 163328 --sh--r- c:\windows2\system32\flvDX.dll
    2007-02-21 10:47:16 31232 --sh--r- c:\windows2\system32\msfDX.dll
    2008-03-16 12:30:52 216064 --sh--r- c:\windows2\system32\nbDX.dll
    .
    ============= FINISH: 17:11:48,79 ===============
  2. TheBreah

    TheBreah Newcomer, in training Topic Starter

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 13-01-2009 14:40:50
    System Uptime: 14-02-2012 16:20:43 (1 hours ago)
    .
    Motherboard: ASUSTeK Computer INC. | | P5V-VM SE DH
    Processor: Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz | Socket 775 | 2199/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 29 GiB total, 3,117 GiB free.
    D: is CDROM ()
    E: is CDROM ()
    F: is FIXED (NTFS) - 45 GiB total, 5,02 GiB free.
    G: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
    Description: System Interrupt Controller
    Device ID: PCI\VEN_1106&DEV_5364&SUBSYS_00000000&REV_00\3&2411E6FE&0&05
    Manufacturer:
    Name: System Interrupt Controller
    PNP Device ID: PCI\VEN_1106&DEV_5364&SUBSYS_00000000&REV_00\3&2411E6FE&0&05
    Service:
    .
    Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
    Description: ATI High Definition Audio Device
    Device ID: HDAUDIO\FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1001\5&2F17C0A0&0&0001
    Manufacturer: ATI Technologies Inc.
    Name: ATI High Definition Audio Device
    PNP Device ID: HDAUDIO\FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1001\5&2F17C0A0&0&0001
    Service: AtiHdmiService
    .
    Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
    Description: RTL8187_Wireless
    Device ID: USB\VID_0BDA&PID_8187\0015AF0C8756
    Manufacturer:
    Name: RTL8187_Wireless
    PNP Device ID: USB\VID_0BDA&PID_8187\0015AF0C8756
    Service:
    .
    ==== System Restore Points ===================
    .
    RP1: 13-02-2012 16:50:50 - System Checkpoint
    RP2: 13-02-2012 16:54:32 - Software Distribution Service 3.0
    RP3: 13-02-2012 17:48:29 - Removed LogMeIn Hamachi
    RP4: 14-02-2012 15:33:15 - DLL-Files.com Fixer Wt, lut 14, 12 15:33
    .
    ==== Installed Programs ======================
    .
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    A.F.5 Rename your files 1.1
    Acrobat.com
    Adobe AIR
    Adobe Anchor Service CS3
    Adobe Asset Services CS3
    Adobe Bridge CS3
    Adobe Bridge Start Meeting
    Adobe Camera Raw 4.0
    Adobe CMaps CS4
    Adobe Color - Photoshop Specific
    Adobe Color Common Settings
    Adobe Color EU Extra Settings
    Adobe Color JA Extra Settings
    Adobe Color NA Recommended Settings
    Adobe Default Language CS4
    Adobe Device Central CS3
    Adobe ExtendScript Toolkit 2
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Fonts All
    Adobe Help Viewer CS3
    Adobe Linguistics CS3
    Adobe Media Player
    Adobe PDF Library Files CS4
    Adobe Photoshop CS3
    Adobe Reader 9.4.0
    Adobe Setup
    Adobe Shockwave Player 11.5
    Adobe Stock Photos CS3
    Adobe Type Support CS4
    Adobe Update Manager CS3
    Adobe Version Cue CS3 Client
    Adobe WinSoft Linguistics Plugin
    Adobe XMP Panels CS3
    AiO_Scan_CDA
    AiOSoftwareNPI
    Apple Application Support
    Apple Software Update
    Ask Toolbar
    ATI Catalyst Install Manager
    µTorrent
    Autodesk Backburner 2008.1
    Avanquest update
    Battlefield 1942
    Battlefield 2(TM)
    BF1918 FHT 2.1 Installer
    BufferChm
    C3100
    c3100_Help
    Catalyst Control Center - Branding
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    Catan Online World
    ccc-core-static
    ccc-utility
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    CDBurnerXP
    Combined Community Codec Pack 2009-09-09
    Creative WebCam Live! Driver (1.02.03.0606)
    DAEMON Tools Toolbar
    Destinations
    DeviceManagementQFolder
    DivX Plus Web Player
    DJ Java Decompiler v.3.11.11.95
    Dll-Files.com Fixer
    DocProc
    DocProcQFolder
    ESET NOD32 Antivirus
    eSupportQFolder
    Express Burn
    Fax_CDA
    Ferramenta de Carregamento do Windows Live
    Football Manager 2012
    Free Window Registry Repair
    Fun4IM
    Google Chrome
    Google Earth Plug-in
    Google Update Helper
    Handy Address Book
    HostsMan 3.2.73
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB2570791)
    Hotfix for Windows XP (KB2633952)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    HP Imaging Device Functions 7.0
    HP Photosmart Essential
    HP Photosmart, Officejet and Deskjet 7.0.A
    HP Product Assistant
    HP Solution Center 7.0
    HP Update
    HPPhotoSmartExpress
    HPProductAssistant
    Instant Eyedropper 1.75
    InstantShareDevicesMFC
    Java Auto Updater
    Java(TM) 6 Update 29
    JCreator LE 5.00
    Junk Mail filter update
    LangPad version 2.0
    Macromedia Extension Manager
    Macromedia Flash 8 Video Encoder
    Macromedia Flash Player 8
    Malwarebytes' Anti-Malware version 1.51.1.1800
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2656353)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Chart Controls for Microsoft .NET Framework 3.5
    Microsoft Choice Guard
    Microsoft Game Studios Common Redistributables Pack 1
    Microsoft Games for Windows - LIVE
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office Live Add-in 1.3
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft Software Update for Web Folders (English) 12
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft WSE 3.0 Runtime
    Microsoft XML Parser
    mIRC
    Moyea FLV Player version: 2.0.2.96
    Mozilla Firefox 11.0 (x86 en-US)
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6.0 Parser (KB925673)
    Mz Ram Booster v3.5.2
    NewCopy_CDA
    NVIDIA Drivers
    NVIDIA Photoshop Plug-ins
    NVIDIA PhysX
    OCR Software by I.R.I.S 7.0
    Octoshape add-in for Adobe Flash Player
    Octoshape Streaming Services
    PanoStandAlone
    PC Cleaners
    PDF Settings
    ProductContextNPI
    PunkBuster for Battlefield 1942
    Quake Live Mozilla Plugin
    QuickTime
    Readme
    Realtek AC'97 Audio
    REALTEK GbE & FE Ethernet PCI NIC Driver
    Realtek High Definition Audio Driver
    Red Eye Remover 2.0
    Registry Clean Easy
    Scan
    ScannerCopy
    Security Update for 2007 Microsoft Office System (KB2277947)
    Security Update for 2007 Microsoft Office System (KB951550)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for 2007 Microsoft Office System (KB982312)
    Security Update for 2007 Microsoft Office System (KB982331)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB982308)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office Outlook 2007 (KB980376)
    Security Update for Microsoft Office PowerPoint 2007 (KB982158)
    Security Update for Microsoft Office Publisher 2007 (KB982124)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2251419)
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB2497640)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2530548)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2559049)
    Security Update for Windows Internet Explorer 8 (KB2586448)
    Security Update for Windows Internet Explorer 8 (KB2618444)
    Security Update for Windows Internet Explorer 8 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player (KB979402)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567053)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2584146)
    Security Update for Windows XP (KB2585542)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB2598479)
    Security Update for Windows XP (KB2603381)
    Security Update for Windows XP (KB2618451)
    Security Update for Windows XP (KB2619339)
    Security Update for Windows XP (KB2620712)
    Security Update for Windows XP (KB2624667)
    Security Update for Windows XP (KB2631813)
    Security Update for Windows XP (KB2633171)
    Security Update for Windows XP (KB2639417)
    Security Update for Windows XP (KB2646524)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Segoe UI
    Skins
    Skype™ 5.3
    SmartFTP Client
    SolutionCenter
    SoulSeek 157 NS 13e
    SoundMAX
    Source SDK Base
    Source SDK Base 2007
    SpeedFan (remove only)
    Spybot - Search & Destroy
    Status
    Steam
    SUPER © Version 2009.bld.36 (June 10, 2009)
    SWiX ver.1.1.1
    System Requirements Lab
    System Requirements Lab CYRI
    TeamSpeak 3 Client
    Toolbox
    TrayApp
    Unload
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2007 suites (KB2596686) 32-Bit Edition
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB976749)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2607712)
    Update for Windows XP (KB2616676)
    Update for Windows XP (KB2641690)
    Update for Windows XP (KB971029)
    VC80CRTRedist - 8.0.50727.4053
    Veetle TV 0.9.18
    Visual C++ 8.0 ATL (x86) WinSXS MSM
    Visual C++ 8.0 CRT (x86) WinSXS MSM
    vShare.tv plugin 1.3
    Web Media Client
    WebFldrs XP
    WebReg
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Installer Clean Up
    Windows Internet Explorer 8
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live Sign-in Assistant
    Windows Media Format 11 runtime
    Windows Presentation Foundation
    Windows Searchqu Toolbar
    WinISO 5.3
    WinRAR 4.10 beta 3 (32-bit)
    XML Paper Specification Shared Components Pack 1.0
    Xobni
    Xobni Core
    .
    ==== Event Viewer Messages From Past Week ========
    .
    09-02-2012 18:44:41, error: Service Control Manager [7000] - The LogMeIn Hamachi Tunneling Engine service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    09-02-2012 18:44:40, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the LogMeIn Hamachi Tunneling Engine service to connect.
    08-02-2012 19:33:46, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Dnscache service.
    .
    ==== End Of File ===========================
  3. Broni

    Broni Malware Annihilator Posts: 46,164   +251

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ============================================================

    Uninstall PC Cleaners.
    Registry cleaners/optimizers are not recommended for several reasons:

    • Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

      The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
    • Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
    • Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
    • Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
    • The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".
    Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.


    =============================================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    =============================================================

    Download Bootkit Remover to your Desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
  4. TheBreah

    TheBreah Newcomer, in training Topic Starter

    PC Cleaner has been deleted.
    ____________



    aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
    Run date: 2012-02-14 18:55:11
    -----------------------------
    18:55:11.203 OS Version: Windows 5.1.2600 Service Pack 3
    18:55:11.203 Number of processors: 2 586 0xF0D
    18:55:11.203 ComputerName: BREAH-7959170B3 UserName: Pe
    18:55:11.953 Initialize success
    18:55:23.625 AVAST engine defs: 12021401
    18:56:42.171 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-7
    18:56:42.171 Disk 0 Vendor: Maxtor_6Y080M0 YAR512W0 Size: 76319MB BusType: 3
    18:56:42.171 Disk 0 MBR read successfully
    18:56:42.171 Disk 0 MBR scan
    18:56:42.218 Disk 0 Windows XP default MBR code
    18:56:42.218 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 29996 MB offset 63
    18:56:42.250 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 46320 MB offset 61432560
    18:56:42.250 Disk 0 scanning sectors +156296385
    18:56:42.390 Disk 0 scanning C:\WINDOWS2\system32\drivers
    18:56:56.968 Service scanning
    18:56:58.703 Service sptd C:\WINDOWS2\System32\Drivers\sptd.sys **LOCKED** 32
    18:56:59.312 Modules scanning
    18:57:06.375 Disk 0 trace - called modules:
    18:57:06.390 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spka.sys >>UNKNOWN [0x89e25938]<<
    18:57:06.390 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89dcd230]
    18:57:06.390 3 CLASSPNP.SYS[f74c7fd7] -> nt!IofCallDriver -> \Device\00000076[0x89d4df18]
    18:57:06.390 5 ACPI.sys[f7246620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-7[0x89d0fd98]
    18:57:06.765 AVAST engine scan C:\WINDOWS2
    18:57:25.312 AVAST engine scan C:\WINDOWS2\system32
    19:01:02.468 AVAST engine scan C:\WINDOWS2\system32\drivers
    19:01:19.203 AVAST engine scan C:\Documents and Settings\Pe.BREAH-7959170B3
    19:02:18.718 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Pe.BREAH-7959170B3\Desktop\MBR.dat"
    19:02:18.718 The log file has been saved successfully to "C:\Documents and Settings\Pe.BREAH-7959170B3\Desktop\aswMBR.txt"

    ______________________

    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com

    Program version: 1.2.0.1
    OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
    Boot sector MD5 is: 6def5ffcbcdbdb4082f1015625e597bd

    Size Device Name MBR Status
    --------------------------------------------
    74 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


    Done;
    Press any key to quit...
  5. Broni

    Broni Malware Annihilator Posts: 46,164   +251

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode (How to...)

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
  6. TheBreah

    TheBreah Newcomer, in training Topic Starter

    ComboFix 12-02-13.01 - Pe 14-02-2012 19:38:40.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.351.1033.18.2046.1355 [GMT 0:00]
    Running from: f:\ziped files\ComboFix.exe
    AV: ESET NOD32 Antivirus 3.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
    AV: PC Cleaner Pro *Disabled/Updated* {737A8864-C2D9-4337-B49A-B5E35815B9BB}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\C11B.tmp
    c:\documents and settings\All Users.WINDOWS2\Application Data\Tages
    c:\documents and settings\All Users.WINDOWS2\Application Data\Tages\100663362\Vca.bin
    c:\documents and settings\All Users.WINDOWS2\Application Data\Tages\Priv.xey
    c:\documents and settings\All Users.WINDOWS2\Application Data\TEMP
    c:\documents and settings\Pe.BREAH-7959170B3\Application Data\EurekaLog
    c:\documents and settings\Pe.BREAH-7959170B3\Application Data\inst.exe
    c:\documents and settings\Pe.BREAH-7959170B3\Application Data\searchqutb
    c:\documents and settings\Pe.BREAH-7959170B3\Application Data\searchqutb\dtx.ini
    c:\documents and settings\Pe.BREAH-7959170B3\Application Data\searchqutb\games\00d2dfc64c07a4f32824abac1d6f735b
    c:\documents and settings\Pe.BREAH-7959170B3\Application Data\searchqutb\games\3e4265e00cbc4a9cf22a105046a46d8a
    c:\documents and settings\Pe.BREAH-7959170B3\Application Data\searchqutb\games\44a5d79f5451d3036ba3986425e234c8
    c:\documents and settings\Pe.BREAH-7959170B3\Application Data\searchqutb\games\GameCategories.xml
    c:\documents and settings\Pe.BREAH-7959170B3\Application Data\searchqutb\games\GameTypes.xml
    c:\documents and settings\Pe.BREAH-7959170B3\Application Data\searchqutb\guid.dat
    c:\documents and settings\Pe.BREAH-7959170B3\Application Data\searchqutb\preferences.dat
    c:\documents and settings\Pe.BREAH-7959170B3\Application Data\searchqutb\stats.dat
    c:\documents and settings\Pe.BREAH-7959170B3\Application Data\searchqutb\uninstallIE.dat
    c:\documents and settings\Pe.BREAH-7959170B3\Application Data\searchqutb\weather\11c1a5c171bee28c9e1cc59f01b1447c
    c:\documents and settings\Pe.BREAH-7959170B3\Application Data\searchqutb\weather\1333d4ed99d90b76ec2c370e173c4051
    c:\documents and settings\Pe.BREAH-7959170B3\Application Data\searchqutb\weather\forecasts_cache.xml
    c:\documents and settings\Pe.BREAH-7959170B3\Application Data\searchqutb\weather\observations_cache.xml
    c:\documents and settings\Pe.BREAH-7959170B3\Application Data\searchqutb\weatherbutton_prefs.xml
    c:\documents and settings\Pe.BREAH-7959170B3\Application Data\searchqutb\widgets_cache\84b70525cff6359fdeca553342c23e4c
    c:\documents and settings\Pe.BREAH-7959170B3\Application Data\searchqutb\widgets_cache\bf5b6317ae07da699882fc948f22eda4
    c:\documents and settings\Pe.BREAH-7959170B3\Application Data\searchqutb\widgets_cache\category_cache.xml
    c:\documents and settings\Pe.BREAH-7959170B3\Application Data\searchqutb\widgets_cache\widget_cache.xml
    c:\documents and settings\Pe.BREAH-7959170B3\Application Data\vso_ts_preview.xml
    c:\documents and settings\Pe\WINDOWS
    c:\program files\Mozilla Firefox\searchplugins\SearchquWebSearch.xml
    c:\program files\Windows Searchqu Toolbar
    c:\program files\Windows Searchqu Toolbar\Datamngr\datamngr.dll
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\.#searchqutb.js.1.3
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\data\search\engines.xml
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\data\search\search.xsl
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\about.xml
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\dtxpanelwin.xul
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\dtxprefwin.xul
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\dtxwin.xul
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\emailnotifierproviders.xml
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\external.js
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\neterror.xhtml
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\wmpstreamer.html
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\modules\datastore.jsm
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\preferences.xml
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\bg-scalable-mdl.gif
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\bg-scalable-tl.gif
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\bg-scalable-tr.gif
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-dragresize.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-close-down.PNG
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-close-over.PNG
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-close.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-maximize-down.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-maximize-over.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-maximize.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-minimize-down.PNG
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-minimize-over.PNG
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-minimize.PNG
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btnarrow-next-off.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btnarrow-next.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btnarrow-previous-off.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btnarrow-previous.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\navico-home.gif
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\panel.html
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\powered-mystart.gif
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\tb_icon.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\widget.js
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\widget.xml
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\bg-scalable-mdl.gif
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\bg-scalable-tl.gif
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\bg-scalable-tr.gif
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-dragresize.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-close-down.PNG
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-close-over.PNG
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-close.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-maximize-down.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-maximize-over.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-maximize.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-minimize-down.PNG
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-minimize-over.PNG
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-minimize.PNG
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btnarrow-next-off.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btnarrow-next.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btnarrow-previous-off.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btnarrow-previous.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\navico-home.gif
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\panel.html
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\powered-mystart.gif
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\tb_icon.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\widget.js
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\widget.xml
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\bg-scalable-mdl.gif
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\bg-scalable-tl.gif
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\bg-scalable-tr.gif
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-dragresize.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-close-down.PNG
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-close-over.PNG
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-close.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-maximize-down.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-maximize-over.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-maximize.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-minimize-down.PNG
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-minimize-over.PNG
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-minimize.PNG
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btnarrow-next-off.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btnarrow-next.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btnarrow-previous-off.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btnarrow-previous.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\navico-home.gif
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\panel.html
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\powered-mystart.gif
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\tb_icon.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\widget.js
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\widget.xml
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217.zip
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\bg-scalable-mdl.gif
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\bg-scalable-tl.gif
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\bg-scalable-tr.gif
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-dragresize.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-close-down.PNG
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-close-over.PNG
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-close.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-maximize-down.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-maximize-over.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-maximize.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-minimize-down.PNG
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-minimize-over.PNG
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-minimize.PNG
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btnarrow-next-off.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btnarrow-next.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btnarrow-previous-off.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btnarrow-previous.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\navico-home.gif
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\panel.html
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\powered-mystart.gif
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\tb_icon.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\widget.js
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\widget.xml
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\bluelite.gif
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\bluesky.gif
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn-search-over.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn-search.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn-settings-over.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn-settings.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn-widgets-over.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn-widgets.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn_settings.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-down-back-ff.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-down-back.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-down-left.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-down-right.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-down-splitter.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-drop-back.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-drop-left.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-drop-right.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-drop-splitter.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-hover-back-ff.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-hover-back.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-hover-left.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-hover-right.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-hover-splitter.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\ca.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\dictionary.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\divider.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\downloadcom.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\email.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\email_on.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\games.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\graphred0.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\graphred0_5.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\grey.gif
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\headsup.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\ico-shield.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\images.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\add.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\aol.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\arrow-dn.gif
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\arrow-right.gif
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\arrow-up.gif
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btn-end.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btn-mdl.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btn-mdl_ff.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btn-start.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btnover-end.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btnover-mdl.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btnover-mdl_ff.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btnover-start.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\blank.gif
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\btnback-down-vista.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\btnback-vista.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\btnleft-down-vista.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\btnleft-vista.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\btnright-down-vista.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\btnright-vista.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\button-splitter-down-vista.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\button-splitter-vista.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\checkmark.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\chevron.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\collapse.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\comcast.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\dtx.css
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\edit-back-hot.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\edit-back.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\expand.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\found.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\gmail.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\highlight.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\highlight_blue.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\highlight_cyan.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\highlight_lime.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\highlight_magenta.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\highlight_yellow.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\hotmail.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\imap.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\lastsearch-thumb-back.gif
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\loadingMid.gif
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\lock.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\mailcom.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menu_bg-basic.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menu_separator_bar.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitem-splitter.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitemback-down-vista.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitemback-vista.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitemleft-down-vista.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitemleft-vista.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitemright-down-vista.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitemright-vista.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\move.gif
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\movetarget.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\css\popupAbout.css
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\css\popupGames.css
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\css\popupWidgets.css
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\footer.htm
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\gamecategory.xsl
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\gameData.js
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\gameList.xsl
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\gametype.xsl
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\arrow-sml-drop.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\arrow-sml.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\arrowr-bluew5.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\bg-aboutbox.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\bg-btnover.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\bg-pnl520x390.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-close-grey.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-close-greyover.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-drag.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-next-over.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-next.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-previous-over.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-previous.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\gamethumb-on.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\gamethumb2-over.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\ico-calendar.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\ico-download.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\ico-joystick24.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\ico-play.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\ico-tags.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\icon-Add.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\icon-download.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\icon-Info.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\icon-play.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\icon-shop.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\menul-bgon.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\menul-bgover.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\panel-botm-noscroll.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scroll-bg-206.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scroll-bg.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scroll-topwin.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollb-disable.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollb-down.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollb-over.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollb.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollt-disable.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollt-down.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollt-over.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollt.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\searchbox-pnlbtm.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\star_x_grey.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\star_x_orange.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\TRUSTe_about.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\view-detailed-on.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\view-detailed-over.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\view-thumb-on.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\view-thumb-over.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\widgets-square-16px.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\widgets-square-24px.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\popupGames.html
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\popupWidgets.html
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\pop.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\css\manager.css
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\css\slider.css
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\bg-pnl.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\btn-close-grey.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\btn-close-greyover.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\collapsed_button.gif
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\expanded_button.gif
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\ico-playstation-down.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\ico-playstation-over.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\ico-playstation.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\ico-radio.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\music-note.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause-on.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-btn-play-on.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-btn-play.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-eq-bg.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-eq-busy.gif
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-eq-off.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-eq-on.gif
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-eq-warning.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-options-design-on.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-options-design.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-options-on.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-options.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-volume-0.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-volume-1.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-volume-2.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-volume-3.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-volume-mute.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\scrollbar-handle.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\scrollbar-track.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\slider.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\slideron.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\track.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\managerpanel.html
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\volumeslider.html
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\remove.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\rename.gif
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\resize-box.gif
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\rss.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\rsschannelback.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\RSSLogo.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\rsstabdivider.gif
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\scroll-left.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\scroll-right.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\search-go.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\search.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\text-ellipsis.xml
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\throbber.gif
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\toolbarsplitter.gif
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\transparent_1px.gif
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_02.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_03.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_04.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_06.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_07.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_08.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_09.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_10.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_11.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_12.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_13.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_14.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_15.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_16.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_18.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_19.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_20.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_21.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\btn-close-grey.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\btn-close-greyover.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\close-hot.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\close-normal.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\loadingMid.gif
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\proxy.html
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\template.html
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\template.xml
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\templateFF.html
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\throbber.gif
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\icons\cond999.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\icons\icons.xml
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\icons\na-s.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\icons\na.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\icons\weather.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\add.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\arrowr-bluew5.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue-whitebg.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-check.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-uncheck.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-grey.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-greyover.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-delete.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next-off.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous-off.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-check.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid-s.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\options-weather.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-blue.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-orange.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug2.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-checked.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-unchecked.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\searchbox-pnlbtm.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\weather-contour.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.css
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.html
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\yahoo.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lichen.gif
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\logo-about.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\logo.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\maps.bmp
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\menuseparatorback.gif
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\modify-save.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\modify.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\modifyhot.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\music.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\news.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\options\options-main.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\options\options-search.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\options\options-weather.gif
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\options\options-widgets.png
  7. TheBreah

    TheBreah Newcomer, in training Topic Starter

    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\orange.gif
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\pixsy.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\relatedlinks.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-collapse.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-delete.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-expand.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-feed.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-folder-remove.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-folder-rename.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-folder.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-found.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-reload.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-subscribe.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rssback.gif
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rsstopback.gif
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\search-over.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\search.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\searchbar\searchbar-background-left.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\searchbar\searchbar-background-middle.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\searchbar\searchbar-background-right.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\searchqutb.css
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\settings.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\shopping.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\siteinfo.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\skin-bluelite.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\skin-bluesky.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\skin-grey.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\skin-lichen.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\skin-orange.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\skin-yellow.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\technorati.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\throbber.gif
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\toolbarsplitter.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\video.bmp
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\weather.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\web.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_allocine.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_bliptv.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_calcal.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_calculator.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_gservices.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_sudoku.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_todo.jpg
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_todo.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_trio.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_uconverter.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\widgets-square-16px.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\widgets.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\wikipedia.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\yahoosearch.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\yellow.gif
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\youtube.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\zoom.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\components\windowmediator.js
    c:\program files\Windows Searchqu Toolbar\ToolBar\manifest.xml
    c:\program files\Windows Searchqu Toolbar\ToolBar\uninstall.exe
    c:\program files\Windows Searchqu Toolbar\uninstall.exe
    C:\SWSetup1
    c:\swsetup1\SP35475\AEEnable.exe
    c:\swsetup1\SP35475\CPApp.ico
    c:\swsetup1\SP35475\data.tag
    c:\swsetup1\SP35475\data1.cab
    c:\swsetup1\SP35475\data1.hdr
    c:\swsetup1\SP35475\data2.cab
    c:\swsetup1\SP35475\DevSetup.exe
    c:\swsetup1\SP35475\engine32.cab
    c:\swsetup1\SP35475\layout.bin
    c:\swsetup1\SP35475\license.txt
    c:\swsetup1\SP35475\platform.cfg
    c:\swsetup1\SP35475\setup.exe
    c:\swsetup1\SP35475\setup.ibt
    c:\swsetup1\SP35475\setup.ini
    c:\swsetup1\SP35475\setup.inx
    c:\swsetup1\SP35475\setup.iss
    c:\swsetup1\SP35475\SM_Comn\Help\Arabic\cpsimp.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Arabic\digaudmb.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Arabic\DTS.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Arabic\EQ.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Arabic\micro.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Arabic\pnp.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Arabic\power.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Arabic\sensa.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Arabic\smax.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Arabic\smax4hlp.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Arabic\SPDIF.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Brazil\cpsimp.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Brazil\digaudmb.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Brazil\DTS.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Brazil\EQ.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Brazil\micro.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Brazil\pnp.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Brazil\power.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Brazil\sensa.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Brazil\smax.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Brazil\smax4hlp.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Brazil\SPDIF.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Danish\cpsimp.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Danish\digaudmb.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Danish\DTS.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Danish\EQ.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Danish\micro.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Danish\pnp.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Danish\power.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Danish\sensa.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Danish\smax.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Danish\smax4hlp.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Danish\SPDIF.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Dutch\cpsimp.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Dutch\digaudmb.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Dutch\DTS.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Dutch\EQ.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Dutch\micro.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Dutch\pnp.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Dutch\power.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Dutch\sensa.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Dutch\smax.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Dutch\smax4hlp.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Dutch\SPDIF.chm
    c:\swsetup1\SP35475\SM_Comn\Help\English\cpsimp.chm
    c:\swsetup1\SP35475\SM_Comn\Help\English\digaudmb.chm
    c:\swsetup1\SP35475\SM_Comn\Help\English\DTS.chm
    c:\swsetup1\SP35475\SM_Comn\Help\English\EQ.chm
    c:\swsetup1\SP35475\SM_Comn\Help\English\micro.chm
    c:\swsetup1\SP35475\SM_Comn\Help\English\pnp.chm
    c:\swsetup1\SP35475\SM_Comn\Help\English\power.chm
    c:\swsetup1\SP35475\SM_Comn\Help\English\sensa.chm
    c:\swsetup1\SP35475\SM_Comn\Help\English\smax.chm
    c:\swsetup1\SP35475\SM_Comn\Help\English\smax4hlp.chm
    c:\swsetup1\SP35475\SM_Comn\Help\English\SPDIF.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Finnish\cpsimp.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Finnish\digaudmb.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Finnish\DTS.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Finnish\EQ.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Finnish\micro.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Finnish\pnp.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Finnish\power.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Finnish\sensa.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Finnish\smax.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Finnish\smax4hlp.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Finnish\SPDIF.chm
    c:\swsetup1\SP35475\SM_Comn\Help\French\cpsimp.chm
    c:\swsetup1\SP35475\SM_Comn\Help\French\digaudmb.chm
    c:\swsetup1\SP35475\SM_Comn\Help\French\DTS.chm
    c:\swsetup1\SP35475\SM_Comn\Help\French\EQ.chm
    c:\swsetup1\SP35475\SM_Comn\Help\French\micro.chm
    c:\swsetup1\SP35475\SM_Comn\Help\French\pnp.chm
    c:\swsetup1\SP35475\SM_Comn\Help\French\power.chm
    c:\swsetup1\SP35475\SM_Comn\Help\French\sensa.chm
    c:\swsetup1\SP35475\SM_Comn\Help\French\smax.chm
    c:\swsetup1\SP35475\SM_Comn\Help\French\smax4hlp.chm
    c:\swsetup1\SP35475\SM_Comn\Help\French\SPDIF.chm
    c:\swsetup1\SP35475\SM_Comn\Help\German\cpsimp.chm
    c:\swsetup1\SP35475\SM_Comn\Help\German\digaudmb.chm
    c:\swsetup1\SP35475\SM_Comn\Help\German\DTS.chm
    c:\swsetup1\SP35475\SM_Comn\Help\German\EQ.chm
    c:\swsetup1\SP35475\SM_Comn\Help\German\micro.chm
    c:\swsetup1\SP35475\SM_Comn\Help\German\pnp.chm
    c:\swsetup1\SP35475\SM_Comn\Help\German\power.chm
    c:\swsetup1\SP35475\SM_Comn\Help\German\sensa.chm
    c:\swsetup1\SP35475\SM_Comn\Help\German\smax.chm
    c:\swsetup1\SP35475\SM_Comn\Help\German\smax4hlp.chm
    c:\swsetup1\SP35475\SM_Comn\Help\German\SPDIF.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Hebrew\cpsimp.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Hebrew\digaudmb.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Hebrew\DTS.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Hebrew\EQ.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Hebrew\micro.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Hebrew\pnp.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Hebrew\power.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Hebrew\sensa.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Hebrew\smax.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Hebrew\smax4hlp.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Hebrew\SPDIF.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Italian\cpsimp.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Italian\digaudmb.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Italian\DTS.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Italian\EQ.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Italian\micro.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Italian\pnp.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Italian\power.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Italian\sensa.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Italian\smax.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Italian\smax4hlp.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Italian\SPDIF.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Japanese\cpsimp.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Japanese\digaudmb.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Japanese\DTS.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Japanese\EQ.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Japanese\micro.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Japanese\pnp.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Japanese\power.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Japanese\sensa.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Japanese\smax.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Japanese\smax4hlp.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Japanese\SPDIF.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Korean\cpsimp.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Korean\digaudmb.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Korean\DTS.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Korean\EQ.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Korean\micro.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Korean\pnp.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Korean\power.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Korean\sensa.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Korean\smax.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Korean\smax4hlp.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Korean\SPDIF.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Norweg\cpsimp.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Norweg\digaudmb.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Norweg\DTS.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Norweg\EQ.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Norweg\micro.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Norweg\pnp.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Norweg\power.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Norweg\sensa.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Norweg\smax.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Norweg\smax4hlp.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Norweg\SPDIF.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Polish\cpsimp.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Polish\digaudmb.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Polish\DTS.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Polish\EQ.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Polish\micro.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Polish\pnp.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Polish\power.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Polish\sensa.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Polish\smax.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Polish\smax4hlp.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Polish\SPDIF.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Russian\cpsimp.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Russian\digaudmb.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Russian\DTS.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Russian\EQ.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Russian\micro.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Russian\pnp.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Russian\power.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Russian\sensa.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Russian\smax.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Russian\smax4hlp.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Russian\SPDIF.chm
    c:\swsetup1\SP35475\SM_Comn\Help\SimpChin\cpsimp.chm
    c:\swsetup1\SP35475\SM_Comn\Help\SimpChin\digaudmb.chm
    c:\swsetup1\SP35475\SM_Comn\Help\SimpChin\DTS.chm
    c:\swsetup1\SP35475\SM_Comn\Help\SimpChin\EQ.chm
    c:\swsetup1\SP35475\SM_Comn\Help\SimpChin\micro.chm
    c:\swsetup1\SP35475\SM_Comn\Help\SimpChin\pnp.chm
    c:\swsetup1\SP35475\SM_Comn\Help\SimpChin\power.chm
    c:\swsetup1\SP35475\SM_Comn\Help\SimpChin\sensa.chm
    c:\swsetup1\SP35475\SM_Comn\Help\SimpChin\smax.chm
    c:\swsetup1\SP35475\SM_Comn\Help\SimpChin\smax4hlp.chm
    c:\swsetup1\SP35475\SM_Comn\Help\SimpChin\SPDIF.chm
    c:\swsetup1\SP35475\SM_Comn\Help\SMHelp.exe
    c:\swsetup1\SP35475\SM_Comn\Help\Spanish\cpsimp.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Spanish\digaudmb.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Spanish\DTS.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Spanish\EQ.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Spanish\micro.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Spanish\pnp.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Spanish\power.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Spanish\sensa.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Spanish\smax.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Spanish\smax4hlp.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Spanish\SPDIF.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Swedish\cpsimp.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Swedish\digaudmb.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Swedish\DTS.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Swedish\EQ.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Swedish\micro.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Swedish\pnp.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Swedish\power.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Swedish\sensa.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Swedish\smax.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Swedish\smax4hlp.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Swedish\SPDIF.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Thai\cpsimp.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Thai\digaudmb.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Thai\DTS.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Thai\EQ.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Thai\micro.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Thai\pnp.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Thai\power.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Thai\sensa.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Thai\smax.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Thai\smax4hlp.chm
    c:\swsetup1\SP35475\SM_Comn\Help\Thai\SPDIF.chm
    c:\swsetup1\SP35475\SM_Comn\Help\TradChin\cpsimp.chm
    c:\swsetup1\SP35475\SM_Comn\Help\TradChin\digaudmb.chm
    c:\swsetup1\SP35475\SM_Comn\Help\TradChin\DTS.chm
    c:\swsetup1\SP35475\SM_Comn\Help\TradChin\EQ.chm
    c:\swsetup1\SP35475\SM_Comn\Help\TradChin\micro.chm
    c:\swsetup1\SP35475\SM_Comn\Help\TradChin\pnp.chm
    c:\swsetup1\SP35475\SM_Comn\Help\TradChin\power.chm
    c:\swsetup1\SP35475\SM_Comn\Help\TradChin\sensa.chm
    c:\swsetup1\SP35475\SM_Comn\Help\TradChin\smax.chm
    c:\swsetup1\SP35475\SM_Comn\Help\TradChin\smax4hlp.chm
    c:\swsetup1\SP35475\SM_Comn\Help\TradChin\SPDIF.chm
    c:\swsetup1\SP35475\SM_Comn\Sys\placer.txt
    c:\swsetup1\SP35475\SM_Micro\Sys\MicTab.dll
    c:\swsetup1\SP35475\SM_Micro\Wizards\SMWizard.exe
    c:\swsetup1\SP35475\SM_Panel\Sys\license.txt
    c:\swsetup1\SP35475\SM_Panel\Sys\SMax4.cpl
    c:\swsetup1\SP35475\SM_Panel\Sys\SMax4.exe
    c:\swsetup1\SP35475\SM_Panel\Sys\SMMedia.dll
    c:\swsetup1\SP35475\SM_Panel\Sys\wdmioctl.dll
    c:\swsetup1\SP35475\SM_Power\Sys\PwrMan.dll
    c:\swsetup1\SP35475\SMax3CP.ico
    c:\swsetup1\SP35475\SMAXWDM\W2K_XP\ADIHdAud.inf
    c:\swsetup1\SP35475\SMAXWDM\W2K_XP\ADIHdAud.sys
    c:\swsetup1\SP35475\SMAXWDM\W2K_XP\AEAUDIO.sys
    c:\swsetup1\SP35475\SMAXWDM\W2K_XP\mixer.ini
    c:\swsetup1\SP35475\SMAXWDM\W2K_XP\PostProc.dll
    c:\swsetup1\SP35475\SMAXWDM\W2K_XP\SMax4PNP.exe
    c:\swsetup1\SP35475\SMAXWDM\W2K_XP\SMWDMIF.dll
    c:\swsetup1\SP35475\SMAXWDM\W2K_XP\smx.cat
    c:\swsetup1\SP35475\Sys\CleanUp.exe
    c:\swsetup1\SP35475\Sys\DSndUp.exe
    c:\swsetup1\SP35475\win256_3.bmp
    C:\Thumbs.db
    c:\windows2\system32\_000115_.tmp.dll
    c:\windows2\system32\FC3EC74932.dll
    c:\windows2\system32\msssc.dll
    c:\windows2\system32\SET1639.tmp
    c:\windows2\system32\SET2BFD.tmp
    c:\windows2\system32\SET2C03.tmp
    c:\windows2\system32\SET2C04.tmp
    c:\windows2\system32\SET2C0B.tmp
    c:\windows2\system32\SET2C0D.tmp
    c:\windows2\system32\SET64E.tmp
    c:\windows2\system32\SET7CF1.tmp
    c:\windows2\system32\SETE0E.tmp
    c:\windows2\Temp\tmp3.tmp
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-01-14 to 2012-02-14 )))))))))))))))))))))))))))))))
    .
    .
    2012-02-14 16:03 . 2012-02-14 16:03 -------- d-----w- c:\documents and settings\All Users.WINDOWS2\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
    2012-02-14 15:35 . 2012-02-14 15:37 -------- d-----w- c:\program files\Dll-Files.com Fixer
    2012-02-14 15:28 . 2012-02-14 15:28 -------- d-----w- c:\documents and settings\Pe.BREAH-7959170B3\Application Data\dll-files.com
    2012-02-14 15:23 . 2012-02-14 15:23 -------- d-----w- c:\program files\Uniblue
    2012-02-14 15:08 . 2012-02-14 15:10 -------- d-----w- c:\documents and settings\All Users.WINDOWS2\Application Data\SpeedyPC Software
    2012-02-13 17:14 . 2012-02-13 17:14 -------- d-----w- c:\program files\Ask.com
    2012-02-13 17:14 . 2012-02-14 16:39 -------- d-----w- c:\documents and settings\Pe.BREAH-7959170B3\Local Settings\Application Data\AskToolbar
    2012-02-13 17:14 . 2012-02-13 17:14 -------- d-----w- c:\documents and settings\Pe.BREAH-7959170B3\Local Settings\Application Data\APN
    2012-02-13 12:53 . 2012-02-13 12:53 -------- d-----w- c:\documents and settings\Pe.BREAH-7959170B3\Application Data\Registry Mechanic
    2012-02-13 12:41 . 2012-02-13 17:47 -------- d-----w- c:\program files\Common Files\PC Tools
    2012-02-13 12:35 . 2012-02-13 12:36 -------- d-----w- c:\documents and settings\All Users.WINDOWS2\Application Data\RegistryCleanEasy
    2012-02-13 12:35 . 2012-02-13 12:35 -------- d-----w- C:\RegistryCleanEasy
    2012-02-13 11:41 . 2012-02-13 11:41 -------- d-----w- c:\documents and settings\Pe.BREAH-7959170B3\AppData
    2012-02-13 11:32 . 2012-02-13 11:32 -------- d-----w- c:\documents and settings\Pe.BREAH-7959170B3\Application Data\PCPro
    2012-02-13 11:32 . 2012-02-13 11:32 -------- d-----w- c:\documents and settings\Pe.BREAH-7959170B3\Application Data\PC Cleaners
    2012-02-13 11:31 . 2012-02-13 11:30 5276432 ----a-w- c:\windows2\uninst.exe
    2012-02-13 11:31 . 2012-02-13 11:31 -------- d-----w- c:\documents and settings\All Users.WINDOWS2\Application Data\PC1Data
    2012-02-12 23:44 . 2011-07-06 19:52 41272 ----a-w- c:\windows2\system32\drivers\mbamswissarmy.sys
    2012-02-12 23:13 . 2012-02-12 23:13 -------- d-----w- c:\windows2\system32\wbem\Repository
    2012-02-12 22:58 . 2012-02-12 22:58 -------- d-----w- c:\program files\Enigma Software Group
    2012-02-06 09:52 . 2012-02-13 09:54 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
    2012-02-06 09:52 . 2012-02-13 09:54 43960 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
    2012-02-06 09:50 . 2009-03-18 16:35 26176 ---ha-w- c:\windows2\system32\hamachi.sys
    2012-01-31 18:52 . 2012-01-31 18:52 -------- d-----w- c:\documents and settings\Pe.BREAH-7959170B3\Local Settings\Application Data\Heroes and Generals
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-02-01 21:14 . 2010-06-01 12:54 138520 ----a-w- c:\windows2\system32\drivers\PnkBstrK.sys
    2012-02-01 21:11 . 2010-06-01 12:53 234536 ----a-w- c:\windows2\system32\PnkBstrB.exe
    2012-02-01 21:11 . 2009-03-29 18:06 234536 ----a-w- c:\windows2\system32\PnkBstrB.xtr
    2012-01-31 15:34 . 2010-06-01 12:53 234536 ----a-w- c:\windows2\system32\PnkBstrB.ex0
    2012-01-17 15:01 . 2009-01-21 16:46 139152 -c--a-w- c:\documents and settings\Pe.BREAH-7959170B3\Application Data\PnkBstrK.sys
    2011-12-13 11:01 . 2010-07-07 15:52 1698408 ----a-w- c:\windows2\RtlExUpd.dll
    2011-11-25 21:57 . 2009-01-13 11:37 293376 ----a-w- c:\windows2\system32\winsrv.dll
    2011-11-23 13:25 . 2009-01-13 11:37 1859584 ----a-w- c:\windows2\system32\win32k.sys
    2011-11-18 12:35 . 2009-01-13 11:36 60416 ----a-w- c:\windows2\system32\packager.exe
    2012-02-13 09:54 . 2011-05-01 12:22 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    2006-05-03 09:06 163328 --sh--r- c:\windows2\system32\flvDX.dll
    2007-02-21 10:47 31232 --sh--r- c:\windows2\system32\msfDX.dll
    2008-03-16 12:30 216064 --sh--r- c:\windows2\system32\nbDX.dll
    .
    .
    ------- Sigcheck -------
    Note: Unsigned files aren't necessarily malware.
    .
    [-] 2009-01-13 . 649B4101C35E996E1866037C28A5FD42 . 1614848 . . [5.1.2600.5512] . . c:\windows2\system32\sfcfiles.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-08-23 1515688]
    .
    [HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    2011-08-23 21:20 1515688 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-08-23 1515688]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "PD0630 STISvc"="P0630Pin.dll" [2005-06-05 36864]
    "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-10-07 1461080]
    "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
    "StartCCC"="f:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-06-22 98304]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows2\system32\CTFMON.EXE" [2009-01-13 15360]
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk /k:C /k:F *
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS2^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    backup=c:\windows2\pss\HP Digital Imaging Monitor.lnkCommon Startup
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Companion
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2010-09-23 03:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnUpdater]
    2011-08-23 21:20 887976 ----a-w- c:\program files\Ask.com\Updater\Updater.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
    2008-12-29 10:40 687560 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
    2007-09-06 13:08 136136 ----a-w- c:\programas\DAEMON Tools Pro\DTProAgent.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    2010-03-18 12:21 136176 ----atw- c:\documents and settings\Pe.BREAH-7959170B3\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
    2007-08-24 07:00 33648 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    2007-05-08 15:24 54840 ----a-w- f:\program files\HP\HP Software Update\hpwuSchd2.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
    2011-07-06 19:52 449584 ----a-w- f:\2\Malwarebytes' Anti-Malware\mbamgui.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2009-11-10 23:08 417792 ----a-w- f:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
    2010-06-08 16:16 19552872 ----a-w- c:\windows2\RTHDCPL.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
    2010-06-08 16:16 1833576 ----a-w- c:\windows2\SkyTel.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
    2009-03-05 15:07 2260480 -csha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2011-06-09 12:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "f:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "f:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "f:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "f:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "f:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "f:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "f:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "f:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
    "f:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "f:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "f:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "f:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "f:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "f:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
    "c:\\WINDOWS2\\system32\\PnkBstrA.exe"=
    "c:\\WINDOWS2\\system32\\PnkBstrB.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "f:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
    "f:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
    "f:\\Program Files\\Autodesk\\Backburner\\server.exe"=
    "c:\\Programas\\The All-Seeing Eye\\eye.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "f:\\Games\\Steam\\steamapps\\randoomized\\source sdk base\\hl2.exe"=
    "c:\\Programas\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\SoulseekNS\\slsk.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
    "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
    "f:\\Games\\Steam\\Steam.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
    "f:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Documents and Settings\\Pe.BREAH-7959170B3\\Application Data\\Octoshape\\Octoshape Streaming Services\\OctoshapeClient.exe"=
    "c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
    "c:\\Documents and Settings\\Pe.BREAH-7959170B3\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
    "c:\\WINDOWS2\\system32\\dpvsetup.exe"=
    "c:\\Programas\\SmartFTP Client\\SmartFTP.exe"=
    "c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
    "f:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe"=
    "c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "f:\\Games\\Steam\\steamapps\\randoomized\\source sdk base 2007\\hl2.exe"=
    "c:\\Program Files\\EA GAMES\\Battlefield 2\\forgottenhope2.exe"=
    "c:\\Program Files\\EA GAMES\\Battlefield 2\\FH2.exe"=
    "f:\\Program Files\\mIRC\\mirc.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "f:\\Games\\Steam\\steamapps\\randoomized\\counter-strike\\hl.exe"=
    "c:\\Documents and Settings\\Pe.BREAH-7959170B3\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
    "f:\\Programas\\mIRC\\mirc.exe"=
    "f:\\Games\\Steam\\steamapps\\randoomized\\counter-strike source\\hl2.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "5222:TCP"= 5222:TCP:xmpp.quakelive.com
    "56831:TCP"= 56831:TCP:pando Media Booster
    "56831:UDP"= 56831:UDP:pando Media Booster
    "56065:TCP"= 56065:TCP:pando
    "563:TCP"= 563:TCP:pando2
    .
    R0 sptd;sptd;c:\windows2\system32\drivers\sptd.sys [13-01-2009 16:26 717296]
    R1 epfwtdir;epfwtdir;c:\windows2\system32\drivers\epfwtdir.sys [20-02-2008 11:11 35168]
    R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [07-10-2009 9:16 472280]
    R2 MBAMService;MBAMService;f:\2\Malwarebytes' Anti-Malware\mbamservice.exe [12-02-2012 23:44 366640]
    R2 XobniService;XobniService;f:\program files\Xobni\XobniService.exe [20-11-2009 17:13 55016]
    R3 MBAMProtector;MBAMProtector;c:\windows2\system32\drivers\mbam.sys [10-12-2010 20:21 22712]
    R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows2\system32\drivers\seehcri.sys [23-11-2009 21:56 27632]
    S2 gupdate1c98bb8b2aea58;Google Update Service (gupdate1c98bb8b2aea58);c:\program files\Google\Update\GoogleUpdate.exe [10-02-2009 19:44 133104]
    S2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max Design 2009 32-bit 32-bit; [x]
    S3 Ambfilt;Ambfilt;c:\windows2\system32\drivers\Ambfilt.sys [07-07-2010 15:53 1691480]
    S3 atidgllk;atidgllk;c:\program files\winflash\atidgllk.sys [07-07-2010 16:32 12048]
    S3 ggflt;SEMC USB Flash Driver Filter;c:\windows2\system32\drivers\ggflt.sys [23-11-2009 22:08 13224]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10-02-2009 19:44 133104]
    S3 P0630VID;Creative WebCam Live!;c:\windows2\system32\drivers\P0630Vid.sys [25-02-2010 15:27 91841]
    S3 pcouffin;VSO Software pcouffin;c:\windows2\system32\drivers\pcouffin.sys [28-01-2009 23:51 47360]
    S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows2\system32\drivers\s0017bus.sys [23-11-2009 21:56 86824]
    S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows2\system32\drivers\s0017mdfl.sys [23-11-2009 21:56 15016]
    S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows2\system32\drivers\s0017mdm.sys [23-11-2009 21:56 114600]
    S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows2\system32\drivers\s0017mgmt.sys [23-11-2009 21:56 108328]
    S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows2\system32\drivers\s0017nd5.sys [23-11-2009 21:56 26024]
    S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows2\system32\drivers\s0017obex.sys [23-11-2009 21:56 104616]
    S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows2\system32\drivers\s0017unic.sys [23-11-2009 21:56 109736]
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-02-14 c:\windows2\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-10 19:44]
    .
    2012-02-14 c:\windows2\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-10 19:44]
    .
    2012-02-09 c:\windows2\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-362288127-1417001333-1003Core.job
    - c:\documents and settings\Pe.BREAH-7959170B3\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-06-14 12:21]
    .
    2012-02-14 c:\windows2\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-362288127-1417001333-1003UA.job
    - c:\documents and settings\Pe.BREAH-7959170B3\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-06-14 12:21]
    .
    2012-02-14 c:\windows2\Tasks\Scheduled Update for Ask Toolbar.job
    - c:\program files\Ask.com\UpdateTask.exe [2011-08-23 21:20]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://eu.ask.com/?l=dis&o=102866&gct=hp
    mStart Page = hxxp://www.google.com
    uInternet Settings,ProxyOverride = *.local
    IE: E&xportar para o Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
    Trusted Zone: forgottenhonor.com\www
    TCP: DhcpNameServer = 212.113.164.58 212.113.164.57
    DPF: {5B54751C-0EDB-4CAE-816C-65BCED3FF819} - hxxp://game.heroesandgenerals.com/retox.ocx
    DPF: {9BD3C5C6-BCBA-47BF-9CC0-0D5D3E117DE1} - hxxp://www.bravearms.com/razor/plugins/WebMediaPlayer.cab
    FF - ProfilePath - c:\documents and settings\Pe.BREAH-7959170B3\Application Data\Mozilla\Firefox\Profiles\ybxr1hhq.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.maisfutebol.iol.pt/
    FF - prefs.js: keyword.URL - hxxp://startsear.ch/?aff=1&q=
    .
    .
    ------- File Associations -------
    .
    .txt=
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKU-Default-RunOnce-!SearchquFF - c:\windows2\TEMP\SEARCH~1\INSTAL~1.DLL
    AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\documents and settings\All Users.WINDOWS2\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}\bm_installer.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-02-14 19:49
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-448539723-362288127-1417001333-1003\Software\Microsoft\SystemCertificates\AddressBook*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)
    .
    [HKEY_USERS\S-1-5-21-448539723-362288127-1417001333-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    "??"=hex:9c,74,e3,9b,7d,bd,31,24,61,49,0f,9f,bd,6b,c8,9c,57,76,09,3c,fe,5b,11,
    65,21,44,3f,b5,77,76,77,3b,ab,19,35,22,af,41,88,6c,f8,ff,fb,1b,bb,ab,45,49,\
    "??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(688)
    c:\windows2\system32\Ati2evxx.dll
    c:\windows2\system32\atiadlxx.dll
    c:\windows2\system32\CLBCATQ.DLL
    .
    - - - - - - - > 'explorer.exe'(1444)
    c:\windows2\system32\WININET.dll
    c:\windows2\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
    c:\windows2\system32\msi.dll
    c:\windows2\system32\ieframe.dll
    c:\windows2\system32\webcheck.dll
    c:\windows2\system32\WPDShServiceObj.dll
    c:\windows2\system32\hnetcfg.dll
    c:\windows2\system32\PortableDeviceTypes.dll
    c:\windows2\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows2\system32\Ati2evxx.exe
    c:\windows2\system32\Ati2evxx.exe
    c:\windows2\system32\AEADISRV.EXE
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Java\jre6\bin\jqs.exe
    f:\program files\CDBurnerXP\NMSAccessU.exe
    c:\windows2\system32\HPZipm12.exe
    c:\windows2\system32\PnkBstrA.exe
    c:\windows2\system32\RunDLL32.exe
    f:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    f:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    .
    **************************************************************************
    .
    Completion time: 2012-02-14 19:55:49 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-02-14 19:55
    .
    Pre-Run: 3.583.823.872 bytes free
    Post-Run: 6.063.177.728 bytes free
    .
    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS2
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS2="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
    .
    - - End Of File - - 96800DCFE96085404278ED1BA17152B8
  8. Broni

    Broni Malware Annihilator Posts: 46,164   +251

    Uninstall Free Window Registry Repair and Registry Clean Easy for the reason I mentioned previously (registry cleaners).

    Uninstall Ask Toolbar, typical foistware.

    Combofix log looks good.

    How is computer doing?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  9. TheBreah

    TheBreah Newcomer, in training Topic Starter

    Its still giving the same error on several programs. ".... oleaccrc.dll is corrupt and unreadable.
    _______________

    OTL logfile created on: 15-02-2012 11:11:09 - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = F:\Ziped Files
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000816 | Country: Portugal | Language: PTG | Date Format: dd-MM-yyyy

    2,00 Gb Total Physical Memory | 1,22 Gb Available Physical Memory | 61,28% Memory free
    3,85 Gb Paging File | 3,24 Gb Available in Paging File | 84,23% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS2 | %ProgramFiles% = C:\Program Files
    Drive C: | 29,29 Gb Total Space | 5,62 Gb Free Space | 19,17% Space Free | Partition Type: NTFS
    Drive F: | 45,23 Gb Total Space | 4,35 Gb Free Space | 9,62% Space Free | Partition Type: NTFS

    Computer Name: BREAH-7959170B3 | User Name: Pe | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012-02-15 11:09:30 | 000,584,192 | ---- | M] (OldTimer Tools) -- F:\Ziped Files\OTL.exe
    PRC - [2012-02-13 09:54:45 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
    PRC - [2011-07-06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- f:\2\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2010-03-04 22:38:00 | 000,071,096 | ---- | M] () -- f:\Program Files\CDBurnerXP\NMSAccessU.exe
    PRC - [2009-11-20 17:13:56 | 000,055,016 | ---- | M] (Xobni Corporation) -- F:\Program Files\Xobni\XobniService.exe
    PRC - [2009-10-07 09:16:50 | 000,472,280 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    PRC - [2009-10-07 09:15:42 | 001,461,080 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    PRC - [2009-01-13 11:36:32 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS2\explorer.exe
    PRC - [2008-07-15 12:09:52 | 000,090,112 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS2\system32\AEADISRV.EXE
    PRC - [2007-08-09 07:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS2\system32\HPZipm12.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012-02-13 09:54:40 | 001,969,080 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
    MOD - [2012-01-11 00:45:28 | 011,817,472 | ---- | M] () -- C:\WINDOWS2\assembly\NativeImages_v2.0.50727_32\System.Web\62e34cfb5a8b233667c7c5a47a32ad93\System.Web.ni.dll
    MOD - [2012-01-11 00:45:15 | 000,771,584 | ---- | M] () -- C:\WINDOWS2\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\3c272cad7afb127e2a2bdb8a5a808512\System.Runtime.Remoting.ni.dll
    MOD - [2011-11-05 18:28:07 | 000,166,912 | ---- | M] () -- F:\Program Files\WinRAR\RarExt.dll
    MOD - [2011-11-03 15:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS2\system32\quartz.dll
    MOD - [2011-10-24 20:02:45 | 008,522,400 | ---- | M] () -- C:\WINDOWS2\system32\Macromed\Flash\NPSWF32.dll
    MOD - [2011-10-13 07:50:53 | 000,212,992 | ---- | M] () -- C:\WINDOWS2\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll
    MOD - [2011-10-13 07:49:39 | 000,025,600 | ---- | M] () -- C:\WINDOWS2\assembly\NativeImages_v2.0.50727_32\Accessibility\d86a3346c3d90ff12d0df9d7726f3ece\Accessibility.ni.dll
    MOD - [2011-10-13 07:49:37 | 012,430,848 | ---- | M] () -- C:\WINDOWS2\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll
    MOD - [2011-10-13 00:28:18 | 001,587,200 | ---- | M] () -- C:\WINDOWS2\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll
    MOD - [2011-10-13 00:27:44 | 005,450,752 | ---- | M] () -- C:\WINDOWS2\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
    MOD - [2011-10-13 00:27:39 | 000,971,264 | ---- | M] () -- C:\WINDOWS2\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll
    MOD - [2011-10-13 00:27:35 | 007,950,848 | ---- | M] () -- C:\WINDOWS2\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
    MOD - [2011-10-13 00:27:20 | 011,490,816 | ---- | M] () -- C:\WINDOWS2\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
    MOD - [2010-06-22 23:07:40 | 000,270,336 | ---- | M] () -- F:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
    MOD - [2010-04-08 12:23:26 | 000,430,080 | R--- | M] () -- F:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
    MOD - [2010-03-16 12:22:12 | 000,014,848 | ---- | M] () -- F:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AxInterop.WBOCXLib.dll
    MOD - [2010-03-04 22:38:00 | 000,071,096 | ---- | M] () -- f:\Program Files\CDBurnerXP\NMSAccessU.exe


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Auto | Stopped] -- -- (wuauserv)
    SRV - File not found [Auto | Stopped] -- -- (mi-raysat_3dsMax2009_32)
    SRV - File not found [Disabled | Stopped] -- -- (HidServ)
    SRV - [2011-07-06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- f:\2\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2010-03-04 22:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- f:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
    SRV - [2009-11-20 17:13:56 | 000,055,016 | ---- | M] (Xobni Corporation) [Auto | Running] -- F:\Program Files\Xobni\XobniService.exe -- (XobniService)
    SRV - [2009-10-07 09:21:14 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
    SRV - [2009-10-07 09:16:50 | 000,472,280 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
    SRV - [2009-02-05 13:40:58 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2008-07-15 12:09:52 | 000,090,112 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\WINDOWS2\system32\AEADISRV.EXE -- (AEADIFilters)
    SRV - [2007-08-09 07:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS2\system32\HPZipm12.exe -- (Pml Driver HPZ12)


    ========== Driver Services (SafeList) ==========

    DRV - [2011-07-06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS2\system32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2010-06-23 00:00:04 | 005,068,288 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS2\system32\drivers\ati2mtag.sys -- (ati2mtag)
    DRV - [2010-06-08 16:16:26 | 006,056,040 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS2\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
    DRV - [2010-05-17 08:04:06 | 000,101,904 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS2\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
    DRV - [2009-11-18 06:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS2\system32\drivers\Monfilt.sys -- (Monfilt)
    DRV - [2009-11-18 06:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS2\system32\drivers\Ambfilt.sys -- (Ambfilt)
    DRV - [2009-11-12 13:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS2\System32\drivers\StarOpen.sys -- (StarOpen)
    DRV - [2009-10-07 09:18:36 | 000,035,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS2\system32\drivers\epfwtdir.sys -- (epfwtdir)
    DRV - [2009-10-07 09:12:22 | 000,054,184 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS2\system32\drivers\easdrv.sys -- (easdrv)
    DRV - [2009-10-07 09:11:10 | 000,040,824 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS2\system32\drivers\eamon.sys -- (eamon)
    DRV - [2009-05-04 16:54:14 | 000,279,712 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS2\system32\drivers\atksgt.sys -- (atksgt)
    DRV - [2009-05-04 16:54:13 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS2\system32\drivers\lirsgt.sys -- (lirsgt)
    DRV - [2009-04-06 09:13:52 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS2\system32\drivers\ggsemc.sys -- (ggsemc)
    DRV - [2009-04-06 09:13:52 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS2\system32\drivers\ggflt.sys -- (ggflt)
    DRV - [2009-03-18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS2\system32\drivers\hamachi.sys -- (hamachi)
    DRV - [2009-01-13 16:26:10 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS2\System32\Drivers\sptd.sys -- (sptd)
    DRV - [2008-10-21 10:22:48 | 000,114,600 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS2\system32\drivers\s0017mdm.sys -- (s0017mdm)
    DRV - [2008-10-21 10:22:48 | 000,109,736 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS2\system32\drivers\s0017unic.sys -- (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM)
    DRV - [2008-10-21 10:22:48 | 000,108,328 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS2\system32\drivers\s0017mgmt.sys -- (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM)
    DRV - [2008-10-21 10:22:48 | 000,104,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS2\system32\drivers\s0017obex.sys -- (s0017obex)
    DRV - [2008-10-21 10:22:48 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS2\system32\drivers\s0017bus.sys -- (s0017bus) Sony Ericsson Device 0017 driver (WDM)
    DRV - [2008-10-21 10:22:48 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS2\system32\drivers\s0017nd5.sys -- (s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS)
    DRV - [2008-10-21 10:22:48 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS2\system32\drivers\s0017mdfl.sys -- (s0017mdfl)
    DRV - [2008-01-09 11:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\WINDOWS2\system32\drivers\seehcri.sys -- (seehcri)
    DRV - [2006-09-24 13:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS2\system32\speedfan.sys -- (speedfan)
    DRV - [2006-08-31 11:54:44 | 000,081,280 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS2\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
    DRV - [2006-07-19 11:04:18 | 000,012,048 | R--- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\winflash\atidgllk.sys -- (atidgllk)
    DRV - [2005-08-11 12:49:28 | 000,393,088 | R--- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS2\system32\drivers\senfilt.sys -- (SenFiltService)
    DRV - [2005-08-11 12:49:28 | 000,393,088 | R--- | M] (Sensaura) [Kernel | On_Demand | Stopped] -- C:\WINDOWS2\system32\drivers\senfilt.sys -- (senfilt)
    DRV - [2005-06-06 02:44:05 | 000,091,841 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS2\system32\drivers\P0630Vid.sys -- (P0630VID)
    DRV - [2004-08-13 02:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS2\system32\drivers\ASACPI.sys -- (MTsensor)
    DRV - [1996-04-03 19:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS2\system32\giveio.sys -- (giveio)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-448539723-362288127-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://eu.ask.com/?l=dis&o=102866&gct=hp
    IE - HKU\S-1-5-21-448539723-362288127-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt
    IE - HKU\S-1-5-21-448539723-362288127-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 72 D7 DE D7 CE 67 CC 01 [binary data]
    IE - HKU\S-1-5-21-448539723-362288127-1417001333-1003\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\InprocServer32 File not found
    IE - HKU\S-1-5-21-448539723-362288127-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-448539723-362288127-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultengine: "Web Search"
    FF - prefs.js..browser.search.defaultenginename: "Web Search"
    FF - prefs.js..browser.search.order.1: "Web Search"
    FF - prefs.js..browser.search.suggest.enabled: false
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://www.maisfutebol.iol.pt/"
    FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.86.1
    FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2
    FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.2
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: webmediaplayer@3gstudiosinc.com:0.0.3.7
    FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: firefox@bandoo.com:5.0
    FF - prefs.js..extensions.enabledItems: battlefieldplay4free@ea.com:1.0.26.2
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    FF - prefs.js..keyword.URL: "http://startsear.ch/?aff=1&q="

    FF - HKLM\Software\MozillaPlugins\@3gstudios.com/webmediaclient,version=1.0: C:\Program Files\3G Studios\Web Media Client\npWebMediaClient.dll (3G Studios, Inc.)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS2\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS2\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\Documents and Settings\All Users.WINDOWS2\Application Data\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS2\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: f:\Program Files\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
    FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: f:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
    FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: f:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
    FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll (Octoshape ApS)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Pe.BREAH-7959170B3\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Pe.BREAH-7959170B3\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-02-13 09:54:47 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-09-18 19:30:04 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\firefox@bandoo.com: C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\Mozilla\Firefox\Profiles/ybxr1hhq.default\extensions\firefox@bandoo.com [2010-12-09 20:58:03 | 000,000,000 | ---D | M]

    [2009-01-13 15:50:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\Mozilla\Extensions
    [2012-02-14 11:20:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\Mozilla\Firefox\Profiles\ybxr1hhq.default\extensions
    [2012-02-14 11:20:15 | 000,000,000 | ---D | M] (Flagfox) -- C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\Mozilla\Firefox\Profiles\ybxr1hhq.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
    [2010-04-27 19:57:15 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\Mozilla\Firefox\Profiles\ybxr1hhq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2011-12-23 10:38:41 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\Mozilla\Firefox\Profiles\ybxr1hhq.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
    [2012-02-14 11:20:19 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\Mozilla\Firefox\Profiles\ybxr1hhq.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
    [2010-12-20 14:55:15 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\Mozilla\Firefox\Profiles\ybxr1hhq.default\extensions\battlefieldplay4free@ea.com
    [2010-12-09 20:58:03 | 000,000,000 | ---D | M] (Bandoo for Firefox) -- C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\Mozilla\Firefox\Profiles\ybxr1hhq.default\extensions\firefox@bandoo.com
    [2009-10-26 12:48:11 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\Mozilla\Firefox\Profiles\ybxr1hhq.default\extensions\moveplayer@movenetworks.com
    [2012-01-19 14:02:13 | 000,000,000 | ---D | M] (HNG downloader/starter (live)) -- C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\Mozilla\Firefox\Profiles\ybxr1hhq.default\extensions\npretoxlive@live.heroesandgenerals.com
    [2012-01-10 13:28:15 | 000,000,000 | ---D | M] (HNG downloader/starter (stable)) -- C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\Mozilla\Firefox\Profiles\ybxr1hhq.default\extensions\npretoxstable@stable.heroesandgenerals.com
    [2012-02-12 22:37:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\Mozilla\Firefox\Profiles\ybxr1hhq.default\extensions\staged(2)
    [2012-02-13 17:14:48 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\Mozilla\Firefox\Profiles\ybxr1hhq.default\extensions\toolbar@ask.com
    [2010-09-29 18:46:39 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\Mozilla\Firefox\Profiles\ybxr1hhq.default\extensions\vshare@toolbar
    [2010-09-15 14:50:35 | 000,000,000 | ---D | M] ("Web Media Player") -- C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\Mozilla\Firefox\Profiles\ybxr1hhq.default\extensions\webmediaplayer@3gstudiosinc.com
    [2011-04-27 21:35:53 | 000,012,703 | ---- | M] () -- C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\Mozilla\Firefox\Profiles\ybxr1hhq.default\searchplugins\imdb.xml
    [2009-01-13 23:21:17 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\Mozilla\Firefox\Profiles\ybxr1hhq.default\searchplugins\mozilla-add-ons.xml
    [2012-02-12 22:32:47 | 000,005,090 | ---- | M] () -- C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\Mozilla\Firefox\Profiles\ybxr1hhq.default\searchplugins\youtube.xml
    [2011-12-11 12:17:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2012-02-13 09:54:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
    () (No name found) -- C:\DOCUMENTS AND SETTINGS\PE.BREAH-7959170B3\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YBXR1HHQ.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
    () (No name found) -- C:\DOCUMENTS AND SETTINGS\PE.BREAH-7959170B3\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YBXR1HHQ.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI
    () (No name found) -- C:\DOCUMENTS AND SETTINGS\PE.BREAH-7959170B3\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YBXR1HHQ.DEFAULT\EXTENSIONS\{DD05FD3D-18DF-4CE4-AE53-E795339C5F01}.XPI
    () (No name found) -- C:\DOCUMENTS AND SETTINGS\PE.BREAH-7959170B3\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YBXR1HHQ.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
    () (No name found) -- C:\DOCUMENTS AND SETTINGS\PE.BREAH-7959170B3\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YBXR1HHQ.DEFAULT\EXTENSIONS\TESTPILOT@LABS.MOZILLA.COM.XPI
    [2012-02-13 09:54:46 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2011-10-03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    [2011-08-31 10:38:58 | 000,082,944 | ---- | M] (vShare.tv ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll
    [2011-10-30 13:20:31 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2011-10-30 13:20:31 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - default_search_provider: Web Search (Enabled)
    CHR - default_search_provider: search_url = http://startsear.ch/?aff=1&q={searchTerms}
    CHR - default_search_provider: suggest_url =
    CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Pe.BREAH-7959170B3\Local Settings\Application Data\Google\Chrome\Application\16.0.912.77\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS2\system32\Macromed\Flash\NPSWF32.dll
    CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
    CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS2\system32\Adobe\Director\np32dsw.dll
    CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
    CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\Mozilla\plugins\np-mswmp.dll
    CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Pe.BREAH-7959170B3\Local Settings\Application Data\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Pe.BREAH-7959170B3\Local Settings\Application Data\Google\Chrome\Application\16.0.912.77\pdf.dll
    CHR - plugin: Skype Toolbars (Enabled) = C:\Documents and Settings\Pe.BREAH-7959170B3\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.5.0.7280_0\npSkypeChromePlugin.dll
    CHR - plugin: 3G Studios Web Client (Enabled) = C:\Documents and Settings\Pe.BREAH-7959170B3\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mhgkogmomehdgfcheknganbgdaaoemop\0.0.4.0_0\cmWebMediaClient.dll
    CHR - plugin: 3G Studios Web Client (Enabled) = C:\Program Files\3G Studios\Web Media Client\npWebMediaClient.dll
    CHR - plugin: Octoshape Streaming Services (Enabled) = C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\Mozilla\plugins\npoctoshape.dll
    CHR - plugin: Octoshape Streaming Services (Enabled) = C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll
    CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
    CHR - plugin: QUAKE LIVE (Enabled) = C:\Documents and Settings\All Users.WINDOWS2\Application Data\id Software\QuakeLive\npquakezero.dll
    CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Pe.BREAH-7959170B3\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll
    CHR - plugin: Unity Player (Enabled) = C:\Documents and Settings\Pe.BREAH-7959170B3\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: RayV Plugin (Enabled) = C:\Program Files\RayV\RayV\plugins\nprayvplugin.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS2\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - plugin: Veetle TV Player (Enabled) = f:\Program Files\Veetle\Player\npvlc.dll
    CHR - plugin: Veetle Broadcaster Plugin (Enabled) = f:\Program Files\Veetle\VLCBroadcast\npvbp.dll
    CHR - plugin: Veetle TV Core (Enabled) = f:\Program Files\Veetle\plugins\npVeetle.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin
    CHR - Extension: YouTube = C:\Documents and Settings\Pe.BREAH-7959170B3\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
    CHR - Extension: Pesquisa do Google = C:\Documents and Settings\Pe.BREAH-7959170B3\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
    CHR - Extension: vshare plugin = C:\Documents and Settings\Pe.BREAH-7959170B3\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\
    CHR - Extension: Heroes & Generals updater (live) = C:\Documents and Settings\Pe.BREAH-7959170B3\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lcdbmojodailncinonfdhpafgopelmbj\1.0.3.2_0\
    CHR - Extension: Web Media Client = C:\Documents and Settings\Pe.BREAH-7959170B3\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mhgkogmomehdgfcheknganbgdaaoemop\0.0.4.0_0\
    CHR - Extension: Gmail = C:\Documents and Settings\Pe.BREAH-7959170B3\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2012-02-14 19:49:28 | 000,000,027 | ---- | M]) - C:\WINDOWS2\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
    O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
    O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
    O3 - HKU\S-1-5-21-448539723-362288127-1417001333-1003\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
    O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
    O4 - HKLM..\Run: [PD0630 STISvc] C:\WINDOWS2\System32\P0630Pin.dll (Creative Technology Ltd.)
    O4 - HKLM..\Run: [StartCCC] F:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\RunOnce: [RegistryCleanEasyunstall] File not found
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-448539723-362288127-1417001333-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-448539723-362288127-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-448539723-362288127-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-21-448539723-362288127-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
    O15 - HKU\S-1-5-21-448539723-362288127-1417001333-1003\..Trusted Domains: forgottenhonor.com ([www] https in Trusted sites)
    O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
    O16 - DPF: {41564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab (Reg Error: Key error.)
    O16 - DPF: {5B54751C-0EDB-4CAE-816C-65BCED3FF819} http://game.heroesandgenerals.com/retox.ocx (Retox Control (live))
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1231871237906 (MUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {9BD3C5C6-BCBA-47BF-9CC0-0D5D3E117DE1} http://www.bravearms.com/razor/plugins/WebMediaPlayer.cab (MediaLoader Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.113.164.58 212.113.164.57
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{724B9139-EDF2-419B-BEDC-0D5794E34DA5}: DhcpNameServer = 212.113.164.58 212.113.164.57
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS2\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS2\system32\userinit.exe) -C:\WINDOWS2\system32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS2\System32\ati2evxx.dll (ATI Technologies Inc.)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2007-05-11 21:19:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk /k:C /k:F *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: HidServ - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: wuauserv - File not found
  10. TheBreah

    TheBreah Newcomer, in training Topic Starter

    Drivers32: msacm.iac2 - C:\WINDOWS2\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS2\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.sl_anet - C:\WINDOWS2\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS2\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: MSVideo8 - C:\WINDOWS2\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\WINDOWS2\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.ffds - C:\Program Files\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll ()
    Drivers32: VIDC.FPS1 - C:\WINDOWS2\System32\frapsvid.dll (Beepa P/L)
    Drivers32: vidc.iv31 - C:\WINDOWS2\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS2\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS2\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS2\System32\ir50_32.dll (Intel Corporation)
    Drivers32: vidc.yv12 - C:\WINDOWS2\System32\yv12vfw.dll (www.helixcommunity.org)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012-02-15 10:36:15 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2012-02-14 19:36:25 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2012-02-14 18:28:52 | 000,083,968 | ---- | C] (Esage Lab) -- C:\Documents and Settings\Pe.BREAH-7959170B3\Desktop\boot_cleaner.exe
    [2012-02-14 16:38:25 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Pe.BREAH-7959170B3\Desktop\dds.scr
    [2012-02-14 16:03:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS2\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
    [2012-02-14 15:35:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS2\Start Menu\Programs\Dll-Files.com Fixer
    [2012-02-14 15:35:54 | 000,000,000 | ---D | C] -- C:\Program Files\Dll-Files.com Fixer
    [2012-02-14 15:28:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\dll-files.com
    [2012-02-14 15:23:01 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
    [2012-02-14 15:23:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS2\Start Menu\Programs\Uniblue
    [2012-02-14 15:08:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS2\Application Data\SpeedyPC Software
    [2012-02-14 13:10:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pe.BREAH-7959170B3\Start Menu\Programs\Free Window Registry Repair
    [2012-02-13 17:14:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pe.BREAH-7959170B3\Local Settings\Application Data\AskToolbar
    [2012-02-13 17:14:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pe.BREAH-7959170B3\Local Settings\Application Data\APN
    [2012-02-13 16:49:45 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS2\SWREG.exe
    [2012-02-13 16:49:45 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS2\SWSC.exe
    [2012-02-13 16:49:45 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS2\SWXCACLS.exe
    [2012-02-13 16:49:45 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS2\NIRCMD.exe
    [2012-02-13 16:49:09 | 000,000,000 | ---D | C] -- C:\WINDOWS2\ERDNT
    [2012-02-13 16:48:43 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012-02-13 12:53:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\Registry Mechanic
    [2012-02-13 12:41:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
    [2012-02-13 12:35:41 | 000,000,000 | ---D | C] -- C:\RegistryCleanEasy
    [2012-02-13 12:35:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS2\Application Data\RegistryCleanEasy
    [2012-02-13 11:41:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pe.BREAH-7959170B3\AppData
    [2012-02-13 11:32:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\PCPro
    [2012-02-13 11:32:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\PC Cleaners
    [2012-02-13 11:31:42 | 005,276,432 | ---- | C] (PC Cleaners) -- C:\WINDOWS2\uninst.exe
    [2012-02-13 11:31:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS2\Application Data\PC1Data
    [2012-02-12 23:44:22 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS2\System32\drivers\mbamswissarmy.sys
    [2012-02-12 22:58:44 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
    [2012-02-06 09:50:17 | 000,026,176 | -H-- | C] (LogMeIn, Inc.) -- C:\WINDOWS2\System32\hamachi.sys
    [2012-01-31 18:52:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pe.BREAH-7959170B3\Local Settings\Application Data\Heroes and Generals
    [2009-01-28 23:51:17 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\pcouffin.sys
    [4 C:\WINDOWS2\*.tmp files -> C:\WINDOWS2\*.tmp -> ]
    [1 C:\WINDOWS2\System32\*.tmp files -> C:\WINDOWS2\System32\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012-02-15 11:14:00 | 000,000,228 | ---- | M] () -- C:\WINDOWS2\tasks\Scheduled Update for Ask Toolbar.job
    [2012-02-15 11:10:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS2\tasks\GoogleUpdateTaskMachineUA.job
    [2012-02-15 10:43:01 | 000,001,112 | ---- | M] () -- C:\WINDOWS2\tasks\GoogleUpdateTaskUserS-1-5-21-448539723-362288127-1417001333-1003UA.job
    [2012-02-15 10:43:00 | 000,001,060 | ---- | M] () -- C:\WINDOWS2\tasks\GoogleUpdateTaskUserS-1-5-21-448539723-362288127-1417001333-1003Core.job
    [2012-02-15 10:26:42 | 000,000,882 | ---- | M] () -- C:\WINDOWS2\tasks\GoogleUpdateTaskMachineCore.job
    [2012-02-15 10:21:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS2\bootstat.dat
    [2012-02-14 19:49:28 | 000,000,027 | ---- | M] () -- C:\WINDOWS2\System32\drivers\etc\hosts
    [2012-02-14 19:36:31 | 000,000,439 | RHS- | M] () -- C:\boot.ini
    [2012-02-14 19:02:18 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Pe.BREAH-7959170B3\Desktop\MBR.dat
    [2012-02-14 16:38:17 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Pe.BREAH-7959170B3\Desktop\dds.scr
    [2012-02-14 16:35:51 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Pe.BREAH-7959170B3\Desktop\8zz695zi.exe
    [2012-02-14 16:16:33 | 000,000,323 | ---- | M] () -- C:\Boot.bak
    [2012-02-14 15:35:58 | 000,001,697 | ---- | M] () -- C:\Documents and Settings\Pe.BREAH-7959170B3\Desktop\DLL-Files.com FIXER.lnk
    [2012-02-14 15:35:58 | 000,001,675 | ---- | M] () -- C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\Microsoft\Internet Explorer\Quick Launch\DLL-Files.com FIXER.lnk
    [2012-02-14 15:27:38 | 000,002,206 | ---- | M] () -- C:\WINDOWS2\System32\wpa.dbl
    [2012-02-14 13:10:43 | 000,000,605 | ---- | M] () -- C:\Documents and Settings\Pe.BREAH-7959170B3\Desktop\Free Window Registry Repair.lnk
    [2012-02-14 11:39:43 | 000,348,529 | ---- | M] () -- C:\Documents and Settings\Pe.BREAH-7959170B3\Desktop\reforma2.jpg
    [2012-02-14 11:38:07 | 000,213,985 | ---- | M] () -- C:\Documents and Settings\Pe.BREAH-7959170B3\Desktop\reforma.jpg
    [2012-02-14 00:26:41 | 000,087,040 | ---- | M] () -- C:\Documents and Settings\Pe.BREAH-7959170B3\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012-02-13 12:52:05 | 019,517,440 | ---- | M] () -- C:\Documents and Settings\Pe.BREAH-7959170B3\s-1-5-21-448539723-362288127-1417001333-1003.rrr
    [2012-02-13 12:05:32 | 001,551,688 | ---- | M] () -- C:\WINDOWS2\System32\FNTCACHE.DAT
    [2012-02-13 11:30:23 | 005,276,432 | ---- | M] (PC Cleaners) -- C:\WINDOWS2\uninst.exe
    [2012-02-12 23:23:49 | 000,000,661 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS2\Desktop\Malwarebytes Anti-Malware.lnk
    [2012-02-02 18:37:23 | 000,029,137 | ---- | M] () -- C:\Documents and Settings\Pe.BREAH-7959170B3\Desktop\hg.JPG
    [2012-02-01 21:14:34 | 000,138,520 | ---- | M] () -- C:\WINDOWS2\System32\drivers\PnkBstrK.sys
    [2012-02-01 21:11:40 | 000,234,536 | ---- | M] () -- C:\WINDOWS2\System32\PnkBstrB.xtr
    [2012-01-31 15:34:16 | 000,234,536 | ---- | M] () -- C:\WINDOWS2\System32\PnkBstrB.ex0
    [2012-01-20 10:30:07 | 000,444,812 | ---- | M] () -- C:\WINDOWS2\System32\perfh009.dat
    [2012-01-20 10:30:07 | 000,072,752 | ---- | M] () -- C:\WINDOWS2\System32\perfc009.dat
    [2012-01-17 15:01:54 | 000,139,152 | ---- | M] () -- C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\PnkBstrK.sys
    [4 C:\WINDOWS2\*.tmp files -> C:\WINDOWS2\*.tmp -> ]
    [1 C:\WINDOWS2\System32\*.tmp files -> C:\WINDOWS2\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012-02-14 19:36:31 | 000,000,323 | ---- | C] () -- C:\Boot.bak
    [2012-02-14 19:02:18 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Pe.BREAH-7959170B3\Desktop\MBR.dat
    [2012-02-14 16:36:47 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Pe.BREAH-7959170B3\Desktop\8zz695zi.exe
    [2012-02-14 15:35:58 | 000,001,697 | ---- | C] () -- C:\Documents and Settings\Pe.BREAH-7959170B3\Desktop\DLL-Files.com FIXER.lnk
    [2012-02-14 15:35:58 | 000,001,675 | ---- | C] () -- C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\Microsoft\Internet Explorer\Quick Launch\DLL-Files.com FIXER.lnk
    [2012-02-14 13:10:43 | 000,000,605 | ---- | C] () -- C:\Documents and Settings\Pe.BREAH-7959170B3\Desktop\Free Window Registry Repair.lnk
    [2012-02-14 11:39:06 | 000,348,529 | ---- | C] () -- C:\Documents and Settings\Pe.BREAH-7959170B3\Desktop\reforma2.jpg
    [2012-02-14 11:37:22 | 000,213,985 | ---- | C] () -- C:\Documents and Settings\Pe.BREAH-7959170B3\Desktop\reforma.jpg
    [2012-02-13 17:14:42 | 000,000,228 | ---- | C] () -- C:\WINDOWS2\tasks\Scheduled Update for Ask Toolbar.job
    [2012-02-13 16:53:57 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2012-02-13 16:49:45 | 000,256,000 | ---- | C] () -- C:\WINDOWS2\PEV.exe
    [2012-02-13 16:49:45 | 000,208,896 | ---- | C] () -- C:\WINDOWS2\MBR.exe
    [2012-02-13 16:49:45 | 000,098,816 | ---- | C] () -- C:\WINDOWS2\sed.exe
    [2012-02-13 16:49:45 | 000,080,412 | ---- | C] () -- C:\WINDOWS2\grep.exe
    [2012-02-13 16:49:45 | 000,068,096 | ---- | C] () -- C:\WINDOWS2\zip.exe
    [2012-02-13 12:51:15 | 019,517,440 | ---- | C] () -- C:\Documents and Settings\Pe.BREAH-7959170B3\s-1-5-21-448539723-362288127-1417001333-1003.rrr
    [2012-02-12 23:23:49 | 000,000,661 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS2\Desktop\Malwarebytes Anti-Malware.lnk
    [2012-02-02 18:37:23 | 000,029,137 | ---- | C] () -- C:\Documents and Settings\Pe.BREAH-7959170B3\Desktop\hg.JPG
    [2011-12-30 00:10:43 | 000,056,024 | -H-- | C] () -- C:\WINDOWS2\System32\mlfcache.dat
    [2011-02-10 22:10:33 | 000,007,168 | ---- | C] () -- C:\WINDOWS2\System32\drivers\StarOpen.sys
    [2010-12-10 19:12:12 | 000,016,968 | ---- | C] () -- C:\WINDOWS2\System32\drivers\hitmanpro35.sys
    [2010-07-03 18:48:08 | 000,000,169 | ---- | C] () -- C:\WINDOWS2\RtlRack.ini
    [2010-07-03 18:40:53 | 000,000,164 | ---- | C] () -- C:\WINDOWS2\avrack.ini
    [2010-06-09 22:54:05 | 000,151,552 | ---- | C] () -- C:\WINDOWS2\System32\nvRegDev.dll
    [2010-06-01 12:54:10 | 000,138,520 | ---- | C] () -- C:\WINDOWS2\System32\drivers\PnkBstrK.sys
    [2010-06-01 12:53:46 | 000,234,536 | ---- | C] () -- C:\WINDOWS2\System32\PnkBstrB.exe
    [2010-06-01 12:53:45 | 000,075,136 | ---- | C] () -- C:\WINDOWS2\System32\PnkBstrA.exe
    [2010-02-01 17:02:19 | 000,000,530 | ---- | C] () -- C:\WINDOWS2\eReg.dat
    [2010-01-28 18:28:49 | 002,434,856 | ---- | C] () -- C:\WINDOWS2\System32\pbsvc_bc2.exe
    [2010-01-19 16:25:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS2\ativpsrm.bin
    [2010-01-19 16:25:08 | 000,887,724 | ---- | C] () -- C:\WINDOWS2\System32\ativva6x.dat
    [2010-01-19 16:25:08 | 000,294,912 | ---- | C] () -- C:\WINDOWS2\System32\ATIODE.exe
    [2010-01-19 16:25:08 | 000,205,156 | ---- | C] () -- C:\WINDOWS2\System32\atiicdxx.dat
    [2010-01-19 16:25:08 | 000,045,056 | ---- | C] () -- C:\WINDOWS2\System32\ATIODCLI.exe
    [2010-01-19 16:25:08 | 000,000,003 | ---- | C] () -- C:\WINDOWS2\System32\ativva5x.dat
    [2010-01-18 17:20:45 | 000,001,324 | ---- | C] () -- C:\WINDOWS2\System32\d3d9caps.dat
    [2009-12-05 15:59:52 | 000,027,648 | ---- | C] () -- C:\WINDOWS2\System32\AVSredirect.dll
    [2009-10-21 22:24:54 | 000,000,056 | -H-- | C] () -- C:\WINDOWS2\System32\ezsidmv.dat
    [2009-06-23 12:32:36 | 000,043,520 | ---- | C] () -- C:\WINDOWS2\System32\CmdLineExt03.dll
    [2009-05-04 16:54:14 | 000,279,712 | ---- | C] () -- C:\WINDOWS2\System32\drivers\atksgt.sys
    [2009-05-04 16:54:13 | 000,025,888 | ---- | C] () -- C:\WINDOWS2\System32\drivers\lirsgt.sys
    [2009-04-21 23:19:06 | 000,172,173 | ---- | C] () -- C:\WINDOWS2\System32\xlive.dll.cat
    [2009-03-13 12:54:15 | 000,000,141 | ---- | C] () -- C:\Documents and Settings\Pe.BREAH-7959170B3\Local Settings\Application Data\fusioncache.dat
    [2009-01-28 23:51:17 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\pcouffin.cat
    [2009-01-28 23:51:17 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\pcouffin.inf
    [2009-01-21 16:46:20 | 000,139,152 | ---- | C] () -- C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\PnkBstrK.sys
    [2009-01-21 16:45:55 | 002,373,712 | ---- | C] () -- C:\WINDOWS2\System32\pbsvc.exe
    [2009-01-14 15:10:10 | 000,117,158 | ---- | C] () -- C:\WINDOWS2\hpoins11.dat
    [2009-01-14 15:08:03 | 000,077,824 | ---- | C] () -- C:\WINDOWS2\System32\HPZIDS01.dll
    [2009-01-14 15:07:07 | 000,011,634 | ---- | C] () -- C:\WINDOWS2\hpomdl11.dat
    [2009-01-13 22:18:41 | 000,001,302 | ---- | C] () -- C:\WINDOWS2\S3D.ini
    [2009-01-13 15:50:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS2\nsreg.dat
    [2009-01-13 15:34:47 | 000,087,040 | ---- | C] () -- C:\Documents and Settings\Pe.BREAH-7959170B3\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009-01-13 14:56:56 | 000,005,810 | R--- | C] () -- C:\WINDOWS2\System32\drivers\ASACPI.sys
    [2009-01-13 14:56:53 | 000,004,248 | ---- | C] () -- C:\WINDOWS2\Ascd_tmp.ini
    [2009-01-13 14:56:46 | 000,010,288 | ---- | C] () -- C:\WINDOWS2\System32\drivers\ASUSHWIO.SYS
    [2009-01-13 14:40:55 | 000,002,048 | --S- | C] () -- C:\WINDOWS2\bootstat.dat
    [2009-01-13 14:35:07 | 000,021,640 | ---- | C] () -- C:\WINDOWS2\System32\emptyregdb.dat
    [2009-01-13 14:17:09 | 000,004,205 | ---- | C] () -- C:\WINDOWS2\ODBCINST.INI
    [2009-01-13 14:15:58 | 001,551,688 | ---- | C] () -- C:\WINDOWS2\System32\FNTCACHE.DAT
    [2009-01-13 11:36:53 | 000,004,569 | ---- | C] () -- C:\WINDOWS2\System32\secupd.dat
    [2009-01-13 11:36:45 | 000,444,812 | ---- | C] () -- C:\WINDOWS2\System32\perfh009.dat
    [2009-01-13 11:36:45 | 000,272,128 | ---- | C] () -- C:\WINDOWS2\System32\perfi009.dat
    [2009-01-13 11:36:45 | 000,072,752 | ---- | C] () -- C:\WINDOWS2\System32\perfc009.dat
    [2009-01-13 11:36:45 | 000,028,626 | ---- | C] () -- C:\WINDOWS2\System32\perfd009.dat
    [2009-01-13 11:36:45 | 000,020,480 | ---- | C] () -- C:\WINDOWS2\System32\oleaccrc.dll
    [2009-01-13 11:36:45 | 000,004,463 | ---- | C] () -- C:\WINDOWS2\System32\oembios.dat
    [2009-01-13 11:36:44 | 013,107,200 | ---- | C] () -- C:\WINDOWS2\System32\oembios.bin
    [2009-01-13 11:36:43 | 000,000,741 | ---- | C] () -- C:\WINDOWS2\System32\noise.dat
    [2009-01-13 11:36:38 | 000,673,088 | ---- | C] () -- C:\WINDOWS2\System32\mlang.dat
    [2009-01-13 11:36:38 | 000,046,258 | ---- | C] () -- C:\WINDOWS2\System32\mib.bin
    [2009-01-13 11:36:31 | 000,218,003 | ---- | C] () -- C:\WINDOWS2\System32\dssec.dat
    [2009-01-13 11:36:23 | 000,001,804 | ---- | C] () -- C:\WINDOWS2\System32\Dcache.bin
    [2008-02-20 11:11:16 | 000,035,168 | ---- | C] () -- C:\WINDOWS2\System32\drivers\epfwtdir.sys
    [2001-07-07 03:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS2\System32\hptcpmon.ini
    [1996-04-03 19:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS2\System32\giveio.sys

    ========== LOP Check ==========

    [2010-06-23 12:52:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DAEMON Tools
    [2010-06-23 12:55:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DAEMON Tools Lite
    [2010-06-23 12:52:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DAEMON Tools Pro
    [2008-07-16 21:16:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Codemasters
    [2007-11-05 08:58:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
    [2008-12-22 22:28:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
    [2009-01-08 15:13:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hagel Technologies
    [2008-10-22 13:02:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin Games
    [2008-10-26 19:00:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Jlcm
    [2007-09-10 21:37:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pixelStorm
    [2008-10-27 18:41:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PPLive
    [2008-11-17 18:02:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sports Interactive
    [2008-10-22 13:59:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
    [2009-01-12 23:21:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2008-03-02 23:18:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ubisoft
    [2010-04-20 21:45:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS2\Application Data\abelhadigital.com
    [2011-01-30 19:45:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS2\Application Data\Alwil Software
    [2009-07-16 13:59:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS2\Application Data\Autodesk
    [2011-04-12 08:23:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS2\Application Data\Avanquest
    [2010-12-10 18:52:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS2\Application Data\Bandoo
    [2009-11-23 21:59:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS2\Application Data\BVRP Software
    [2011-02-10 22:10:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS2\Application Data\Canneverbe Limited
    [2009-01-13 16:57:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS2\Application Data\DAEMON Tools Lite
    [2009-02-14 16:21:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS2\Application Data\DAEMON Tools Pro
    [2010-07-03 17:23:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS2\Application Data\Driver Whiz
    [2009-01-13 15:53:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS2\Application Data\ESET
    [2010-12-09 20:57:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS2\Application Data\Fun4IM
    [2010-12-20 18:24:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS2\Application Data\GrebleSoft
    [2010-12-10 19:28:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS2\Application Data\Hitman Pro
    [2010-06-01 20:04:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS2\Application Data\id Software
    [2011-04-28 13:03:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS2\Application Data\JCreator
    [2009-02-05 14:59:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS2\Application Data\NCH Swift Sound
    [2010-07-07 16:04:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS2\Application Data\PC Drivers HeadQuarters
    [2012-02-13 11:31:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS2\Application Data\PC1Data
    [2011-09-29 16:03:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS2\Application Data\RegCure
    [2012-02-13 12:36:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS2\Application Data\RegistryCleanEasy
    [2011-03-28 10:29:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS2\Application Data\Solidshield
    [2009-10-05 23:59:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS2\Application Data\Soulseek
    [2012-02-14 15:10:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS2\Application Data\SpeedyPC Software
    [2009-10-16 21:31:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS2\Application Data\Sports Interactive
    [2012-02-14 16:03:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS2\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
    [2007-10-28 22:55:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pe\Application Data\.BTuga
    [2007-11-05 08:58:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pe\Application Data\DAEMON Tools Pro
    [2007-05-12 09:49:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pe\Application Data\DMCache
    [2008-12-10 13:28:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pe\Application Data\eMule
    [2007-12-15 16:59:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pe\Application Data\Printer Info Cache
    [2011-03-29 14:33:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pe\Application Data\Sports Interactive
    [2008-12-02 14:24:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pe\Application Data\SystemRequirementsLab
    [2008-10-05 22:09:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pe\Application Data\Thinstall
    [2008-03-02 23:18:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pe\Application Data\Ubisoft
    [2009-01-12 23:08:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pe\Application Data\uTorrent
    [2009-11-23 21:13:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\aerix
    [2009-01-14 14:27:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\Aston
    [2010-12-10 12:56:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\Bandoo
    [2011-02-10 22:10:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\Canneverbe Limited
    [2009-01-13 16:58:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\DAEMON Tools
    [2009-01-13 16:25:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\DAEMON Tools Lite
    [2009-02-14 16:21:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\DAEMON Tools Pro
    [2011-04-28 13:11:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\DJJava
    [2012-02-14 15:28:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\dll-files.com
    [2010-07-22 18:45:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\DVDVideoSoftIEHelpers
    [2010-03-22 13:59:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\FileZilla
    [2010-01-15 15:46:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\FOG Downloader
    [2010-01-18 22:12:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\GetRightToGo
    [2009-07-07 22:23:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\gslist
    [2009-01-13 19:45:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\gtk-2.0
    [2010-12-20 18:24:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\Handy Address Book
    [2010-12-07 15:19:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\Image Zone Express
    [2011-04-28 13:03:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\JCreator
    [2010-12-13 00:17:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\Moyea
    [2009-01-13 19:59:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\MSNInstaller
    [2009-05-07 18:10:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\Octoshape
    [2012-02-13 11:32:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\PC Cleaners
    [2012-02-13 11:32:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\PCPro
    [2011-09-29 16:01:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\RayV
    [2012-02-13 12:53:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\Registry Mechanic
    [2009-12-03 14:32:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\Sony
    [2009-12-03 14:25:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\Sony Setup
    [2012-01-25 10:29:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\Sports Interactive
    [2011-06-01 16:05:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\SystemRequirementsLab
    [2009-02-20 17:42:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\The Creative Assembly
    [2011-11-19 16:44:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\TS3Client
    [2012-02-15 11:09:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\uTorrent
    [2010-01-19 19:07:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\Vso
    [2009-01-13 17:49:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\Wisco
    [2012-02-15 11:14:00 | 000,000,228 | ---- | M] () -- C:\WINDOWS2\Tasks\Scheduled Update for Ask Toolbar.job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2007-05-11 21:19:32 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2009-07-29 19:23:58 | 000,000,328 | ---- | M] () -- C:\BFP2_R2.1_Client_Full.exe.html
    [2012-02-14 16:16:33 | 000,000,323 | ---- | M] () -- C:\Boot.bak
    [2012-02-14 19:36:31 | 000,000,439 | RHS- | M] () -- C:\boot.ini
    [2004-09-21 12:00:00 | 000,004,952 | RHS- | M] () -- C:\bootfont.bin
    [2010-10-29 12:27:10 | 000,000,126 | ---- | M] () -- C:\cmdlog.txt
    [2004-08-03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
    [2012-02-14 19:55:51 | 000,079,640 | ---- | M] () -- C:\ComboFix.txt
    [2007-05-11 21:19:32 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2009-01-10 16:53:47 | 000,000,000 | ---- | M] () -- C:\debug.log
    [2007-05-11 21:19:32 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2007-05-11 21:42:38 | 000,000,195 | ---- | M] () -- C:\LAN.log
    [2007-05-11 21:19:32 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2009-01-13 11:36:43 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2009-01-13 11:36:44 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2004-02-29 15:44:34 | 000,052,576 | ---- | M] () -- C:\orange.bmp
    [2007-07-17 12:13:50 | 000,524,288 | ---- | M] () -- C:\P5V-VM-SE-DH-1105.bin
    [2012-02-15 10:21:14 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
    [2008-05-21 21:07:44 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
    [2008-05-21 21:07:44 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
    [2010-12-10 20:14:52 | 000,042,610 | ---- | M] () -- C:\TDSSKiller.2.4.11.0_10.12.2010_20.13.53_log.txt
    [2009-05-20 18:41:40 | 000,000,510 | ---- | M] () -- C:\updatedatfix.log
    [2007-11-14 16:19:28 | 000,487,258 | ---- | M] () -- C:\vcredist_x86.log
    [2009-03-18 20:28:44 | 000,000,135 | ---- | M] () -- C:\VundoFix.txt
    [2007-05-11 21:41:07 | 000,000,185 | ---- | M] () -- C:\wifi.log

    < %systemroot%\Fonts\*.com >
    [2006-04-18 14:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS2\Fonts\GlobalMonospace.CompositeFont
    [2006-06-29 13:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS2\Fonts\GlobalSansSerif.CompositeFont
    [2006-04-18 14:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS2\Fonts\GlobalSerif.CompositeFont
    [2006-06-29 13:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS2\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009-01-13 14:38:15 | 000,000,067 | -HS- | M] () -- C:\WINDOWS2\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2008-07-06 12:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS2\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    [2006-04-10 14:02:32 | 000,074,240 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS2\system32\spool\prtprocs\w32x86\hpzpp054.dll
    [2006-10-26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS2\system32\spool\prtprocs\w32x86\msonpppr.dll
    [2008-07-06 10:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS2\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >
    [2009-01-19 19:24:49 | 000,001,738 | -H-- | M] () -- C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\Microsoft\LastFlashConfig.WFC

    < %PROGRAMFILES%\*.* >

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2009-01-13 14:15:13 | 000,094,208 | ---- | M] () -- C:\WINDOWS2\System32\config\default.sav
    [2009-01-13 14:15:13 | 001,089,536 | ---- | M] () -- C:\WINDOWS2\System32\config\software.sav
    [2009-01-13 14:15:13 | 000,937,984 | ---- | M] () -- C:\WINDOWS2\System32\config\system.sav

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
    [2009-01-13 14:38:57 | 000,000,294 | -HS- | M] () -- C:\Documents and Settings\All Users.WINDOWS2\Start Menu\desktop.ini

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2009-01-13 14:43:43 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
    [2009-01-13 14:43:42 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

    < %USERPROFILE%\Desktop\*.exe >
    [2012-02-14 16:35:51 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Pe.BREAH-7959170B3\Desktop\8zz695zi.exe
    [2011-09-20 03:02:40 | 000,083,968 | ---- | M] (Esage Lab) -- C:\Documents and Settings\Pe.BREAH-7959170B3\Desktop\boot_cleaner.exe
    [2009-02-13 19:56:46 | 001,527,808 | ---- | M] (CPUID) -- C:\Documents and Settings\Pe.BREAH-7959170B3\Desktop\cpuz.exe
    [2008-12-27 06:46:08 | 000,383,488 | ---- | M] (NARS) -- C:\Documents and Settings\Pe.BREAH-7959170B3\Desktop\medvel.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >
    [2007-01-18 18:54:37 | 000,467,212 | ---- | M] () -- C:\Documents and Settings\Pe.BREAH-7959170B3\My Documents\mqn.exe

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2009-01-13 14:43:42 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Pe.BREAH-7959170B3\Favorites\Desktop.ini
    [2009-02-05 14:59:20 | 000,000,220 | ---- | M] () -- C:\Documents and Settings\Pe.BREAH-7959170B3\Favorites\NCH Audio and Telephony Software.lnk

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >
    [2012-02-15 10:28:52 | 000,081,920 | ---- | M] () -- C:\Documents and Settings\Pe.BREAH-7959170B3\Cookies\index.dat

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [2009-01-13 11:37:20 | 000,208,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS2\inf\unregmp2.exe

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >
    [2009-01-13 11:36:21 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
    [2009-01-13 11:36:37 | 000,004,821 | R--- | M] () -- C:\Program Files\Messenger\logowin.gif
    [2007-04-02 23:37:24 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
    [2008-05-02 14:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
    [2008-04-13 23:00:30 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
    [2008-04-14 05:42:30 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
    [2009-01-13 11:36:43 | 000,009,306 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
    [2009-01-13 11:36:43 | 000,018,052 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
    [2009-01-13 11:36:45 | 000,009,306 | ---- | M] () -- C:\Program Files\Messenger\online.wav
    [2007-04-02 23:37:28 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
    [2007-04-02 23:34:02 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
    @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0F8F5844
    @Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:364682BC

    < End of report >
  11. TheBreah

    TheBreah Newcomer, in training Topic Starter

    OTL Extras logfile created on: 15-02-2012 11:11:09 - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = F:\Ziped Files
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000816 | Country: Portugal | Language: PTG | Date Format: dd-MM-yyyy

    2,00 Gb Total Physical Memory | 1,22 Gb Available Physical Memory | 61,28% Memory free
    3,85 Gb Paging File | 3,24 Gb Available in Paging File | 84,23% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS2 | %ProgramFiles% = C:\Program Files
    Drive C: | 29,29 Gb Total Space | 5,62 Gb Free Space | 19,17% Space Free | Partition Type: NTFS
    Drive F: | 45,23 Gb Total Space | 4,35 Gb Free Space | 9,62% Space Free | Partition Type: NTFS

    Computer Name: BREAH-7959170B3 | User Name: Pe | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
    .txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

    [HKEY_USERS\S-1-5-21-448539723-362288127-1417001333-1003\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "UpdatesDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "56831:TCP" = 56831:TCP:*:Enabled:pando Media Booster
    "56831:UDP" = 56831:UDP:*:Enabled:pando Media Booster

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "5222:TCP" = 5222:TCP:*:Enabled:xmpp.quakelive.com
    "56831:TCP" = 56831:TCP:*:Enabled:pando Media Booster
    "56831:UDP" = 56831:UDP:*:Enabled:pando Media Booster
    "56065:TCP" = 56065:TCP:*:Enabled:pando
    "563:TCP" = 563:TCP:*:Enabled:pando2

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
    "F:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = F:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)
    "F:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = F:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)
    "F:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = F:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)
    "F:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = F:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)
    "F:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = F:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
    "F:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = F:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)
    "F:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = F:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)
    "F:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = F:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
    "F:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = F:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
    "F:\Program Files\Autodesk\Backburner\monitor.exe" = F:\Program Files\Autodesk\Backburner\monitor.exe:*:Enabled:backburner 2.3 monitor -- (Autodesk, Inc.)
    "F:\Program Files\Autodesk\Backburner\manager.exe" = F:\Program Files\Autodesk\Backburner\manager.exe:*:Enabled:backburner 2.3 manager -- (Autodesk, Inc.)
    "F:\Program Files\Autodesk\Backburner\server.exe" = F:\Program Files\Autodesk\Backburner\server.exe:*:Enabled:backburner 2.3 server -- (Autodesk, Inc.)
    "C:\Programas\The All-Seeing Eye\eye.exe" = C:\Programas\The All-Seeing Eye\eye.exe:*:Enabled:Yahoo! All-Seeing Eye -- (Yahoo! Inc.)
    "F:\Games\Steam\steamapps\randoomized\source sdk base\hl2.exe" = F:\Games\Steam\steamapps\randoomized\source sdk base\hl2.exe:*:Enabled:hl2 -- ()
    "C:\Programas\Windows Live\Messenger\msnmsgr.exe" = C:\Programas\Windows Live\Messenger\msnmsgr.exe:*:Disabled:Windows Live Messenger -- (Microsoft Corporation)
    "C:\Program Files\SoulseekNS\slsk.exe" = C:\Program Files\SoulseekNS\slsk.exe:*:Enabled:SoulSeek -- ()
    "C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
    "F:\Games\Steam\Steam.exe" = F:\Games\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
    "C:\Program Files\SmartFTP Client\SmartFTP.exe" = C:\Program Files\SmartFTP Client\SmartFTP.exe:*:Enabled:SmartFTP Client 3.0 -- (SmartSoft Ltd.)
    "F:\Program Files\uTorrent\uTorrent.exe" = F:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
    "C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" = C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe:*:Enabled:Main program for Octoshape client -- (Octoshape ApS)
    "C:\Program Files\EA GAMES\Battlefield 2\BF2.exe" = C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2 -- ()
    "C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe" = C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Enabled:Octoshape add-in for Adobe Flash Player -- (Octoshape ApS)
    "C:\WINDOWS2\system32\dpvsetup.exe" = C:\WINDOWS2\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
    "C:\Programas\SmartFTP Client\SmartFTP.exe" = C:\Programas\SmartFTP Client\SmartFTP.exe:*:Enabled:SmartFTP Client 3.0 -- (SmartSoft Ltd.)
    "C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
    "F:\Program Files\EA GAMES\Battlefield 1942\BF1942.exe" = F:\Program Files\EA GAMES\Battlefield 1942\BF1942.exe:*:Enabled:BF1942 -- ()
    "F:\Games\Steam\steamapps\randoomized\source sdk base 2007\hl2.exe" = F:\Games\Steam\steamapps\randoomized\source sdk base 2007\hl2.exe:*:Enabled:Source SDK Base 2007 -- ()
    "C:\Program Files\EA GAMES\Battlefield 2\forgottenhope2.exe" = C:\Program Files\EA GAMES\Battlefield 2\forgottenhope2.exe:*:Disabled:forgottenhope2 -- ()
    "C:\Program Files\EA GAMES\Battlefield 2\FH2.exe" = C:\Program Files\EA GAMES\Battlefield 2\FH2.exe:*:Enabled:Forgotten Hope 2 -- ()
    "F:\Program Files\mIRC\mirc.exe" = F:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC -- (mIRC Co. Ltd.)
    "F:\Games\Steam\steamapps\randoomized\counter-strike\hl.exe" = F:\Games\Steam\steamapps\randoomized\counter-strike\hl.exe:*:Enabled:Counter-Strike -- (Valve)
    "C:\Documents and Settings\Pe.BREAH-7959170B3\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" = C:\Documents and Settings\Pe.BREAH-7959170B3\Local Settings\Application Data\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome -- (Google Inc.)
    "F:\Programas\mIRC\mirc.exe" = F:\Programas\mIRC\mirc.exe:*:Enabled:mIRC -- (mIRC Co. Ltd.)
    "F:\Games\Steam\steamapps\randoomized\counter-strike source\hl2.exe" = F:\Games\Steam\steamapps\randoomized\counter-strike source\hl2.exe:*:Enabled:Counter-Strike: Source -- ()


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
    "{020519DC-C377-87A4-4FFA-2C04CAB6F06A}" = CCC Help Turkish
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
    "{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
    "{05204005-CEF4-AED1-6D55-19999BDDF5D9}" = Catalyst Control Center Localization All
    "{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}" = Microsoft Games for Windows - LIVE Redistributable
    "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
    "{0BD8FCF6-9FA0-8CCA-7CC3-4A3A3663EF26}" = ccc-utility
    "{0CB61B75-A2BF-42FB-1441-4E1E0E478FFF}" = CCC Help French
    "{0EACF2A3-B998-5B20-B9D1-E69385584142}" = CCC Help Hungarian
    "{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
    "{127B684B-A002-44C8-99A7-6CF8F1E26873}" = PunkBuster for Battlefield 1942
    "{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
    "{155BD1DE-E53B-1F1A-A6CC-08EF3A2684E9}" = CCC Help Chinese Standard
    "{17B6DDE9-2E5F-1E6A-5376-EBEA92523C1F}" = CCC Help Chinese Traditional
    "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
    "{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
    "{1E2FDD18-E514-4631-AF4A-0CC58FD93DCB}" = Quake Live Mozilla Plugin
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F77C418-2C90-459C-BD33-B56A4182B9FA}" = System Requirements Lab CYRI
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Ferramenta de Carregamento do Windows Live
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
    "{23F79416-CAD1-41BF-99A3-040F6C814AAA}" = NVIDIA Photoshop Plug-ins
    "{24990A39-5F20-4FCA-BAFE-EEF1E4800709}" = Catalyst Control Center - Branding
    "{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 29
    "{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
    "{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
    "{2A2A9154-534C-8430-5C8C-F197D51E3647}" = CCC Help Polish
    "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{357DD2C5-542F-BCD1-E74E-5993A233F3CA}" = CCC Help Dutch
    "{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
    "{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
    "{38CEDBD6-72C7-F966-8290-B9E518FC8341}" = Catalyst Control Center InstallProxy
    "{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
    "{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2008.1
    "{3DE8E48A-E70F-6E27-383D-4685A622A0DF}" = CCC Help Japanese
    "{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
    "{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
    "{40F6E633-21A9-6997-CF86-B47ED7B246EF}" = CCC Help Italian
    "{41785C66-90F2-40CE-8CB5-1C94BFC97280}" = Microsoft Chart Controls for Microsoft .NET Framework 3.5
    "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
    "{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
    "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4D243BA7-9AC4-46D1-90E5-EEB88974F501}" = Microsoft Games for Windows - LIVE
    "{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
    "{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
    "{51D29783-1876-9A77-3CE2-018F09FB8876}" = CCC Help Russian
    "{52B76707-AD64-B360-F331-7D7716A2EF4E}" = CCC Help Spanish
    "{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
    "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
    "{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
    "{55DD6846-EF8B-45AD-8C14-21DAFF204C77}" = Web Media Client
    "{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
    "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
    "{6141BE08-A14D-2E76-1C9B-C9B724E93F8F}" = CCC Help Czech
    "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
    "{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
    "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
    "{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
    "{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}" = Battlefield 1942
    "{6994491D-D491-48F1-AE1F-E179C1FFFC2F}" = HP Photosmart Essential
    "{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
    "{6BF91072-94EE-9E98-3B0B-C1A77656CA88}" = CCC Help Swedish
    "{6ED53E0C-EAC0-4F0F-947D-6BA817E4C8C3}" = HostsMan 3.2.73
    "{6F23C1A3-9F62-470C-BD12-B83F04E67865}" = SmartFTP Client
    "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
    "{70969B6E-F12C-A3C9-EBAC-BD9C0F3F6E44}" = CCC Help Korean
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{71D92E42-DBBF-4CEB-895E-95C56D5E4868}_is1" = Mz Ram Booster v3.5.2
    "{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
    "{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
    "{7B0450BA-BD15-C54A-C9EA-3E4C68722101}" = CCC Help English
    "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
    "{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
    "{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
    "{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
    "{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
    "{87A90A22-0F2C-EE18-9333-E8F6DC71256C}" = Skins
    "{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
    "{885A63EA-382B-4DD4-A755-14809B8557D6}" = Macromedia Flash Player 8
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
    "{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder
    "{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
    "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
    "{8DC069E7-893C-41E1-9442-DE89FEC33371}" = Xobni Core
    "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
    "{8EA3C946-5504-DA12-7BFF-873729D1673C}" = ATI Catalyst Install Manager
    "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
    "{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
    "{97F81AF1-0E47-DC99-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 ATL (x86) WinSXS MSM
    "{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86) WinSXS MSM
    "{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
    "{9FC8D8F8-AF3A-4488-98AF-51C6DEC732F2}" = c3100_Help
    "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
    "{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
    "{A2DB9340-8ECB-A16D-7AEC-8A0D72217A09}" = CCC Help German
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A675E6D2-51E7-5232-BDC4-4DCF52CF382A}" = ccc-core-static
    "{A725C340-77EE-11D6-BBC2-0000CB591583}" = A.F.5 Rename your files 1.1
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
    "{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
    "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
    "{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
    "{B193E6AB-0FEE-664B-7458-63575F668F56}" = CCC Help Danish
    "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
    "{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
    "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
    "{B7CE4105-2F9F-1FC4-9D76-E26CEBF689B9}" = CCC Help Norwegian
    "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
    "{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C10D6AB8-05BB-422D-AAE3-36D6E0381487}" = ESET NOD32 Antivirus
    "{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
    "{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
    "{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
    "{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
    "{C9E45C84-9BFE-1121-00CD-9F0CC9B75BD3}" = CCC Help Thai
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CE7CB214-DB11-4B5D-A6AF-3B4ED47C68B7}" = Microsoft Game Studios Common Redistributables Pack 1
    "{D0A32C98-F715-6A4B-688D-275AA1393ED8}" = CCC Help Greek
    "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
    "{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
    "{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
    "{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
    "{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
    "{DF6320E3-B716-4FAB-99CD-18AB6A2C3970}" = DJ Java Decompiler v.3.11.11.95
    "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
    "{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
    "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
    "{EB8C9964-09AC-48bf-8B98-027609C78251}" = C3100
    "{EE086612-CE52-3402-18D5-DDFEE2F87CE8}" = CCC Help Finnish
    "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
    "{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
    "{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
    "{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
    "{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
    "{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
    "{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
    "{FE4270D7-A642-49C1-9A40-854DA3F13FB2}_is1" = Moyea FLV Player version: 2.0.2.96
    "{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
    "{FEE777F9-EE4E-4504-8CCC-528270A4992A}" = CCC Help Portuguese
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
    "Bandoo" = Fun4IM
    "Catan Online Welt" = Catan Online World
    "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09
    "Creative PD0630" = Creative WebCam Live! Driver (1.02.03.0606)
    "DAEMON Tools Toolbar" = DAEMON Tools Toolbar
    "Dll-Files.com Fixer_is1" = Dll-Files.com Fixer
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "ExpressBurn" = Express Burn
    "Football Manager 2012_is1" = Football Manager 2012
    "Free Window Registry Repair" = Free Window Registry Repair
    "Handy Address Book" = Handy Address Book
    "HP Imaging Device Functions" = HP Imaging Device Functions 7.0
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
    "HPOCR" = OCR Software by I.R.I.S 7.0
    "ie8" = Windows Internet Explorer 8
    "Instant Eyedropper_is1" = Instant Eyedropper 1.75
    "JCreator LE_is1" = JCreator LE 5.00
    "LangPad_is1" = LangPad version 2.0
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)
    "NVIDIA Drivers" = NVIDIA Drivers
    "Red Eye Remover_is1" = Red Eye Remover 2.0
    "Soulseek2" = SoulSeek 157 NS 13e
    "SpeedFan" = SpeedFan (remove only)
    "Steam App 215" = Source SDK Base
    "Steam App 218" = Source SDK Base 2007
    "SUPER ©" = SUPER © Version 2009.bld.36 (June 10, 2009)
    "SWiX_is1" = SWiX ver.1.1.1
    "SystemRequirementsLab" = System Requirements Lab
    "uTorrent" = µTorrent
    "Veetle TV" = Veetle TV 0.9.18
    "vShare.tv plugin" = vShare.tv plugin 1.3
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "WinISO_is1" = WinISO 5.3
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WinRAR archiver" = WinRAR 4.10 beta 3 (32-bit)
    "XobniMain" = Xobni
    "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-448539723-362288127-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "BF1918 FHT 2.1 Installer" = BF1918 FHT 2.1 Installer
    "Google Chrome" = Google Chrome
    "Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
    "Octoshape Streaming Services" = Octoshape Streaming Services
    "TeamSpeak 3 Client" = TeamSpeak 3 Client
    "uTorrent" = µTorrent

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 07-02-2012 10:13:22 | Computer Name = BREAH-7959170B3 | Source = MsiInstaller | ID = 1024
    Description = Product: Microsoft Office Enterprise 2007 - Update 'Microsoft Office
    2007 Service Pack 3 (SP3)' could not be installed. Error code 1603. Windows Installer
    can create logs to help troubleshoot issues with installing software packages.
    Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

    Error - 07-02-2012 18:40:11 | Computer Name = BREAH-7959170B3 | Source = Application Error | ID = 1000
    Description = Faulting application fm.exe, version 12.0.4.37031, faulting module
    fm.exe, version 12.0.4.37031, fault address 0x0177c7a1.

    Error - 09-02-2012 11:53:13 | Computer Name = BREAH-7959170B3 | Source = Application Error | ID = 1000
    Description = Faulting application fm.exe, version 12.0.4.37031, faulting module
    fm.exe, version 12.0.4.37031, fault address 0x0177c7a1.

    Error - 12-02-2012 18:58:25 | Computer Name = BREAH-7959170B3 | Source = SmartRegistryCleanerService.exe | ID = 0
    Description =

    Error - 12-02-2012 19:03:23 | Computer Name = BREAH-7959170B3 | Source = SmartRegistryCleanerService.exe | ID = 0
    Description =

    Error - 12-02-2012 19:37:25 | Computer Name = BREAH-7959170B3 | Source = EventSystem | ID = 4609
    Description = The COM+ Event System detected a bad return code during its internal
    processing. HRESULT was 8007043C from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
    Please contact Microsoft Product Support Services to report this erro

    Error - 13-02-2012 7:58:12 | Computer Name = BREAH-7959170B3 | Source = MsiInstaller | ID = 11307
    Description = Product: Microsoft Office Enterprise 2007 -- Error 1307.There is not
    enough disk space to install this file: C:\WINDOWS2\Installer\38bdef.msp. Free
    some disk space and click 'Retry', or click 'Cancel' to exit.

    Error - 13-02-2012 7:59:16 | Computer Name = BREAH-7959170B3 | Source = MsiInstaller | ID = 1024
    Description = Product: Microsoft Office Enterprise 2007 - Update 'Microsoft Office
    2007 Service Pack 3 (SP3)' could not be installed. Error code 1603. Windows Installer
    can create logs to help troubleshoot issues with installing software packages.
    Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

    Error - 13-02-2012 14:40:20 | Computer Name = BREAH-7959170B3 | Source = Application Hang | ID = 1002
    Description = Hanging application OUTLOOK.EXE, version 12.0.6535.5005, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 14-02-2012 12:52:55 | Computer Name = BREAH-7959170B3 | Source = Application Hang | ID = 1002
    Description = Hanging application mbam.exe, version 1.51.1.1076, hang module hungapp,
    version 0.0.0.0, hang address 0x00000000.

    [ System Events ]
    Error - 08-02-2012 15:33:46 | Computer Name = BREAH-7959170B3 | Source = Service Control Manager | ID = 7011
    Description = Timeout (30000 milliseconds) waiting for a transaction response from
    the Dnscache service.

    Error - 09-02-2012 14:44:40 | Computer Name = BREAH-7959170B3 | Source = Service Control Manager | ID = 7009
    Description = Timeout (30000 milliseconds) waiting for the LogMeIn Hamachi Tunneling
    Engine service to connect.

    Error - 09-02-2012 14:44:41 | Computer Name = BREAH-7959170B3 | Source = Service Control Manager | ID = 7000
    Description = The LogMeIn Hamachi Tunneling Engine service failed to start due to
    the following error: %%1053


    < End of report >
     
  12. Broni

    Broni Malware Annihilator Posts: 46,164   +251

    Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2

    64-bit users go HERE
    • Double-click SystemLook.exe to run it.
    • Vista users:: Right click on SystemLook.exe, click Run As Administrator
    • Copy the content of the following box and paste it into the main textfield:

      Code:
      :filefind
      oleaccrc.dll
      
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt
  13. TheBreah

    TheBreah Newcomer, in training Topic Starter

    After running the program 2 errors appear and after that no log is created.

    1st

    [​IMG]

    2nd

    [​IMG]
  14. Broni

    Broni Malware Annihilator Posts: 46,164   +251

    Disable Eset, delete your System Look file, download fresh one and try again.
  15. TheBreah

    TheBreah Newcomer, in training Topic Starter

    SystemLook 30.07.11 by jpshortstuff
    Log created at 19:06 on 15/02/2012 by Pe
    Administrator - Elevation successful

    ========== filefind ==========

    Searching for "oleaccrc.dll"
    C:\WINDOWS2\$NtUninstallKB2564958$\oleaccrc.dll -----c- 16896 bytes [00:27 13/10/2011] [11:36 13/01/2009] 6654698F76CF6E46D5D321C53721947C
    C:\WINDOWS2\SoftwareDistribution\Download\93941f6179574775ae9c76392aa65577\oleaccrc.dll --a---- 20480 bytes [11:41 26/09/2011] [11:41 26/09/2011] 99F59B3392AD68F08BB528791F5D880D
    C:\WINDOWS2\system32\oleaccrc.dll --a---- 20480 bytes [11:36 13/01/2009] [10:41 26/09/2011] (Unable to calculate MD5)
    C:\WINDOWS2\system32\dllcache\oleaccrc.dll --a--c- 20480 bytes [11:36 13/01/2009] [10:41 26/09/2011] 99F59B3392AD68F08BB528791F5D880D

    -= EOF =-
  16. Broni

    Broni Malware Annihilator Posts: 46,164   +251

    Download following batch file: http://www.bleepstatic.com/fhost/uploads/0/94-fix.bat
    Double click on it to run the fix.

    Command prompt window will open.
    You should see following message:
    "1 file(s) copied"
    In that case press any key to close command prompt window.
    If you see any error message let me know.

    NOTE. If the file can't be copied run the fix from safe mode.

    Restart computer and let me know if the error is gone.
  17. TheBreah

    TheBreah Newcomer, in training Topic Starter

    The following error occurs both in normal and in safe mode.

    [​IMG]
  18. Broni

    Broni Malware Annihilator Posts: 46,164   +251

    Download BlitzBlank and save it to your desktop.
    Double click on Blitzblank.exe

    • Click OK at the warning.
    • Click the Script tab and copy/paste the following text there:
    Code:
    CopyFile:
    C:\WINDOWS2\$NtUninstallKB2564958$\oleaccrc.dll C:\WINDOWS2\system32\oleaccrc.dll
    
    • Click Execute Now. Your computer will need to reboot in order to replace the files.
    • When done, post the report created by Blitzblank.
      You can find it in the root of the drive, normally C:\
     
  19. TheBreah

    TheBreah Newcomer, in training Topic Starter

    BlitzBlank 1.0.0.32

    File/Registry Modification Engine native application
    CopyFileOnReboot: sourceFile = "\??\c:\windows2\$ntuninstallkb2564958$\oleaccrc.dll", destinationFile = "\??\c:\windows2\system32\oleaccrc.dll"CopyFile: ZwCreateFile failed: status = c0000102
  20. Broni

    Broni Malware Annihilator Posts: 46,164   +251

    Interesting.....

    1. Please open Notepad (Start>All Programs>Accessories>Notepad).

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    FCopy::
    C:\WINDOWS2\$NtUninstallKB2564958$\oleaccrc.dll C:\WINDOWS2\system32\oleaccrc.dll
    
    ClearJavaCache::
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
  21. TheBreah

    TheBreah Newcomer, in training Topic Starter

    ComboFix 12-02-13.01 - Pe 16-02-2012 0:27.2.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.351.1033.18.2046.1378 [GMT 0:00]
    Running from: f:\ziped files\ComboFix.exe
    Command switches used :: c:\documents and settings\Pe.BREAH-7959170B3\Desktop\CFScript.txt
    AV: ESET NOD32 Antivirus 3.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
    AV: PC Cleaner Pro *Disabled/Updated* {737A8864-C2D9-4337-B49A-B5E35815B9BB}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-01-16 to 2012-02-16 )))))))))))))))))))))))))))))))
    .
    .
    2012-02-14 16:03 . 2012-02-14 16:03 -------- d-----w- c:\documents and settings\All Users.WINDOWS2\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
    2012-02-14 15:35 . 2012-02-14 15:37 -------- d-----w- c:\program files\Dll-Files.com Fixer
    2012-02-14 15:28 . 2012-02-14 15:28 -------- d-----w- c:\documents and settings\Pe.BREAH-7959170B3\Application Data\dll-files.com
    2012-02-14 15:23 . 2012-02-14 15:23 -------- d-----w- c:\program files\Uniblue
    2012-02-14 15:08 . 2012-02-14 15:10 -------- d-----w- c:\documents and settings\All Users.WINDOWS2\Application Data\SpeedyPC Software
    2012-02-13 17:14 . 2012-02-14 16:39 -------- d-----w- c:\documents and settings\Pe.BREAH-7959170B3\Local Settings\Application Data\AskToolbar
    2012-02-13 17:14 . 2012-02-13 17:14 -------- d-----w- c:\documents and settings\Pe.BREAH-7959170B3\Local Settings\Application Data\APN
    2012-02-13 12:53 . 2012-02-13 12:53 -------- d-----w- c:\documents and settings\Pe.BREAH-7959170B3\Application Data\Registry Mechanic
    2012-02-13 12:41 . 2012-02-13 17:47 -------- d-----w- c:\program files\Common Files\PC Tools
    2012-02-13 12:35 . 2012-02-13 12:36 -------- d-----w- c:\documents and settings\All Users.WINDOWS2\Application Data\RegistryCleanEasy
    2012-02-13 12:35 . 2012-02-13 12:35 -------- d-----w- C:\RegistryCleanEasy
    2012-02-13 11:41 . 2012-02-13 11:41 -------- d-----w- c:\documents and settings\Pe.BREAH-7959170B3\AppData
    2012-02-13 11:32 . 2012-02-13 11:32 -------- d-----w- c:\documents and settings\Pe.BREAH-7959170B3\Application Data\PCPro
    2012-02-13 11:32 . 2012-02-13 11:32 -------- d-----w- c:\documents and settings\Pe.BREAH-7959170B3\Application Data\PC Cleaners
    2012-02-13 11:31 . 2012-02-13 11:30 5276432 ----a-w- c:\windows2\uninst.exe
    2012-02-13 11:31 . 2012-02-13 11:31 -------- d-----w- c:\documents and settings\All Users.WINDOWS2\Application Data\PC1Data
    2012-02-12 23:44 . 2011-07-06 19:52 41272 ----a-w- c:\windows2\system32\drivers\mbamswissarmy.sys
    2012-02-12 23:13 . 2012-02-12 23:13 -------- d-----w- c:\windows2\system32\wbem\Repository
    2012-02-12 22:58 . 2012-02-12 22:58 -------- d-----w- c:\program files\Enigma Software Group
    2012-02-06 09:52 . 2012-02-13 09:54 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
    2012-02-06 09:52 . 2012-02-13 09:54 43960 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
    2012-02-06 09:50 . 2009-03-18 16:35 26176 ---ha-w- c:\windows2\system32\hamachi.sys
    2012-01-31 18:52 . 2012-01-31 18:52 -------- d-----w- c:\documents and settings\Pe.BREAH-7959170B3\Local Settings\Application Data\Heroes and Generals
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-02-01 21:14 . 2010-06-01 12:54 138520 ----a-w- c:\windows2\system32\drivers\PnkBstrK.sys
    2012-02-01 21:11 . 2010-06-01 12:53 234536 ----a-w- c:\windows2\system32\PnkBstrB.exe
    2012-02-01 21:11 . 2009-03-29 18:06 234536 ----a-w- c:\windows2\system32\PnkBstrB.xtr
    2012-01-31 15:34 . 2010-06-01 12:53 234536 ----a-w- c:\windows2\system32\PnkBstrB.ex0
    2012-01-17 15:01 . 2009-01-21 16:46 139152 -c--a-w- c:\documents and settings\Pe.BREAH-7959170B3\Application Data\PnkBstrK.sys
    2011-12-13 11:01 . 2010-07-07 15:52 1698408 ----a-w- c:\windows2\RtlExUpd.dll
    2011-11-25 21:57 . 2009-01-13 11:37 293376 ----a-w- c:\windows2\system32\winsrv.dll
    2011-11-23 13:25 . 2009-01-13 11:37 1859584 ----a-w- c:\windows2\system32\win32k.sys
    2011-11-18 12:35 . 2009-01-13 11:36 60416 ----a-w- c:\windows2\system32\packager.exe
    2012-02-13 09:54 . 2011-05-01 12:22 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    2006-05-03 09:06 163328 --sh--r- c:\windows2\system32\flvDX.dll
    2007-02-21 10:47 31232 --sh--r- c:\windows2\system32\msfDX.dll
    2008-03-16 12:30 216064 --sh--r- c:\windows2\system32\nbDX.dll
    .
    .
    ------- Sigcheck -------
    Note: Unsigned files aren't necessarily malware.
    .
    [-] 2009-01-13 . 649B4101C35E996E1866037C28A5FD42 . 1614848 . . [5.1.2600.5512] . . c:\windows2\system32\sfcfiles.dll
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-02-14_19.49.46 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2012-02-15 23:10 . 2012-02-15 23:10 16384 c:\windows2\Temp\Perflib_Perfdata_1f0.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "PD0630 STISvc"="P0630Pin.dll" [2005-06-05 36864]
    "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-10-07 1461080]
    "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
    "StartCCC"="f:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-06-22 98304]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows2\system32\CTFMON.EXE" [2009-01-13 15360]
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk /k:C /k:F *
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS2^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    backup=c:\windows2\pss\HP Digital Imaging Monitor.lnkCommon Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2010-09-23 03:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
    2008-12-29 10:40 687560 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
    2007-09-06 13:08 136136 ----a-w- c:\programas\DAEMON Tools Pro\DTProAgent.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    2010-03-18 12:21 136176 ----atw- c:\documents and settings\Pe.BREAH-7959170B3\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
    2007-08-24 07:00 33648 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    2007-05-08 15:24 54840 ----a-w- f:\program files\HP\HP Software Update\hpwuSchd2.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
    2011-07-06 19:52 449584 ----a-w- f:\2\Malwarebytes' Anti-Malware\mbamgui.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2009-11-10 23:08 417792 ----a-w- f:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
    2010-06-08 16:16 19552872 ----a-w- c:\windows2\RTHDCPL.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
    2010-06-08 16:16 1833576 ----a-w- c:\windows2\SkyTel.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
    2009-03-05 15:07 2260480 -csha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2011-06-09 12:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "f:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "f:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "f:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "f:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "f:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "f:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "f:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "f:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
    "f:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "f:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "f:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "f:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "f:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "f:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
    "c:\\WINDOWS2\\system32\\PnkBstrA.exe"=
    "c:\\WINDOWS2\\system32\\PnkBstrB.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "f:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
    "f:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
    "f:\\Program Files\\Autodesk\\Backburner\\server.exe"=
    "c:\\Programas\\The All-Seeing Eye\\eye.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "f:\\Games\\Steam\\steamapps\\randoomized\\source sdk base\\hl2.exe"=
    "c:\\Programas\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\SoulseekNS\\slsk.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
    "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
    "f:\\Games\\Steam\\Steam.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
    "f:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Documents and Settings\\Pe.BREAH-7959170B3\\Application Data\\Octoshape\\Octoshape Streaming Services\\OctoshapeClient.exe"=
    "c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
    "c:\\Documents and Settings\\Pe.BREAH-7959170B3\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
    "c:\\WINDOWS2\\system32\\dpvsetup.exe"=
    "c:\\Programas\\SmartFTP Client\\SmartFTP.exe"=
    "c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
    "f:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe"=
    "c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "f:\\Games\\Steam\\steamapps\\randoomized\\source sdk base 2007\\hl2.exe"=
    "c:\\Program Files\\EA GAMES\\Battlefield 2\\forgottenhope2.exe"=
    "c:\\Program Files\\EA GAMES\\Battlefield 2\\FH2.exe"=
    "f:\\Program Files\\mIRC\\mirc.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "f:\\Games\\Steam\\steamapps\\randoomized\\counter-strike\\hl.exe"=
    "c:\\Documents and Settings\\Pe.BREAH-7959170B3\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
    "f:\\Programas\\mIRC\\mirc.exe"=
    "f:\\Games\\Steam\\steamapps\\randoomized\\counter-strike source\\hl2.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "5222:TCP"= 5222:TCP:xmpp.quakelive.com
    "56831:TCP"= 56831:TCP:pando Media Booster
    "56831:UDP"= 56831:UDP:pando Media Booster
    "56065:TCP"= 56065:TCP:pando
    "563:TCP"= 563:TCP:pando2
    .
    R0 sptd;sptd;c:\windows2\system32\drivers\sptd.sys [13-01-2009 16:26 717296]
    R1 epfwtdir;epfwtdir;c:\windows2\system32\drivers\epfwtdir.sys [20-02-2008 11:11 35168]
    R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [07-10-2009 9:16 472280]
    R2 MBAMService;MBAMService;f:\2\Malwarebytes' Anti-Malware\mbamservice.exe [12-02-2012 23:44 366640]
    R2 XobniService;XobniService;f:\program files\Xobni\XobniService.exe [20-11-2009 17:13 55016]
    R3 MBAMProtector;MBAMProtector;c:\windows2\system32\drivers\mbam.sys [10-12-2010 20:21 22712]
    R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows2\system32\drivers\seehcri.sys [23-11-2009 21:56 27632]
    S2 gupdate1c98bb8b2aea58;Google Update Service (gupdate1c98bb8b2aea58);c:\program files\Google\Update\GoogleUpdate.exe [10-02-2009 19:44 133104]
    S2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max Design 2009 32-bit 32-bit; [x]
    S3 Ambfilt;Ambfilt;c:\windows2\system32\drivers\Ambfilt.sys [07-07-2010 15:53 1691480]
    S3 atidgllk;atidgllk;c:\program files\winflash\atidgllk.sys [07-07-2010 16:32 12048]
    S3 ggflt;SEMC USB Flash Driver Filter;c:\windows2\system32\drivers\ggflt.sys [23-11-2009 22:08 13224]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10-02-2009 19:44 133104]
    S3 P0630VID;Creative WebCam Live!;c:\windows2\system32\drivers\P0630Vid.sys [25-02-2010 15:27 91841]
    S3 pcouffin;VSO Software pcouffin;c:\windows2\system32\drivers\pcouffin.sys [28-01-2009 23:51 47360]
    S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows2\system32\drivers\s0017bus.sys [23-11-2009 21:56 86824]
    S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows2\system32\drivers\s0017mdfl.sys [23-11-2009 21:56 15016]
    S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows2\system32\drivers\s0017mdm.sys [23-11-2009 21:56 114600]
    S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows2\system32\drivers\s0017mgmt.sys [23-11-2009 21:56 108328]
    S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows2\system32\drivers\s0017nd5.sys [23-11-2009 21:56 26024]
    S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows2\system32\drivers\s0017obex.sys [23-11-2009 21:56 104616]
    S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows2\system32\drivers\s0017unic.sys [23-11-2009 21:56 109736]
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-02-15 c:\windows2\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-10 19:44]
    .
    2012-02-16 c:\windows2\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-10 19:44]
    .
    2012-02-15 c:\windows2\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-362288127-1417001333-1003Core.job
    - c:\documents and settings\Pe.BREAH-7959170B3\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-06-14 12:21]
    .
    2012-02-15 c:\windows2\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-362288127-1417001333-1003UA.job
    - c:\documents and settings\Pe.BREAH-7959170B3\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-06-14 12:21]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://eu.ask.com/?l=dis&o=102866&gct=hp
    mStart Page = hxxp://www.google.com
    uInternet Settings,ProxyOverride = *.local
    IE: E&xportar para o Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
    Trusted Zone: forgottenhonor.com\www
    TCP: DhcpNameServer = 212.113.164.58 212.113.164.57
    DPF: {5B54751C-0EDB-4CAE-816C-65BCED3FF819} - hxxp://game.heroesandgenerals.com/retox.ocx
    DPF: {9BD3C5C6-BCBA-47BF-9CC0-0D5D3E117DE1} - hxxp://www.bravearms.com/razor/plugins/WebMediaPlayer.cab
    FF - ProfilePath - c:\documents and settings\Pe.BREAH-7959170B3\Application Data\Mozilla\Firefox\Profiles\ybxr1hhq.default\
    FF - prefs.js: browser.search.selectedEngine - YouTube
    FF - prefs.js: browser.startup.homepage - hxxp://www.maisfutebol.iol.pt/
    FF - prefs.js: keyword.URL - hxxp://startsear.ch/?aff=1&q=
    .
    - - - - ORPHANS REMOVED - - - -
    .
    URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files\Ask.com\GenericAskToolbar.dll
    BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
    Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
    MSConfigStartUp-ApnUpdater - c:\program files\Ask.com\Updater\Updater.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-02-16 00:33
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-448539723-362288127-1417001333-1003\Software\Microsoft\SystemCertificates\AddressBook*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)
    .
    [HKEY_USERS\S-1-5-21-448539723-362288127-1417001333-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    "??"=hex:9c,74,e3,9b,7d,bd,31,24,61,49,0f,9f,bd,6b,c8,9c,57,76,09,3c,fe,5b,11,
    65,21,44,3f,b5,77,76,77,3b,ab,19,35,22,af,41,88,6c,f8,ff,fb,1b,bb,ab,45,49,\
    "??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(700)
    c:\windows2\system32\Ati2evxx.dll
    c:\windows2\system32\atiadlxx.dll
    .
    - - - - - - - > 'explorer.exe'(2244)
    c:\windows2\system32\WININET.dll
    c:\windows2\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
    c:\windows2\system32\msi.dll
    c:\windows2\system32\ieframe.dll
    c:\windows2\system32\webcheck.dll
    c:\windows2\system32\WPDShServiceObj.dll
    c:\windows2\system32\PortableDeviceTypes.dll
    c:\windows2\system32\hnetcfg.dll
    c:\windows2\system32\PortableDeviceApi.dll
    .
    Completion time: 2012-02-16 00:35:26
    ComboFix-quarantined-files.txt 2012-02-16 00:35
    ComboFix2.txt 2012-02-14 19:55
    .
    Pre-Run: 5.664.047.104 bytes free
    Post-Run: 5.658.902.528 bytes free
    .
    - - End Of File - - 0398FC6794EDD15C80C0030E0ACC860D
  22. Broni

    Broni Malware Annihilator Posts: 46,164   +251

    You didn't run my script.
    Redo.
  23. TheBreah

    TheBreah Newcomer, in training Topic Starter

    I apologize if im doing something wrong but im repeating every step you indicated.

    And this is the following log that appears:

    ComboFix 12-02-13.01 - Pe 16-02-2012 10:25:55.4.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.351.1033.18.2046.1411 [GMT 0:00]
    Running from: c:\documents and settings\Pe.BREAH-7959170B3\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Pe.BREAH-7959170B3\Desktop\CFScript.txt
    AV: ESET NOD32 Antivirus 3.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
    AV: PC Cleaner Pro *Disabled/Updated* {737A8864-C2D9-4337-B49A-B5E35815B9BB}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-01-16 to 2012-02-16 )))))))))))))))))))))))))))))))
    .
    .
    2012-02-14 16:03 . 2012-02-14 16:03 -------- d-----w- c:\documents and settings\All Users.WINDOWS2\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
    2012-02-14 15:35 . 2012-02-14 15:37 -------- d-----w- c:\program files\Dll-Files.com Fixer
    2012-02-14 15:28 . 2012-02-14 15:28 -------- d-----w- c:\documents and settings\Pe.BREAH-7959170B3\Application Data\dll-files.com
    2012-02-14 15:23 . 2012-02-14 15:23 -------- d-----w- c:\program files\Uniblue
    2012-02-14 15:08 . 2012-02-14 15:10 -------- d-----w- c:\documents and settings\All Users.WINDOWS2\Application Data\SpeedyPC Software
    2012-02-13 17:14 . 2012-02-14 16:39 -------- d-----w- c:\documents and settings\Pe.BREAH-7959170B3\Local Settings\Application Data\AskToolbar
    2012-02-13 17:14 . 2012-02-13 17:14 -------- d-----w- c:\documents and settings\Pe.BREAH-7959170B3\Local Settings\Application Data\APN
    2012-02-13 12:53 . 2012-02-13 12:53 -------- d-----w- c:\documents and settings\Pe.BREAH-7959170B3\Application Data\Registry Mechanic
    2012-02-13 12:41 . 2012-02-13 17:47 -------- d-----w- c:\program files\Common Files\PC Tools
    2012-02-13 12:35 . 2012-02-13 12:36 -------- d-----w- c:\documents and settings\All Users.WINDOWS2\Application Data\RegistryCleanEasy
    2012-02-13 12:35 . 2012-02-13 12:35 -------- d-----w- C:\RegistryCleanEasy
    2012-02-13 11:41 . 2012-02-13 11:41 -------- d-----w- c:\documents and settings\Pe.BREAH-7959170B3\AppData
    2012-02-13 11:32 . 2012-02-13 11:32 -------- d-----w- c:\documents and settings\Pe.BREAH-7959170B3\Application Data\PCPro
    2012-02-13 11:32 . 2012-02-13 11:32 -------- d-----w- c:\documents and settings\Pe.BREAH-7959170B3\Application Data\PC Cleaners
    2012-02-13 11:31 . 2012-02-13 11:30 5276432 ----a-w- c:\windows2\uninst.exe
    2012-02-13 11:31 . 2012-02-13 11:31 -------- d-----w- c:\documents and settings\All Users.WINDOWS2\Application Data\PC1Data
    2012-02-12 23:44 . 2011-07-06 19:52 41272 ----a-w- c:\windows2\system32\drivers\mbamswissarmy.sys
    2012-02-12 23:13 . 2012-02-12 23:13 -------- d-----w- c:\windows2\system32\wbem\Repository
    2012-02-12 22:58 . 2012-02-12 22:58 -------- d-----w- c:\program files\Enigma Software Group
    2012-02-06 09:52 . 2012-02-13 09:54 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
    2012-02-06 09:52 . 2012-02-13 09:54 43960 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
    2012-02-06 09:50 . 2009-03-18 16:35 26176 ---ha-w- c:\windows2\system32\hamachi.sys
    2012-01-31 18:52 . 2012-01-31 18:52 -------- d-----w- c:\documents and settings\Pe.BREAH-7959170B3\Local Settings\Application Data\Heroes and Generals
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-02-01 21:14 . 2010-06-01 12:54 138520 ----a-w- c:\windows2\system32\drivers\PnkBstrK.sys
    2012-02-01 21:11 . 2010-06-01 12:53 234536 ----a-w- c:\windows2\system32\PnkBstrB.exe
    2012-02-01 21:11 . 2009-03-29 18:06 234536 ----a-w- c:\windows2\system32\PnkBstrB.xtr
    2012-01-31 15:34 . 2010-06-01 12:53 234536 ----a-w- c:\windows2\system32\PnkBstrB.ex0
    2012-01-17 15:01 . 2009-01-21 16:46 139152 -c--a-w- c:\documents and settings\Pe.BREAH-7959170B3\Application Data\PnkBstrK.sys
    2011-12-13 11:01 . 2010-07-07 15:52 1698408 ----a-w- c:\windows2\RtlExUpd.dll
    2011-11-25 21:57 . 2009-01-13 11:37 293376 ----a-w- c:\windows2\system32\winsrv.dll
    2011-11-23 13:25 . 2009-01-13 11:37 1859584 ----a-w- c:\windows2\system32\win32k.sys
    2011-11-18 12:35 . 2009-01-13 11:36 60416 ----a-w- c:\windows2\system32\packager.exe
    2012-02-13 09:54 . 2011-05-01 12:22 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    2006-05-03 09:06 163328 --sh--r- c:\windows2\system32\flvDX.dll
    2007-02-21 10:47 31232 --sh--r- c:\windows2\system32\msfDX.dll
    2008-03-16 12:30 216064 --sh--r- c:\windows2\system32\nbDX.dll
    .
    .
    ------- Sigcheck -------
    Note: Unsigned files aren't necessarily malware.
    .
    [-] 2009-01-13 . 649B4101C35E996E1866037C28A5FD42 . 1614848 . . [5.1.2600.5512] . . c:\windows2\system32\sfcfiles.dll
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-02-14_19.49.46 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2012-02-16 10:05 . 2012-02-16 10:05 16384 c:\windows2\Temp\Perflib_Perfdata_280.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "PD0630 STISvc"="P0630Pin.dll" [2005-06-05 36864]
    "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-10-07 1461080]
    "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
    "StartCCC"="f:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-06-22 98304]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows2\system32\CTFMON.EXE" [2009-01-13 15360]
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk /k:C /k:F *
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS2^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    backup=c:\windows2\pss\HP Digital Imaging Monitor.lnkCommon Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2010-09-23 03:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
    2008-12-29 10:40 687560 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
    2007-09-06 13:08 136136 ----a-w- c:\programas\DAEMON Tools Pro\DTProAgent.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    2010-03-18 12:21 136176 ----atw- c:\documents and settings\Pe.BREAH-7959170B3\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
    2007-08-24 07:00 33648 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    2007-05-08 15:24 54840 ----a-w- f:\program files\HP\HP Software Update\hpwuSchd2.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
    2011-07-06 19:52 449584 ----a-w- f:\2\Malwarebytes' Anti-Malware\mbamgui.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2009-11-10 23:08 417792 ----a-w- f:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
    2010-06-08 16:16 19552872 ----a-w- c:\windows2\RTHDCPL.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
    2010-06-08 16:16 1833576 ----a-w- c:\windows2\SkyTel.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
    2009-03-05 15:07 2260480 -csha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2011-06-09 12:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "f:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "f:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "f:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "f:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "f:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "f:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "f:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "f:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
    "f:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "f:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "f:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "f:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "f:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "f:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
    "c:\\WINDOWS2\\system32\\PnkBstrA.exe"=
    "c:\\WINDOWS2\\system32\\PnkBstrB.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "f:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
    "f:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
    "f:\\Program Files\\Autodesk\\Backburner\\server.exe"=
    "c:\\Programas\\The All-Seeing Eye\\eye.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "f:\\Games\\Steam\\steamapps\\randoomized\\source sdk base\\hl2.exe"=
    "c:\\Programas\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\SoulseekNS\\slsk.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
    "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
    "f:\\Games\\Steam\\Steam.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
    "f:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Documents and Settings\\Pe.BREAH-7959170B3\\Application Data\\Octoshape\\Octoshape Streaming Services\\OctoshapeClient.exe"=
    "c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
    "c:\\Documents and Settings\\Pe.BREAH-7959170B3\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
    "c:\\WINDOWS2\\system32\\dpvsetup.exe"=
    "c:\\Programas\\SmartFTP Client\\SmartFTP.exe"=
    "c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
    "f:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe"=
    "c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "f:\\Games\\Steam\\steamapps\\randoomized\\source sdk base 2007\\hl2.exe"=
    "c:\\Program Files\\EA GAMES\\Battlefield 2\\forgottenhope2.exe"=
    "c:\\Program Files\\EA GAMES\\Battlefield 2\\FH2.exe"=
    "f:\\Program Files\\mIRC\\mirc.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "f:\\Games\\Steam\\steamapps\\randoomized\\counter-strike\\hl.exe"=
    "c:\\Documents and Settings\\Pe.BREAH-7959170B3\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
    "f:\\Programas\\mIRC\\mirc.exe"=
    "f:\\Games\\Steam\\steamapps\\randoomized\\counter-strike source\\hl2.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "5222:TCP"= 5222:TCP:xmpp.quakelive.com
    "56831:TCP"= 56831:TCP:pando Media Booster
    "56831:UDP"= 56831:UDP:pando Media Booster
    "56065:TCP"= 56065:TCP:pando
    "563:TCP"= 563:TCP:pando2
    .
    R0 sptd;sptd;c:\windows2\system32\drivers\sptd.sys [13-01-2009 16:26 717296]
    R1 epfwtdir;epfwtdir;c:\windows2\system32\drivers\epfwtdir.sys [20-02-2008 11:11 35168]
    R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [07-10-2009 9:16 472280]
    R2 MBAMService;MBAMService;f:\2\Malwarebytes' Anti-Malware\mbamservice.exe [12-02-2012 23:44 366640]
    R2 XobniService;XobniService;f:\program files\Xobni\XobniService.exe [20-11-2009 17:13 55016]
    R3 MBAMProtector;MBAMProtector;c:\windows2\system32\drivers\mbam.sys [10-12-2010 20:21 22712]
    R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows2\system32\drivers\seehcri.sys [23-11-2009 21:56 27632]
    S2 gupdate1c98bb8b2aea58;Google Update Service (gupdate1c98bb8b2aea58);c:\program files\Google\Update\GoogleUpdate.exe [10-02-2009 19:44 133104]
    S2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max Design 2009 32-bit 32-bit; [x]
    S3 Ambfilt;Ambfilt;c:\windows2\system32\drivers\Ambfilt.sys [07-07-2010 15:53 1691480]
    S3 atidgllk;atidgllk;c:\program files\winflash\atidgllk.sys [07-07-2010 16:32 12048]
    S3 ggflt;SEMC USB Flash Driver Filter;c:\windows2\system32\drivers\ggflt.sys [23-11-2009 22:08 13224]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10-02-2009 19:44 133104]
    S3 P0630VID;Creative WebCam Live!;c:\windows2\system32\drivers\P0630Vid.sys [25-02-2010 15:27 91841]
    S3 pcouffin;VSO Software pcouffin;c:\windows2\system32\drivers\pcouffin.sys [28-01-2009 23:51 47360]
    S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows2\system32\drivers\s0017bus.sys [23-11-2009 21:56 86824]
    S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows2\system32\drivers\s0017mdfl.sys [23-11-2009 21:56 15016]
    S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows2\system32\drivers\s0017mdm.sys [23-11-2009 21:56 114600]
    S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows2\system32\drivers\s0017mgmt.sys [23-11-2009 21:56 108328]
    S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows2\system32\drivers\s0017nd5.sys [23-11-2009 21:56 26024]
    S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows2\system32\drivers\s0017obex.sys [23-11-2009 21:56 104616]
    S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows2\system32\drivers\s0017unic.sys [23-11-2009 21:56 109736]
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-02-16 c:\windows2\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-10 19:44]
    .
    2012-02-16 c:\windows2\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-10 19:44]
    .
    2012-02-15 c:\windows2\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-362288127-1417001333-1003Core.job
    - c:\documents and settings\Pe.BREAH-7959170B3\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-06-14 12:21]
    .
    2012-02-16 c:\windows2\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-362288127-1417001333-1003UA.job
    - c:\documents and settings\Pe.BREAH-7959170B3\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-06-14 12:21]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://eu.ask.com/?l=dis&o=102866&gct=hp
    mStart Page = hxxp://www.google.com
    uInternet Settings,ProxyOverride = *.local
    IE: E&xportar para o Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
    Trusted Zone: forgottenhonor.com\www
    TCP: DhcpNameServer = 212.113.164.58 212.113.164.57
    DPF: {5B54751C-0EDB-4CAE-816C-65BCED3FF819} - hxxp://game.heroesandgenerals.com/retox.ocx
    DPF: {9BD3C5C6-BCBA-47BF-9CC0-0D5D3E117DE1} - hxxp://www.bravearms.com/razor/plugins/WebMediaPlayer.cab
    FF - ProfilePath - c:\documents and settings\Pe.BREAH-7959170B3\Application Data\Mozilla\Firefox\Profiles\ybxr1hhq.default\
    FF - prefs.js: browser.search.selectedEngine - YouTube
    FF - prefs.js: browser.startup.homepage - hxxp://www.maisfutebol.iol.pt/
    FF - prefs.js: keyword.URL - hxxp://startsear.ch/?aff=1&q=
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-02-16 10:32
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-448539723-362288127-1417001333-1003\Software\Microsoft\SystemCertificates\AddressBook*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)
    .
    [HKEY_USERS\S-1-5-21-448539723-362288127-1417001333-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    "??"=hex:9c,74,e3,9b,7d,bd,31,24,61,49,0f,9f,bd,6b,c8,9c,57,76,09,3c,fe,5b,11,
    65,21,44,3f,b5,77,76,77,3b,ab,19,35,22,af,41,88,6c,f8,ff,fb,1b,bb,ab,45,49,\
    "??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(684)
    c:\windows2\system32\Ati2evxx.dll
    c:\windows2\system32\atiadlxx.dll
    .
    - - - - - - - > 'explorer.exe'(3340)
    c:\windows2\system32\WININET.dll
    c:\windows2\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
    c:\windows2\system32\ieframe.dll
    c:\windows2\system32\msi.dll
    c:\windows2\system32\webcheck.dll
    c:\windows2\system32\WPDShServiceObj.dll
    c:\windows2\system32\PortableDeviceTypes.dll
    c:\windows2\system32\PortableDeviceApi.dll
    c:\windows2\system32\hnetcfg.dll
    .
    Completion time: 2012-02-16 10:34:10
    ComboFix-quarantined-files.txt 2012-02-16 10:34
    ComboFix2.txt 2012-02-16 09:52
    ComboFix3.txt 2012-02-16 00:35
    ComboFix4.txt 2012-02-14 19:55
    .
    Pre-Run: 5.935.005.696 bytes free
    Post-Run: 5.918.457.856 bytes free
    .
    - - End Of File - - 19BC0A95DC5B8A752B4FC8596D5BF00D
  24. Broni

    Broni Malware Annihilator Posts: 46,164   +251

    Let's see, if we can look at your computer booting from an external source.

    Please download OTLPE (filesize 120,9 MB)

    • When downloaded double click on OTLPENet.exe and make sure there is a blank CD in your CD drive. This will automatically create a bootable CD.
    • Reboot your system using the boot CD you just created.
      • Note : If you do not know how to set your computer to boot from CD follow the steps here
    • Your system should now display a REATOGO-X-PE desktop.
    • Depending on your type of internet connection, you should be able to get online as well so you can access this topic more easily.
    • Double-click on the OTLPE icon.
    • When asked Do you wish to load the remote registry, select Yes
    • When asked Do you wish to load remote user profile(s) for scanning, select Yes
    • Ensure the box Automatically Load All Remaining Users" is checked and press OK
    • OTL should now start.
    • Under the Custom Scan box paste this in:

      /md5start
      oleaccrc.dll
      /md5stop

    • Press Run Scan to start the scan.
    • When finished, the file will be saved in drive C:\OTL.txt
    • Copy this file to your USB drive if you do not have internet connection on this system
    • Please post the contents of the OTL.txt file in your reply.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.