Inactive [A] System Check -- possible virus

[TheBreah]

I have the same error while running several programs. The message that appears is:

".... oleaccrc.dll is corrupt and unreadable."

Any kind of help would be much appreciated.

Thank you in advance.

__________________

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 912021403

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

14-02-2012 17:00:50
mbam-log-2012-02-14 (17-00-50).txt

Scan type: Quick scan
Objects scanned: 292608
Time elapsed: 7 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

________________

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-02-14 17:09:50
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-7 Maxtor_6Y080M0 rev.YAR512W0
Running: 8zz695zi.exe; Driver: C:\DOCUME~1\PE11FF~1.BRE\LOCALS~1\Temp\pgpyikoc.sys


---- System - GMER 1.0.15 ----

SSDT spgj.sys ZwEnumerateKey [0xF72A5CA2]
SSDT spgj.sys ZwEnumerateValueKey [0xF72A6030]

---- Devices - GMER 1.0.15 ----

Device \Driver\atapi \Device\Ide\IdePort0 [F71DBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [F71DBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort2 [F71DBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-7 [F71DBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort3 [F71DBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort4 [F71DBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort5 [F71DBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP4T0L0-16 [F71DBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\ay8s61om \Device\Scsi\ay8s61om1Port6Path0Target0Lun0 89ACC500
Device \Driver\ay8s61om \Device\Scsi\ay8s61om1 89ACC500
Device \Driver\ay8s61om \Device\Scsi\ay8s61om1Port6Path0Target1Lun0 89ACC500
Device \FileSystem\Ntfs \Ntfs 89E751F8

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys

---- EOF - GMER 1.0.15 ----

_____________

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
Run by Pe at 17:11:21 on 2012-02-14
Microsoft Windows XP Professional 5.1.2600.3.1252.351.1033.18.2046.1185 [GMT 0:00]
.
AV: PC Cleaner Pro *Disabled/Updated* {737A8864-C2D9-4337-B49A-B5E35815B9BB}
AV: ESET NOD32 Antivirus 3.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
============== Running Processes ===============
.
C:\WINDOWS2\system32\Ati2evxx.exe
C:\WINDOWS2\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS2\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS2\system32\Ati2evxx.exe
C:\WINDOWS2\system32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS2\system32\spoolsv.exe
C:\WINDOWS2\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS2\system32\RunDLL32.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
F:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
svchost.exe
C:\WINDOWS2\system32\AEADISRV.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
f:\2\Malwarebytes' Anti-Malware\mbamservice.exe
F:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
f:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS2\system32\HPZipm12.exe
C:\WINDOWS2\system32\PnkBstrA.exe
svchost.exe
C:\WINDOWS2\system32\svchost.exe -k imgsvc
F:\Program Files\Xobni\XobniService.exe
C:\WINDOWS2\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS2\system32\wscntfy.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://eu.ask.com/?l=dis&o=102866&gct=hp
uSearch Page = hxxp://search.live.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://search.live.com/sphome.aspx
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Searchqu Toolbar: {7ff99715-3016-4381-84ce-e4e4c9673020} - Searchqu Toolbar
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Bandoo IE Plugin: {eb5cee80-030a-4ed8-8e20-454e9c68380f} - BandooIEPlugin Class
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
TB: Searchqu Toolbar: {7ff99715-3016-4381-84ce-e4e4c9673020} -
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
mRun: [SoundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray
mRun: [PD0630 STISvc] RunDLL32.exe P0630Pin.dll,RunDLL32EP 513
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [StartCCC] "f:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
dRun: [CTFMON.EXE] c:\windows2\system32\CTFMON.EXE
dRunOnce: [!SearchquFF] RUNDLL32.EXE c:\windows2\temp\search~1\INSTAL~1.DLL,_SetFFAssets http://www.searchqu.com/403,Web Search,WebSearch,http://www.searchqu.com/web?src=ffb&systemid=403&q=,
uPolicies-explorer: NoInstrumentation = 1
IE: E&xportar para o Microsoft Excel - c:\progra~2\micros~3\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~3\office12\REFIEBAR.DLL
Trusted Zone: forgottenhonor.com\www
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {41564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab
DPF: {5B54751C-0EDB-4CAE-816C-65BCED3FF819} - hxxp://game.heroesandgenerals.com/retox.ocx
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1231871237906
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9BD3C5C6-BCBA-47BF-9CC0-0D5D3E117DE1} - hxxp://www.bravearms.com/razor/plugins/WebMediaPlayer.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 212.113.164.58 212.113.164.57
TCP: Interfaces\{724B9139-EDF2-419B-BEDC-0D5794E34DA5} : DhcpNameServer = 212.113.164.58 212.113.164.57
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~2\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows2\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\pe.breah-7959170b3\application data\mozilla\firefox\profiles\ybxr1hhq.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.maisfutebol.iol.pt/
FF - prefs.js: keyword.URL - hxxp://startsear.ch/?aff=1&q=
FF - plugin: c:\documents and settings\all users.windows2\application data\id software\quakelive\npquakezero.dll
FF - plugin: c:\documents and settings\pe.breah-7959170b3\application data\mozilla\firefox\profiles\ybxr1hhq.default\extensions\npretoxlive@live.heroesandgenerals.com\plugins\npretoxlive.dll
FF - plugin: c:\documents and settings\pe.breah-7959170b3\application data\mozilla\firefox\profiles\ybxr1hhq.default\extensions\npretoxstable@stable.heroesandgenerals.com\plugins\npretoxstable.dll
FF - plugin: c:\documents and settings\pe.breah-7959170b3\application data\mozilla\firefox\profiles\ybxr1hhq.default\extensions\webmediaplayer@3gstudiosinc.com\plugins\npWebMediaPlayer.dll
FF - plugin: c:\documents and settings\pe.breah-7959170b3\application data\mozilla\plugins\np-mswmp.dll
FF - plugin: c:\documents and settings\pe.breah-7959170b3\application data\mozilla\plugins\npoctoshape.dll
FF - plugin: c:\documents and settings\pe.breah-7959170b3\local settings\application data\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\3g studios\web media client\npWebMediaClient.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npvsharetvplg.dll
FF - plugin: f:\program files\quicktime\plugins\npqtplugin.dll
FF - plugin: f:\program files\quicktime\plugins\npqtplugin2.dll
FF - plugin: f:\program files\quicktime\plugins\npqtplugin3.dll
FF - plugin: f:\program files\quicktime\plugins\npqtplugin4.dll
FF - plugin: f:\program files\quicktime\plugins\npqtplugin5.dll
FF - plugin: f:\program files\quicktime\plugins\npqtplugin6.dll
FF - plugin: f:\program files\quicktime\plugins\npqtplugin7.dll
FF - plugin: f:\program files\veetle\player\npvlc.dll
FF - plugin: f:\program files\veetle\plugins\npVeetle.dll
FF - plugin: f:\program files\veetle\vlcbroadcast\npvbp.dll
.
============= SERVICES / DRIVERS ===============
.
R1 epfwtdir;epfwtdir;c:\windows2\system32\drivers\epfwtdir.sys [2008-2-20 35168]
R2 ekrn;Eset Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-10-7 472280]
R2 MBAMService;MBAMService;f:\2\malwarebytes' anti-malware\mbamservice.exe [2012-2-12 366640]
R2 XobniService;XobniService;f:\program files\xobni\XobniService.exe [2009-11-20 55016]
R3 MBAMProtector;MBAMProtector;c:\windows2\system32\drivers\mbam.sys [2010-12-10 22712]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows2\system32\drivers\seehcri.sys [2009-11-23 27632]
S2 gupdate1c98bb8b2aea58;Google Update Service (gupdate1c98bb8b2aea58);c:\program files\google\update\GoogleUpdate.exe [2009-2-10 133104]
S2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max Design 2009 32-bit 32-bit; [x]
S3 Ambfilt;Ambfilt;c:\windows2\system32\drivers\Ambfilt.sys [2010-7-7 1691480]
S3 atidgllk;atidgllk;c:\program files\winflash\atidgllk.sys [2010-7-7 12048]
S3 cpuz132;cpuz132;\??\c:\docume~1\pe11ff~1.bre\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\pe11ff~1.bre\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows2\system32\drivers\ggflt.sys [2009-11-23 13224]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-2-10 133104]
S3 P0630VID;Creative WebCam Live!;c:\windows2\system32\drivers\P0630Vid.sys [2010-2-25 91841]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows2\system32\drivers\s0017bus.sys [2009-11-23 86824]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows2\system32\drivers\s0017mdfl.sys [2009-11-23 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows2\system32\drivers\s0017mdm.sys [2009-11-23 114600]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows2\system32\drivers\s0017mgmt.sys [2009-11-23 108328]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows2\system32\drivers\s0017nd5.sys [2009-11-23 26024]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows2\system32\drivers\s0017obex.sys [2009-11-23 104616]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows2\system32\drivers\s0017unic.sys [2009-11-23 109736]
.
=============== File Associations ===============
.
.txt=
.
=============== Created Last 30 ================
.
2012-02-14 16:03:31 -------- d-----w- c:\documents and settings\all users.windows2\application data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
2012-02-14 15:35:54 -------- d-----w- c:\program files\Dll-Files.com Fixer
2012-02-14 15:28:05 -------- d-----w- c:\documents and settings\pe.breah-7959170b3\application data\dll-files.com
2012-02-14 15:23:01 -------- d-----w- c:\program files\Uniblue
2012-02-14 15:08:03 -------- d-----w- c:\documents and settings\all users.windows2\application data\SpeedyPC Software
2012-02-13 17:14:30 -------- d-----w- c:\program files\Ask.com
2012-02-13 17:14:27 -------- d-----w- c:\documents and settings\pe.breah-7959170b3\local settings\application data\AskToolbar
2012-02-13 17:14:16 -------- d-----w- c:\documents and settings\pe.breah-7959170b3\local settings\application data\APN
2012-02-13 16:53:56 -------- d-----w- C:\cmdcons
2012-02-13 16:49:45 98816 ----a-w- c:\windows2\sed.exe
2012-02-13 16:49:45 518144 ----a-w- c:\windows2\SWREG.exe
2012-02-13 16:49:45 256000 ----a-w- c:\windows2\PEV.exe
2012-02-13 16:49:45 208896 ----a-w- c:\windows2\MBR.exe
2012-02-13 16:49:09 -------- d-s---w- C:\ComboFix
2012-02-13 12:53:11 -------- d-----w- c:\documents and settings\pe.breah-7959170b3\application data\Registry Mechanic
2012-02-13 12:41:01 -------- d-----w- c:\program files\common files\PC Tools
2012-02-13 12:35:41 -------- d-----w- C:\RegistryCleanEasy
2012-02-13 12:35:41 -------- d-----w- c:\documents and settings\all users.windows2\application data\RegistryCleanEasy
2012-02-13 11:41:13 -------- d-----w- c:\documents and settings\pe.breah-7959170b3\AppData
2012-02-13 11:32:01 -------- d-----w- c:\documents and settings\pe.breah-7959170b3\application data\PCPro
2012-02-13 11:32:01 -------- d-----w- c:\documents and settings\pe.breah-7959170b3\application data\PC Cleaners
2012-02-13 11:31:42 5276432 ----a-w- c:\windows2\uninst.exe
2012-02-13 11:31:38 -------- d-----w- c:\program files\PC Cleaners
2012-02-13 11:31:38 -------- d-----w- c:\documents and settings\all users.windows2\application data\PC1Data
2012-02-12 23:44:22 41272 ----a-w- c:\windows2\system32\drivers\mbamswissarmy.sys
2012-02-12 23:13:39 -------- d-----w- c:\windows2\system32\wbem\repository\FS
2012-02-12 23:13:39 -------- d-----w- c:\windows2\system32\wbem\Repository
2012-02-12 22:58:44 -------- d-----w- c:\program files\Enigma Software Group
2012-02-06 09:52:18 592824 ----a-w- c:\program files\mozilla firefox\gkmedias.dll
2012-02-06 09:52:18 43960 ----a-w- c:\program files\mozilla firefox\mozglue.dll
2012-02-06 09:50:17 26176 ---ha-w- c:\windows2\system32\hamachi.sys
2012-01-31 18:52:01 -------- d-----w- c:\documents and settings\pe.breah-7959170b3\local settings\application data\Heroes and Generals
.
==================== Find3M ====================
.
2012-02-01 21:14:34 138520 ----a-w- c:\windows2\system32\drivers\PnkBstrK.sys
2012-02-01 21:11:40 234536 ----a-w- c:\windows2\system32\PnkBstrB.xtr
2012-02-01 21:11:40 234536 ----a-w- c:\windows2\system32\PnkBstrB.exe
2012-01-31 15:34:16 234536 ----a-w- c:\windows2\system32\PnkBstrB.ex0
2012-01-17 15:01:54 139152 -c--a-w- c:\documents and settings\pe.breah-7959170b3\application data\PnkBstrK.sys
2011-12-13 11:01:00 1698408 ----a-w- c:\windows2\RtlExUpd.dll
2011-11-25 21:57:19 293376 ----a-w- c:\windows2\system32\winsrv.dll
2011-11-23 13:25:32 1859584 ----a-w- c:\windows2\system32\win32k.sys
2011-11-18 12:35:08 60416 ----a-w- c:\windows2\system32\packager.exe
2006-05-03 09:06:54 163328 --sh--r- c:\windows2\system32\flvDX.dll
2007-02-21 10:47:16 31232 --sh--r- c:\windows2\system32\msfDX.dll
2008-03-16 12:30:52 216064 --sh--r- c:\windows2\system32\nbDX.dll
.
============= FINISH: 17:11:48,79 ===============

 

[TheBreah]

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 13-01-2009 14:40:50
System Uptime: 14-02-2012 16:20:43 (1 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P5V-VM SE DH
Processor: Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz | Socket 775 | 2199/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 29 GiB total, 3,117 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is FIXED (NTFS) - 45 GiB total, 5,02 GiB free.
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: System Interrupt Controller
Device ID: PCI\VEN_1106&DEV_5364&SUBSYS_00000000&REV_00\3&2411E6FE&0&05
Manufacturer:
Name: System Interrupt Controller
PNP Device ID: PCI\VEN_1106&DEV_5364&SUBSYS_00000000&REV_00\3&2411E6FE&0&05
Service:
.
Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: ATI High Definition Audio Device
Device ID: HDAUDIO\FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1001\5&2F17C0A0&0&0001
Manufacturer: ATI Technologies Inc.
Name: ATI High Definition Audio Device
PNP Device ID: HDAUDIO\FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1001\5&2F17C0A0&0&0001
Service: AtiHdmiService
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: RTL8187_Wireless
Device ID: USB\VID_0BDA&PID_8187\0015AF0C8756
Manufacturer:
Name: RTL8187_Wireless
PNP Device ID: USB\VID_0BDA&PID_8187\0015AF0C8756
Service:
.
==== System Restore Points ===================
.
RP1: 13-02-2012 16:50:50 - System Checkpoint
RP2: 13-02-2012 16:54:32 - Software Distribution Service 3.0
RP3: 13-02-2012 17:48:29 - Removed LogMeIn Hamachi
RP4: 14-02-2012 15:33:15 - DLL-Files.com Fixer Wt, lut 14, 12 15:33
.
==== Installed Programs ======================
.
2007 Microsoft Office Suite Service Pack 1 (SP1)
A.F.5 Rename your files 1.1
Acrobat.com
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps CS4
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS4
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe Media Player
Adobe PDF Library Files CS4
Adobe Photoshop CS3
Adobe Reader 9.4.0
Adobe Setup
Adobe Shockwave Player 11.5
Adobe Stock Photos CS3
Adobe Type Support CS4
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
AiO_Scan_CDA
AiOSoftwareNPI
Apple Application Support
Apple Software Update
Ask Toolbar
ATI Catalyst Install Manager
µTorrent
Autodesk Backburner 2008.1
Avanquest update
Battlefield 1942
Battlefield 2(TM)
BF1918 FHT 2.1 Installer
BufferChm
C3100
c3100_Help
Catalyst Control Center - Branding
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
Catan Online World
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CDBurnerXP
Combined Community Codec Pack 2009-09-09
Creative WebCam Live! Driver (1.02.03.0606)
DAEMON Tools Toolbar
Destinations
DeviceManagementQFolder
DivX Plus Web Player
DJ Java Decompiler v.3.11.11.95
Dll-Files.com Fixer
DocProc
DocProcQFolder
ESET NOD32 Antivirus
eSupportQFolder
Express Burn
Fax_CDA
Ferramenta de Carregamento do Windows Live
Football Manager 2012
Free Window Registry Repair
Fun4IM
Google Chrome
Google Earth Plug-in
Google Update Helper
Handy Address Book
HostsMan 3.2.73
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Imaging Device Functions 7.0
HP Photosmart Essential
HP Photosmart, Officejet and Deskjet 7.0.A
HP Product Assistant
HP Solution Center 7.0
HP Update
HPPhotoSmartExpress
HPProductAssistant
Instant Eyedropper 1.75
InstantShareDevicesMFC
Java Auto Updater
Java(TM) 6 Update 29
JCreator LE 5.00
Junk Mail filter update
LangPad version 2.0
Macromedia Extension Manager
Macromedia Flash 8 Video Encoder
Macromedia Flash Player 8
Malwarebytes' Anti-Malware version 1.51.1.1800
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Chart Controls for Microsoft .NET Framework 3.5
Microsoft Choice Guard
Microsoft Game Studios Common Redistributables Pack 1
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft WSE 3.0 Runtime
Microsoft XML Parser
mIRC
Moyea FLV Player version: 2.0.2.96
Mozilla Firefox 11.0 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB925673)
Mz Ram Booster v3.5.2
NewCopy_CDA
NVIDIA Drivers
NVIDIA Photoshop Plug-ins
NVIDIA PhysX
OCR Software by I.R.I.S 7.0
Octoshape add-in for Adobe Flash Player
Octoshape Streaming Services
PanoStandAlone
PC Cleaners
PDF Settings
ProductContextNPI
PunkBuster for Battlefield 1942
Quake Live Mozilla Plugin
QuickTime
Readme
Realtek AC'97 Audio
REALTEK GbE & FE Ethernet PCI NIC Driver
Realtek High Definition Audio Driver
Red Eye Remover 2.0
Registry Clean Easy
Scan
ScannerCopy
Security Update for 2007 Microsoft Office System (KB2277947)
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB980376)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2251419)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
Skins
Skype™ 5.3
SmartFTP Client
SolutionCenter
SoulSeek 157 NS 13e
SoundMAX
Source SDK Base
Source SDK Base 2007
SpeedFan (remove only)
Spybot - Search & Destroy
Status
Steam
SUPER © Version 2009.bld.36 (June 10, 2009)
SWiX ver.1.1.1
System Requirements Lab
System Requirements Lab CYRI
TeamSpeak 3 Client
Toolbox
TrayApp
Unload
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 suites (KB2596686) 32-Bit Edition
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB971029)
VC80CRTRedist - 8.0.50727.4053
Veetle TV 0.9.18
Visual C++ 8.0 ATL (x86) WinSXS MSM
Visual C++ 8.0 CRT (x86) WinSXS MSM
vShare.tv plugin 1.3
Web Media Client
WebFldrs XP
WebReg
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer Clean Up
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Presentation Foundation
Windows Searchqu Toolbar
WinISO 5.3
WinRAR 4.10 beta 3 (32-bit)
XML Paper Specification Shared Components Pack 1.0
Xobni
Xobni Core
.
==== Event Viewer Messages From Past Week ========
.
09-02-2012 18:44:41, error: Service Control Manager [7000] - The LogMeIn Hamachi Tunneling Engine service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
09-02-2012 18:44:40, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the LogMeIn Hamachi Tunneling Engine service to connect.
08-02-2012 19:33:46, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Dnscache service.
.
==== End Of File ===========================

 

[Broni]

Welcome aboard

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running tools or applying updates other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

============================================================

Uninstall PC Cleaners.
Registry cleaners/optimizers are not recommended for several reasons:

• Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.
  
  The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
  
• Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
  
• Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
  
• Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
  
• The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".

Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.

• Ed Bott's Webog: Why I don't use registry cleaners
• Do I need a Registry Cleaner?

=============================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

=============================================================

Download Bootkit Remover to your Desktop.

• Unzip downloaded file to your Desktop.
• Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
• It will show a Black screen with some data on it.
• Right click on the screen and click Select All.
• Press CTRL+C
• Open a Notepad and press CTRL+V
• Post the output back here.

 

[TheBreah]

PC Cleaner has been deleted.
____________



aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
Run date: 2012-02-14 18:55:11
-----------------------------
18:55:11.203 OS Version: Windows 5.1.2600 Service Pack 3
18:55:11.203 Number of processors: 2 586 0xF0D
18:55:11.203 ComputerName: BREAH-7959170B3 UserName: Pe
18:55:11.953 Initialize success
18:55:23.625 AVAST engine defs: 12021401
18:56:42.171 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-7
18:56:42.171 Disk 0 Vendor: Maxtor_6Y080M0 YAR512W0 Size: 76319MB BusType: 3
18:56:42.171 Disk 0 MBR read successfully
18:56:42.171 Disk 0 MBR scan
18:56:42.218 Disk 0 Windows XP default MBR code
18:56:42.218 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 29996 MB offset 63
18:56:42.250 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 46320 MB offset 61432560
18:56:42.250 Disk 0 scanning sectors +156296385
18:56:42.390 Disk 0 scanning C:\WINDOWS2\system32\drivers
18:56:56.968 Service scanning
18:56:58.703 Service sptd C:\WINDOWS2\System32\Drivers\sptd.sys **LOCKED** 32
18:56:59.312 Modules scanning
18:57:06.375 Disk 0 trace - called modules:
18:57:06.390 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spka.sys >>UNKNOWN [0x89e25938]<<
18:57:06.390 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89dcd230]
18:57:06.390 3 CLASSPNP.SYS[f74c7fd7] -> nt!IofCallDriver -> \Device\00000076[0x89d4df18]
18:57:06.390 5 ACPI.sys[f7246620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-7[0x89d0fd98]
18:57:06.765 AVAST engine scan C:\WINDOWS2
18:57:25.312 AVAST engine scan C:\WINDOWS2\system32
19:01:02.468 AVAST engine scan C:\WINDOWS2\system32\drivers
19:01:19.203 AVAST engine scan C:\Documents and Settings\Pe.BREAH-7959170B3
19:02:18.718 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Pe.BREAH-7959170B3\Desktop\MBR.dat"
19:02:18.718 The log file has been saved successfully to "C:\Documents and Settings\Pe.BREAH-7959170B3\Desktop\aswMBR.txt"

______________________

Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
Boot sector MD5 is: 6def5ffcbcdbdb4082f1015625e597bd

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


Done;
Press any key to quit...

 

[Broni]

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
   NOTE1. If Combofix asks you to install Recovery Console, please allow it.
   NOTE 2. If Combofix asks you to update the program, always do so.
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode (How to...)

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

 

[TheBreah]

ComboFix 12-02-13.01 - Pe 14-02-2012 19:38:40.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.351.1033.18.2046.1355 [GMT 0:00]
Running from: f:\ziped files\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: PC Cleaner Pro *Disabled/Updated* {737A8864-C2D9-4337-B49A-B5E35815B9BB}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\C11B.tmp
c:\documents and settings\All Users.WINDOWS2\Application Data\Tages
c:\documents and settings\All Users.WINDOWS2\Application Data\Tages\100663362\Vca.bin
c:\documents and settings\All Users.WINDOWS2\Application Data\Tages\Priv.xey
c:\documents and settings\All Users.WINDOWS2\Application Data\TEMP
c:\documents and settings\Pe.BREAH-7959170B3\Application Data\EurekaLog
c:\documents and settings\Pe.BREAH-7959170B3\Application Data\inst.exe
c:\documents and settings\Pe.BREAH-7959170B3\Application Data\searchqutb
c:\documents and settings\Pe.BREAH-7959170B3\Application Data\searchqutb\dtx.ini
c:\documents and settings\Pe.BREAH-7959170B3\Application Data\searchqutb\games\00d2dfc64c07a4f32824abac1d6f735b
c:\documents and settings\Pe.BREAH-7959170B3\Application Data\searchqutb\games\3e4265e00cbc4a9cf22a105046a46d8a
c:\documents and settings\Pe.BREAH-7959170B3\Application Data\searchqutb\games\44a5d79f5451d3036ba3986425e234c8
c:\documents and settings\Pe.BREAH-7959170B3\Application Data\searchqutb\games\GameCategories.xml
c:\documents and settings\Pe.BREAH-7959170B3\Application Data\searchqutb\games\GameTypes.xml
c:\documents and settings\Pe.BREAH-7959170B3\Application Data\searchqutb\guid.dat
c:\documents and settings\Pe.BREAH-7959170B3\Application Data\searchqutb\preferences.dat
c:\documents and settings\Pe.BREAH-7959170B3\Application Data\searchqutb\stats.dat
c:\documents and settings\Pe.BREAH-7959170B3\Application Data\searchqutb\uninstallIE.dat
c:\documents and settings\Pe.BREAH-7959170B3\Application Data\searchqutb\weather\11c1a5c171bee28c9e1cc59f01b1447c
c:\documents and settings\Pe.BREAH-7959170B3\Application Data\searchqutb\weather\1333d4ed99d90b76ec2c370e173c4051
c:\documents and settings\Pe.BREAH-7959170B3\Application Data\searchqutb\weather\forecasts_cache.xml
c:\documents and settings\Pe.BREAH-7959170B3\Application Data\searchqutb\weather\observations_cache.xml
c:\documents and settings\Pe.BREAH-7959170B3\Application Data\searchqutb\weatherbutton_prefs.xml
c:\documents and settings\Pe.BREAH-7959170B3\Application Data\searchqutb\widgets_cache\84b70525cff6359fdeca553342c23e4c
c:\documents and settings\Pe.BREAH-7959170B3\Application Data\searchqutb\widgets_cache\bf5b6317ae07da699882fc948f22eda4
c:\documents and settings\Pe.BREAH-7959170B3\Application Data\searchqutb\widgets_cache\category_cache.xml
c:\documents and settings\Pe.BREAH-7959170B3\Application Data\searchqutb\widgets_cache\widget_cache.xml
c:\documents and settings\Pe.BREAH-7959170B3\Application Data\vso_ts_preview.xml
c:\documents and settings\Pe\WINDOWS
c:\program files\Mozilla Firefox\searchplugins\SearchquWebSearch.xml
c:\program files\Windows Searchqu Toolbar
c:\program files\Windows Searchqu Toolbar\Datamngr\datamngr.dll
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\.#searchqutb.js.1.3
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\data\search\engines.xml
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\data\search\search.xsl
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\about.xml
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\dtxpanelwin.xul
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\dtxprefwin.xul
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\dtxwin.xul
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\emailnotifierproviders.xml
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\external.js
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\neterror.xhtml
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\wmpstreamer.html
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\modules\datastore.jsm
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\preferences.xml
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\bg-scalable-mdl.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\bg-scalable-tl.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\bg-scalable-tr.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-dragresize.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-close-down.PNG
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-close-over.PNG
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-close.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-maximize-down.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-maximize-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-maximize.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-minimize-down.PNG
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-minimize-over.PNG
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-minimize.PNG
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btnarrow-next-off.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btnarrow-next.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btnarrow-previous-off.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btnarrow-previous.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\navico-home.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\panel.html
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\powered-mystart.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\tb_icon.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\widget.js
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\widget.xml
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\bg-scalable-mdl.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\bg-scalable-tl.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\bg-scalable-tr.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-dragresize.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-close-down.PNG
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-close-over.PNG
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-close.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-maximize-down.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-maximize-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-maximize.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-minimize-down.PNG
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-minimize-over.PNG
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-minimize.PNG
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btnarrow-next-off.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btnarrow-next.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btnarrow-previous-off.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btnarrow-previous.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\navico-home.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\panel.html
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\powered-mystart.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\tb_icon.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\widget.js
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\widget.xml
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\bg-scalable-mdl.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\bg-scalable-tl.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\bg-scalable-tr.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-dragresize.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-close-down.PNG
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-close-over.PNG
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-close.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-maximize-down.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-maximize-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-maximize.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-minimize-down.PNG
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-minimize-over.PNG
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-minimize.PNG
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btnarrow-next-off.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btnarrow-next.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btnarrow-previous-off.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btnarrow-previous.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\navico-home.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\panel.html
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\powered-mystart.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\tb_icon.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\widget.js
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\widget.xml
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217.zip
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\bg-scalable-mdl.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\bg-scalable-tl.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\bg-scalable-tr.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-dragresize.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-close-down.PNG
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-close-over.PNG
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-close.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-maximize-down.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-maximize-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-maximize.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-minimize-down.PNG
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-minimize-over.PNG
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-minimize.PNG
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btnarrow-next-off.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btnarrow-next.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btnarrow-previous-off.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btnarrow-previous.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\navico-home.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\panel.html
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\powered-mystart.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\tb_icon.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\widget.js
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\widget.xml
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\bluelite.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\bluesky.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn-search-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn-search.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn-settings-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn-settings.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn-widgets-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn-widgets.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn_settings.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-down-back-ff.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-down-back.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-down-left.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-down-right.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-down-splitter.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-drop-back.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-drop-left.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-drop-right.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-drop-splitter.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-hover-back-ff.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-hover-back.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-hover-left.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-hover-right.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-hover-splitter.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\ca.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\dictionary.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\divider.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\downloadcom.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\email.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\email_on.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\games.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\graphred0.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\graphred0_5.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\grey.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\headsup.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\ico-shield.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\images.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\add.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\aol.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\arrow-dn.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\arrow-right.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\arrow-up.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btn-end.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btn-mdl.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btn-mdl_ff.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btn-start.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btnover-end.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btnover-mdl.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btnover-mdl_ff.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btnover-start.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\blank.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\btnback-down-vista.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\btnback-vista.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\btnleft-down-vista.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\btnleft-vista.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\btnright-down-vista.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\btnright-vista.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\button-splitter-down-vista.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\button-splitter-vista.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\checkmark.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\chevron.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\collapse.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\comcast.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\dtx.css
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\edit-back-hot.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\edit-back.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\expand.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\found.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\gmail.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\highlight.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\highlight_blue.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\highlight_cyan.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\highlight_lime.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\highlight_magenta.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\highlight_yellow.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\hotmail.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\imap.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\lastsearch-thumb-back.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\loadingMid.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\lock.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\mailcom.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menu_bg-basic.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menu_separator_bar.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitem-splitter.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitemback-down-vista.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitemback-vista.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitemleft-down-vista.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitemleft-vista.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitemright-down-vista.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitemright-vista.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\move.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\movetarget.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\css\popupAbout.css
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\css\popupGames.css
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\css\popupWidgets.css
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\footer.htm
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\gamecategory.xsl
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\gameData.js
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\gameList.xsl
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\gametype.xsl
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\arrow-sml-drop.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\arrow-sml.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\arrowr-bluew5.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\bg-aboutbox.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\bg-btnover.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\bg-pnl520x390.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-close-grey.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-close-greyover.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-drag.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-next-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-next.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-previous-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-previous.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\gamethumb-on.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\gamethumb2-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\ico-calendar.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\ico-download.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\ico-joystick24.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\ico-play.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\ico-tags.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\icon-Add.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\icon-download.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\icon-Info.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\icon-play.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\icon-shop.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\menul-bgon.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\menul-bgover.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\panel-botm-noscroll.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scroll-bg-206.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scroll-bg.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scroll-topwin.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollb-disable.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollb-down.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollb-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollb.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollt-disable.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollt-down.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollt-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollt.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\searchbox-pnlbtm.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\star_x_grey.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\star_x_orange.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\TRUSTe_about.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\view-detailed-on.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\view-detailed-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\view-thumb-on.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\view-thumb-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\widgets-square-16px.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\widgets-square-24px.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\popupGames.html
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\popupWidgets.html
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\pop.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\css\manager.css
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\css\slider.css
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\bg-pnl.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\btn-close-grey.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\btn-close-greyover.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\collapsed_button.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\expanded_button.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\ico-playstation-down.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\ico-playstation-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\ico-playstation.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\ico-radio.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\music-note.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause-on.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-btn-play-on.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-btn-play.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-eq-bg.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-eq-busy.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-eq-off.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-eq-on.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-eq-warning.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-options-design-on.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-options-design.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-options-on.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-options.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-volume-0.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-volume-1.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-volume-2.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-volume-3.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-volume-mute.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\scrollbar-handle.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\scrollbar-track.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\slider.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\slideron.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\track.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\managerpanel.html
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\volumeslider.html
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\remove.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\rename.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\resize-box.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\rss.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\rsschannelback.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\RSSLogo.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\rsstabdivider.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\scroll-left.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\scroll-right.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\search-go.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\search.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\text-ellipsis.xml
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\throbber.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\toolbarsplitter.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\transparent_1px.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_02.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_03.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_04.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_06.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_07.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_08.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_09.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_10.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_11.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_12.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_13.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_14.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_15.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_16.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_18.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_19.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_20.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_21.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\btn-close-grey.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\btn-close-greyover.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\close-hot.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\close-normal.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\loadingMid.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\proxy.html
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\template.html
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\template.xml
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\templateFF.html
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\throbber.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\icons\cond999.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\icons\icons.xml
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\icons\na-s.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\icons\na.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\icons\weather.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\add.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\arrowr-bluew5.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue-whitebg.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-check.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-uncheck.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-grey.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-greyover.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-delete.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next-off.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous-off.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-check.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid-s.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\options-weather.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-blue.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-orange.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug2.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-checked.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-unchecked.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\searchbox-pnlbtm.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\weather-contour.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.css
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.html
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\yahoo.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lichen.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\logo-about.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\logo.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\maps.bmp
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\menuseparatorback.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\modify-save.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\modify.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\modifyhot.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\music.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\news.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\options\options-main.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\options\options-search.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\options\options-weather.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\options\options-widgets.png

 

[TheBreah]

c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\orange.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\pixsy.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\relatedlinks.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-collapse.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-delete.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-expand.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-feed.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-folder-remove.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-folder-rename.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-folder.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-found.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-reload.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-subscribe.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rssback.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rsstopback.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\search-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\search.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\searchbar\searchbar-background-left.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\searchbar\searchbar-background-middle.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\searchbar\searchbar-background-right.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\searchqutb.css
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\settings.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\shopping.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\siteinfo.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\skin-bluelite.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\skin-bluesky.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\skin-grey.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\skin-lichen.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\skin-orange.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\skin-yellow.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\technorati.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\throbber.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\toolbarsplitter.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\video.bmp
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\weather.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\web.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_allocine.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_bliptv.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_calcal.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_calculator.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_gservices.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_sudoku.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_todo.jpg
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_todo.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_trio.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_uconverter.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\widgets-square-16px.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\widgets.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\wikipedia.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\yahoosearch.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\yellow.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\youtube.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\zoom.png
c:\program files\Windows Searchqu Toolbar\ToolBar\components\windowmediator.js
c:\program files\Windows Searchqu Toolbar\ToolBar\manifest.xml
c:\program files\Windows Searchqu Toolbar\ToolBar\uninstall.exe
c:\program files\Windows Searchqu Toolbar\uninstall.exe
C:\SWSetup1
c:\swsetup1\SP35475\AEEnable.exe
c:\swsetup1\SP35475\CPApp.ico
c:\swsetup1\SP35475\data.tag
c:\swsetup1\SP35475\data1.cab
c:\swsetup1\SP35475\data1.hdr
c:\swsetup1\SP35475\data2.cab
c:\swsetup1\SP35475\DevSetup.exe
c:\swsetup1\SP35475\engine32.cab
c:\swsetup1\SP35475\layout.bin
c:\swsetup1\SP35475\license.txt
c:\swsetup1\SP35475\platform.cfg
c:\swsetup1\SP35475\setup.exe
c:\swsetup1\SP35475\setup.ibt
c:\swsetup1\SP35475\setup.ini
c:\swsetup1\SP35475\setup.inx
c:\swsetup1\SP35475\setup.iss
c:\swsetup1\SP35475\SM_Comn\Help\Arabic\cpsimp.chm
c:\swsetup1\SP35475\SM_Comn\Help\Arabic\digaudmb.chm
c:\swsetup1\SP35475\SM_Comn\Help\Arabic\DTS.chm
c:\swsetup1\SP35475\SM_Comn\Help\Arabic\EQ.chm
c:\swsetup1\SP35475\SM_Comn\Help\Arabic\micro.chm
c:\swsetup1\SP35475\SM_Comn\Help\Arabic\pnp.chm
c:\swsetup1\SP35475\SM_Comn\Help\Arabic\power.chm
c:\swsetup1\SP35475\SM_Comn\Help\Arabic\sensa.chm
c:\swsetup1\SP35475\SM_Comn\Help\Arabic\smax.chm
c:\swsetup1\SP35475\SM_Comn\Help\Arabic\smax4hlp.chm
c:\swsetup1\SP35475\SM_Comn\Help\Arabic\SPDIF.chm
c:\swsetup1\SP35475\SM_Comn\Help\Brazil\cpsimp.chm
c:\swsetup1\SP35475\SM_Comn\Help\Brazil\digaudmb.chm
c:\swsetup1\SP35475\SM_Comn\Help\Brazil\DTS.chm
c:\swsetup1\SP35475\SM_Comn\Help\Brazil\EQ.chm
c:\swsetup1\SP35475\SM_Comn\Help\Brazil\micro.chm
c:\swsetup1\SP35475\SM_Comn\Help\Brazil\pnp.chm
c:\swsetup1\SP35475\SM_Comn\Help\Brazil\power.chm
c:\swsetup1\SP35475\SM_Comn\Help\Brazil\sensa.chm
c:\swsetup1\SP35475\SM_Comn\Help\Brazil\smax.chm
c:\swsetup1\SP35475\SM_Comn\Help\Brazil\smax4hlp.chm
c:\swsetup1\SP35475\SM_Comn\Help\Brazil\SPDIF.chm
c:\swsetup1\SP35475\SM_Comn\Help\Danish\cpsimp.chm
c:\swsetup1\SP35475\SM_Comn\Help\Danish\digaudmb.chm
c:\swsetup1\SP35475\SM_Comn\Help\Danish\DTS.chm
c:\swsetup1\SP35475\SM_Comn\Help\Danish\EQ.chm
c:\swsetup1\SP35475\SM_Comn\Help\Danish\micro.chm
c:\swsetup1\SP35475\SM_Comn\Help\Danish\pnp.chm
c:\swsetup1\SP35475\SM_Comn\Help\Danish\power.chm
c:\swsetup1\SP35475\SM_Comn\Help\Danish\sensa.chm
c:\swsetup1\SP35475\SM_Comn\Help\Danish\smax.chm
c:\swsetup1\SP35475\SM_Comn\Help\Danish\smax4hlp.chm
c:\swsetup1\SP35475\SM_Comn\Help\Danish\SPDIF.chm
c:\swsetup1\SP35475\SM_Comn\Help\Dutch\cpsimp.chm
c:\swsetup1\SP35475\SM_Comn\Help\Dutch\digaudmb.chm
c:\swsetup1\SP35475\SM_Comn\Help\Dutch\DTS.chm
c:\swsetup1\SP35475\SM_Comn\Help\Dutch\EQ.chm
c:\swsetup1\SP35475\SM_Comn\Help\Dutch\micro.chm
c:\swsetup1\SP35475\SM_Comn\Help\Dutch\pnp.chm
c:\swsetup1\SP35475\SM_Comn\Help\Dutch\power.chm
c:\swsetup1\SP35475\SM_Comn\Help\Dutch\sensa.chm
c:\swsetup1\SP35475\SM_Comn\Help\Dutch\smax.chm
c:\swsetup1\SP35475\SM_Comn\Help\Dutch\smax4hlp.chm
c:\swsetup1\SP35475\SM_Comn\Help\Dutch\SPDIF.chm
c:\swsetup1\SP35475\SM_Comn\Help\English\cpsimp.chm
c:\swsetup1\SP35475\SM_Comn\Help\English\digaudmb.chm
c:\swsetup1\SP35475\SM_Comn\Help\English\DTS.chm
c:\swsetup1\SP35475\SM_Comn\Help\English\EQ.chm
c:\swsetup1\SP35475\SM_Comn\Help\English\micro.chm
c:\swsetup1\SP35475\SM_Comn\Help\English\pnp.chm
c:\swsetup1\SP35475\SM_Comn\Help\English\power.chm
c:\swsetup1\SP35475\SM_Comn\Help\English\sensa.chm
c:\swsetup1\SP35475\SM_Comn\Help\English\smax.chm
c:\swsetup1\SP35475\SM_Comn\Help\English\smax4hlp.chm
c:\swsetup1\SP35475\SM_Comn\Help\English\SPDIF.chm
c:\swsetup1\SP35475\SM_Comn\Help\Finnish\cpsimp.chm
c:\swsetup1\SP35475\SM_Comn\Help\Finnish\digaudmb.chm
c:\swsetup1\SP35475\SM_Comn\Help\Finnish\DTS.chm
c:\swsetup1\SP35475\SM_Comn\Help\Finnish\EQ.chm
c:\swsetup1\SP35475\SM_Comn\Help\Finnish\micro.chm
c:\swsetup1\SP35475\SM_Comn\Help\Finnish\pnp.chm
c:\swsetup1\SP35475\SM_Comn\Help\Finnish\power.chm
c:\swsetup1\SP35475\SM_Comn\Help\Finnish\sensa.chm
c:\swsetup1\SP35475\SM_Comn\Help\Finnish\smax.chm
c:\swsetup1\SP35475\SM_Comn\Help\Finnish\smax4hlp.chm
c:\swsetup1\SP35475\SM_Comn\Help\Finnish\SPDIF.chm
c:\swsetup1\SP35475\SM_Comn\Help\French\cpsimp.chm
c:\swsetup1\SP35475\SM_Comn\Help\French\digaudmb.chm
c:\swsetup1\SP35475\SM_Comn\Help\French\DTS.chm
c:\swsetup1\SP35475\SM_Comn\Help\French\EQ.chm
c:\swsetup1\SP35475\SM_Comn\Help\French\micro.chm
c:\swsetup1\SP35475\SM_Comn\Help\French\pnp.chm
c:\swsetup1\SP35475\SM_Comn\Help\French\power.chm
c:\swsetup1\SP35475\SM_Comn\Help\French\sensa.chm
c:\swsetup1\SP35475\SM_Comn\Help\French\smax.chm
c:\swsetup1\SP35475\SM_Comn\Help\French\smax4hlp.chm
c:\swsetup1\SP35475\SM_Comn\Help\French\SPDIF.chm
c:\swsetup1\SP35475\SM_Comn\Help\German\cpsimp.chm
c:\swsetup1\SP35475\SM_Comn\Help\German\digaudmb.chm
c:\swsetup1\SP35475\SM_Comn\Help\German\DTS.chm
c:\swsetup1\SP35475\SM_Comn\Help\German\EQ.chm
c:\swsetup1\SP35475\SM_Comn\Help\German\micro.chm
c:\swsetup1\SP35475\SM_Comn\Help\German\pnp.chm
c:\swsetup1\SP35475\SM_Comn\Help\German\power.chm
c:\swsetup1\SP35475\SM_Comn\Help\German\sensa.chm
c:\swsetup1\SP35475\SM_Comn\Help\German\smax.chm
c:\swsetup1\SP35475\SM_Comn\Help\German\smax4hlp.chm
c:\swsetup1\SP35475\SM_Comn\Help\German\SPDIF.chm
c:\swsetup1\SP35475\SM_Comn\Help\Hebrew\cpsimp.chm
c:\swsetup1\SP35475\SM_Comn\Help\Hebrew\digaudmb.chm
c:\swsetup1\SP35475\SM_Comn\Help\Hebrew\DTS.chm
c:\swsetup1\SP35475\SM_Comn\Help\Hebrew\EQ.chm
c:\swsetup1\SP35475\SM_Comn\Help\Hebrew\micro.chm
c:\swsetup1\SP35475\SM_Comn\Help\Hebrew\pnp.chm
c:\swsetup1\SP35475\SM_Comn\Help\Hebrew\power.chm
c:\swsetup1\SP35475\SM_Comn\Help\Hebrew\sensa.chm
c:\swsetup1\SP35475\SM_Comn\Help\Hebrew\smax.chm
c:\swsetup1\SP35475\SM_Comn\Help\Hebrew\smax4hlp.chm
c:\swsetup1\SP35475\SM_Comn\Help\Hebrew\SPDIF.chm
c:\swsetup1\SP35475\SM_Comn\Help\Italian\cpsimp.chm
c:\swsetup1\SP35475\SM_Comn\Help\Italian\digaudmb.chm
c:\swsetup1\SP35475\SM_Comn\Help\Italian\DTS.chm
c:\swsetup1\SP35475\SM_Comn\Help\Italian\EQ.chm
c:\swsetup1\SP35475\SM_Comn\Help\Italian\micro.chm
c:\swsetup1\SP35475\SM_Comn\Help\Italian\pnp.chm
c:\swsetup1\SP35475\SM_Comn\Help\Italian\power.chm
c:\swsetup1\SP35475\SM_Comn\Help\Italian\sensa.chm
c:\swsetup1\SP35475\SM_Comn\Help\Italian\smax.chm
c:\swsetup1\SP35475\SM_Comn\Help\Italian\smax4hlp.chm
c:\swsetup1\SP35475\SM_Comn\Help\Italian\SPDIF.chm
c:\swsetup1\SP35475\SM_Comn\Help\Japanese\cpsimp.chm
c:\swsetup1\SP35475\SM_Comn\Help\Japanese\digaudmb.chm
c:\swsetup1\SP35475\SM_Comn\Help\Japanese\DTS.chm
c:\swsetup1\SP35475\SM_Comn\Help\Japanese\EQ.chm
c:\swsetup1\SP35475\SM_Comn\Help\Japanese\micro.chm
c:\swsetup1\SP35475\SM_Comn\Help\Japanese\pnp.chm
c:\swsetup1\SP35475\SM_Comn\Help\Japanese\power.chm
c:\swsetup1\SP35475\SM_Comn\Help\Japanese\sensa.chm
c:\swsetup1\SP35475\SM_Comn\Help\Japanese\smax.chm
c:\swsetup1\SP35475\SM_Comn\Help\Japanese\smax4hlp.chm
c:\swsetup1\SP35475\SM_Comn\Help\Japanese\SPDIF.chm
c:\swsetup1\SP35475\SM_Comn\Help\Korean\cpsimp.chm
c:\swsetup1\SP35475\SM_Comn\Help\Korean\digaudmb.chm
c:\swsetup1\SP35475\SM_Comn\Help\Korean\DTS.chm
c:\swsetup1\SP35475\SM_Comn\Help\Korean\EQ.chm
c:\swsetup1\SP35475\SM_Comn\Help\Korean\micro.chm
c:\swsetup1\SP35475\SM_Comn\Help\Korean\pnp.chm
c:\swsetup1\SP35475\SM_Comn\Help\Korean\power.chm
c:\swsetup1\SP35475\SM_Comn\Help\Korean\sensa.chm
c:\swsetup1\SP35475\SM_Comn\Help\Korean\smax.chm
c:\swsetup1\SP35475\SM_Comn\Help\Korean\smax4hlp.chm
c:\swsetup1\SP35475\SM_Comn\Help\Korean\SPDIF.chm
c:\swsetup1\SP35475\SM_Comn\Help\Norweg\cpsimp.chm
c:\swsetup1\SP35475\SM_Comn\Help\Norweg\digaudmb.chm
c:\swsetup1\SP35475\SM_Comn\Help\Norweg\DTS.chm
c:\swsetup1\SP35475\SM_Comn\Help\Norweg\EQ.chm
c:\swsetup1\SP35475\SM_Comn\Help\Norweg\micro.chm
c:\swsetup1\SP35475\SM_Comn\Help\Norweg\pnp.chm
c:\swsetup1\SP35475\SM_Comn\Help\Norweg\power.chm
c:\swsetup1\SP35475\SM_Comn\Help\Norweg\sensa.chm
c:\swsetup1\SP35475\SM_Comn\Help\Norweg\smax.chm
c:\swsetup1\SP35475\SM_Comn\Help\Norweg\smax4hlp.chm
c:\swsetup1\SP35475\SM_Comn\Help\Norweg\SPDIF.chm
c:\swsetup1\SP35475\SM_Comn\Help\Polish\cpsimp.chm
c:\swsetup1\SP35475\SM_Comn\Help\Polish\digaudmb.chm
c:\swsetup1\SP35475\SM_Comn\Help\Polish\DTS.chm
c:\swsetup1\SP35475\SM_Comn\Help\Polish\EQ.chm
c:\swsetup1\SP35475\SM_Comn\Help\Polish\micro.chm
c:\swsetup1\SP35475\SM_Comn\Help\Polish\pnp.chm
c:\swsetup1\SP35475\SM_Comn\Help\Polish\power.chm
c:\swsetup1\SP35475\SM_Comn\Help\Polish\sensa.chm
c:\swsetup1\SP35475\SM_Comn\Help\Polish\smax.chm
c:\swsetup1\SP35475\SM_Comn\Help\Polish\smax4hlp.chm
c:\swsetup1\SP35475\SM_Comn\Help\Polish\SPDIF.chm
c:\swsetup1\SP35475\SM_Comn\Help\Russian\cpsimp.chm
c:\swsetup1\SP35475\SM_Comn\Help\Russian\digaudmb.chm
c:\swsetup1\SP35475\SM_Comn\Help\Russian\DTS.chm
c:\swsetup1\SP35475\SM_Comn\Help\Russian\EQ.chm
c:\swsetup1\SP35475\SM_Comn\Help\Russian\micro.chm
c:\swsetup1\SP35475\SM_Comn\Help\Russian\pnp.chm
c:\swsetup1\SP35475\SM_Comn\Help\Russian\power.chm
c:\swsetup1\SP35475\SM_Comn\Help\Russian\sensa.chm
c:\swsetup1\SP35475\SM_Comn\Help\Russian\smax.chm
c:\swsetup1\SP35475\SM_Comn\Help\Russian\smax4hlp.chm
c:\swsetup1\SP35475\SM_Comn\Help\Russian\SPDIF.chm
c:\swsetup1\SP35475\SM_Comn\Help\SimpChin\cpsimp.chm
c:\swsetup1\SP35475\SM_Comn\Help\SimpChin\digaudmb.chm
c:\swsetup1\SP35475\SM_Comn\Help\SimpChin\DTS.chm
c:\swsetup1\SP35475\SM_Comn\Help\SimpChin\EQ.chm
c:\swsetup1\SP35475\SM_Comn\Help\SimpChin\micro.chm
c:\swsetup1\SP35475\SM_Comn\Help\SimpChin\pnp.chm
c:\swsetup1\SP35475\SM_Comn\Help\SimpChin\power.chm
c:\swsetup1\SP35475\SM_Comn\Help\SimpChin\sensa.chm
c:\swsetup1\SP35475\SM_Comn\Help\SimpChin\smax.chm
c:\swsetup1\SP35475\SM_Comn\Help\SimpChin\smax4hlp.chm
c:\swsetup1\SP35475\SM_Comn\Help\SimpChin\SPDIF.chm
c:\swsetup1\SP35475\SM_Comn\Help\SMHelp.exe
c:\swsetup1\SP35475\SM_Comn\Help\Spanish\cpsimp.chm
c:\swsetup1\SP35475\SM_Comn\Help\Spanish\digaudmb.chm
c:\swsetup1\SP35475\SM_Comn\Help\Spanish\DTS.chm
c:\swsetup1\SP35475\SM_Comn\Help\Spanish\EQ.chm
c:\swsetup1\SP35475\SM_Comn\Help\Spanish\micro.chm
c:\swsetup1\SP35475\SM_Comn\Help\Spanish\pnp.chm
c:\swsetup1\SP35475\SM_Comn\Help\Spanish\power.chm
c:\swsetup1\SP35475\SM_Comn\Help\Spanish\sensa.chm
c:\swsetup1\SP35475\SM_Comn\Help\Spanish\smax.chm
c:\swsetup1\SP35475\SM_Comn\Help\Spanish\smax4hlp.chm
c:\swsetup1\SP35475\SM_Comn\Help\Spanish\SPDIF.chm
c:\swsetup1\SP35475\SM_Comn\Help\Swedish\cpsimp.chm
c:\swsetup1\SP35475\SM_Comn\Help\Swedish\digaudmb.chm
c:\swsetup1\SP35475\SM_Comn\Help\Swedish\DTS.chm
c:\swsetup1\SP35475\SM_Comn\Help\Swedish\EQ.chm
c:\swsetup1\SP35475\SM_Comn\Help\Swedish\micro.chm
c:\swsetup1\SP35475\SM_Comn\Help\Swedish\pnp.chm
c:\swsetup1\SP35475\SM_Comn\Help\Swedish\power.chm
c:\swsetup1\SP35475\SM_Comn\Help\Swedish\sensa.chm
c:\swsetup1\SP35475\SM_Comn\Help\Swedish\smax.chm
c:\swsetup1\SP35475\SM_Comn\Help\Swedish\smax4hlp.chm
c:\swsetup1\SP35475\SM_Comn\Help\Swedish\SPDIF.chm
c:\swsetup1\SP35475\SM_Comn\Help\Thai\cpsimp.chm
c:\swsetup1\SP35475\SM_Comn\Help\Thai\digaudmb.chm
c:\swsetup1\SP35475\SM_Comn\Help\Thai\DTS.chm
c:\swsetup1\SP35475\SM_Comn\Help\Thai\EQ.chm
c:\swsetup1\SP35475\SM_Comn\Help\Thai\micro.chm
c:\swsetup1\SP35475\SM_Comn\Help\Thai\pnp.chm
c:\swsetup1\SP35475\SM_Comn\Help\Thai\power.chm
c:\swsetup1\SP35475\SM_Comn\Help\Thai\sensa.chm
c:\swsetup1\SP35475\SM_Comn\Help\Thai\smax.chm
c:\swsetup1\SP35475\SM_Comn\Help\Thai\smax4hlp.chm
c:\swsetup1\SP35475\SM_Comn\Help\Thai\SPDIF.chm
c:\swsetup1\SP35475\SM_Comn\Help\TradChin\cpsimp.chm
c:\swsetup1\SP35475\SM_Comn\Help\TradChin\digaudmb.chm
c:\swsetup1\SP35475\SM_Comn\Help\TradChin\DTS.chm
c:\swsetup1\SP35475\SM_Comn\Help\TradChin\EQ.chm
c:\swsetup1\SP35475\SM_Comn\Help\TradChin\micro.chm
c:\swsetup1\SP35475\SM_Comn\Help\TradChin\pnp.chm
c:\swsetup1\SP35475\SM_Comn\Help\TradChin\power.chm
c:\swsetup1\SP35475\SM_Comn\Help\TradChin\sensa.chm
c:\swsetup1\SP35475\SM_Comn\Help\TradChin\smax.chm
c:\swsetup1\SP35475\SM_Comn\Help\TradChin\smax4hlp.chm
c:\swsetup1\SP35475\SM_Comn\Help\TradChin\SPDIF.chm
c:\swsetup1\SP35475\SM_Comn\Sys\placer.txt
c:\swsetup1\SP35475\SM_Micro\Sys\MicTab.dll
c:\swsetup1\SP35475\SM_Micro\Wizards\SMWizard.exe
c:\swsetup1\SP35475\SM_Panel\Sys\license.txt
c:\swsetup1\SP35475\SM_Panel\Sys\SMax4.cpl
c:\swsetup1\SP35475\SM_Panel\Sys\SMax4.exe
c:\swsetup1\SP35475\SM_Panel\Sys\SMMedia.dll
c:\swsetup1\SP35475\SM_Panel\Sys\wdmioctl.dll
c:\swsetup1\SP35475\SM_Power\Sys\PwrMan.dll
c:\swsetup1\SP35475\SMax3CP.ico
c:\swsetup1\SP35475\SMAXWDM\W2K_XP\ADIHdAud.inf
c:\swsetup1\SP35475\SMAXWDM\W2K_XP\ADIHdAud.sys
c:\swsetup1\SP35475\SMAXWDM\W2K_XP\AEAUDIO.sys
c:\swsetup1\SP35475\SMAXWDM\W2K_XP\mixer.ini
c:\swsetup1\SP35475\SMAXWDM\W2K_XP\PostProc.dll
c:\swsetup1\SP35475\SMAXWDM\W2K_XP\SMax4PNP.exe
c:\swsetup1\SP35475\SMAXWDM\W2K_XP\SMWDMIF.dll
c:\swsetup1\SP35475\SMAXWDM\W2K_XP\smx.cat
c:\swsetup1\SP35475\Sys\CleanUp.exe
c:\swsetup1\SP35475\Sys\DSndUp.exe
c:\swsetup1\SP35475\win256_3.bmp
C:\Thumbs.db
c:\windows2\system32\_000115_.tmp.dll
c:\windows2\system32\FC3EC74932.dll
c:\windows2\system32\msssc.dll
c:\windows2\system32\SET1639.tmp
c:\windows2\system32\SET2BFD.tmp
c:\windows2\system32\SET2C03.tmp
c:\windows2\system32\SET2C04.tmp
c:\windows2\system32\SET2C0B.tmp
c:\windows2\system32\SET2C0D.tmp
c:\windows2\system32\SET64E.tmp
c:\windows2\system32\SET7CF1.tmp
c:\windows2\system32\SETE0E.tmp
c:\windows2\Temp\tmp3.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-01-14 to 2012-02-14 )))))))))))))))))))))))))))))))
.
.
2012-02-14 16:03 . 2012-02-14 16:03 -------- d-----w- c:\documents and settings\All Users.WINDOWS2\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
2012-02-14 15:35 . 2012-02-14 15:37 -------- d-----w- c:\program files\Dll-Files.com Fixer
2012-02-14 15:28 . 2012-02-14 15:28 -------- d-----w- c:\documents and settings\Pe.BREAH-7959170B3\Application Data\dll-files.com
2012-02-14 15:23 . 2012-02-14 15:23 -------- d-----w- c:\program files\Uniblue
2012-02-14 15:08 . 2012-02-14 15:10 -------- d-----w- c:\documents and settings\All Users.WINDOWS2\Application Data\SpeedyPC Software
2012-02-13 17:14 . 2012-02-13 17:14 -------- d-----w- c:\program files\Ask.com
2012-02-13 17:14 . 2012-02-14 16:39 -------- d-----w- c:\documents and settings\Pe.BREAH-7959170B3\Local Settings\Application Data\AskToolbar
2012-02-13 17:14 . 2012-02-13 17:14 -------- d-----w- c:\documents and settings\Pe.BREAH-7959170B3\Local Settings\Application Data\APN
2012-02-13 12:53 . 2012-02-13 12:53 -------- d-----w- c:\documents and settings\Pe.BREAH-7959170B3\Application Data\Registry Mechanic
2012-02-13 12:41 . 2012-02-13 17:47 -------- d-----w- c:\program files\Common Files\PC Tools
2012-02-13 12:35 . 2012-02-13 12:36 -------- d-----w- c:\documents and settings\All Users.WINDOWS2\Application Data\RegistryCleanEasy
2012-02-13 12:35 . 2012-02-13 12:35 -------- d-----w- C:\RegistryCleanEasy
2012-02-13 11:41 . 2012-02-13 11:41 -------- d-----w- c:\documents and settings\Pe.BREAH-7959170B3\AppData
2012-02-13 11:32 . 2012-02-13 11:32 -------- d-----w- c:\documents and settings\Pe.BREAH-7959170B3\Application Data\PCPro
2012-02-13 11:32 . 2012-02-13 11:32 -------- d-----w- c:\documents and settings\Pe.BREAH-7959170B3\Application Data\PC Cleaners
2012-02-13 11:31 . 2012-02-13 11:30 5276432 ----a-w- c:\windows2\uninst.exe
2012-02-13 11:31 . 2012-02-13 11:31 -------- d-----w- c:\documents and settings\All Users.WINDOWS2\Application Data\PC1Data
2012-02-12 23:44 . 2011-07-06 19:52 41272 ----a-w- c:\windows2\system32\drivers\mbamswissarmy.sys
2012-02-12 23:13 . 2012-02-12 23:13 -------- d-----w- c:\windows2\system32\wbem\Repository
2012-02-12 22:58 . 2012-02-12 22:58 -------- d-----w- c:\program files\Enigma Software Group
2012-02-06 09:52 . 2012-02-13 09:54 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-02-06 09:52 . 2012-02-13 09:54 43960 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
2012-02-06 09:50 . 2009-03-18 16:35 26176 ---ha-w- c:\windows2\system32\hamachi.sys
2012-01-31 18:52 . 2012-01-31 18:52 -------- d-----w- c:\documents and settings\Pe.BREAH-7959170B3\Local Settings\Application Data\Heroes and Generals
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-01 21:14 . 2010-06-01 12:54 138520 ----a-w- c:\windows2\system32\drivers\PnkBstrK.sys
2012-02-01 21:11 . 2010-06-01 12:53 234536 ----a-w- c:\windows2\system32\PnkBstrB.exe
2012-02-01 21:11 . 2009-03-29 18:06 234536 ----a-w- c:\windows2\system32\PnkBstrB.xtr
2012-01-31 15:34 . 2010-06-01 12:53 234536 ----a-w- c:\windows2\system32\PnkBstrB.ex0
2012-01-17 15:01 . 2009-01-21 16:46 139152 -c--a-w- c:\documents and settings\Pe.BREAH-7959170B3\Application Data\PnkBstrK.sys
2011-12-13 11:01 . 2010-07-07 15:52 1698408 ----a-w- c:\windows2\RtlExUpd.dll
2011-11-25 21:57 . 2009-01-13 11:37 293376 ----a-w- c:\windows2\system32\winsrv.dll
2011-11-23 13:25 . 2009-01-13 11:37 1859584 ----a-w- c:\windows2\system32\win32k.sys
2011-11-18 12:35 . 2009-01-13 11:36 60416 ----a-w- c:\windows2\system32\packager.exe
2012-02-13 09:54 . 2011-05-01 12:22 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2006-05-03 09:06 163328 --sh--r- c:\windows2\system32\flvDX.dll
2007-02-21 10:47 31232 --sh--r- c:\windows2\system32\msfDX.dll
2008-03-16 12:30 216064 --sh--r- c:\windows2\system32\nbDX.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-01-13 . 649B4101C35E996E1866037C28A5FD42 . 1614848 . . [5.1.2600.5512] . . c:\windows2\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-08-23 1515688]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-08-23 21:20 1515688 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-08-23 1515688]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PD0630 STISvc"="P0630Pin.dll" [2005-06-05 36864]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-10-07 1461080]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"StartCCC"="f:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-06-22 98304]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows2\system32\CTFMON.EXE" [2009-01-13 15360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /k:C /k:F *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS2^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows2\pss\HP Digital Imaging Monitor.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Companion
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 03:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnUpdater]
2011-08-23 21:20 887976 ----a-w- c:\program files\Ask.com\Updater\Updater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-12-29 10:40 687560 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
2007-09-06 13:08 136136 ----a-w- c:\programas\DAEMON Tools Pro\DTProAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-03-18 12:21 136176 ----atw- c:\documents and settings\Pe.BREAH-7959170B3\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2007-08-24 07:00 33648 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 15:24 54840 ----a-w- f:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2011-07-06 19:52 449584 ----a-w- f:\2\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 23:08 417792 ----a-w- f:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2010-06-08 16:16 19552872 ----a-w- c:\windows2\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2010-06-08 16:16 1833576 ----a-w- c:\windows2\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 15:07 2260480 -csha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 12:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"f:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"f:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"f:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"f:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"f:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"f:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"f:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"f:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"f:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"f:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"f:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"f:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"f:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"f:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\WINDOWS2\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS2\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"f:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"f:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"f:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"c:\\Programas\\The All-Seeing Eye\\eye.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"f:\\Games\\Steam\\steamapps\\randoomized\\source sdk base\\hl2.exe"=
"c:\\Programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\SoulseekNS\\slsk.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"f:\\Games\\Steam\\Steam.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"f:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\Pe.BREAH-7959170B3\\Application Data\\Octoshape\\Octoshape Streaming Services\\OctoshapeClient.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Documents and Settings\\Pe.BREAH-7959170B3\\Application Data\\Macromedia\\Flash Player\\"=
"c:\\WINDOWS2\\system32\\dpvsetup.exe"=
"c:\\Programas\\SmartFTP Client\\SmartFTP.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"f:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe"=
"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"f:\\Games\\Steam\\steamapps\\randoomized\\source sdk base 2007\\hl2.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\forgottenhope2.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\FH2.exe"=
"f:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"f:\\Games\\Steam\\steamapps\\randoomized\\counter-strike\\hl.exe"=
"c:\\Documents and Settings\\Pe.BREAH-7959170B3\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"f:\\Programas\\mIRC\\mirc.exe"=
"f:\\Games\\Steam\\steamapps\\randoomized\\counter-strike source\\hl2.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5222:TCP"= 5222:TCP:xmpp.quakelive.com
"56831:TCP"= 56831:TCPando Media Booster
"56831:UDP"= 56831:UDPando Media Booster
"56065:TCP"= 56065:TCPando
"563:TCP"= 563:TCPando2
.
R0 sptd;sptd;c:\windows2\system32\drivers\sptd.sys [13-01-2009 16:26 717296]
R1 epfwtdir;epfwtdir;c:\windows2\system32\drivers\epfwtdir.sys [20-02-2008 11:11 35168]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [07-10-2009 9:16 472280]
R2 MBAMService;MBAMService;f:\2\Malwarebytes' Anti-Malware\mbamservice.exe [12-02-2012 23:44 366640]
R2 XobniService;XobniService;f:\program files\Xobni\XobniService.exe [20-11-2009 17:13 55016]
R3 MBAMProtector;MBAMProtector;c:\windows2\system32\drivers\mbam.sys [10-12-2010 20:21 22712]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows2\system32\drivers\seehcri.sys [23-11-2009 21:56 27632]
S2 gupdate1c98bb8b2aea58;Google Update Service (gupdate1c98bb8b2aea58);c:\program files\Google\Update\GoogleUpdate.exe [10-02-2009 19:44 133104]
S2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max Design 2009 32-bit 32-bit; [x]
S3 Ambfilt;Ambfilt;c:\windows2\system32\drivers\Ambfilt.sys [07-07-2010 15:53 1691480]
S3 atidgllk;atidgllk;c:\program files\winflash\atidgllk.sys [07-07-2010 16:32 12048]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows2\system32\drivers\ggflt.sys [23-11-2009 22:08 13224]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10-02-2009 19:44 133104]
S3 P0630VID;Creative WebCam Live!;c:\windows2\system32\drivers\P0630Vid.sys [25-02-2010 15:27 91841]
S3 pcouffin;VSO Software pcouffin;c:\windows2\system32\drivers\pcouffin.sys [28-01-2009 23:51 47360]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows2\system32\drivers\s0017bus.sys [23-11-2009 21:56 86824]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows2\system32\drivers\s0017mdfl.sys [23-11-2009 21:56 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows2\system32\drivers\s0017mdm.sys [23-11-2009 21:56 114600]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows2\system32\drivers\s0017mgmt.sys [23-11-2009 21:56 108328]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows2\system32\drivers\s0017nd5.sys [23-11-2009 21:56 26024]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows2\system32\drivers\s0017obex.sys [23-11-2009 21:56 104616]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows2\system32\drivers\s0017unic.sys [23-11-2009 21:56 109736]
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-14 c:\windows2\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-10 19:44]
.
2012-02-14 c:\windows2\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-10 19:44]
.
2012-02-09 c:\windows2\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-362288127-1417001333-1003Core.job
- c:\documents and settings\Pe.BREAH-7959170B3\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-06-14 12:21]
.
2012-02-14 c:\windows2\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-362288127-1417001333-1003UA.job
- c:\documents and settings\Pe.BREAH-7959170B3\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-06-14 12:21]
.
2012-02-14 c:\windows2\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2011-08-23 21:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://eu.ask.com/?l=dis&o=102866&gct=hp
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: E&xportar para o Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: forgottenhonor.com\www
TCP: DhcpNameServer = 212.113.164.58 212.113.164.57
DPF: {5B54751C-0EDB-4CAE-816C-65BCED3FF819} - hxxp://game.heroesandgenerals.com/retox.ocx
DPF: {9BD3C5C6-BCBA-47BF-9CC0-0D5D3E117DE1} - hxxp://www.bravearms.com/razor/plugins/WebMediaPlayer.cab
FF - ProfilePath - c:\documents and settings\Pe.BREAH-7959170B3\Application Data\Mozilla\Firefox\Profiles\ybxr1hhq.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.maisfutebol.iol.pt/
FF - prefs.js: keyword.URL - hxxp://startsear.ch/?aff=1&q=
.
.
------- File Associations -------
.
.txt=
.
- - - - ORPHANS REMOVED - - - -
.
HKU-Default-RunOnce-!SearchquFF - c:\windows2\TEMP\SEARCH~1\INSTAL~1.DLL
AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\documents and settings\All Users.WINDOWS2\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}\bm_installer.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-14 19:49
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-448539723-362288127-1417001333-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-448539723-362288127-1417001333-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:9c,74,e3,9b,7d,bd,31,24,61,49,0f,9f,bd,6b,c8,9c,57,76,09,3c,fe,5b,11,
65,21,44,3f,b5,77,76,77,3b,ab,19,35,22,af,41,88,6c,f8,ff,fb,1b,bb,ab,45,49,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(688)
c:\windows2\system32\Ati2evxx.dll
c:\windows2\system32\atiadlxx.dll
c:\windows2\system32\CLBCATQ.DLL
.
- - - - - - - > 'explorer.exe'(1444)
c:\windows2\system32\WININET.dll
c:\windows2\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows2\system32\msi.dll
c:\windows2\system32\ieframe.dll
c:\windows2\system32\webcheck.dll
c:\windows2\system32\WPDShServiceObj.dll
c:\windows2\system32\hnetcfg.dll
c:\windows2\system32\PortableDeviceTypes.dll
c:\windows2\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows2\system32\Ati2evxx.exe
c:\windows2\system32\Ati2evxx.exe
c:\windows2\system32\AEADISRV.EXE
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
f:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows2\system32\HPZipm12.exe
c:\windows2\system32\PnkBstrA.exe
c:\windows2\system32\RunDLL32.exe
f:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
f:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Completion time: 2012-02-14 19:55:49 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-14 19:55
.
Pre-Run: 3.583.823.872 bytes free
Post-Run: 6.063.177.728 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS2
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS2="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 96800DCFE96085404278ED1BA17152B8

 

[Broni]

Uninstall Free Window Registry Repair and Registry Clean Easy for the reason I mentioned previously (registry cleaners).

Uninstall Ask Toolbar, typical foistware.

Combofix log looks good.

How is computer doing?

Download OTL to your Desktop.

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Scan All Users checkbox.
• Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[TheBreah]

Its still giving the same error on several programs. ".... oleaccrc.dll is corrupt and unreadable.
_______________

OTL logfile created on: 15-02-2012 11:11:09 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = F:\Ziped Files
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000816 | Country: Portugal | Language: PTG | Date Format: dd-MM-yyyy

2,00 Gb Total Physical Memory | 1,22 Gb Available Physical Memory | 61,28% Memory free
3,85 Gb Paging File | 3,24 Gb Available in Paging File | 84,23% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS2 | %ProgramFiles% = C:\Program Files
Drive C: | 29,29 Gb Total Space | 5,62 Gb Free Space | 19,17% Space Free | Partition Type: NTFS
Drive F: | 45,23 Gb Total Space | 4,35 Gb Free Space | 9,62% Space Free | Partition Type: NTFS

Computer Name: BREAH-7959170B3 | User Name: Pe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-02-15 11:09:30 | 000,584,192 | ---- | M] (OldTimer Tools) -- F:\Ziped Files\OTL.exe
PRC - [2012-02-13 09:54:45 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011-07-06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- f:\2\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010-03-04 22:38:00 | 000,071,096 | ---- | M] () -- f:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2009-11-20 17:13:56 | 000,055,016 | ---- | M] (Xobni Corporation) -- F:\Program Files\Xobni\XobniService.exe
PRC - [2009-10-07 09:16:50 | 000,472,280 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2009-10-07 09:15:42 | 001,461,080 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2009-01-13 11:36:32 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS2\explorer.exe
PRC - [2008-07-15 12:09:52 | 000,090,112 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS2\system32\AEADISRV.EXE
PRC - [2007-08-09 07:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS2\system32\HPZipm12.exe


========== Modules (No Company Name) ==========

MOD - [2012-02-13 09:54:40 | 001,969,080 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012-01-11 00:45:28 | 011,817,472 | ---- | M] () -- C:\WINDOWS2\assembly\NativeImages_v2.0.50727_32\System.Web\62e34cfb5a8b233667c7c5a47a32ad93\System.Web.ni.dll
MOD - [2012-01-11 00:45:15 | 000,771,584 | ---- | M] () -- C:\WINDOWS2\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\3c272cad7afb127e2a2bdb8a5a808512\System.Runtime.Remoting.ni.dll
MOD - [2011-11-05 18:28:07 | 000,166,912 | ---- | M] () -- F:\Program Files\WinRAR\RarExt.dll
MOD - [2011-11-03 15:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS2\system32\quartz.dll
MOD - [2011-10-24 20:02:45 | 008,522,400 | ---- | M] () -- C:\WINDOWS2\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011-10-13 07:50:53 | 000,212,992 | ---- | M] () -- C:\WINDOWS2\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll
MOD - [2011-10-13 07:49:39 | 000,025,600 | ---- | M] () -- C:\WINDOWS2\assembly\NativeImages_v2.0.50727_32\Accessibility\d86a3346c3d90ff12d0df9d7726f3ece\Accessibility.ni.dll
MOD - [2011-10-13 07:49:37 | 012,430,848 | ---- | M] () -- C:\WINDOWS2\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll
MOD - [2011-10-13 00:28:18 | 001,587,200 | ---- | M] () -- C:\WINDOWS2\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll
MOD - [2011-10-13 00:27:44 | 005,450,752 | ---- | M] () -- C:\WINDOWS2\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
MOD - [2011-10-13 00:27:39 | 000,971,264 | ---- | M] () -- C:\WINDOWS2\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll
MOD - [2011-10-13 00:27:35 | 007,950,848 | ---- | M] () -- C:\WINDOWS2\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2011-10-13 00:27:20 | 011,490,816 | ---- | M] () -- C:\WINDOWS2\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2010-06-22 23:07:40 | 000,270,336 | ---- | M] () -- F:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2010-04-08 12:23:26 | 000,430,080 | R--- | M] () -- F:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
MOD - [2010-03-16 12:22:12 | 000,014,848 | ---- | M] () -- F:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AxInterop.WBOCXLib.dll
MOD - [2010-03-04 22:38:00 | 000,071,096 | ---- | M] () -- f:\Program Files\CDBurnerXP\NMSAccessU.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (wuauserv)
SRV - File not found [Auto | Stopped] -- -- (mi-raysat_3dsMax2009_32)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011-07-06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- f:\2\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010-03-04 22:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- f:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2009-11-20 17:13:56 | 000,055,016 | ---- | M] (Xobni Corporation) [Auto | Running] -- F:\Program Files\Xobni\XobniService.exe -- (XobniService)
SRV - [2009-10-07 09:21:14 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009-10-07 09:16:50 | 000,472,280 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2009-02-05 13:40:58 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008-07-15 12:09:52 | 000,090,112 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\WINDOWS2\system32\AEADISRV.EXE -- (AEADIFilters)
SRV - [2007-08-09 07:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS2\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2011-07-06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS2\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010-06-23 00:00:04 | 005,068,288 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS2\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2010-06-08 16:16:26 | 006,056,040 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS2\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2010-05-17 08:04:06 | 000,101,904 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS2\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2009-11-18 06:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS2\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009-11-18 06:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS2\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009-11-12 13:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS2\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009-10-07 09:18:36 | 000,035,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS2\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2009-10-07 09:12:22 | 000,054,184 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS2\system32\drivers\easdrv.sys -- (easdrv)
DRV - [2009-10-07 09:11:10 | 000,040,824 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS2\system32\drivers\eamon.sys -- (eamon)
DRV - [2009-05-04 16:54:14 | 000,279,712 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS2\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2009-05-04 16:54:13 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS2\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009-04-06 09:13:52 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS2\system32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2009-04-06 09:13:52 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS2\system32\drivers\ggflt.sys -- (ggflt)
DRV - [2009-03-18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS2\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2009-01-13 16:26:10 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS2\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008-10-21 10:22:48 | 000,114,600 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS2\system32\drivers\s0017mdm.sys -- (s0017mdm)
DRV - [2008-10-21 10:22:48 | 000,109,736 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS2\system32\drivers\s0017unic.sys -- (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM)
DRV - [2008-10-21 10:22:48 | 000,108,328 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS2\system32\drivers\s0017mgmt.sys -- (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM)
DRV - [2008-10-21 10:22:48 | 000,104,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS2\system32\drivers\s0017obex.sys -- (s0017obex)
DRV - [2008-10-21 10:22:48 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS2\system32\drivers\s0017bus.sys -- (s0017bus) Sony Ericsson Device 0017 driver (WDM)
DRV - [2008-10-21 10:22:48 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS2\system32\drivers\s0017nd5.sys -- (s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS)
DRV - [2008-10-21 10:22:48 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS2\system32\drivers\s0017mdfl.sys -- (s0017mdfl)
DRV - [2008-01-09 11:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\WINDOWS2\system32\drivers\seehcri.sys -- (seehcri)
DRV - [2006-09-24 13:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS2\system32\speedfan.sys -- (speedfan)
DRV - [2006-08-31 11:54:44 | 000,081,280 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS2\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006-07-19 11:04:18 | 000,012,048 | R--- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\winflash\atidgllk.sys -- (atidgllk)
DRV - [2005-08-11 12:49:28 | 000,393,088 | R--- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS2\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2005-08-11 12:49:28 | 000,393,088 | R--- | M] (Sensaura) [Kernel | On_Demand | Stopped] -- C:\WINDOWS2\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2005-06-06 02:44:05 | 000,091,841 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS2\system32\drivers\P0630Vid.sys -- (P0630VID)
DRV - [2004-08-13 02:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS2\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [1996-04-03 19:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS2\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-448539723-362288127-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://eu.ask.com/?l=dis&o=102866&gct=hp
IE - HKU\S-1-5-21-448539723-362288127-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt
IE - HKU\S-1-5-21-448539723-362288127-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 72 D7 DE D7 CE 67 CC 01 [binary data]
IE - HKU\S-1-5-21-448539723-362288127-1417001333-1003\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\InprocServer32 File not found
IE - HKU\S-1-5-21-448539723-362288127-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-448539723-362288127-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Web Search"
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.maisfutebol.iol.pt/"
FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.86.1
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.2
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: webmediaplayer@3gstudiosinc.com:0.0.3.7
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: firefox@bandoo.com:5.0
FF - prefs.js..extensions.enabledItems: battlefieldplay4free@ea.com:1.0.26.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://startsear.ch/?aff=1&q="

FF - HKLM\Software\MozillaPlugins\@3gstudios.com/webmediaclient,version=1.0: C:\Program Files\3G Studios\Web Media Client\npWebMediaClient.dll (3G Studios, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS2\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS2\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\Documents and Settings\All Users.WINDOWS2\Application Data\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS2\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: f:\Program Files\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: f:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: f:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll (Octoshape ApS)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Pe.BREAH-7959170B3\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Pe.BREAH-7959170B3\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-02-13 09:54:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-09-18 19:30:04 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\firefox@bandoo.com: C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\Mozilla\Firefox\Profiles/ybxr1hhq.default\extensions\firefox@bandoo.com [2010-12-09 20:58:03 | 000,000,000 | ---D | M]

[2009-01-13 15:50:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\Mozilla\Extensions
[2012-02-14 11:20:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\Mozilla\Firefox\Profiles\ybxr1hhq.default\extensions
[2012-02-14 11:20:15 | 000,000,000 | ---D | M] (Flagfox) -- C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\Mozilla\Firefox\Profiles\ybxr1hhq.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2010-04-27 19:57:15 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\Mozilla\Firefox\Profiles\ybxr1hhq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011-12-23 10:38:41 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\Mozilla\Firefox\Profiles\ybxr1hhq.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2012-02-14 11:20:19 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\Mozilla\Firefox\Profiles\ybxr1hhq.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010-12-20 14:55:15 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\Mozilla\Firefox\Profiles\ybxr1hhq.default\extensions\battlefieldplay4free@ea.com
[2010-12-09 20:58:03 | 000,000,000 | ---D | M] (Bandoo for Firefox) -- C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\Mozilla\Firefox\Profiles\ybxr1hhq.default\extensions\firefox@bandoo.com
[2009-10-26 12:48:11 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\Mozilla\Firefox\Profiles\ybxr1hhq.default\extensions\moveplayer@movenetworks.com
[2012-01-19 14:02:13 | 000,000,000 | ---D | M] (HNG downloader/starter (live)) -- C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\Mozilla\Firefox\Profiles\ybxr1hhq.default\extensions\npretoxlive@live.heroesandgenerals.com
[2012-01-10 13:28:15 | 000,000,000 | ---D | M] (HNG downloader/starter (stable)) -- C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\Mozilla\Firefox\Profiles\ybxr1hhq.default\extensions\npretoxstable@stable.heroesandgenerals.com
[2012-02-12 22:37:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\Mozilla\Firefox\Profiles\ybxr1hhq.default\extensions\staged(2)
[2012-02-13 17:14:48 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\Mozilla\Firefox\Profiles\ybxr1hhq.default\extensions\toolbar@ask.com
[2010-09-29 18:46:39 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\Mozilla\Firefox\Profiles\ybxr1hhq.default\extensions\vshare@toolbar
[2010-09-15 14:50:35 | 000,000,000 | ---D | M] ("Web Media Player") -- C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\Mozilla\Firefox\Profiles\ybxr1hhq.default\extensions\webmediaplayer@3gstudiosinc.com
[2011-04-27 21:35:53 | 000,012,703 | ---- | M] () -- C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\Mozilla\Firefox\Profiles\ybxr1hhq.default\searchplugins\imdb.xml
[2009-01-13 23:21:17 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\Mozilla\Firefox\Profiles\ybxr1hhq.default\searchplugins\mozilla-add-ons.xml
[2012-02-12 22:32:47 | 000,005,090 | ---- | M] () -- C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\Mozilla\Firefox\Profiles\ybxr1hhq.default\searchplugins\youtube.xml
[2011-12-11 12:17:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012-02-13 09:54:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
() (No name found) -- C:\DOCUMENTS AND SETTINGS\PE.BREAH-7959170B3\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YBXR1HHQ.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\PE.BREAH-7959170B3\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YBXR1HHQ.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\PE.BREAH-7959170B3\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YBXR1HHQ.DEFAULT\EXTENSIONS\{DD05FD3D-18DF-4CE4-AE53-E795339C5F01}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\PE.BREAH-7959170B3\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YBXR1HHQ.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\PE.BREAH-7959170B3\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YBXR1HHQ.DEFAULT\EXTENSIONS\TESTPILOT@LABS.MOZILLA.COM.XPI
[2012-02-13 09:54:46 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011-10-03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011-08-31 10:38:58 | 000,082,944 | ---- | M] (vShare.tv ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll
[2011-10-30 13:20:31 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011-10-30 13:20:31 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Web Search (Enabled)
CHR - default_search_provider: search_url = http://startsear.ch/?aff=1&q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Pe.BREAH-7959170B3\Local Settings\Application Data\Google\Chrome\Application\16.0.912.77\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS2\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS2\system32\Adobe\Director\np32dsw.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\Mozilla\plugins\np-mswmp.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Pe.BREAH-7959170B3\Local Settings\Application Data\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Pe.BREAH-7959170B3\Local Settings\Application Data\Google\Chrome\Application\16.0.912.77\pdf.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Documents and Settings\Pe.BREAH-7959170B3\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.5.0.7280_0\npSkypeChromePlugin.dll
CHR - plugin: 3G Studios Web Client (Enabled) = C:\Documents and Settings\Pe.BREAH-7959170B3\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mhgkogmomehdgfcheknganbgdaaoemop\0.0.4.0_0\cmWebMediaClient.dll
CHR - plugin: 3G Studios Web Client (Enabled) = C:\Program Files\3G Studios\Web Media Client\npWebMediaClient.dll
CHR - plugin: Octoshape Streaming Services (Enabled) = C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\Mozilla\plugins\npoctoshape.dll
CHR - plugin: Octoshape Streaming Services (Enabled) = C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: QUAKE LIVE (Enabled) = C:\Documents and Settings\All Users.WINDOWS2\Application Data\id Software\QuakeLive\npquakezero.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Pe.BREAH-7959170B3\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Unity Player (Enabled) = C:\Documents and Settings\Pe.BREAH-7959170B3\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: RayV Plugin (Enabled) = C:\Program Files\RayV\RayV\plugins\nprayvplugin.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS2\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Veetle TV Player (Enabled) = f:\Program Files\Veetle\Player\npvlc.dll
CHR - plugin: Veetle Broadcaster Plugin (Enabled) = f:\Program Files\Veetle\VLCBroadcast\npvbp.dll
CHR - plugin: Veetle TV Core (Enabled) = f:\Program Files\Veetle\plugins\npVeetle.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Documents and Settings\Pe.BREAH-7959170B3\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: Pesquisa do Google = C:\Documents and Settings\Pe.BREAH-7959170B3\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: vshare plugin = C:\Documents and Settings\Pe.BREAH-7959170B3\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\
CHR - Extension: Heroes & Generals updater (live) = C:\Documents and Settings\Pe.BREAH-7959170B3\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lcdbmojodailncinonfdhpafgopelmbj\1.0.3.2_0\
CHR - Extension: Web Media Client = C:\Documents and Settings\Pe.BREAH-7959170B3\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mhgkogmomehdgfcheknganbgdaaoemop\0.0.4.0_0\
CHR - Extension: Gmail = C:\Documents and Settings\Pe.BREAH-7959170B3\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012-02-14 19:49:28 | 000,000,027 | ---- | M]) - C:\WINDOWS2\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
O3 - HKU\S-1-5-21-448539723-362288127-1417001333-1003\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [PD0630 STISvc] C:\WINDOWS2\System32\P0630Pin.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [StartCCC] F:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\RunOnce: [RegistryCleanEasyunstall] File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-448539723-362288127-1417001333-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-448539723-362288127-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-448539723-362288127-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-448539723-362288127-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O15 - HKU\S-1-5-21-448539723-362288127-1417001333-1003\..Trusted Domains: forgottenhonor.com ([www] https in Trusted sites)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {41564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab (Reg Error: Key error.)
O16 - DPF: {5B54751C-0EDB-4CAE-816C-65BCED3FF819} http://game.heroesandgenerals.com/retox.ocx (Retox Control (live))
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1231871237906 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9BD3C5C6-BCBA-47BF-9CC0-0D5D3E117DE1} http://www.bravearms.com/razor/plugins/WebMediaPlayer.cab (MediaLoader Class)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.113.164.58 212.113.164.57
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{724B9139-EDF2-419B-BEDC-0D5794E34DA5}: DhcpNameServer = 212.113.164.58 212.113.164.57
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS2\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS2\system32\userinit.exe) -C:\WINDOWS2\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS2\System32\ati2evxx.dll (ATI Technologies Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007-05-11 21:19:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk /k:C /k:F *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: wuauserv - File not found

 

[TheBreah]

Drivers32: msacm.iac2 - C:\WINDOWS2\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS2\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS2\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS2\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS2\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS2\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.ffds - C:\Program Files\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll ()
Drivers32: VIDC.FPS1 - C:\WINDOWS2\System32\frapsvid.dll (Beepa P/L)
Drivers32: vidc.iv31 - C:\WINDOWS2\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS2\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS2\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS2\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS2\System32\yv12vfw.dll (www.helixcommunity.org)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012-02-15 10:36:15 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012-02-14 19:36:25 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012-02-14 18:28:52 | 000,083,968 | ---- | C] (Esage Lab) -- C:\Documents and Settings\Pe.BREAH-7959170B3\Desktop\boot_cleaner.exe
[2012-02-14 16:38:25 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Pe.BREAH-7959170B3\Desktop\dds.scr
[2012-02-14 16:03:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS2\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
[2012-02-14 15:35:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS2\Start Menu\Programs\Dll-Files.com Fixer
[2012-02-14 15:35:54 | 000,000,000 | ---D | C] -- C:\Program Files\Dll-Files.com Fixer
[2012-02-14 15:28:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\dll-files.com
[2012-02-14 15:23:01 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2012-02-14 15:23:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS2\Start Menu\Programs\Uniblue
[2012-02-14 15:08:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS2\Application Data\SpeedyPC Software
[2012-02-14 13:10:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pe.BREAH-7959170B3\Start Menu\Programs\Free Window Registry Repair
[2012-02-13 17:14:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pe.BREAH-7959170B3\Local Settings\Application Data\AskToolbar
[2012-02-13 17:14:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pe.BREAH-7959170B3\Local Settings\Application Data\APN
[2012-02-13 16:49:45 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS2\SWREG.exe
[2012-02-13 16:49:45 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS2\SWSC.exe
[2012-02-13 16:49:45 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS2\SWXCACLS.exe
[2012-02-13 16:49:45 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS2\NIRCMD.exe
[2012-02-13 16:49:09 | 000,000,000 | ---D | C] -- C:\WINDOWS2\ERDNT
[2012-02-13 16:48:43 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012-02-13 12:53:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\Registry Mechanic
[2012-02-13 12:41:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2012-02-13 12:35:41 | 000,000,000 | ---D | C] -- C:\RegistryCleanEasy
[2012-02-13 12:35:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS2\Application Data\RegistryCleanEasy
[2012-02-13 11:41:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pe.BREAH-7959170B3\AppData
[2012-02-13 11:32:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\PCPro
[2012-02-13 11:32:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\PC Cleaners
[2012-02-13 11:31:42 | 005,276,432 | ---- | C] (PC Cleaners) -- C:\WINDOWS2\uninst.exe
[2012-02-13 11:31:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS2\Application Data\PC1Data
[2012-02-12 23:44:22 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS2\System32\drivers\mbamswissarmy.sys
[2012-02-12 22:58:44 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012-02-06 09:50:17 | 000,026,176 | -H-- | C] (LogMeIn, Inc.) -- C:\WINDOWS2\System32\hamachi.sys
[2012-01-31 18:52:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pe.BREAH-7959170B3\Local Settings\Application Data\Heroes and Generals
[2009-01-28 23:51:17 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\pcouffin.sys
[4 C:\WINDOWS2\*.tmp files -> C:\WINDOWS2\*.tmp -> ]
[1 C:\WINDOWS2\System32\*.tmp files -> C:\WINDOWS2\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012-02-15 11:14:00 | 000,000,228 | ---- | M] () -- C:\WINDOWS2\tasks\Scheduled Update for Ask Toolbar.job
[2012-02-15 11:10:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS2\tasks\GoogleUpdateTaskMachineUA.job
[2012-02-15 10:43:01 | 000,001,112 | ---- | M] () -- C:\WINDOWS2\tasks\GoogleUpdateTaskUserS-1-5-21-448539723-362288127-1417001333-1003UA.job
[2012-02-15 10:43:00 | 000,001,060 | ---- | M] () -- C:\WINDOWS2\tasks\GoogleUpdateTaskUserS-1-5-21-448539723-362288127-1417001333-1003Core.job
[2012-02-15 10:26:42 | 000,000,882 | ---- | M] () -- C:\WINDOWS2\tasks\GoogleUpdateTaskMachineCore.job
[2012-02-15 10:21:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS2\bootstat.dat
[2012-02-14 19:49:28 | 000,000,027 | ---- | M] () -- C:\WINDOWS2\System32\drivers\etc\hosts
[2012-02-14 19:36:31 | 000,000,439 | RHS- | M] () -- C:\boot.ini
[2012-02-14 19:02:18 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Pe.BREAH-7959170B3\Desktop\MBR.dat
[2012-02-14 16:38:17 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Pe.BREAH-7959170B3\Desktop\dds.scr
[2012-02-14 16:35:51 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Pe.BREAH-7959170B3\Desktop\8zz695zi.exe
[2012-02-14 16:16:33 | 000,000,323 | ---- | M] () -- C:\Boot.bak
[2012-02-14 15:35:58 | 000,001,697 | ---- | M] () -- C:\Documents and Settings\Pe.BREAH-7959170B3\Desktop\DLL-Files.com FIXER.lnk
[2012-02-14 15:35:58 | 000,001,675 | ---- | M] () -- C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\Microsoft\Internet Explorer\Quick Launch\DLL-Files.com FIXER.lnk
[2012-02-14 15:27:38 | 000,002,206 | ---- | M] () -- C:\WINDOWS2\System32\wpa.dbl
[2012-02-14 13:10:43 | 000,000,605 | ---- | M] () -- C:\Documents and Settings\Pe.BREAH-7959170B3\Desktop\Free Window Registry Repair.lnk
[2012-02-14 11:39:43 | 000,348,529 | ---- | M] () -- C:\Documents and Settings\Pe.BREAH-7959170B3\Desktop\reforma2.jpg
[2012-02-14 11:38:07 | 000,213,985 | ---- | M] () -- C:\Documents and Settings\Pe.BREAH-7959170B3\Desktop\reforma.jpg
[2012-02-14 00:26:41 | 000,087,040 | ---- | M] () -- C:\Documents and Settings\Pe.BREAH-7959170B3\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-02-13 12:52:05 | 019,517,440 | ---- | M] () -- C:\Documents and Settings\Pe.BREAH-7959170B3\s-1-5-21-448539723-362288127-1417001333-1003.rrr
[2012-02-13 12:05:32 | 001,551,688 | ---- | M] () -- C:\WINDOWS2\System32\FNTCACHE.DAT
[2012-02-13 11:30:23 | 005,276,432 | ---- | M] (PC Cleaners) -- C:\WINDOWS2\uninst.exe
[2012-02-12 23:23:49 | 000,000,661 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS2\Desktop\Malwarebytes Anti-Malware.lnk
[2012-02-02 18:37:23 | 000,029,137 | ---- | M] () -- C:\Documents and Settings\Pe.BREAH-7959170B3\Desktop\hg.JPG
[2012-02-01 21:14:34 | 000,138,520 | ---- | M] () -- C:\WINDOWS2\System32\drivers\PnkBstrK.sys
[2012-02-01 21:11:40 | 000,234,536 | ---- | M] () -- C:\WINDOWS2\System32\PnkBstrB.xtr
[2012-01-31 15:34:16 | 000,234,536 | ---- | M] () -- C:\WINDOWS2\System32\PnkBstrB.ex0
[2012-01-20 10:30:07 | 000,444,812 | ---- | M] () -- C:\WINDOWS2\System32\perfh009.dat
[2012-01-20 10:30:07 | 000,072,752 | ---- | M] () -- C:\WINDOWS2\System32\perfc009.dat
[2012-01-17 15:01:54 | 000,139,152 | ---- | M] () -- C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\PnkBstrK.sys
[4 C:\WINDOWS2\*.tmp files -> C:\WINDOWS2\*.tmp -> ]
[1 C:\WINDOWS2\System32\*.tmp files -> C:\WINDOWS2\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012-02-14 19:36:31 | 000,000,323 | ---- | C] () -- C:\Boot.bak
[2012-02-14 19:02:18 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Pe.BREAH-7959170B3\Desktop\MBR.dat
[2012-02-14 16:36:47 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Pe.BREAH-7959170B3\Desktop\8zz695zi.exe
[2012-02-14 15:35:58 | 000,001,697 | ---- | C] () -- C:\Documents and Settings\Pe.BREAH-7959170B3\Desktop\DLL-Files.com FIXER.lnk
[2012-02-14 15:35:58 | 000,001,675 | ---- | C] () -- C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\Microsoft\Internet Explorer\Quick Launch\DLL-Files.com FIXER.lnk
[2012-02-14 13:10:43 | 000,000,605 | ---- | C] () -- C:\Documents and Settings\Pe.BREAH-7959170B3\Desktop\Free Window Registry Repair.lnk
[2012-02-14 11:39:06 | 000,348,529 | ---- | C] () -- C:\Documents and Settings\Pe.BREAH-7959170B3\Desktop\reforma2.jpg
[2012-02-14 11:37:22 | 000,213,985 | ---- | C] () -- C:\Documents and Settings\Pe.BREAH-7959170B3\Desktop\reforma.jpg
[2012-02-13 17:14:42 | 000,000,228 | ---- | C] () -- C:\WINDOWS2\tasks\Scheduled Update for Ask Toolbar.job
[2012-02-13 16:53:57 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012-02-13 16:49:45 | 000,256,000 | ---- | C] () -- C:\WINDOWS2\PEV.exe
[2012-02-13 16:49:45 | 000,208,896 | ---- | C] () -- C:\WINDOWS2\MBR.exe
[2012-02-13 16:49:45 | 000,098,816 | ---- | C] () -- C:\WINDOWS2\sed.exe
[2012-02-13 16:49:45 | 000,080,412 | ---- | C] () -- C:\WINDOWS2\grep.exe
[2012-02-13 16:49:45 | 000,068,096 | ---- | C] () -- C:\WINDOWS2\zip.exe
[2012-02-13 12:51:15 | 019,517,440 | ---- | C] () -- C:\Documents and Settings\Pe.BREAH-7959170B3\s-1-5-21-448539723-362288127-1417001333-1003.rrr
[2012-02-12 23:23:49 | 000,000,661 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS2\Desktop\Malwarebytes Anti-Malware.lnk
[2012-02-02 18:37:23 | 000,029,137 | ---- | C] () -- C:\Documents and Settings\Pe.BREAH-7959170B3\Desktop\hg.JPG
[2011-12-30 00:10:43 | 000,056,024 | -H-- | C] () -- C:\WINDOWS2\System32\mlfcache.dat
[2011-02-10 22:10:33 | 000,007,168 | ---- | C] () -- C:\WINDOWS2\System32\drivers\StarOpen.sys
[2010-12-10 19:12:12 | 000,016,968 | ---- | C] () -- C:\WINDOWS2\System32\drivers\hitmanpro35.sys
[2010-07-03 18:48:08 | 000,000,169 | ---- | C] () -- C:\WINDOWS2\RtlRack.ini
[2010-07-03 18:40:53 | 000,000,164 | ---- | C] () -- C:\WINDOWS2\avrack.ini
[2010-06-09 22:54:05 | 000,151,552 | ---- | C] () -- C:\WINDOWS2\System32\nvRegDev.dll
[2010-06-01 12:54:10 | 000,138,520 | ---- | C] () -- C:\WINDOWS2\System32\drivers\PnkBstrK.sys
[2010-06-01 12:53:46 | 000,234,536 | ---- | C] () -- C:\WINDOWS2\System32\PnkBstrB.exe
[2010-06-01 12:53:45 | 000,075,136 | ---- | C] () -- C:\WINDOWS2\System32\PnkBstrA.exe
[2010-02-01 17:02:19 | 000,000,530 | ---- | C] () -- C:\WINDOWS2\eReg.dat
[2010-01-28 18:28:49 | 002,434,856 | ---- | C] () -- C:\WINDOWS2\System32\pbsvc_bc2.exe
[2010-01-19 16:25:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS2\ativpsrm.bin
[2010-01-19 16:25:08 | 000,887,724 | ---- | C] () -- C:\WINDOWS2\System32\ativva6x.dat
[2010-01-19 16:25:08 | 000,294,912 | ---- | C] () -- C:\WINDOWS2\System32\ATIODE.exe
[2010-01-19 16:25:08 | 000,205,156 | ---- | C] () -- C:\WINDOWS2\System32\atiicdxx.dat
[2010-01-19 16:25:08 | 000,045,056 | ---- | C] () -- C:\WINDOWS2\System32\ATIODCLI.exe
[2010-01-19 16:25:08 | 000,000,003 | ---- | C] () -- C:\WINDOWS2\System32\ativva5x.dat
[2010-01-18 17:20:45 | 000,001,324 | ---- | C] () -- C:\WINDOWS2\System32\d3d9caps.dat
[2009-12-05 15:59:52 | 000,027,648 | ---- | C] () -- C:\WINDOWS2\System32\AVSredirect.dll
[2009-10-21 22:24:54 | 000,000,056 | -H-- | C] () -- C:\WINDOWS2\System32\ezsidmv.dat
[2009-06-23 12:32:36 | 000,043,520 | ---- | C] () -- C:\WINDOWS2\System32\CmdLineExt03.dll
[2009-05-04 16:54:14 | 000,279,712 | ---- | C] () -- C:\WINDOWS2\System32\drivers\atksgt.sys
[2009-05-04 16:54:13 | 000,025,888 | ---- | C] () -- C:\WINDOWS2\System32\drivers\lirsgt.sys
[2009-04-21 23:19:06 | 000,172,173 | ---- | C] () -- C:\WINDOWS2\System32\xlive.dll.cat
[2009-03-13 12:54:15 | 000,000,141 | ---- | C] () -- C:\Documents and Settings\Pe.BREAH-7959170B3\Local Settings\Application Data\fusioncache.dat
[2009-01-28 23:51:17 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\pcouffin.cat
[2009-01-28 23:51:17 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\pcouffin.inf
[2009-01-21 16:46:20 | 000,139,152 | ---- | C] () -- C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\PnkBstrK.sys
[2009-01-21 16:45:55 | 002,373,712 | ---- | C] () -- C:\WINDOWS2\System32\pbsvc.exe
[2009-01-14 15:10:10 | 000,117,158 | ---- | C] () -- C:\WINDOWS2\hpoins11.dat
[2009-01-14 15:08:03 | 000,077,824 | ---- | C] () -- C:\WINDOWS2\System32\HPZIDS01.dll
[2009-01-14 15:07:07 | 000,011,634 | ---- | C] () -- C:\WINDOWS2\hpomdl11.dat
[2009-01-13 22:18:41 | 000,001,302 | ---- | C] () -- C:\WINDOWS2\S3D.ini
[2009-01-13 15:50:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS2\nsreg.dat
[2009-01-13 15:34:47 | 000,087,040 | ---- | C] () -- C:\Documents and Settings\Pe.BREAH-7959170B3\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-01-13 14:56:56 | 000,005,810 | R--- | C] () -- C:\WINDOWS2\System32\drivers\ASACPI.sys
[2009-01-13 14:56:53 | 000,004,248 | ---- | C] () -- C:\WINDOWS2\Ascd_tmp.ini
[2009-01-13 14:56:46 | 000,010,288 | ---- | C] () -- C:\WINDOWS2\System32\drivers\ASUSHWIO.SYS
[2009-01-13 14:40:55 | 000,002,048 | --S- | C] () -- C:\WINDOWS2\bootstat.dat
[2009-01-13 14:35:07 | 000,021,640 | ---- | C] () -- C:\WINDOWS2\System32\emptyregdb.dat
[2009-01-13 14:17:09 | 000,004,205 | ---- | C] () -- C:\WINDOWS2\ODBCINST.INI
[2009-01-13 14:15:58 | 001,551,688 | ---- | C] () -- C:\WINDOWS2\System32\FNTCACHE.DAT
[2009-01-13 11:36:53 | 000,004,569 | ---- | C] () -- C:\WINDOWS2\System32\secupd.dat
[2009-01-13 11:36:45 | 000,444,812 | ---- | C] () -- C:\WINDOWS2\System32\perfh009.dat
[2009-01-13 11:36:45 | 000,272,128 | ---- | C] () -- C:\WINDOWS2\System32\perfi009.dat
[2009-01-13 11:36:45 | 000,072,752 | ---- | C] () -- C:\WINDOWS2\System32\perfc009.dat
[2009-01-13 11:36:45 | 000,028,626 | ---- | C] () -- C:\WINDOWS2\System32\perfd009.dat
[2009-01-13 11:36:45 | 000,020,480 | ---- | C] () -- C:\WINDOWS2\System32\oleaccrc.dll
[2009-01-13 11:36:45 | 000,004,463 | ---- | C] () -- C:\WINDOWS2\System32\oembios.dat
[2009-01-13 11:36:44 | 013,107,200 | ---- | C] () -- C:\WINDOWS2\System32\oembios.bin
[2009-01-13 11:36:43 | 000,000,741 | ---- | C] () -- C:\WINDOWS2\System32\noise.dat
[2009-01-13 11:36:38 | 000,673,088 | ---- | C] () -- C:\WINDOWS2\System32\mlang.dat
[2009-01-13 11:36:38 | 000,046,258 | ---- | C] () -- C:\WINDOWS2\System32\mib.bin
[2009-01-13 11:36:31 | 000,218,003 | ---- | C] () -- C:\WINDOWS2\System32\dssec.dat
[2009-01-13 11:36:23 | 000,001,804 | ---- | C] () -- C:\WINDOWS2\System32\Dcache.bin
[2008-02-20 11:11:16 | 000,035,168 | ---- | C] () -- C:\WINDOWS2\System32\drivers\epfwtdir.sys
[2001-07-07 03:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS2\System32\hptcpmon.ini
[1996-04-03 19:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS2\System32\giveio.sys

========== LOP Check ==========

[2010-06-23 12:52:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DAEMON Tools
[2010-06-23 12:55:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DAEMON Tools Lite
[2010-06-23 12:52:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DAEMON Tools Pro
[2008-07-16 21:16:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Codemasters
[2007-11-05 08:58:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
[2008-12-22 22:28:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2009-01-08 15:13:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hagel Technologies
[2008-10-22 13:02:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin Games
[2008-10-26 19:00:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Jlcm
[2007-09-10 21:37:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pixelStorm
[2008-10-27 18:41:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PPLive
[2008-11-17 18:02:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sports Interactive
[2008-10-22 13:59:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2009-01-12 23:21:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008-03-02 23:18:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ubisoft
[2010-04-20 21:45:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS2\Application Data\abelhadigital.com
[2011-01-30 19:45:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS2\Application Data\Alwil Software
[2009-07-16 13:59:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS2\Application Data\Autodesk
[2011-04-12 08:23:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS2\Application Data\Avanquest
[2010-12-10 18:52:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS2\Application Data\Bandoo
[2009-11-23 21:59:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS2\Application Data\BVRP Software
[2011-02-10 22:10:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS2\Application Data\Canneverbe Limited
[2009-01-13 16:57:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS2\Application Data\DAEMON Tools Lite
[2009-02-14 16:21:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS2\Application Data\DAEMON Tools Pro
[2010-07-03 17:23:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS2\Application Data\Driver Whiz
[2009-01-13 15:53:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS2\Application Data\ESET
[2010-12-09 20:57:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS2\Application Data\Fun4IM
[2010-12-20 18:24:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS2\Application Data\GrebleSoft
[2010-12-10 19:28:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS2\Application Data\Hitman Pro
[2010-06-01 20:04:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS2\Application Data\id Software
[2011-04-28 13:03:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS2\Application Data\JCreator
[2009-02-05 14:59:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS2\Application Data\NCH Swift Sound
[2010-07-07 16:04:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS2\Application Data\PC Drivers HeadQuarters
[2012-02-13 11:31:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS2\Application Data\PC1Data
[2011-09-29 16:03:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS2\Application Data\RegCure
[2012-02-13 12:36:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS2\Application Data\RegistryCleanEasy
[2011-03-28 10:29:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS2\Application Data\Solidshield
[2009-10-05 23:59:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS2\Application Data\Soulseek
[2012-02-14 15:10:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS2\Application Data\SpeedyPC Software
[2009-10-16 21:31:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS2\Application Data\Sports Interactive
[2012-02-14 16:03:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS2\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
[2007-10-28 22:55:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pe\Application Data\.BTuga
[2007-11-05 08:58:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pe\Application Data\DAEMON Tools Pro
[2007-05-12 09:49:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pe\Application Data\DMCache
[2008-12-10 13:28:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pe\Application Data\eMule
[2007-12-15 16:59:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pe\Application Data\Printer Info Cache
[2011-03-29 14:33:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pe\Application Data\Sports Interactive
[2008-12-02 14:24:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pe\Application Data\SystemRequirementsLab
[2008-10-05 22:09:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pe\Application Data\Thinstall
[2008-03-02 23:18:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pe\Application Data\Ubisoft
[2009-01-12 23:08:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pe\Application Data\uTorrent
[2009-11-23 21:13:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\aerix
[2009-01-14 14:27:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\Aston
[2010-12-10 12:56:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\Bandoo
[2011-02-10 22:10:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\Canneverbe Limited
[2009-01-13 16:58:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\DAEMON Tools
[2009-01-13 16:25:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\DAEMON Tools Lite
[2009-02-14 16:21:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\DAEMON Tools Pro
[2011-04-28 13:11:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\DJJava
[2012-02-14 15:28:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\dll-files.com
[2010-07-22 18:45:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\DVDVideoSoftIEHelpers
[2010-03-22 13:59:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\FileZilla
[2010-01-15 15:46:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\FOG Downloader
[2010-01-18 22:12:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\GetRightToGo
[2009-07-07 22:23:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\gslist
[2009-01-13 19:45:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\gtk-2.0
[2010-12-20 18:24:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\Handy Address Book
[2010-12-07 15:19:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\Image Zone Express
[2011-04-28 13:03:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\JCreator
[2010-12-13 00:17:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\Moyea
[2009-01-13 19:59:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\MSNInstaller
[2009-05-07 18:10:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\Octoshape
[2012-02-13 11:32:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\PC Cleaners
[2012-02-13 11:32:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\PCPro
[2011-09-29 16:01:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\RayV
[2012-02-13 12:53:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\Registry Mechanic
[2009-12-03 14:32:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\Sony
[2009-12-03 14:25:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\Sony Setup
[2012-01-25 10:29:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\Sports Interactive
[2011-06-01 16:05:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\SystemRequirementsLab
[2009-02-20 17:42:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\The Creative Assembly
[2011-11-19 16:44:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\TS3Client
[2012-02-15 11:09:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\uTorrent
[2010-01-19 19:07:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\Vso
[2009-01-13 17:49:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\Wisco
[2012-02-15 11:14:00 | 000,000,228 | ---- | M] () -- C:\WINDOWS2\Tasks\Scheduled Update for Ask Toolbar.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2007-05-11 21:19:32 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009-07-29 19:23:58 | 000,000,328 | ---- | M] () -- C:\BFP2_R2.1_Client_Full.exe.html
[2012-02-14 16:16:33 | 000,000,323 | ---- | M] () -- C:\Boot.bak
[2012-02-14 19:36:31 | 000,000,439 | RHS- | M] () -- C:\boot.ini
[2004-09-21 12:00:00 | 000,004,952 | RHS- | M] () -- C:\bootfont.bin
[2010-10-29 12:27:10 | 000,000,126 | ---- | M] () -- C:\cmdlog.txt
[2004-08-03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2012-02-14 19:55:51 | 000,079,640 | ---- | M] () -- C:\ComboFix.txt
[2007-05-11 21:19:32 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009-01-10 16:53:47 | 000,000,000 | ---- | M] () -- C:\debug.log
[2007-05-11 21:19:32 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2007-05-11 21:42:38 | 000,000,195 | ---- | M] () -- C:\LAN.log
[2007-05-11 21:19:32 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2009-01-13 11:36:43 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009-01-13 11:36:44 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2004-02-29 15:44:34 | 000,052,576 | ---- | M] () -- C:\orange.bmp
[2007-07-17 12:13:50 | 000,524,288 | ---- | M] () -- C:\P5V-VM-SE-DH-1105.bin
[2012-02-15 10:21:14 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2008-05-21 21:07:44 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2008-05-21 21:07:44 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2010-12-10 20:14:52 | 000,042,610 | ---- | M] () -- C:\TDSSKiller.2.4.11.0_10.12.2010_20.13.53_log.txt
[2009-05-20 18:41:40 | 000,000,510 | ---- | M] () -- C:\updatedatfix.log
[2007-11-14 16:19:28 | 000,487,258 | ---- | M] () -- C:\vcredist_x86.log
[2009-03-18 20:28:44 | 000,000,135 | ---- | M] () -- C:\VundoFix.txt
[2007-05-11 21:41:07 | 000,000,185 | ---- | M] () -- C:\wifi.log

< %systemroot%\Fonts\*.com >
[2006-04-18 14:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS2\Fonts\GlobalMonospace.CompositeFont
[2006-06-29 13:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS2\Fonts\GlobalSansSerif.CompositeFont
[2006-04-18 14:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS2\Fonts\GlobalSerif.CompositeFont
[2006-06-29 13:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS2\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009-01-13 14:38:15 | 000,000,067 | -HS- | M] () -- C:\WINDOWS2\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008-07-06 12:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS2\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2006-04-10 14:02:32 | 000,074,240 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS2\system32\spool\prtprocs\w32x86\hpzpp054.dll
[2006-10-26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS2\system32\spool\prtprocs\w32x86\msonpppr.dll
[2008-07-06 10:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS2\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >
[2009-01-19 19:24:49 | 000,001,738 | -H-- | M] () -- C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\Microsoft\LastFlashConfig.WFC

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2009-01-13 14:15:13 | 000,094,208 | ---- | M] () -- C:\WINDOWS2\System32\config\default.sav
[2009-01-13 14:15:13 | 001,089,536 | ---- | M] () -- C:\WINDOWS2\System32\config\software.sav
[2009-01-13 14:15:13 | 000,937,984 | ---- | M] () -- C:\WINDOWS2\System32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2009-01-13 14:38:57 | 000,000,294 | -HS- | M] () -- C:\Documents and Settings\All Users.WINDOWS2\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009-01-13 14:43:43 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2009-01-13 14:43:42 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2012-02-14 16:35:51 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Pe.BREAH-7959170B3\Desktop\8zz695zi.exe
[2011-09-20 03:02:40 | 000,083,968 | ---- | M] (Esage Lab) -- C:\Documents and Settings\Pe.BREAH-7959170B3\Desktop\boot_cleaner.exe
[2009-02-13 19:56:46 | 001,527,808 | ---- | M] (CPUID) -- C:\Documents and Settings\Pe.BREAH-7959170B3\Desktop\cpuz.exe
[2008-12-27 06:46:08 | 000,383,488 | ---- | M] (NARS) -- C:\Documents and Settings\Pe.BREAH-7959170B3\Desktop\medvel.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >
[2007-01-18 18:54:37 | 000,467,212 | ---- | M] () -- C:\Documents and Settings\Pe.BREAH-7959170B3\My Documents\mqn.exe

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2009-01-13 14:43:42 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Pe.BREAH-7959170B3\Favorites\Desktop.ini
[2009-02-05 14:59:20 | 000,000,220 | ---- | M] () -- C:\Documents and Settings\Pe.BREAH-7959170B3\Favorites\NCH Audio and Telephony Software.lnk

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2012-02-15 10:28:52 | 000,081,920 | ---- | M] () -- C:\Documents and Settings\Pe.BREAH-7959170B3\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2009-01-13 11:37:20 | 000,208,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS2\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2009-01-13 11:36:21 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2009-01-13 11:36:37 | 000,004,821 | R--- | M] () -- C:\Program Files\Messenger\logowin.gif
[2007-04-02 23:37:24 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008-05-02 14:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008-04-13 23:00:30 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008-04-14 05:42:30 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2009-01-13 11:36:43 | 000,009,306 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2009-01-13 11:36:43 | 000,018,052 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2009-01-13 11:36:45 | 000,009,306 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2007-04-02 23:37:28 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2007-04-02 23:34:02 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


========== Alternate Data Streams ==========

@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0F8F5844
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:364682BC

< End of report >

 

[TheBreah]

OTL Extras logfile created on: 15-02-2012 11:11:09 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = F:\Ziped Files
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000816 | Country: Portugal | Language: PTG | Date Format: dd-MM-yyyy

2,00 Gb Total Physical Memory | 1,22 Gb Available Physical Memory | 61,28% Memory free
3,85 Gb Paging File | 3,24 Gb Available in Paging File | 84,23% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS2 | %ProgramFiles% = C:\Program Files
Drive C: | 29,29 Gb Total Space | 5,62 Gb Free Space | 19,17% Space Free | Partition Type: NTFS
Drive F: | 45,23 Gb Total Space | 4,35 Gb Free Space | 9,62% Space Free | Partition Type: NTFS

Computer Name: BREAH-7959170B3 | User Name: Pe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-448539723-362288127-1417001333-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabledxpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008
"56831:TCP" = 56831:TCP:*:Enabledando Media Booster
"56831:UDP" = 56831:UDP:*:Enabledando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabledxpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008
"5222:TCP" = 5222:TCP:*:Enabled:xmpp.quakelive.com
"56831:TCP" = 56831:TCP:*:Enabledando Media Booster
"56831:UDP" = 56831:UDP:*:Enabledando Media Booster
"56065:TCP" = 56065:TCP:*:Enabledando
"563:TCP" = 563:TCP:*:Enabledando2

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"F:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = F:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)
"F:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = F:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)
"F:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = F:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)
"F:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = F:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)
"F:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = F:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"F:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = F:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)
"F:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = F:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)
"F:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = F:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"F:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = F:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"F:\Program Files\Autodesk\Backburner\monitor.exe" = F:\Program Files\Autodesk\Backburner\monitor.exe:*:Enabled:backburner 2.3 monitor -- (Autodesk, Inc.)
"F:\Program Files\Autodesk\Backburner\manager.exe" = F:\Program Files\Autodesk\Backburner\manager.exe:*:Enabled:backburner 2.3 manager -- (Autodesk, Inc.)
"F:\Program Files\Autodesk\Backburner\server.exe" = F:\Program Files\Autodesk\Backburner\server.exe:*:Enabled:backburner 2.3 server -- (Autodesk, Inc.)
"C:\Programas\The All-Seeing Eye\eye.exe" = C:\Programas\The All-Seeing Eye\eye.exe:*:Enabled:Yahoo! All-Seeing Eye -- (Yahoo! Inc.)
"F:\Games\Steam\steamapps\randoomized\source sdk base\hl2.exe" = F:\Games\Steam\steamapps\randoomized\source sdk base\hl2.exe:*:Enabled:hl2 -- ()
"C:\Programas\Windows Live\Messenger\msnmsgr.exe" = C:\Programas\Windows Live\Messenger\msnmsgr.exe:*isabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\SoulseekNS\slsk.exe" = C:\Program Files\SoulseekNS\slsk.exe:*:Enabled:SoulSeek -- ()
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"F:\Games\Steam\Steam.exe" = F:\Games\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Program Files\SmartFTP Client\SmartFTP.exe" = C:\Program Files\SmartFTP Client\SmartFTP.exe:*:Enabled:SmartFTP Client 3.0 -- (SmartSoft Ltd.)
"F:\Program Files\uTorrent\uTorrent.exe" = F:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" = C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe:*:Enabled:Main program for Octoshape client -- (Octoshape ApS)
"C:\Program Files\EA GAMES\Battlefield 2\BF2.exe" = C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2 -- ()
"C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\Macromedia\Flash Player\" = C:\Documents and Settings\Pe.BREAH-7959170B3\Application Data\Macromedia\Flash Player\:*:Enabled:Octoshape add-in for Adobe Flash Player -- (Octoshape ApS)
"C:\WINDOWS2\system32\dpvsetup.exe" = C:\WINDOWS2\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Programas\SmartFTP Client\SmartFTP.exe" = C:\Programas\SmartFTP Client\SmartFTP.exe:*:Enabled:SmartFTP Client 3.0 -- (SmartSoft Ltd.)
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"F:\Program Files\EA GAMES\Battlefield 1942\BF1942.exe" = F:\Program Files\EA GAMES\Battlefield 1942\BF1942.exe:*:Enabled:BF1942 -- ()
"F:\Games\Steam\steamapps\randoomized\source sdk base 2007\hl2.exe" = F:\Games\Steam\steamapps\randoomized\source sdk base 2007\hl2.exe:*:Enabled:Source SDK Base 2007 -- ()
"C:\Program Files\EA GAMES\Battlefield 2\forgottenhope2.exe" = C:\Program Files\EA GAMES\Battlefield 2\forgottenhope2.exe:*isabled:forgottenhope2 -- ()
"C:\Program Files\EA GAMES\Battlefield 2\FH2.exe" = C:\Program Files\EA GAMES\Battlefield 2\FH2.exe:*:Enabled:Forgotten Hope 2 -- ()
"F:\Program Files\mIRC\mirc.exe" = F:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC -- (mIRC Co. Ltd.)
"F:\Games\Steam\steamapps\randoomized\counter-strike\hl.exe" = F:\Games\Steam\steamapps\randoomized\counter-strike\hl.exe:*:Enabled:Counter-Strike -- (Valve)
"C:\Documents and Settings\Pe.BREAH-7959170B3\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" = C:\Documents and Settings\Pe.BREAH-7959170B3\Local Settings\Application Data\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome -- (Google Inc.)
"F:\Programas\mIRC\mirc.exe" = F:\Programas\mIRC\mirc.exe:*:Enabled:mIRC -- (mIRC Co. Ltd.)
"F:\Games\Steam\steamapps\randoomized\counter-strike source\hl2.exe" = F:\Games\Steam\steamapps\randoomized\counter-strike source\hl2.exe:*:Enabled:Counter-Strike: Source -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{020519DC-C377-87A4-4FFA-2C04CAB6F06A}" = CCC Help Turkish
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{05204005-CEF4-AED1-6D55-19999BDDF5D9}" = Catalyst Control Center Localization All
"{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}" = Microsoft Games for Windows - LIVE Redistributable
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0BD8FCF6-9FA0-8CCA-7CC3-4A3A3663EF26}" = ccc-utility
"{0CB61B75-A2BF-42FB-1441-4E1E0E478FFF}" = CCC Help French
"{0EACF2A3-B998-5B20-B9D1-E69385584142}" = CCC Help Hungarian
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{127B684B-A002-44C8-99A7-6CF8F1E26873}" = PunkBuster for Battlefield 1942
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{155BD1DE-E53B-1F1A-A6CC-08EF3A2684E9}" = CCC Help Chinese Standard
"{17B6DDE9-2E5F-1E6A-5376-EBEA92523C1F}" = CCC Help Chinese Traditional
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1E2FDD18-E514-4631-AF4A-0CC58FD93DCB}" = Quake Live Mozilla Plugin
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F77C418-2C90-459C-BD33-B56A4182B9FA}" = System Requirements Lab CYRI
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Ferramenta de Carregamento do Windows Live
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{23F79416-CAD1-41BF-99A3-040F6C814AAA}" = NVIDIA Photoshop Plug-ins
"{24990A39-5F20-4FCA-BAFE-EEF1E4800709}" = Catalyst Control Center - Branding
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 29
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2A2A9154-534C-8430-5C8C-F197D51E3647}" = CCC Help Polish
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{357DD2C5-542F-BCD1-E74E-5993A233F3CA}" = CCC Help Dutch
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{38CEDBD6-72C7-F966-8290-B9E518FC8341}" = Catalyst Control Center InstallProxy
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2008.1
"{3DE8E48A-E70F-6E27-383D-4685A622A0DF}" = CCC Help Japanese
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{40F6E633-21A9-6997-CF86-B47ED7B246EF}" = CCC Help Italian
"{41785C66-90F2-40CE-8CB5-1C94BFC97280}" = Microsoft Chart Controls for Microsoft .NET Framework 3.5
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D243BA7-9AC4-46D1-90E5-EEB88974F501}" = Microsoft Games for Windows - LIVE
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{51D29783-1876-9A77-3CE2-018F09FB8876}" = CCC Help Russian
"{52B76707-AD64-B360-F331-7D7716A2EF4E}" = CCC Help Spanish
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{55DD6846-EF8B-45AD-8C14-21DAFF204C77}" = Web Media Client
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6141BE08-A14D-2E76-1C9B-C9B724E93F8F}" = CCC Help Czech
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}" = Battlefield 1942
"{6994491D-D491-48F1-AE1F-E179C1FFFC2F}" = HP Photosmart Essential
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6BF91072-94EE-9E98-3B0B-C1A77656CA88}" = CCC Help Swedish
"{6ED53E0C-EAC0-4F0F-947D-6BA817E4C8C3}" = HostsMan 3.2.73
"{6F23C1A3-9F62-470C-BD12-B83F04E67865}" = SmartFTP Client
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{70969B6E-F12C-A3C9-EBAC-BD9C0F3F6E44}" = CCC Help Korean
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71D92E42-DBBF-4CEB-895E-95C56D5E4868}_is1" = Mz Ram Booster v3.5.2
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7B0450BA-BD15-C54A-C9EA-3E4C68722101}" = CCC Help English
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{87A90A22-0F2C-EE18-9333-E8F6DC71256C}" = Skins
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{885A63EA-382B-4DD4-A755-14809B8557D6}" = Macromedia Flash Player 8
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
"{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8DC069E7-893C-41E1-9442-DE89FEC33371}" = Xobni Core
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8EA3C946-5504-DA12-7BFF-873729D1673C}" = ATI Catalyst Install Manager
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{97F81AF1-0E47-DC99-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 ATL (x86) WinSXS MSM
"{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86) WinSXS MSM
"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9FC8D8F8-AF3A-4488-98AF-51C6DEC732F2}" = c3100_Help
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A2DB9340-8ECB-A16D-7AEC-8A0D72217A09}" = CCC Help German
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A675E6D2-51E7-5232-BDC4-4DCF52CF382A}" = ccc-core-static
"{A725C340-77EE-11D6-BBC2-0000CB591583}" = A.F.5 Rename your files 1.1
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
"{B193E6AB-0FEE-664B-7458-63575F668F56}" = CCC Help Danish
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B7CE4105-2F9F-1FC4-9D76-E26CEBF689B9}" = CCC Help Norwegian
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C10D6AB8-05BB-422D-AAE3-36D6E0381487}" = ESET NOD32 Antivirus
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{C9E45C84-9BFE-1121-00CD-9F0CC9B75BD3}" = CCC Help Thai
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7CB214-DB11-4B5D-A6AF-3B4ED47C68B7}" = Microsoft Game Studios Common Redistributables Pack 1
"{D0A32C98-F715-6A4B-688D-275AA1393ED8}" = CCC Help Greek
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DF6320E3-B716-4FAB-99CD-18AB6A2C3970}" = DJ Java Decompiler v.3.11.11.95
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EB8C9964-09AC-48bf-8B98-027609C78251}" = C3100
"{EE086612-CE52-3402-18D5-DDFEE2F87CE8}" = CCC Help Finnish
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"{FE4270D7-A642-49C1-9A40-854DA3F13FB2}_is1" = Moyea FLV Player version: 2.0.2.96
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"{FEE777F9-EE4E-4504-8CCC-528270A4992A}" = CCC Help Portuguese
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Bandoo" = Fun4IM
"Catan Online Welt" = Catan Online World
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09
"Creative PD0630" = Creative WebCam Live! Driver (1.02.03.0606)
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Dll-Files.com Fixer_is1" = Dll-Files.com Fixer
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ExpressBurn" = Express Burn
"Football Manager 2012_is1" = Football Manager 2012
"Free Window Registry Repair" = Free Window Registry Repair
"Handy Address Book" = Handy Address Book
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPOCR" = OCR Software by I.R.I.S 7.0
"ie8" = Windows Internet Explorer 8
"Instant Eyedropper_is1" = Instant Eyedropper 1.75
"JCreator LE_is1" = JCreator LE 5.00
"LangPad_is1" = LangPad version 2.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)
"NVIDIA Drivers" = NVIDIA Drivers
"Red Eye Remover_is1" = Red Eye Remover 2.0
"Soulseek2" = SoulSeek 157 NS 13e
"SpeedFan" = SpeedFan (remove only)
"Steam App 215" = Source SDK Base
"Steam App 218" = Source SDK Base 2007
"SUPER ©" = SUPER © Version 2009.bld.36 (June 10, 2009)
"SWiX_is1" = SWiX ver.1.1.1
"SystemRequirementsLab" = System Requirements Lab
"uTorrent" = µTorrent
"Veetle TV" = Veetle TV 0.9.18
"vShare.tv plugin" = vShare.tv plugin 1.3
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"WinISO_is1" = WinISO 5.3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.10 beta 3 (32-bit)
"XobniMain" = Xobni
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-448539723-362288127-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BF1918 FHT 2.1 Installer" = BF1918 FHT 2.1 Installer
"Google Chrome" = Google Chrome
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"Octoshape Streaming Services" = Octoshape Streaming Services
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 07-02-2012 10:13:22 | Computer Name = BREAH-7959170B3 | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft Office Enterprise 2007 - Update 'Microsoft Office
2007 Service Pack 3 (SP3)' could not be installed. Error code 1603. Windows Installer
can create logs to help troubleshoot issues with installing software packages.
Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error - 07-02-2012 18:40:11 | Computer Name = BREAH-7959170B3 | Source = Application Error | ID = 1000
Description = Faulting application fm.exe, version 12.0.4.37031, faulting module
fm.exe, version 12.0.4.37031, fault address 0x0177c7a1.

Error - 09-02-2012 11:53:13 | Computer Name = BREAH-7959170B3 | Source = Application Error | ID = 1000
Description = Faulting application fm.exe, version 12.0.4.37031, faulting module
fm.exe, version 12.0.4.37031, fault address 0x0177c7a1.

Error - 12-02-2012 18:58:25 | Computer Name = BREAH-7959170B3 | Source = SmartRegistryCleanerService.exe | ID = 0
Description =

Error - 12-02-2012 19:03:23 | Computer Name = BREAH-7959170B3 | Source = SmartRegistryCleanerService.exe | ID = 0
Description =

Error - 12-02-2012 19:37:25 | Computer Name = BREAH-7959170B3 | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 8007043C from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 13-02-2012 7:58:12 | Computer Name = BREAH-7959170B3 | Source = MsiInstaller | ID = 11307
Description = Product: Microsoft Office Enterprise 2007 -- Error 1307.There is not
enough disk space to install this file: C:\WINDOWS2\Installer\38bdef.msp. Free
some disk space and click 'Retry', or click 'Cancel' to exit.

Error - 13-02-2012 7:59:16 | Computer Name = BREAH-7959170B3 | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft Office Enterprise 2007 - Update 'Microsoft Office
2007 Service Pack 3 (SP3)' could not be installed. Error code 1603. Windows Installer
can create logs to help troubleshoot issues with installing software packages.
Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error - 13-02-2012 14:40:20 | Computer Name = BREAH-7959170B3 | Source = Application Hang | ID = 1002
Description = Hanging application OUTLOOK.EXE, version 12.0.6535.5005, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 14-02-2012 12:52:55 | Computer Name = BREAH-7959170B3 | Source = Application Hang | ID = 1002
Description = Hanging application mbam.exe, version 1.51.1.1076, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 08-02-2012 15:33:46 | Computer Name = BREAH-7959170B3 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Dnscache service.

Error - 09-02-2012 14:44:40 | Computer Name = BREAH-7959170B3 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the LogMeIn Hamachi Tunneling
Engine service to connect.

Error - 09-02-2012 14:44:41 | Computer Name = BREAH-7959170B3 | Source = Service Control Manager | ID = 7000
Description = The LogMeIn Hamachi Tunneling Engine service failed to start due to
the following error: %%1053


< End of report >

 

[Broni]

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
64-bit users go HERE

• Double-click SystemLook.exe to run it.
• Vista users:: Right click on SystemLook.exe, click Run As Administrator
• Copy the content of the following box and paste it into the main textfield:
  
  

  :filefind
  oleaccrc.dll

• Click the Look button to start the scan.
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

 

[TheBreah]

After running the program 2 errors appear and after that no log is created.

1st

2nd

 

[Broni]

Disable Eset, delete your System Look file, download fresh one and try again.

 

[TheBreah]

SystemLook 30.07.11 by jpshortstuff
Log created at 19:06 on 15/02/2012 by Pe
Administrator - Elevation successful

========== filefind ==========

Searching for "oleaccrc.dll"
C:\WINDOWS2\$NtUninstallKB2564958$\oleaccrc.dll -----c- 16896 bytes [00:27 13/10/2011] [11:36 13/01/2009] 6654698F76CF6E46D5D321C53721947C
C:\WINDOWS2\SoftwareDistribution\Download\93941f6179574775ae9c76392aa65577\oleaccrc.dll --a---- 20480 bytes [11:41 26/09/2011] [11:41 26/09/2011] 99F59B3392AD68F08BB528791F5D880D
C:\WINDOWS2\system32\oleaccrc.dll --a---- 20480 bytes [11:36 13/01/2009] [10:41 26/09/2011] (Unable to calculate MD5)
C:\WINDOWS2\system32\dllcache\oleaccrc.dll --a--c- 20480 bytes [11:36 13/01/2009] [10:41 26/09/2011] 99F59B3392AD68F08BB528791F5D880D

-= EOF =-

 

[Broni]

Download following batch file: http://www.bleepstatic.com/fhost/uploads/0/94-fix.bat
Double click on it to run the fix.

Command prompt window will open.
You should see following message:
"1 file(s) copied"
In that case press any key to close command prompt window.
If you see any error message let me know.

NOTE. If the file can't be copied run the fix from safe mode.

Restart computer and let me know if the error is gone.

 

[TheBreah]

The following error occurs both in normal and in safe mode.

 

[Broni]

Download BlitzBlank and save it to your desktop.
Double click on Blitzblank.exe

• Click OK at the warning.
• Click the Script tab and copy/paste the following text there:

CopyFile:
C:\WINDOWS2\$NtUninstallKB2564958$\oleaccrc.dll C:\WINDOWS2\system32\oleaccrc.dll

• Click Execute Now. Your computer will need to reboot in order to replace the files.
• When done, post the report created by Blitzblank.
  You can find it in the root of the drive, normally C:\

 

[TheBreah]

BlitzBlank 1.0.0.32

File/Registry Modification Engine native application
CopyFileOnReboot: sourceFile = "\??\c:\windows2\$ntuninstallkb2564958$\oleaccrc.dll", destinationFile = "\??\c:\windows2\system32\oleaccrc.dll"CopyFile: ZwCreateFile failed: status = c0000102

 

[Broni]

Interesting.....

1. Please open Notepad (Start>All Programs>Accessories>Notepad).

2. Now copy/paste the entire content of the codebox below into the Notepad window:

FCopy::
C:\WINDOWS2\$NtUninstallKB2564958$\oleaccrc.dll C:\WINDOWS2\system32\oleaccrc.dll

ClearJavaCache::

3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

• Combofix.txt

 

[TheBreah]

ComboFix 12-02-13.01 - Pe 16-02-2012 0:27.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.351.1033.18.2046.1378 [GMT 0:00]
Running from: f:\ziped files\ComboFix.exe
Command switches used :: c:\documents and settings\Pe.BREAH-7959170B3\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 3.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: PC Cleaner Pro *Disabled/Updated* {737A8864-C2D9-4337-B49A-B5E35815B9BB}
.
.
((((((((((((((((((((((((( Files Created from 2012-01-16 to 2012-02-16 )))))))))))))))))))))))))))))))
.
.
2012-02-14 16:03 . 2012-02-14 16:03 -------- d-----w- c:\documents and settings\All Users.WINDOWS2\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
2012-02-14 15:35 . 2012-02-14 15:37 -------- d-----w- c:\program files\Dll-Files.com Fixer
2012-02-14 15:28 . 2012-02-14 15:28 -------- d-----w- c:\documents and settings\Pe.BREAH-7959170B3\Application Data\dll-files.com
2012-02-14 15:23 . 2012-02-14 15:23 -------- d-----w- c:\program files\Uniblue
2012-02-14 15:08 . 2012-02-14 15:10 -------- d-----w- c:\documents and settings\All Users.WINDOWS2\Application Data\SpeedyPC Software
2012-02-13 17:14 . 2012-02-14 16:39 -------- d-----w- c:\documents and settings\Pe.BREAH-7959170B3\Local Settings\Application Data\AskToolbar
2012-02-13 17:14 . 2012-02-13 17:14 -------- d-----w- c:\documents and settings\Pe.BREAH-7959170B3\Local Settings\Application Data\APN
2012-02-13 12:53 . 2012-02-13 12:53 -------- d-----w- c:\documents and settings\Pe.BREAH-7959170B3\Application Data\Registry Mechanic
2012-02-13 12:41 . 2012-02-13 17:47 -------- d-----w- c:\program files\Common Files\PC Tools
2012-02-13 12:35 . 2012-02-13 12:36 -------- d-----w- c:\documents and settings\All Users.WINDOWS2\Application Data\RegistryCleanEasy
2012-02-13 12:35 . 2012-02-13 12:35 -------- d-----w- C:\RegistryCleanEasy
2012-02-13 11:41 . 2012-02-13 11:41 -------- d-----w- c:\documents and settings\Pe.BREAH-7959170B3\AppData
2012-02-13 11:32 . 2012-02-13 11:32 -------- d-----w- c:\documents and settings\Pe.BREAH-7959170B3\Application Data\PCPro
2012-02-13 11:32 . 2012-02-13 11:32 -------- d-----w- c:\documents and settings\Pe.BREAH-7959170B3\Application Data\PC Cleaners
2012-02-13 11:31 . 2012-02-13 11:30 5276432 ----a-w- c:\windows2\uninst.exe
2012-02-13 11:31 . 2012-02-13 11:31 -------- d-----w- c:\documents and settings\All Users.WINDOWS2\Application Data\PC1Data
2012-02-12 23:44 . 2011-07-06 19:52 41272 ----a-w- c:\windows2\system32\drivers\mbamswissarmy.sys
2012-02-12 23:13 . 2012-02-12 23:13 -------- d-----w- c:\windows2\system32\wbem\Repository
2012-02-12 22:58 . 2012-02-12 22:58 -------- d-----w- c:\program files\Enigma Software Group
2012-02-06 09:52 . 2012-02-13 09:54 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-02-06 09:52 . 2012-02-13 09:54 43960 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
2012-02-06 09:50 . 2009-03-18 16:35 26176 ---ha-w- c:\windows2\system32\hamachi.sys
2012-01-31 18:52 . 2012-01-31 18:52 -------- d-----w- c:\documents and settings\Pe.BREAH-7959170B3\Local Settings\Application Data\Heroes and Generals
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-01 21:14 . 2010-06-01 12:54 138520 ----a-w- c:\windows2\system32\drivers\PnkBstrK.sys
2012-02-01 21:11 . 2010-06-01 12:53 234536 ----a-w- c:\windows2\system32\PnkBstrB.exe
2012-02-01 21:11 . 2009-03-29 18:06 234536 ----a-w- c:\windows2\system32\PnkBstrB.xtr
2012-01-31 15:34 . 2010-06-01 12:53 234536 ----a-w- c:\windows2\system32\PnkBstrB.ex0
2012-01-17 15:01 . 2009-01-21 16:46 139152 -c--a-w- c:\documents and settings\Pe.BREAH-7959170B3\Application Data\PnkBstrK.sys
2011-12-13 11:01 . 2010-07-07 15:52 1698408 ----a-w- c:\windows2\RtlExUpd.dll
2011-11-25 21:57 . 2009-01-13 11:37 293376 ----a-w- c:\windows2\system32\winsrv.dll
2011-11-23 13:25 . 2009-01-13 11:37 1859584 ----a-w- c:\windows2\system32\win32k.sys
2011-11-18 12:35 . 2009-01-13 11:36 60416 ----a-w- c:\windows2\system32\packager.exe
2012-02-13 09:54 . 2011-05-01 12:22 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2006-05-03 09:06 163328 --sh--r- c:\windows2\system32\flvDX.dll
2007-02-21 10:47 31232 --sh--r- c:\windows2\system32\msfDX.dll
2008-03-16 12:30 216064 --sh--r- c:\windows2\system32\nbDX.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-01-13 . 649B4101C35E996E1866037C28A5FD42 . 1614848 . . [5.1.2600.5512] . . c:\windows2\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2012-02-14_19.49.46 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-02-15 23:10 . 2012-02-15 23:10 16384 c:\windows2\Temp\Perflib_Perfdata_1f0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PD0630 STISvc"="P0630Pin.dll" [2005-06-05 36864]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-10-07 1461080]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"StartCCC"="f:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-06-22 98304]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows2\system32\CTFMON.EXE" [2009-01-13 15360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /k:C /k:F *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS2^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows2\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 03:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-12-29 10:40 687560 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
2007-09-06 13:08 136136 ----a-w- c:\programas\DAEMON Tools Pro\DTProAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-03-18 12:21 136176 ----atw- c:\documents and settings\Pe.BREAH-7959170B3\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2007-08-24 07:00 33648 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 15:24 54840 ----a-w- f:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2011-07-06 19:52 449584 ----a-w- f:\2\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 23:08 417792 ----a-w- f:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2010-06-08 16:16 19552872 ----a-w- c:\windows2\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2010-06-08 16:16 1833576 ----a-w- c:\windows2\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 15:07 2260480 -csha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 12:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"f:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"f:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"f:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"f:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"f:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"f:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"f:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"f:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"f:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"f:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"f:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"f:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"f:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"f:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\WINDOWS2\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS2\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"f:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"f:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"f:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"c:\\Programas\\The All-Seeing Eye\\eye.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"f:\\Games\\Steam\\steamapps\\randoomized\\source sdk base\\hl2.exe"=
"c:\\Programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\SoulseekNS\\slsk.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"f:\\Games\\Steam\\Steam.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"f:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\Pe.BREAH-7959170B3\\Application Data\\Octoshape\\Octoshape Streaming Services\\OctoshapeClient.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Documents and Settings\\Pe.BREAH-7959170B3\\Application Data\\Macromedia\\Flash Player\\"=
"c:\\WINDOWS2\\system32\\dpvsetup.exe"=
"c:\\Programas\\SmartFTP Client\\SmartFTP.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"f:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe"=
"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"f:\\Games\\Steam\\steamapps\\randoomized\\source sdk base 2007\\hl2.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\forgottenhope2.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\FH2.exe"=
"f:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"f:\\Games\\Steam\\steamapps\\randoomized\\counter-strike\\hl.exe"=
"c:\\Documents and Settings\\Pe.BREAH-7959170B3\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"f:\\Programas\\mIRC\\mirc.exe"=
"f:\\Games\\Steam\\steamapps\\randoomized\\counter-strike source\\hl2.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5222:TCP"= 5222:TCP:xmpp.quakelive.com
"56831:TCP"= 56831:TCPando Media Booster
"56831:UDP"= 56831:UDPando Media Booster
"56065:TCP"= 56065:TCPando
"563:TCP"= 563:TCPando2
.
R0 sptd;sptd;c:\windows2\system32\drivers\sptd.sys [13-01-2009 16:26 717296]
R1 epfwtdir;epfwtdir;c:\windows2\system32\drivers\epfwtdir.sys [20-02-2008 11:11 35168]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [07-10-2009 9:16 472280]
R2 MBAMService;MBAMService;f:\2\Malwarebytes' Anti-Malware\mbamservice.exe [12-02-2012 23:44 366640]
R2 XobniService;XobniService;f:\program files\Xobni\XobniService.exe [20-11-2009 17:13 55016]
R3 MBAMProtector;MBAMProtector;c:\windows2\system32\drivers\mbam.sys [10-12-2010 20:21 22712]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows2\system32\drivers\seehcri.sys [23-11-2009 21:56 27632]
S2 gupdate1c98bb8b2aea58;Google Update Service (gupdate1c98bb8b2aea58);c:\program files\Google\Update\GoogleUpdate.exe [10-02-2009 19:44 133104]
S2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max Design 2009 32-bit 32-bit; [x]
S3 Ambfilt;Ambfilt;c:\windows2\system32\drivers\Ambfilt.sys [07-07-2010 15:53 1691480]
S3 atidgllk;atidgllk;c:\program files\winflash\atidgllk.sys [07-07-2010 16:32 12048]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows2\system32\drivers\ggflt.sys [23-11-2009 22:08 13224]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10-02-2009 19:44 133104]
S3 P0630VID;Creative WebCam Live!;c:\windows2\system32\drivers\P0630Vid.sys [25-02-2010 15:27 91841]
S3 pcouffin;VSO Software pcouffin;c:\windows2\system32\drivers\pcouffin.sys [28-01-2009 23:51 47360]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows2\system32\drivers\s0017bus.sys [23-11-2009 21:56 86824]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows2\system32\drivers\s0017mdfl.sys [23-11-2009 21:56 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows2\system32\drivers\s0017mdm.sys [23-11-2009 21:56 114600]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows2\system32\drivers\s0017mgmt.sys [23-11-2009 21:56 108328]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows2\system32\drivers\s0017nd5.sys [23-11-2009 21:56 26024]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows2\system32\drivers\s0017obex.sys [23-11-2009 21:56 104616]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows2\system32\drivers\s0017unic.sys [23-11-2009 21:56 109736]
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-15 c:\windows2\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-10 19:44]
.
2012-02-16 c:\windows2\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-10 19:44]
.
2012-02-15 c:\windows2\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-362288127-1417001333-1003Core.job
- c:\documents and settings\Pe.BREAH-7959170B3\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-06-14 12:21]
.
2012-02-15 c:\windows2\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-362288127-1417001333-1003UA.job
- c:\documents and settings\Pe.BREAH-7959170B3\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-06-14 12:21]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://eu.ask.com/?l=dis&o=102866&gct=hp
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: E&xportar para o Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: forgottenhonor.com\www
TCP: DhcpNameServer = 212.113.164.58 212.113.164.57
DPF: {5B54751C-0EDB-4CAE-816C-65BCED3FF819} - hxxp://game.heroesandgenerals.com/retox.ocx
DPF: {9BD3C5C6-BCBA-47BF-9CC0-0D5D3E117DE1} - hxxp://www.bravearms.com/razor/plugins/WebMediaPlayer.cab
FF - ProfilePath - c:\documents and settings\Pe.BREAH-7959170B3\Application Data\Mozilla\Firefox\Profiles\ybxr1hhq.default\
FF - prefs.js: browser.search.selectedEngine - YouTube
FF - prefs.js: browser.startup.homepage - hxxp://www.maisfutebol.iol.pt/
FF - prefs.js: keyword.URL - hxxp://startsear.ch/?aff=1&q=
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files\Ask.com\GenericAskToolbar.dll
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
MSConfigStartUp-ApnUpdater - c:\program files\Ask.com\Updater\Updater.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-16 00:33
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-448539723-362288127-1417001333-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-448539723-362288127-1417001333-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:9c,74,e3,9b,7d,bd,31,24,61,49,0f,9f,bd,6b,c8,9c,57,76,09,3c,fe,5b,11,
65,21,44,3f,b5,77,76,77,3b,ab,19,35,22,af,41,88,6c,f8,ff,fb,1b,bb,ab,45,49,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(700)
c:\windows2\system32\Ati2evxx.dll
c:\windows2\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(2244)
c:\windows2\system32\WININET.dll
c:\windows2\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows2\system32\msi.dll
c:\windows2\system32\ieframe.dll
c:\windows2\system32\webcheck.dll
c:\windows2\system32\WPDShServiceObj.dll
c:\windows2\system32\PortableDeviceTypes.dll
c:\windows2\system32\hnetcfg.dll
c:\windows2\system32\PortableDeviceApi.dll
.
Completion time: 2012-02-16 00:35:26
ComboFix-quarantined-files.txt 2012-02-16 00:35
ComboFix2.txt 2012-02-14 19:55
.
Pre-Run: 5.664.047.104 bytes free
Post-Run: 5.658.902.528 bytes free
.
- - End Of File - - 0398FC6794EDD15C80C0030E0ACC860D

 

[Broni]

You didn't run my script.
Redo.

 

[TheBreah]

I apologize if im doing something wrong but im repeating every step you indicated.

Interesting.....

1. Please open Notepad (Start>All Programs>Accessories>Notepad).

2. Now copy/paste the entire content of the codebox below into the Notepad window:

FCopy::
C:\WINDOWS2\$NtUninstallKB2564958$\oleaccrc.dll C:\WINDOWS2\system32\oleaccrc.dll

ClearJavaCache::

3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

• Combofix.txt

And this is the following log that appears:

ComboFix 12-02-13.01 - Pe 16-02-2012 10:25:55.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.351.1033.18.2046.1411 [GMT 0:00]
Running from: c:\documents and settings\Pe.BREAH-7959170B3\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Pe.BREAH-7959170B3\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 3.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: PC Cleaner Pro *Disabled/Updated* {737A8864-C2D9-4337-B49A-B5E35815B9BB}
.
.
((((((((((((((((((((((((( Files Created from 2012-01-16 to 2012-02-16 )))))))))))))))))))))))))))))))
.
.
2012-02-14 16:03 . 2012-02-14 16:03 -------- d-----w- c:\documents and settings\All Users.WINDOWS2\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
2012-02-14 15:35 . 2012-02-14 15:37 -------- d-----w- c:\program files\Dll-Files.com Fixer
2012-02-14 15:28 . 2012-02-14 15:28 -------- d-----w- c:\documents and settings\Pe.BREAH-7959170B3\Application Data\dll-files.com
2012-02-14 15:23 . 2012-02-14 15:23 -------- d-----w- c:\program files\Uniblue
2012-02-14 15:08 . 2012-02-14 15:10 -------- d-----w- c:\documents and settings\All Users.WINDOWS2\Application Data\SpeedyPC Software
2012-02-13 17:14 . 2012-02-14 16:39 -------- d-----w- c:\documents and settings\Pe.BREAH-7959170B3\Local Settings\Application Data\AskToolbar
2012-02-13 17:14 . 2012-02-13 17:14 -------- d-----w- c:\documents and settings\Pe.BREAH-7959170B3\Local Settings\Application Data\APN
2012-02-13 12:53 . 2012-02-13 12:53 -------- d-----w- c:\documents and settings\Pe.BREAH-7959170B3\Application Data\Registry Mechanic
2012-02-13 12:41 . 2012-02-13 17:47 -------- d-----w- c:\program files\Common Files\PC Tools
2012-02-13 12:35 . 2012-02-13 12:36 -------- d-----w- c:\documents and settings\All Users.WINDOWS2\Application Data\RegistryCleanEasy
2012-02-13 12:35 . 2012-02-13 12:35 -------- d-----w- C:\RegistryCleanEasy
2012-02-13 11:41 . 2012-02-13 11:41 -------- d-----w- c:\documents and settings\Pe.BREAH-7959170B3\AppData
2012-02-13 11:32 . 2012-02-13 11:32 -------- d-----w- c:\documents and settings\Pe.BREAH-7959170B3\Application Data\PCPro
2012-02-13 11:32 . 2012-02-13 11:32 -------- d-----w- c:\documents and settings\Pe.BREAH-7959170B3\Application Data\PC Cleaners
2012-02-13 11:31 . 2012-02-13 11:30 5276432 ----a-w- c:\windows2\uninst.exe
2012-02-13 11:31 . 2012-02-13 11:31 -------- d-----w- c:\documents and settings\All Users.WINDOWS2\Application Data\PC1Data
2012-02-12 23:44 . 2011-07-06 19:52 41272 ----a-w- c:\windows2\system32\drivers\mbamswissarmy.sys
2012-02-12 23:13 . 2012-02-12 23:13 -------- d-----w- c:\windows2\system32\wbem\Repository
2012-02-12 22:58 . 2012-02-12 22:58 -------- d-----w- c:\program files\Enigma Software Group
2012-02-06 09:52 . 2012-02-13 09:54 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-02-06 09:52 . 2012-02-13 09:54 43960 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
2012-02-06 09:50 . 2009-03-18 16:35 26176 ---ha-w- c:\windows2\system32\hamachi.sys
2012-01-31 18:52 . 2012-01-31 18:52 -------- d-----w- c:\documents and settings\Pe.BREAH-7959170B3\Local Settings\Application Data\Heroes and Generals
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-01 21:14 . 2010-06-01 12:54 138520 ----a-w- c:\windows2\system32\drivers\PnkBstrK.sys
2012-02-01 21:11 . 2010-06-01 12:53 234536 ----a-w- c:\windows2\system32\PnkBstrB.exe
2012-02-01 21:11 . 2009-03-29 18:06 234536 ----a-w- c:\windows2\system32\PnkBstrB.xtr
2012-01-31 15:34 . 2010-06-01 12:53 234536 ----a-w- c:\windows2\system32\PnkBstrB.ex0
2012-01-17 15:01 . 2009-01-21 16:46 139152 -c--a-w- c:\documents and settings\Pe.BREAH-7959170B3\Application Data\PnkBstrK.sys
2011-12-13 11:01 . 2010-07-07 15:52 1698408 ----a-w- c:\windows2\RtlExUpd.dll
2011-11-25 21:57 . 2009-01-13 11:37 293376 ----a-w- c:\windows2\system32\winsrv.dll
2011-11-23 13:25 . 2009-01-13 11:37 1859584 ----a-w- c:\windows2\system32\win32k.sys
2011-11-18 12:35 . 2009-01-13 11:36 60416 ----a-w- c:\windows2\system32\packager.exe
2012-02-13 09:54 . 2011-05-01 12:22 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2006-05-03 09:06 163328 --sh--r- c:\windows2\system32\flvDX.dll
2007-02-21 10:47 31232 --sh--r- c:\windows2\system32\msfDX.dll
2008-03-16 12:30 216064 --sh--r- c:\windows2\system32\nbDX.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-01-13 . 649B4101C35E996E1866037C28A5FD42 . 1614848 . . [5.1.2600.5512] . . c:\windows2\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2012-02-14_19.49.46 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-02-16 10:05 . 2012-02-16 10:05 16384 c:\windows2\Temp\Perflib_Perfdata_280.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PD0630 STISvc"="P0630Pin.dll" [2005-06-05 36864]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-10-07 1461080]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"StartCCC"="f:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-06-22 98304]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows2\system32\CTFMON.EXE" [2009-01-13 15360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /k:C /k:F *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS2^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows2\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 03:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-12-29 10:40 687560 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
2007-09-06 13:08 136136 ----a-w- c:\programas\DAEMON Tools Pro\DTProAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-03-18 12:21 136176 ----atw- c:\documents and settings\Pe.BREAH-7959170B3\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2007-08-24 07:00 33648 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 15:24 54840 ----a-w- f:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2011-07-06 19:52 449584 ----a-w- f:\2\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 23:08 417792 ----a-w- f:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2010-06-08 16:16 19552872 ----a-w- c:\windows2\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2010-06-08 16:16 1833576 ----a-w- c:\windows2\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 15:07 2260480 -csha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 12:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"f:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"f:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"f:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"f:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"f:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"f:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"f:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"f:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"f:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"f:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"f:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"f:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"f:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"f:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\WINDOWS2\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS2\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"f:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"f:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"f:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"c:\\Programas\\The All-Seeing Eye\\eye.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"f:\\Games\\Steam\\steamapps\\randoomized\\source sdk base\\hl2.exe"=
"c:\\Programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\SoulseekNS\\slsk.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"f:\\Games\\Steam\\Steam.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"f:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\Pe.BREAH-7959170B3\\Application Data\\Octoshape\\Octoshape Streaming Services\\OctoshapeClient.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Documents and Settings\\Pe.BREAH-7959170B3\\Application Data\\Macromedia\\Flash Player\\"=
"c:\\WINDOWS2\\system32\\dpvsetup.exe"=
"c:\\Programas\\SmartFTP Client\\SmartFTP.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"f:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe"=
"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"f:\\Games\\Steam\\steamapps\\randoomized\\source sdk base 2007\\hl2.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\forgottenhope2.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\FH2.exe"=
"f:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"f:\\Games\\Steam\\steamapps\\randoomized\\counter-strike\\hl.exe"=
"c:\\Documents and Settings\\Pe.BREAH-7959170B3\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"f:\\Programas\\mIRC\\mirc.exe"=
"f:\\Games\\Steam\\steamapps\\randoomized\\counter-strike source\\hl2.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5222:TCP"= 5222:TCP:xmpp.quakelive.com
"56831:TCP"= 56831:TCPando Media Booster
"56831:UDP"= 56831:UDPando Media Booster
"56065:TCP"= 56065:TCPando
"563:TCP"= 563:TCPando2
.
R0 sptd;sptd;c:\windows2\system32\drivers\sptd.sys [13-01-2009 16:26 717296]
R1 epfwtdir;epfwtdir;c:\windows2\system32\drivers\epfwtdir.sys [20-02-2008 11:11 35168]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [07-10-2009 9:16 472280]
R2 MBAMService;MBAMService;f:\2\Malwarebytes' Anti-Malware\mbamservice.exe [12-02-2012 23:44 366640]
R2 XobniService;XobniService;f:\program files\Xobni\XobniService.exe [20-11-2009 17:13 55016]
R3 MBAMProtector;MBAMProtector;c:\windows2\system32\drivers\mbam.sys [10-12-2010 20:21 22712]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows2\system32\drivers\seehcri.sys [23-11-2009 21:56 27632]
S2 gupdate1c98bb8b2aea58;Google Update Service (gupdate1c98bb8b2aea58);c:\program files\Google\Update\GoogleUpdate.exe [10-02-2009 19:44 133104]
S2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max Design 2009 32-bit 32-bit; [x]
S3 Ambfilt;Ambfilt;c:\windows2\system32\drivers\Ambfilt.sys [07-07-2010 15:53 1691480]
S3 atidgllk;atidgllk;c:\program files\winflash\atidgllk.sys [07-07-2010 16:32 12048]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows2\system32\drivers\ggflt.sys [23-11-2009 22:08 13224]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10-02-2009 19:44 133104]
S3 P0630VID;Creative WebCam Live!;c:\windows2\system32\drivers\P0630Vid.sys [25-02-2010 15:27 91841]
S3 pcouffin;VSO Software pcouffin;c:\windows2\system32\drivers\pcouffin.sys [28-01-2009 23:51 47360]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows2\system32\drivers\s0017bus.sys [23-11-2009 21:56 86824]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows2\system32\drivers\s0017mdfl.sys [23-11-2009 21:56 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows2\system32\drivers\s0017mdm.sys [23-11-2009 21:56 114600]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows2\system32\drivers\s0017mgmt.sys [23-11-2009 21:56 108328]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows2\system32\drivers\s0017nd5.sys [23-11-2009 21:56 26024]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows2\system32\drivers\s0017obex.sys [23-11-2009 21:56 104616]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows2\system32\drivers\s0017unic.sys [23-11-2009 21:56 109736]
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-16 c:\windows2\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-10 19:44]
.
2012-02-16 c:\windows2\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-10 19:44]
.
2012-02-15 c:\windows2\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-362288127-1417001333-1003Core.job
- c:\documents and settings\Pe.BREAH-7959170B3\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-06-14 12:21]
.
2012-02-16 c:\windows2\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-362288127-1417001333-1003UA.job
- c:\documents and settings\Pe.BREAH-7959170B3\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-06-14 12:21]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://eu.ask.com/?l=dis&o=102866&gct=hp
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: E&xportar para o Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: forgottenhonor.com\www
TCP: DhcpNameServer = 212.113.164.58 212.113.164.57
DPF: {5B54751C-0EDB-4CAE-816C-65BCED3FF819} - hxxp://game.heroesandgenerals.com/retox.ocx
DPF: {9BD3C5C6-BCBA-47BF-9CC0-0D5D3E117DE1} - hxxp://www.bravearms.com/razor/plugins/WebMediaPlayer.cab
FF - ProfilePath - c:\documents and settings\Pe.BREAH-7959170B3\Application Data\Mozilla\Firefox\Profiles\ybxr1hhq.default\
FF - prefs.js: browser.search.selectedEngine - YouTube
FF - prefs.js: browser.startup.homepage - hxxp://www.maisfutebol.iol.pt/
FF - prefs.js: keyword.URL - hxxp://startsear.ch/?aff=1&q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-16 10:32
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-448539723-362288127-1417001333-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-448539723-362288127-1417001333-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:9c,74,e3,9b,7d,bd,31,24,61,49,0f,9f,bd,6b,c8,9c,57,76,09,3c,fe,5b,11,
65,21,44,3f,b5,77,76,77,3b,ab,19,35,22,af,41,88,6c,f8,ff,fb,1b,bb,ab,45,49,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(684)
c:\windows2\system32\Ati2evxx.dll
c:\windows2\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(3340)
c:\windows2\system32\WININET.dll
c:\windows2\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows2\system32\ieframe.dll
c:\windows2\system32\msi.dll
c:\windows2\system32\webcheck.dll
c:\windows2\system32\WPDShServiceObj.dll
c:\windows2\system32\PortableDeviceTypes.dll
c:\windows2\system32\PortableDeviceApi.dll
c:\windows2\system32\hnetcfg.dll
.
Completion time: 2012-02-16 10:34:10
ComboFix-quarantined-files.txt 2012-02-16 10:34
ComboFix2.txt 2012-02-16 09:52
ComboFix3.txt 2012-02-16 00:35
ComboFix4.txt 2012-02-14 19:55
.
Pre-Run: 5.935.005.696 bytes free
Post-Run: 5.918.457.856 bytes free
.
- - End Of File - - 19BC0A95DC5B8A752B4FC8596D5BF00D

 

[Broni]

Let's see, if we can look at your computer booting from an external source.

Please download OTLPE (filesize 120,9 MB)

• When downloaded double click on OTLPENet.exe and make sure there is a blank CD in your CD drive. This will automatically create a bootable CD.
• Reboot your system using the boot CD you just created.
  • Note : If you do not know how to set your computer to boot from CD follow the steps here
• Your system should now display a REATOGO-X-PE desktop.
• Depending on your type of internet connection, you should be able to get online as well so you can access this topic more easily.
• Double-click on the OTLPE icon.
• When asked Do you wish to load the remote registry, select Yes
• When asked Do you wish to load remote user profile(s) for scanning, select Yes
• Ensure the box Automatically Load All Remaining Users" is checked and press OK
• OTL should now start.
• Under the Custom Scan box paste this in:
  
  /md5start
  oleaccrc.dll
  /md5stop
  
  
• Press Run Scan to start the scan.
• When finished, the file will be saved in drive C:\OTL.txt
• Copy this file to your USB drive if you do not have internet connection on this system
• Please post the contents of the OTL.txt file in your reply.