I have the same error while running several programs. The message that appears is:
".... oleaccrc.dll is corrupt and unreadable."
Any kind of help would be much appreciated.
Thank you in advance.
__________________
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org
Database version: 912021403
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
14-02-2012 17:00:50
mbam-log-2012-02-14 (17-00-50).txt
Scan type: Quick scan
Objects scanned: 292608
Time elapsed: 7 minute(s), 13 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
________________
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-02-14 17:09:50
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-7 Maxtor_6Y080M0 rev.YAR512W0
Running: 8zz695zi.exe; Driver: C:\DOCUME~1\PE11FF~1.BRE\LOCALS~1\Temp\pgpyikoc.sys
---- System - GMER 1.0.15 ----
SSDT spgj.sys ZwEnumerateKey [0xF72A5CA2]
SSDT spgj.sys ZwEnumerateValueKey [0xF72A6030]
---- Devices - GMER 1.0.15 ----
Device \Driver\atapi \Device\Ide\IdePort0 [F71DBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [F71DBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort2 [F71DBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-7 [F71DBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort3 [F71DBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort4 [F71DBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort5 [F71DBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP4T0L0-16 [F71DBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\ay8s61om \Device\Scsi\ay8s61om1Port6Path0Target0Lun0 89ACC500
Device \Driver\ay8s61om \Device\Scsi\ay8s61om1 89ACC500
Device \Driver\ay8s61om \Device\Scsi\ay8s61om1Port6Path0Target1Lun0 89ACC500
Device \FileSystem\Ntfs \Ntfs 89E751F8
AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys
---- EOF - GMER 1.0.15 ----
_____________
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
Run by Pe at 17:11:21 on 2012-02-14
Microsoft Windows XP Professional 5.1.2600.3.1252.351.1033.18.2046.1185 [GMT 0:00]
.
AV: PC Cleaner Pro *Disabled/Updated* {737A8864-C2D9-4337-B49A-B5E35815B9BB}
AV: ESET NOD32 Antivirus 3.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
============== Running Processes ===============
.
C:\WINDOWS2\system32\Ati2evxx.exe
C:\WINDOWS2\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS2\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS2\system32\Ati2evxx.exe
C:\WINDOWS2\system32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS2\system32\spoolsv.exe
C:\WINDOWS2\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS2\system32\RunDLL32.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
F:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
svchost.exe
C:\WINDOWS2\system32\AEADISRV.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
f:\2\Malwarebytes' Anti-Malware\mbamservice.exe
F:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
f:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS2\system32\HPZipm12.exe
C:\WINDOWS2\system32\PnkBstrA.exe
svchost.exe
C:\WINDOWS2\system32\svchost.exe -k imgsvc
F:\Program Files\Xobni\XobniService.exe
C:\WINDOWS2\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS2\system32\wscntfy.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://eu.ask.com/?l=dis&o=102866&gct=hp
uSearch Page = hxxp://search.live.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://search.live.com/sphome.aspx
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Searchqu Toolbar: {7ff99715-3016-4381-84ce-e4e4c9673020} - Searchqu Toolbar
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Bandoo IE Plugin: {eb5cee80-030a-4ed8-8e20-454e9c68380f} - BandooIEPlugin Class
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
TB: Searchqu Toolbar: {7ff99715-3016-4381-84ce-e4e4c9673020} -
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
mRun: [SoundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray
mRun: [PD0630 STISvc] RunDLL32.exe P0630Pin.dll,RunDLL32EP 513
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [StartCCC] "f:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
dRun: [CTFMON.EXE] c:\windows2\system32\CTFMON.EXE
dRunOnce: [!SearchquFF] RUNDLL32.EXE c:\windows2\temp\search~1\INSTAL~1.DLL,_SetFFAssets http://www.searchqu.com/403,Web Search,WebSearch,http://www.searchqu.com/web?src=ffb&systemid=403&q=,
uPolicies-explorer: NoInstrumentation = 1
IE: E&xportar para o Microsoft Excel - c:\progra~2\micros~3\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~3\office12\REFIEBAR.DLL
Trusted Zone: forgottenhonor.com\www
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {41564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab
DPF: {5B54751C-0EDB-4CAE-816C-65BCED3FF819} - hxxp://game.heroesandgenerals.com/retox.ocx
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1231871237906
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9BD3C5C6-BCBA-47BF-9CC0-0D5D3E117DE1} - hxxp://www.bravearms.com/razor/plugins/WebMediaPlayer.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 212.113.164.58 212.113.164.57
TCP: Interfaces\{724B9139-EDF2-419B-BEDC-0D5794E34DA5} : DhcpNameServer = 212.113.164.58 212.113.164.57
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~2\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows2\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\pe.breah-7959170b3\application data\mozilla\firefox\profiles\ybxr1hhq.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.maisfutebol.iol.pt/
FF - prefs.js: keyword.URL - hxxp://startsear.ch/?aff=1&q=
FF - plugin: c:\documents and settings\all users.windows2\application data\id software\quakelive\npquakezero.dll
FF - plugin: c:\documents and settings\pe.breah-7959170b3\application data\mozilla\firefox\profiles\ybxr1hhq.default\extensions\npretoxlive@live.heroesandgenerals.com\plugins\npretoxlive.dll
FF - plugin: c:\documents and settings\pe.breah-7959170b3\application data\mozilla\firefox\profiles\ybxr1hhq.default\extensions\npretoxstable@stable.heroesandgenerals.com\plugins\npretoxstable.dll
FF - plugin: c:\documents and settings\pe.breah-7959170b3\application data\mozilla\firefox\profiles\ybxr1hhq.default\extensions\webmediaplayer@3gstudiosinc.com\plugins\npWebMediaPlayer.dll
FF - plugin: c:\documents and settings\pe.breah-7959170b3\application data\mozilla\plugins\np-mswmp.dll
FF - plugin: c:\documents and settings\pe.breah-7959170b3\application data\mozilla\plugins\npoctoshape.dll
FF - plugin: c:\documents and settings\pe.breah-7959170b3\local settings\application data\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\3g studios\web media client\npWebMediaClient.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npvsharetvplg.dll
FF - plugin: f:\program files\quicktime\plugins\npqtplugin.dll
FF - plugin: f:\program files\quicktime\plugins\npqtplugin2.dll
FF - plugin: f:\program files\quicktime\plugins\npqtplugin3.dll
FF - plugin: f:\program files\quicktime\plugins\npqtplugin4.dll
FF - plugin: f:\program files\quicktime\plugins\npqtplugin5.dll
FF - plugin: f:\program files\quicktime\plugins\npqtplugin6.dll
FF - plugin: f:\program files\quicktime\plugins\npqtplugin7.dll
FF - plugin: f:\program files\veetle\player\npvlc.dll
FF - plugin: f:\program files\veetle\plugins\npVeetle.dll
FF - plugin: f:\program files\veetle\vlcbroadcast\npvbp.dll
.
============= SERVICES / DRIVERS ===============
.
R1 epfwtdir;epfwtdir;c:\windows2\system32\drivers\epfwtdir.sys [2008-2-20 35168]
R2 ekrn;Eset Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-10-7 472280]
R2 MBAMService;MBAMService;f:\2\malwarebytes' anti-malware\mbamservice.exe [2012-2-12 366640]
R2 XobniService;XobniService;f:\program files\xobni\XobniService.exe [2009-11-20 55016]
R3 MBAMProtector;MBAMProtector;c:\windows2\system32\drivers\mbam.sys [2010-12-10 22712]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows2\system32\drivers\seehcri.sys [2009-11-23 27632]
S2 gupdate1c98bb8b2aea58;Google Update Service (gupdate1c98bb8b2aea58);c:\program files\google\update\GoogleUpdate.exe [2009-2-10 133104]
S2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max Design 2009 32-bit 32-bit; [x]
S3 Ambfilt;Ambfilt;c:\windows2\system32\drivers\Ambfilt.sys [2010-7-7 1691480]
S3 atidgllk;atidgllk;c:\program files\winflash\atidgllk.sys [2010-7-7 12048]
S3 cpuz132;cpuz132;\??\c:\docume~1\pe11ff~1.bre\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\pe11ff~1.bre\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows2\system32\drivers\ggflt.sys [2009-11-23 13224]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-2-10 133104]
S3 P0630VID;Creative WebCam Live!;c:\windows2\system32\drivers\P0630Vid.sys [2010-2-25 91841]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows2\system32\drivers\s0017bus.sys [2009-11-23 86824]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows2\system32\drivers\s0017mdfl.sys [2009-11-23 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows2\system32\drivers\s0017mdm.sys [2009-11-23 114600]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows2\system32\drivers\s0017mgmt.sys [2009-11-23 108328]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows2\system32\drivers\s0017nd5.sys [2009-11-23 26024]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows2\system32\drivers\s0017obex.sys [2009-11-23 104616]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows2\system32\drivers\s0017unic.sys [2009-11-23 109736]
.
=============== File Associations ===============
.
.txt=
.
=============== Created Last 30 ================
.
2012-02-14 16:03:31 -------- d-----w- c:\documents and settings\all users.windows2\application data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
2012-02-14 15:35:54 -------- d-----w- c:\program files\Dll-Files.com Fixer
2012-02-14 15:28:05 -------- d-----w- c:\documents and settings\pe.breah-7959170b3\application data\dll-files.com
2012-02-14 15:23:01 -------- d-----w- c:\program files\Uniblue
2012-02-14 15:08:03 -------- d-----w- c:\documents and settings\all users.windows2\application data\SpeedyPC Software
2012-02-13 17:14:30 -------- d-----w- c:\program files\Ask.com
2012-02-13 17:14:27 -------- d-----w- c:\documents and settings\pe.breah-7959170b3\local settings\application data\AskToolbar
2012-02-13 17:14:16 -------- d-----w- c:\documents and settings\pe.breah-7959170b3\local settings\application data\APN
2012-02-13 16:53:56 -------- d-----w- C:\cmdcons
2012-02-13 16:49:45 98816 ----a-w- c:\windows2\sed.exe
2012-02-13 16:49:45 518144 ----a-w- c:\windows2\SWREG.exe
2012-02-13 16:49:45 256000 ----a-w- c:\windows2\PEV.exe
2012-02-13 16:49:45 208896 ----a-w- c:\windows2\MBR.exe
2012-02-13 16:49:09 -------- d-s---w- C:\ComboFix
2012-02-13 12:53:11 -------- d-----w- c:\documents and settings\pe.breah-7959170b3\application data\Registry Mechanic
2012-02-13 12:41:01 -------- d-----w- c:\program files\common files\PC Tools
2012-02-13 12:35:41 -------- d-----w- C:\RegistryCleanEasy
2012-02-13 12:35:41 -------- d-----w- c:\documents and settings\all users.windows2\application data\RegistryCleanEasy
2012-02-13 11:41:13 -------- d-----w- c:\documents and settings\pe.breah-7959170b3\AppData
2012-02-13 11:32:01 -------- d-----w- c:\documents and settings\pe.breah-7959170b3\application data\PCPro
2012-02-13 11:32:01 -------- d-----w- c:\documents and settings\pe.breah-7959170b3\application data\PC Cleaners
2012-02-13 11:31:42 5276432 ----a-w- c:\windows2\uninst.exe
2012-02-13 11:31:38 -------- d-----w- c:\program files\PC Cleaners
2012-02-13 11:31:38 -------- d-----w- c:\documents and settings\all users.windows2\application data\PC1Data
2012-02-12 23:44:22 41272 ----a-w- c:\windows2\system32\drivers\mbamswissarmy.sys
2012-02-12 23:13:39 -------- d-----w- c:\windows2\system32\wbem\repository\FS
2012-02-12 23:13:39 -------- d-----w- c:\windows2\system32\wbem\Repository
2012-02-12 22:58:44 -------- d-----w- c:\program files\Enigma Software Group
2012-02-06 09:52:18 592824 ----a-w- c:\program files\mozilla firefox\gkmedias.dll
2012-02-06 09:52:18 43960 ----a-w- c:\program files\mozilla firefox\mozglue.dll
2012-02-06 09:50:17 26176 ---ha-w- c:\windows2\system32\hamachi.sys
2012-01-31 18:52:01 -------- d-----w- c:\documents and settings\pe.breah-7959170b3\local settings\application data\Heroes and Generals
.
==================== Find3M ====================
.
2012-02-01 21:14:34 138520 ----a-w- c:\windows2\system32\drivers\PnkBstrK.sys
2012-02-01 21:11:40 234536 ----a-w- c:\windows2\system32\PnkBstrB.xtr
2012-02-01 21:11:40 234536 ----a-w- c:\windows2\system32\PnkBstrB.exe
2012-01-31 15:34:16 234536 ----a-w- c:\windows2\system32\PnkBstrB.ex0
2012-01-17 15:01:54 139152 -c--a-w- c:\documents and settings\pe.breah-7959170b3\application data\PnkBstrK.sys
2011-12-13 11:01:00 1698408 ----a-w- c:\windows2\RtlExUpd.dll
2011-11-25 21:57:19 293376 ----a-w- c:\windows2\system32\winsrv.dll
2011-11-23 13:25:32 1859584 ----a-w- c:\windows2\system32\win32k.sys
2011-11-18 12:35:08 60416 ----a-w- c:\windows2\system32\packager.exe
2006-05-03 09:06:54 163328 --sh--r- c:\windows2\system32\flvDX.dll
2007-02-21 10:47:16 31232 --sh--r- c:\windows2\system32\msfDX.dll
2008-03-16 12:30:52 216064 --sh--r- c:\windows2\system32\nbDX.dll
.
============= FINISH: 17:11:48,79 ===============
".... oleaccrc.dll is corrupt and unreadable."
Any kind of help would be much appreciated.
Thank you in advance.
__________________
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org
Database version: 912021403
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
14-02-2012 17:00:50
mbam-log-2012-02-14 (17-00-50).txt
Scan type: Quick scan
Objects scanned: 292608
Time elapsed: 7 minute(s), 13 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
________________
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-02-14 17:09:50
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-7 Maxtor_6Y080M0 rev.YAR512W0
Running: 8zz695zi.exe; Driver: C:\DOCUME~1\PE11FF~1.BRE\LOCALS~1\Temp\pgpyikoc.sys
---- System - GMER 1.0.15 ----
SSDT spgj.sys ZwEnumerateKey [0xF72A5CA2]
SSDT spgj.sys ZwEnumerateValueKey [0xF72A6030]
---- Devices - GMER 1.0.15 ----
Device \Driver\atapi \Device\Ide\IdePort0 [F71DBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [F71DBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort2 [F71DBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-7 [F71DBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort3 [F71DBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort4 [F71DBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort5 [F71DBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP4T0L0-16 [F71DBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\ay8s61om \Device\Scsi\ay8s61om1Port6Path0Target0Lun0 89ACC500
Device \Driver\ay8s61om \Device\Scsi\ay8s61om1 89ACC500
Device \Driver\ay8s61om \Device\Scsi\ay8s61om1Port6Path0Target1Lun0 89ACC500
Device \FileSystem\Ntfs \Ntfs 89E751F8
AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys
---- EOF - GMER 1.0.15 ----
_____________
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
Run by Pe at 17:11:21 on 2012-02-14
Microsoft Windows XP Professional 5.1.2600.3.1252.351.1033.18.2046.1185 [GMT 0:00]
.
AV: PC Cleaner Pro *Disabled/Updated* {737A8864-C2D9-4337-B49A-B5E35815B9BB}
AV: ESET NOD32 Antivirus 3.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
============== Running Processes ===============
.
C:\WINDOWS2\system32\Ati2evxx.exe
C:\WINDOWS2\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS2\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS2\system32\Ati2evxx.exe
C:\WINDOWS2\system32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS2\system32\spoolsv.exe
C:\WINDOWS2\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS2\system32\RunDLL32.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
F:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
svchost.exe
C:\WINDOWS2\system32\AEADISRV.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
f:\2\Malwarebytes' Anti-Malware\mbamservice.exe
F:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
f:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS2\system32\HPZipm12.exe
C:\WINDOWS2\system32\PnkBstrA.exe
svchost.exe
C:\WINDOWS2\system32\svchost.exe -k imgsvc
F:\Program Files\Xobni\XobniService.exe
C:\WINDOWS2\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS2\system32\wscntfy.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://eu.ask.com/?l=dis&o=102866&gct=hp
uSearch Page = hxxp://search.live.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://search.live.com/sphome.aspx
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Searchqu Toolbar: {7ff99715-3016-4381-84ce-e4e4c9673020} - Searchqu Toolbar
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Bandoo IE Plugin: {eb5cee80-030a-4ed8-8e20-454e9c68380f} - BandooIEPlugin Class
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
TB: Searchqu Toolbar: {7ff99715-3016-4381-84ce-e4e4c9673020} -
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
mRun: [SoundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray
mRun: [PD0630 STISvc] RunDLL32.exe P0630Pin.dll,RunDLL32EP 513
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [StartCCC] "f:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
dRun: [CTFMON.EXE] c:\windows2\system32\CTFMON.EXE
dRunOnce: [!SearchquFF] RUNDLL32.EXE c:\windows2\temp\search~1\INSTAL~1.DLL,_SetFFAssets http://www.searchqu.com/403,Web Search,WebSearch,http://www.searchqu.com/web?src=ffb&systemid=403&q=,
uPolicies-explorer: NoInstrumentation = 1
IE: E&xportar para o Microsoft Excel - c:\progra~2\micros~3\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~3\office12\REFIEBAR.DLL
Trusted Zone: forgottenhonor.com\www
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {41564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab
DPF: {5B54751C-0EDB-4CAE-816C-65BCED3FF819} - hxxp://game.heroesandgenerals.com/retox.ocx
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1231871237906
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9BD3C5C6-BCBA-47BF-9CC0-0D5D3E117DE1} - hxxp://www.bravearms.com/razor/plugins/WebMediaPlayer.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 212.113.164.58 212.113.164.57
TCP: Interfaces\{724B9139-EDF2-419B-BEDC-0D5794E34DA5} : DhcpNameServer = 212.113.164.58 212.113.164.57
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~2\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows2\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\pe.breah-7959170b3\application data\mozilla\firefox\profiles\ybxr1hhq.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.maisfutebol.iol.pt/
FF - prefs.js: keyword.URL - hxxp://startsear.ch/?aff=1&q=
FF - plugin: c:\documents and settings\all users.windows2\application data\id software\quakelive\npquakezero.dll
FF - plugin: c:\documents and settings\pe.breah-7959170b3\application data\mozilla\firefox\profiles\ybxr1hhq.default\extensions\npretoxlive@live.heroesandgenerals.com\plugins\npretoxlive.dll
FF - plugin: c:\documents and settings\pe.breah-7959170b3\application data\mozilla\firefox\profiles\ybxr1hhq.default\extensions\npretoxstable@stable.heroesandgenerals.com\plugins\npretoxstable.dll
FF - plugin: c:\documents and settings\pe.breah-7959170b3\application data\mozilla\firefox\profiles\ybxr1hhq.default\extensions\webmediaplayer@3gstudiosinc.com\plugins\npWebMediaPlayer.dll
FF - plugin: c:\documents and settings\pe.breah-7959170b3\application data\mozilla\plugins\np-mswmp.dll
FF - plugin: c:\documents and settings\pe.breah-7959170b3\application data\mozilla\plugins\npoctoshape.dll
FF - plugin: c:\documents and settings\pe.breah-7959170b3\local settings\application data\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\3g studios\web media client\npWebMediaClient.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npvsharetvplg.dll
FF - plugin: f:\program files\quicktime\plugins\npqtplugin.dll
FF - plugin: f:\program files\quicktime\plugins\npqtplugin2.dll
FF - plugin: f:\program files\quicktime\plugins\npqtplugin3.dll
FF - plugin: f:\program files\quicktime\plugins\npqtplugin4.dll
FF - plugin: f:\program files\quicktime\plugins\npqtplugin5.dll
FF - plugin: f:\program files\quicktime\plugins\npqtplugin6.dll
FF - plugin: f:\program files\quicktime\plugins\npqtplugin7.dll
FF - plugin: f:\program files\veetle\player\npvlc.dll
FF - plugin: f:\program files\veetle\plugins\npVeetle.dll
FF - plugin: f:\program files\veetle\vlcbroadcast\npvbp.dll
.
============= SERVICES / DRIVERS ===============
.
R1 epfwtdir;epfwtdir;c:\windows2\system32\drivers\epfwtdir.sys [2008-2-20 35168]
R2 ekrn;Eset Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-10-7 472280]
R2 MBAMService;MBAMService;f:\2\malwarebytes' anti-malware\mbamservice.exe [2012-2-12 366640]
R2 XobniService;XobniService;f:\program files\xobni\XobniService.exe [2009-11-20 55016]
R3 MBAMProtector;MBAMProtector;c:\windows2\system32\drivers\mbam.sys [2010-12-10 22712]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows2\system32\drivers\seehcri.sys [2009-11-23 27632]
S2 gupdate1c98bb8b2aea58;Google Update Service (gupdate1c98bb8b2aea58);c:\program files\google\update\GoogleUpdate.exe [2009-2-10 133104]
S2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max Design 2009 32-bit 32-bit; [x]
S3 Ambfilt;Ambfilt;c:\windows2\system32\drivers\Ambfilt.sys [2010-7-7 1691480]
S3 atidgllk;atidgllk;c:\program files\winflash\atidgllk.sys [2010-7-7 12048]
S3 cpuz132;cpuz132;\??\c:\docume~1\pe11ff~1.bre\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\pe11ff~1.bre\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows2\system32\drivers\ggflt.sys [2009-11-23 13224]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-2-10 133104]
S3 P0630VID;Creative WebCam Live!;c:\windows2\system32\drivers\P0630Vid.sys [2010-2-25 91841]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows2\system32\drivers\s0017bus.sys [2009-11-23 86824]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows2\system32\drivers\s0017mdfl.sys [2009-11-23 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows2\system32\drivers\s0017mdm.sys [2009-11-23 114600]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows2\system32\drivers\s0017mgmt.sys [2009-11-23 108328]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows2\system32\drivers\s0017nd5.sys [2009-11-23 26024]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows2\system32\drivers\s0017obex.sys [2009-11-23 104616]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows2\system32\drivers\s0017unic.sys [2009-11-23 109736]
.
=============== File Associations ===============
.
.txt=
.
=============== Created Last 30 ================
.
2012-02-14 16:03:31 -------- d-----w- c:\documents and settings\all users.windows2\application data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
2012-02-14 15:35:54 -------- d-----w- c:\program files\Dll-Files.com Fixer
2012-02-14 15:28:05 -------- d-----w- c:\documents and settings\pe.breah-7959170b3\application data\dll-files.com
2012-02-14 15:23:01 -------- d-----w- c:\program files\Uniblue
2012-02-14 15:08:03 -------- d-----w- c:\documents and settings\all users.windows2\application data\SpeedyPC Software
2012-02-13 17:14:30 -------- d-----w- c:\program files\Ask.com
2012-02-13 17:14:27 -------- d-----w- c:\documents and settings\pe.breah-7959170b3\local settings\application data\AskToolbar
2012-02-13 17:14:16 -------- d-----w- c:\documents and settings\pe.breah-7959170b3\local settings\application data\APN
2012-02-13 16:53:56 -------- d-----w- C:\cmdcons
2012-02-13 16:49:45 98816 ----a-w- c:\windows2\sed.exe
2012-02-13 16:49:45 518144 ----a-w- c:\windows2\SWREG.exe
2012-02-13 16:49:45 256000 ----a-w- c:\windows2\PEV.exe
2012-02-13 16:49:45 208896 ----a-w- c:\windows2\MBR.exe
2012-02-13 16:49:09 -------- d-s---w- C:\ComboFix
2012-02-13 12:53:11 -------- d-----w- c:\documents and settings\pe.breah-7959170b3\application data\Registry Mechanic
2012-02-13 12:41:01 -------- d-----w- c:\program files\common files\PC Tools
2012-02-13 12:35:41 -------- d-----w- C:\RegistryCleanEasy
2012-02-13 12:35:41 -------- d-----w- c:\documents and settings\all users.windows2\application data\RegistryCleanEasy
2012-02-13 11:41:13 -------- d-----w- c:\documents and settings\pe.breah-7959170b3\AppData
2012-02-13 11:32:01 -------- d-----w- c:\documents and settings\pe.breah-7959170b3\application data\PCPro
2012-02-13 11:32:01 -------- d-----w- c:\documents and settings\pe.breah-7959170b3\application data\PC Cleaners
2012-02-13 11:31:42 5276432 ----a-w- c:\windows2\uninst.exe
2012-02-13 11:31:38 -------- d-----w- c:\program files\PC Cleaners
2012-02-13 11:31:38 -------- d-----w- c:\documents and settings\all users.windows2\application data\PC1Data
2012-02-12 23:44:22 41272 ----a-w- c:\windows2\system32\drivers\mbamswissarmy.sys
2012-02-12 23:13:39 -------- d-----w- c:\windows2\system32\wbem\repository\FS
2012-02-12 23:13:39 -------- d-----w- c:\windows2\system32\wbem\Repository
2012-02-12 22:58:44 -------- d-----w- c:\program files\Enigma Software Group
2012-02-06 09:52:18 592824 ----a-w- c:\program files\mozilla firefox\gkmedias.dll
2012-02-06 09:52:18 43960 ----a-w- c:\program files\mozilla firefox\mozglue.dll
2012-02-06 09:50:17 26176 ---ha-w- c:\windows2\system32\hamachi.sys
2012-01-31 18:52:01 -------- d-----w- c:\documents and settings\pe.breah-7959170b3\local settings\application data\Heroes and Generals
.
==================== Find3M ====================
.
2012-02-01 21:14:34 138520 ----a-w- c:\windows2\system32\drivers\PnkBstrK.sys
2012-02-01 21:11:40 234536 ----a-w- c:\windows2\system32\PnkBstrB.xtr
2012-02-01 21:11:40 234536 ----a-w- c:\windows2\system32\PnkBstrB.exe
2012-01-31 15:34:16 234536 ----a-w- c:\windows2\system32\PnkBstrB.ex0
2012-01-17 15:01:54 139152 -c--a-w- c:\documents and settings\pe.breah-7959170b3\application data\PnkBstrK.sys
2011-12-13 11:01:00 1698408 ----a-w- c:\windows2\RtlExUpd.dll
2011-11-25 21:57:19 293376 ----a-w- c:\windows2\system32\winsrv.dll
2011-11-23 13:25:32 1859584 ----a-w- c:\windows2\system32\win32k.sys
2011-11-18 12:35:08 60416 ----a-w- c:\windows2\system32\packager.exe
2006-05-03 09:06:54 163328 --sh--r- c:\windows2\system32\flvDX.dll
2007-02-21 10:47:16 31232 --sh--r- c:\windows2\system32\msfDX.dll
2008-03-16 12:30:52 216064 --sh--r- c:\windows2\system32\nbDX.dll
.
============= FINISH: 17:11:48,79 ===============